Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Chef chef-validator.pem security

Tags:

linux

ubuntu

chef-infra

Hi I am setting up a cluster of machines using chef at offsite locations. If one of these machines was stolen, what damage can the attacker do to my chef-server or other nodes by having possession of chef-validator.pem ? What other things can they access through chef? Thanks!

like image 283
benathon Avatar asked Oct 19 '13 04:10

benathon

2 Answers

This was one of the items discussed at a recent Foodfight episode on managing "secrets" in chef. Highly recommended watching:

  • http://foodfightshow.org/2013/07/secret-chef.html

The knife bootstrap operation uploads this key when initializing new chef clients. Possession of this key enables the client to register itself against your chef server. That is actually its only function, once the client is up and running the validation key is no longer needed.

But it can be abused.... As @cbl has pointed out, if an unauthorized 3rd party gets access to this key they can create new clients that can see everything on your chef server that normal clients can see. It can theoretically be used to create a Denial of Service attack on your chef server, by flooding it with registration requests.

The foodfight panel recommend a simple solution. Enable the chef-client cookbook on all nodes. It contains a "delete_validation" recipe that will remove the validation key and reduce your risk exposure.

like image 57
Mark O'Connor Avatar answered Sep 25 '22 18:09

Mark O'Connor

The validator key is used to create new clients on the Chef Server.

Once the attacker gets hold of it, he can pretend he's a node in your infrastructure and have access to the same information any node has.

If you have sensitive information in an unencrypted data bag, for example, he'll have access to that.

Basically he'll be able to run any recipe from any cookbook, do searches (and have access to all your other nodes' attributes), read data bags, etc.

Keep that in mind when writing cookbooks and populating the other objects in the server. You could also somehow monitor the chef server for any suspicious client creation activity, and if you have any reason believe that the validator key has been stolen, revoke it and issue a new one.

It's probably a good idea to rotate the key periodically as well.

like image 26
cassianoleal Avatar answered Sep 24 '22 18:09

cassianoleal
Sign in to Comment

Related questions

How to install cross compiler (on ubuntu 12.04 LTS) for microprocessor SA1100?
Go HTTP server testing ab vs wrk so much difference in result
Nightmare.js not working as expected on Ubuntu Linux cloud server
Build An Linux Executable Using GCC
Bind threads to processors
Why is the output of my forking program different when I pipe its output?
What's wrong with gethostbyname?
Linux - Linebreak in IPython
Stop Raspberry Pi from running program at boot
Is there a command line utility for validating SQLite databases in Linux? [closed]
Mac OSX file permissions has '@' - how to remove that '@' [closed]
In Slurm, is there a quick command to determine the total number of jobs (pending and active) at a given moment?
truncate output in BASH
How to discover the machine type?
is there a way to start/stop linux processes with python?
Hello world without using libraries
How to write a userspace linux block device driver?
list directory entries in the svn repository?
Detect pending linux shutdown
Linux: how to move each file into a correspondingly named folder

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!