mirror of
https://github.com/GameServerManagers/LinuxGSM.git
synced 2026-04-25 14:15:59 +03:00
[GH-ISSUE #469] Rcon password safety #389
Labels
No labels
Atomic
Epic
cannot reproduce
command: backup
command: console
command: debug
command: details
command: fast-dl
command: install
command: mods
command: monitor
command: post-details
command: restart
command: send
command: start
command: stop
command: update
command: update-lgsm
command: validate
command: wipe
distro: AlmaLinux
distro: Arch Linux
distro: CentOS
distro: Debian
distro: Fedora
distro: RedHat
distro: Rocky Linux
distro: Ubuntu
distro: openSUSE
engine: goldsrc
engine: source
game: 7 Days to Die
game: ARMA 3
game: Ark: Survival Evolved
game: Assetto Corsa
game: Avorion
game: BATTALION: Legacy
game: Barotrauma
game: Battalion 1944
game: Battlefield 1942
game: Black Mesa: Deathmatch
game: Blade Symphony
game: Call of Duty 2
game: Call of Duty 4
game: Call of Duty: United Offensive
game: Counter-Strike 1.6
game: Counter-Strike 2
game: Counter-Strike: Global Offensive
game: Counter-Strike: Source
game: Day of Infamy
game: Dayz
game: Death Match Classic
game: Don't Starve Together
game: ET: Legacy
game: Eco
game: Factorio
game: Factorio
game: Garry's Mod
game: Half-Life
game: Hurtword
game: Insurgecy
game: Insurgecy
game: Insurgency: Sandstorm
game: Just Cause 3
game: Killing Floor
game: Killing Floor 2
game: Left 4 Dead 2
game: Minecraft
game: Minecraft Bedrock
game: Mordhau
game: Multi Theft Auto
game: Mumble
game: Natural Selection 2
game: No More Room in Hell
game: Pavlov VR
game: Post Scriptum
game: Project Zomboid
game: Quake 3
game: QuakeWorld
game: Red Orchestra: Ostfront 41-45
game: Return to Castle Wolfenstein
game: Rising World
game: Rust
game: San Andreas Multiplayer
game: Satisfactory
game: Soldat
game: Soldier of Fortune 2
game: Squad
game: Squad 44
game: Starbound
game: Stationeers
game: Sven Co-op
game: Team Fortress 2
game: Teamspeak 3
game: Teeworlds
game: Terraria
game: The Front
game: Unreal Tournament 2004
game: Unreal Tournament 3
game: Unreal Tournament 99
game: Unturned
game: Valheim
game: Wurm Unlimited
game: Zombie Master Reborn
game: label missing
good first issue
help wanted
info: alerts
info: dependency
info: docker
info: docs
info: email
info: query
info: steamcmd
info: systemd
info: tmux
info: website
info: website
needs more info
outcome: duplicate
outcome: issue resolved
outcome: issue resolved
outcome: issue unresolved
outcome: pr accepted
outcome: pr rejected
outcome: unconfirmed
outcome: wontfix
outcome: wrong forum
potential-duplicate
priority
pull-request
type: bug
type: feature
type: feature
type: feature request
type: game server request
type: refactor
waiting response
No milestone
No project
No assignees
1 participant
Notifications
Due date
No due date set.
Dependencies
No dependencies set.
Reference
starred/LinuxGSM#389
Loading…
Add table
Add a link
Reference in a new issue
No description provided.
Delete branch "%!s()"
Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?
Originally created by @andreblue on GitHub (Aug 7, 2015).
Original GitHub issue: https://github.com/GameServerManagers/LinuxGSM/issues/469
So i know on garrys mod there is a way to be able to download server files such as the cfg files, which is where you have the current rcon password saved at. If you can, please change it to be set on the command line to help protect it a bit more.
For most source servers it is
"+rcon_password "
@dgibbs64 commented on GitHub (Aug 7, 2015):
I would be interested in havig an article regarding this or anything related to source server security as I always find it hard to get good info on source servers. There is already a security 'feature' in place that was requested. That the configuration is not located in in server.cfg bur a different file.
It is up to the admin to decide how to secure there server but I woudl very much like to see good articles on this.
@andreblue commented on GitHub (Aug 7, 2015):
http://andreblue.com/sharex/uploaded/2015-08-07_18:32:30.png
That is a picture of a forum post that distrubites a DLL that you can inject into gmod for exemple. It then allows you to request files from the server so long you know the name. Things such as the cfgs, the logs from ulx and much more. If you want i can send you a copy of the dll if you wish.
https://www.youtube.com/watch?v=TbC_tHaHHZA is a youtube video of it happening.
@Scarsz commented on GitHub (Aug 8, 2015):
This was en exploit that was patched months ago, iirc. I don't see the point of implementing any changes for this.
@andreblue commented on GitHub (Aug 8, 2015):
Some servers can still be affected by it.
@Scarsz commented on GitHub (Aug 8, 2015):
I don't see how some servers would be affected by this. All servers set up with LGSM are the latest versions of the server, as required by the Garry's Mod client, where this exploit isn't possible. The only thing I can see being a vulnerability is if the server admin themselves when setting up FastDL add the garrysmod/cfg folder for some reason, which is a fault on them for not knowing how to properly set up FastDL; not a flaw with how the script configures the server.
@lock[bot] commented on GitHub (Jul 19, 2018):
This thread has been automatically locked since there has not been any recent activity after it was closed. Please open a new issue for related bugs.