starred/LinuxGSM

Fork 0

mirror of https://github.com/GameServerManagers/LinuxGSM.git synced 2026-04-26 06:35:54 +03:00

[GH-ISSUE #1001] [FEATURE] Upload to pastebin with hidden sensitive info #795

New issue

Closed

opened 2026-02-27 02:53:32 +03:00 by kerem · 18 comments

kerem commented

2026-02-27 02:53:32 +03:00

Owner

Originally created by @UltimateByte on GitHub (Aug 13, 2016).
Original GitHub issue: https://github.com/GameServerManagers/LinuxGSM/issues/1001

Originally assigned to: @cedarlug on GitHub.

./gameserver details-share
./gameserver ds

/gameserver details-support
./gameserver ds

./gameserver post-details
./gameserver pd

./gameserver details-post
./gameserver dp

How to upload
https://gist.github.com/yevgenko/1803605

details-share could use the same function as detailsbut with an ifstatement for sensitive info.

Originally created by @UltimateByte on GitHub (Aug 13, 2016). Original GitHub issue: https://github.com/GameServerManagers/LinuxGSM/issues/1001 Originally assigned to: @cedarlug on GitHub. ``` ./gameserver details-share ./gameserver ds ``` Or ``` /gameserver details-support ./gameserver ds ``` Or ``` ./gameserver post-details ./gameserver pd ``` Or ``` ./gameserver details-post ./gameserver dp ``` How to upload https://gist.github.com/yevgenko/1803605 `details-share` could use the same function as `details`but with an `if`statement for sensitive info.

kerem closed this issue

2026-02-27 02:53:32 +03:00

kerem commented

2026-02-27 02:53:33 +03:00

Author

Owner

@UltimateByte commented on GitHub (Aug 21, 2016):

0:41 - CedarLUG: http://steamcommunity.com/groups/linuxgsm/discussions/0/412448792353031314/#c412448792353224827

@UltimateByte commented on GitHub (Aug 21, 2016): 0:41 - CedarLUG: http://steamcommunity.com/groups/linuxgsm/discussions/0/412448792353031314/#c412448792353224827

kerem commented

2026-02-27 02:53:33 +03:00

Author

Owner

@cedarlug commented on GitHub (Aug 21, 2016):

password
gslt
steamuser
steampass
pushbullettoken
authkey
rcon_password
rcts_strAdminPassword (SSam)
sv_password
zmq_stats_password
zmq_rcon_password
pass (Terraria)
rconServerPassword (Starbound)
IP Address (this actually comes in really handy for debugging, but could be stripped)
???

What else should be sanitized?

@cedarlug commented on GitHub (Aug 21, 2016): - password - gslt - steamuser - steampass - pushbullettoken - authkey - rcon_password - rcts_strAdminPassword (SSam) - sv_password - zmq_stats_password - zmq_rcon_password - pass (Terraria) - rconServerPassword (Starbound) - IP Address (this actually comes in really handy for debugging, but could be stripped) - ??? What else should be sanitized?

kerem commented

2026-02-27 02:53:33 +03:00

Author

Owner

@UltimateByte commented on GitHub (Aug 22, 2016):

I think you pretty much nailed it :o))

@UltimateByte commented on GitHub (Aug 22, 2016): I think you pretty much nailed it :o))

kerem commented

2026-02-27 02:53:33 +03:00

Author

Owner

@cedarlug commented on GitHub (Aug 25, 2016):

Teaser
I believe I have all of the items enumerated above, except IP addresses, able to be stripped.

Edit: IP addresses aren't difficult, I just personally want to keep them in.

@cedarlug commented on GitHub (Aug 25, 2016): [Teaser](http://pastebin.com/71ynisvw) I believe I have all of the items enumerated above, except IP addresses, able to be stripped. Edit: IP addresses aren't difficult, I just personally want to keep them in.

kerem commented

2026-02-27 02:53:33 +03:00

Author

Owner

@UltimateByte commented on GitHub (Aug 25, 2016):

You've coded it ?

@UltimateByte commented on GitHub (Aug 25, 2016): You've coded it ?

kerem commented

2026-02-27 02:53:33 +03:00

Author

Owner

@cedarlug commented on GitHub (Aug 25, 2016):

On my fork.

@cedarlug commented on GitHub (Aug 25, 2016): On my fork.

kerem commented

2026-02-27 02:53:33 +03:00

Author

Owner

@UltimateByte commented on GitHub (Aug 25, 2016):

Lol, "pd", is a french word for pédéraste, which means basically, "gay".
I'm already laughing thinking about asking people to run ./gameserver pd :o))

Good job btw..

Something cool would be to mask off the steam user only if it's something different than anonymous. That way we'd know if the user tries to login to steam while it's unnecessary.
Also, mask off passwords only if not empty. That way we'd know if a password is not set.

Does it mask off info from fn_parms already ?
Did you try pastebin upload ?

@UltimateByte commented on GitHub (Aug 25, 2016): Lol, "pd", is a french word for pédéraste, which means basically, "gay". I'm already laughing thinking about asking people to run ./gameserver pd :o)) Good job btw.. Something cool would be to mask off the steam user only if it's something different than anonymous. That way we'd know if the user tries to login to steam while it's unnecessary. Also, mask off passwords only if not empty. That way we'd know if a password is not set. Does it mask off info from fn_parms already ? Did you try pastebin upload ?

kerem commented

2026-02-27 02:53:33 +03:00

Author

Owner

@cedarlug commented on GitHub (Aug 28, 2016):

Good progress on this - need some input though.

I have it so that steamuser=anonymous and steampass empty are reported rather than stripped.

What would you like to see for the scenario where the rustserver has default CHANGE_ME password?

Currently there's a warning output in the details output. Should that be reported in the details that we ask users to post, or stripped because it's a default password used for rcon on someone's server?

@cedarlug commented on GitHub (Aug 28, 2016): Good progress on this - need some input though. I have it so that steamuser=anonymous and steampass empty are reported rather than stripped. What would you like to see for the scenario where the rustserver has default CHANGE_ME password? Currently there's a warning output in the details output. Should that be reported in the details that we ask users to post, or stripped because it's a default password used for rcon on someone's server?

kerem commented

2026-02-27 02:53:33 +03:00

Author

Owner

@cedarlug commented on GitHub (Aug 28, 2016):

... and yes, I've worked the curl to pastebin in.

@cedarlug commented on GitHub (Aug 28, 2016): ... and yes, I've worked the curl to pastebin in.

kerem commented

2026-02-27 02:53:33 +03:00

Author

Owner

@UltimateByte commented on GitHub (Aug 28, 2016):

What would you like to see for the scenario where the rustserver has default CHANGE_ME password?

You're going really deep into it :o))
I wouldn't worry about checking this, just mask off the password in any case. There is already a warning for it. :)

@UltimateByte commented on GitHub (Aug 28, 2016): > What would you like to see for the scenario where the rustserver has default CHANGE_ME password? You're going really deep into it :o)) I wouldn't worry about checking this, just mask off the password in any case. There is already a warning for it. :)

kerem commented

2026-02-27 02:53:33 +03:00

Author

Owner

@cedarlug commented on GitHub (Aug 28, 2016):

I've only tested the pull request on Rust and several hl2 games. If you get a chance, could you roll #1037 into your local codebase and see if it works as expected?

I'm just using one fn_print_warn, as the output from postdetails is mainly just the link.

Example output: http://pastebin.com/vq2Q8eZL

@cedarlug commented on GitHub (Aug 28, 2016): I've only tested the pull request on Rust and several hl2 games. If you get a chance, could you roll #1037 into your local codebase and see if it works as expected? I'm just using one fn_print_warn, as the output from postdetails is mainly just the link. Example output: http://pastebin.com/vq2Q8eZL

kerem commented

2026-02-27 02:53:33 +03:00

Author

Owner

@dgibbs64 commented on GitHub (Aug 28, 2016):

I would like to roll logs in to this output as well. See an email alert for an example

@dgibbs64 commented on GitHub (Aug 28, 2016): I would like to roll logs in to this output as well. See an email alert for an example

kerem commented

2026-02-27 02:53:33 +03:00

Author

Owner

@cedarlug commented on GitHub (Aug 29, 2016):

Pastebin branch created, populated, and provisionally tested (with csgoserver and rustserver).

A couple of development/debugging tips:

pastebin limits guest posts (the type implemented in this branch) to 10 per day per IP address. So the travis builds might run into some issues.
a hastebin option will be added shortly.
the default duration is one week. Expiring a post is "a good thing(tm)" IMO, and a week should be enough for the developers to lay eyes on the issue.

@cedarlug commented on GitHub (Aug 29, 2016): Pastebin branch created, populated, and provisionally tested (with csgoserver and rustserver). A couple of development/debugging tips: - pastebin limits guest posts (the type implemented in this branch) to 10 per day per IP address. So the travis builds might run into some issues. - a hastebin option will be added shortly. - the default duration is one week. Expiring a post is "a good thing(tm)" IMO, and a week should be enough for the developers to lay eyes on the issue.

kerem commented

2026-02-27 02:53:33 +03:00

Author

Owner

@cedarlug commented on GitHub (Sep 12, 2016):

@dgibbs64 & @UltimateByte - I'd like you to put eyes on the pastebin branch if you have a moment.

I've rolled in hastebin posting (the default), and everything should be reasonably up to date with origin.

The modifications do not effect e-mail notices, but are easily adapted to do so.

hastebin example
pastebin example

To change from one to the other, change the definition of POSTTARGET in command_postdetails.sh

@cedarlug commented on GitHub (Sep 12, 2016): @dgibbs64 & @UltimateByte - I'd like you to put eyes on the pastebin branch if you have a moment. I've rolled in hastebin posting (the default), and everything should be reasonably up to date with origin. The modifications do not effect e-mail notices, but are easily adapted to do so. [hastebin example](http://www.hastebin.com/kicitujaye) [pastebin example](http://pastebin.com/4Z7Gg336) To change from one to the other, change the definition of POSTTARGET in command_postdetails.sh

kerem commented

2026-02-27 02:53:33 +03:00

Author

Owner

@UltimateByte commented on GitHub (Sep 12, 2016):

Upvote for hastebin :)
Maybe you can pr so that we can easily see modified files ?

@UltimateByte commented on GitHub (Sep 12, 2016): Upvote for hastebin :) Maybe you can pr so that we can easily see modified files ?

kerem commented

2026-02-27 02:53:33 +03:00

Author

Owner

@UltimateByte commented on GitHub (Sep 25, 2016):

[ OK ] Update LGSM gmod-server: Updating functions
gmodprobuild@game:~$ ./gmodserver pd
fetching command_postdetails.sh...OK
[ OK ] Postdetails gmod-server: Posting details to hastbin.com for 1W

url: http://hastebin.com/ifaloravaf

"hastbin.com", fail :p

Otherwise it's great !

Fixed typo :)

@UltimateByte commented on GitHub (Sep 25, 2016): [ OK ] Update LGSM gmod-server: Updating functions gmodprobuild@game:~$ ./gmodserver pd fetching command_postdetails.sh...OK [ OK ] Postdetails gmod-server: Posting details to hastbin.com for 1W - url: http://hastebin.com/ifaloravaf "hastbin.com", fail :p Otherwise it's great ! Fixed typo :)

kerem commented

2026-02-27 02:53:33 +03:00

Author

Owner

@UltimateByte commented on GitHub (Nov 9, 2016):

Well, this is merged, we can close !

@UltimateByte commented on GitHub (Nov 9, 2016): Well, this is merged, we can close !

kerem commented

2026-02-27 02:53:33 +03:00

Author

Owner

@lock[bot] commented on GitHub (Jul 19, 2018):

This thread has been automatically locked since there has not been any recent activity after it was closed. Please open a new issue for related bugs.

@lock[bot] commented on GitHub (Jul 19, 2018): This thread has been automatically locked since there has not been any recent activity after it was closed. Please open a new issue for related bugs.