Eos-log-tool doesn't filter MAC-address, IP, WiFi SSID from journalctl

dfebtzv45btse · November 12, 2021, 6:08pm

As far as I can see, when selecting the option “Remove personal data from logs” in the EndeavourOS log tool, the local username and hostname are filtered from the logs, along with serial numbers of devices and the MAC in the inxi output.

The output of journalctl contains the MAC, local IP addresses and the WiFi SSID

At the very least the WiFi SSID could contain sensitive information, as those will in some cases contain real names. The local IP address and MAC address are less sensitive, but nevertheless they are in all likelihood not necessary to be included in the log.

Considering that the tool offers an option to specifically “remove personal data” and that the log output is several thousand lines long, the user might not be aware that this data is included.

Info:
eOS GNOME 41.1
eos-log-tool 1.4.11-1

Steps to reproduce:

Open eos-log-tool
Use default selection (journalctl -b -0; inxi -Fxxc0z; /etc/pacman.conf; Remove personal data) and click OK
Open the output file ~/eos-log-tool.logs
Ctrl+f for NetworkManager, wpa_supplicant, avahi-daemon

Examples:

Nov 11 19:53:50 _hostname_ avahi-daemon[417]: Joining mDNS multicast group on interface wlan0.IPv6 with address <IPv6 removed>
Nov 11 19:53:50 _hostname_ avahi-daemon[417]: Registering new address record for <IPv6 removed>
Nov 11 19:53:50 _hostname_ NetworkManager[419]: <info> [1636656830.0891] policy: set '<SSID removed>' (wlan0) as default for IPv6 routing and DNS
Nov 11 20:21:47 _hostname_ NetworkManager[419]: <warn> [1636658507.3518] device (wlan0): Activation: failed for connection <SSID removed>
Nov 11 20:21:59 _hostname_ NetworkManager[419]: <info> [1636658519.9662] device (wlan0): set-hw-addr: reset MAC address to <MAC removed> (preserve)
Nov 11 20:22:06 _hostname_ wpa_supplicant[1012]: wlan0: Trying to associate with <MAC removed> (SSID='<SSID removed>' freq=2462 MHz)

Scotty_Trees · November 12, 2021, 6:58pm

Info:
EnOS Gnome 41.1
eos-log-tool 1.4.11-1

Steps to reproduce:

Open eos-log-tool
Use default selection (journalctl -b -0; inxi -Fxxc0z; /etc/pacman.conf; Remove personal data) and click OK
Open the output file in Gedit (reading a 150MB file in Gedit was a bad idea )
Ctrl+f for wpa_supplicant, in my case this was easier to locate my WiFi name, which I named “FREE WIFI HERE”

Examples:

Nov 12 01:44:53 _hostname_ wpa_supplicant[510]: wlan0: CTRL-EVENT-REGDOM-CHANGE init=DRIVER type=COUNTRY alpha2=US
Nov 12 01:44:53 _hostname_ NetworkManager[432]: <info>  [1636699493.4109] policy: auto-activating connection 'FREE WIFI HERE' (6e2e681c-5ff4-43aa-aae0-4f2741bcc1cb)
Nov 12 01:44:53 _hostname_ NetworkManager[432]: <info>  [1636699493.4113] device (wlan0): Activation: starting connection 'FREE WIFI HERE' (6e2e681c-5ff4-43aa-aae0-4f2741bcc1cb)
Nov 12 01:44:53 _hostname_ NetworkManager[432]: <info>  [1636699493.4114] device (wlan0): state change: disconnected -> prepare (reason 'none', sys-iface-state: 'managed')
Nov 12 01:44:53 _hostname_ NetworkManager[432]: <info>  [1636699493.4116] manager: NetworkManager state is now CONNECTING
Nov 12 01:44:53 _hostname_ NetworkManager[432]: <info>  [1636699493.4124] device (wlan0): set-hw-addr: reset MAC address to 90:61:AE:A4:F4:DE (preserve)
Nov 12 01:44:53 _hostname_ NetworkManager[432]: <info>  [1636699493.4137] device (wlan0): state change: prepare -> config (reason 'none', sys-iface-state: 'managed')
Nov 12 01:44:53 _hostname_ NetworkManager[432]: <info>  [1636699493.4139] device (wlan0): Activation: (wifi) access point 'FREE WIFI HERE' has security, but secrets are required.
Nov 12 01:44:53 _hostname_ NetworkManager[432]: <info>  [1636699493.4139] device (wlan0): state change: config -> need-auth (reason 'none', sys-iface-state: 'managed')
Nov 12 01:44:53 _hostname_ NetworkManager[432]: <info>  [1636699493.4183] device (wlan0): state change: need-auth -> prepare (reason 'none', sys-iface-state: 'managed')
Nov 12 01:44:53 _hostname_ NetworkManager[432]: <info>  [1636699493.4184] device (wlan0): state change: prepare -> config (reason 'none', sys-iface-state: 'managed')
Nov 12 01:44:53 _hostname_ NetworkManager[432]: <info>  [1636699493.4186] device (wlan0): Activation: (wifi) connection 'FREE WIFI HERE' has security, and secrets exist.  No new secrets needed.
Nov 12 01:44:53 _hostname_ NetworkManager[432]: <info>  [1636699493.4186] Config: added 'ssid' value 'FREE WIFI HERE'

manuel · November 12, 2021, 7:18pm

Thanks for the report!

I’ll see what we can do. Filtering is done with some simple ad hoc sed rules, so it might not be possible/easy to filter all personal data.

But more eyes see more stuff, thanks!

dfebtzv45btse · November 12, 2021, 9:20pm

In case this helps, you can pull the WiFi SSID as a simple string with iwgetid -r and its MAC address with iwgetid -ar.

Of course, there’s a chance that an SSID could collide with other content in the log, in case someone wants to name his Wifi “ERROR” or “/usr/lib/gdm-x-session”. But the MAC address should be a simple search&replace.

The device’s own MAC address can be found through cat /sys/class/net/<interface name>/address among other ways, but I guess you can’t presuppose the interface name or that there will be only one network interface.

manuel · November 12, 2021, 10:01pm

By the way, the eos-log-tool app already provides a way to add your own filters.
eos-log-tool can call a bash program from

 $HOME/.config/eos-log-tool/eos-log-tool-filter.bash

For example,

 bash $HOME/.config/eos-log-tool/eos-log-tool-filter.bash <the-log-file>

As shown, it gives the log file as a parameter to your filter script.

This way you can make absolutely sure that all personal data will be removed.