Maysville Linux Users Group (MLUG) - Linux Users Helping Linux Users - The Ultimate Linux Password Management Guide Part 5 cpm

This is part 5 of a multi-part article. Part 1 is available here, part 2 is available here, part 3 is available here, part 4 is available here. Part 1 discusses the importance of complex passwords and also discusses some ways to create them in Linux. Part 2 covers the KeepassX, a program with a very nice graphical user interface. In part 3, takes a look at the gpass program which is a nice graphical user interface for the gnome desktop (will work on others too), part 4 takes a look at the command line pwsafe, and in part 5 we will take a look at cpm (console password manager) that is based on ncurses.

cpm is a ncurses based console tool to manage passwords and store them public key encrypted in a file - even for more than one person. The encryption is handled via GnuPG so the programs data can be accessed via gpg as well, in case you want to have a look inside. The data is stored as as zlib compressed XML so it’s even possible to reuse the data for some other purpose.

The software uses CDK (ncurses) to handle the user interface, libxml2 to store the information, the zlib library to compress the data and the library GpgMe to encrypt and decrypt the data securely.

FEATURES

The features of CPM are listed below. A detailed description of the features is available here.

datafiles can be encrypted for more than one person (public key encryption)
data files are always signed by the last person who saved it so forging data files is not possible
encryption is handled by the GPGME library so it’s supposed to be very secure
data inside the encryption is a gzipped XML file so almost nothing is known about the encrypted data
the application memory is protected from paging; sensitive data does not get written to the swap space
no core dumps are created in case the program crashes; no sensitive data ends up in the core file
the application is protected from ptrace attacks so even the local root user can’t look into the process data
the runtime environment is carefully checked
datafiles are en- and decryptable directly by gpg and gzip
data is stored XML formatted
data is validated with an internal DTD to detect invalid or broken XML code
backup files are created if possible
it is possible to store several passwords per account
it’s possible to handle several datafiles, each encrypted for different people
check of password strength and warnings about weak passwords (via cracklib)
user definable hierarchy with unlimited depth
long comments for any node in the hierarchy
password generator
there is only one password visible at a time
searchable database from the commandline
regex patterns can be used for the search
user definable searchpatterns (e.g. user@hostname)
several hits can be displayed at once (e.g. several accounts per host)
conversion scripts for Password Management System (pms), Password Safe and CSV files

INSTALLATION

I installed this on gentoo / sabayon linux. However, first I had to create an ebuild because one did not exists for the latest beta release and the previous beta release was not compatible with ncurses 5. My ebuild is here - http://edwiget.name/UserFiles/File/ebuilds/app-admin/cpm/cpm-0.23_beta.ebuild - for those who would like to install on gentoo or sabayon linux (I installed on a 64 bit system and all works just fine once I modified the dependency for ncurses version 5 instead of 4)

NOTE ABOUT RUNNING IN GUI: I will also add that this application is not made to run inside a terminal (of any kind - tested with eterm, xterm, rxvt, konsole, gnome-terminal) inside a running graphical user interface, such as kde, gnome, etc. I was having major issues and have yet to find a definite resolution for them. This application runs fine in a true shell F1 - F6, so if you are trying to run this in a gui, drop to a shell and see if your problems go away.

I might also add that cpm has not had a newer version released since July 12, 2006. The latest release was version 0.23beta. Although development seems to be stalled, the application still works well, even on my 64 bit system in which it was never intended to run. There is a wiki with announcements and also some links to sourceforge page for support.

You might check the package repositories for your specific distribution and find out if they have a pre-compiled package of cpm available. If not, you can download the latest beta from the sourceforge web page here. There is still a support area at the sourceforge web site too.

Compiling From Source

Obtain the source code for cpm

Extract the source code:

[code]
tar xzfv cpm-0.23beta.tar.gz
[/code]

Change directories to the sourcecode using:

[code]
cd cpm*
[/code]

Run the configure command (you may need to specify the cracklib file location and which version of ncurses you are using -- the example below is using /usr/lib for cracklib and ncurses v5):

[code]
./configure --with-crack-dict=/usr/lib/cracklib_dict --with-cdk-v5
[/code]

Then use make:

[code]
make
[/code]

If all goes well, you can now use make install:

[code]
make install
[/code]

The /usr/bin/cpm file will need to be suid root. This allows for memory locking which will help secure the application against ptrace attacks. You can verify your binary file is suid root by issuing the following command:

[code]
-rws--x--x 1 root root 85944 2008-02-01 14:38 /usr/bin/cpm
[/code]

The highlighted -rws means read-write-suid. If your binary does not have the rws, you can change it using this command:

[code]
chmod go-r /usr/bin/cpm
[/code]

My installation of gentoo / sabayon does not allow any suid root programs to run. Even if an application is suid root, it will not run as the root user when the command is run by another user. This is due to a setting in the kernel configuration, more specifically CONFIG_SECURITY_CAPABILITIES=y. If this setting was CONFIG_SECURITY_CAPABILITIES=m then I could modprobe capabilities which would return to the old insecure way of allowing suid root programs to run. I'm not too particular about disabling security, so I will just test the program the way it is (which means I have to sudo cpm in order to run it at all).

After installation was completed, I had these files related to the cpm package:

[code]
/etc/cpmrc
/usr/bin/cpm
/usr/man/man1/cpm.1.bz2
/usr/share/doc/cpm-0.23_beta
/usr/share/doc/cpm-0.23_beta/ChangeLog.bz2
/usr/share/doc/cpm-0.23_beta/GPLv2.bz2
/usr/share/doc/cpm-0.23_beta/README.bz2
/usr/share/doc/cpm-0.23_beta/changelog.bz2
/usr/share/doc/cpm-0.23_beta/cpm.1.gz.bz2
/usr/share/doc/cpm-0.23_beta/cpm.txt.bz2
/usr/share/doc/cpm-0.23_beta/import
/usr/share/locale/de/LC_MESSAGES
/usr/share/locale/de/LC_MESSAGES/cpm.mo

[/code]

PRELIMINARY USAGE - SECURITY CHECK

After cpm is installed, you simply execute the cpm command in a console or shell. However, first you will need to check the ulimit setting and verify it is at least 5120. You use the ulimit -l command to check and set the limit (setting higher must be done as root user). This command shows the ulimit is already set to 5120:

[code]
$ ulimit -l
5120
[/code]

If yours is not 5120 or higher, then use the same command followed by 5120 run as the root user, i.e.:

[code]
# ulimit -l 5120
[/code]

cpm has an excellent man page, so make sure you refer to it:

[code]
$ man cpm
[/code]

Some additional help is available by issuing the cpm command with the --help option:

[code]
$ cpm --help
usage: cpm [--config FILE] [--help] [PATH] ...
    --config, -c    configuration file to use [~/.cpmrc]
    --configtest    verify the configuration file and exit
    --encoding, -e  the encoding in which keyboard input arrives [ISO-8859-1]
    --file, -f      database file to use [~/.cpmdb]
    --help, -h      display this help
    --ignore, -i    search case insensitive in cli mode
    --key           overwrite the default encryption keys and use this key
                    instead; repeat for several keys
    --noencryption  turn off file encryption
                    WARNING: THIS IS FOR DEVELOPMENT AND TESTING ONLY!
    --noignore      search case sensitive in cli mode
    --readonly      open the database in read-only mode
    --regex, -r     search with regular expressions in cli mode
    --regular       use regular search in cli mode
    --security, -s  run a security check and show the current security status
    --version       display the version and exit
    PATH            path to display the password for
[/code]

Using an example from the above help, I will run cpm using the -s option as the root user, which should fail due to the suid root command:

[code]
# cpm -s
Running without root privileges:                  no
Memory protection from core dumps:                yes
Memory protection from swap writings:             yes
Max. memory lock ok:                              yes (5120 kB)
Memory protection from ptrace spying:             yes
Validation of environment variables:              yes
[/code]

The command run as the root user fails because the program is not able to run without root privileges. Running the same command as a normal user should pass each test:

[code]
$ cpm -s
Running without root privileges:                  yes
Memory protection from core dumps:                yes
Memory protection from swap writings:             yes
Max. memory lock ok:                              yes (5120 kB)
Memory protection from ptrace spying:             yes
Validation of environment variables:              yes
[/code]

Running the program using sudo cpm since I have the CONFIG_SECURITY_CAPABILITIES=y setting results in this output:

[code]
$ sudo cpm
Password:
Running without root privileges:                  no
Memory protection from core dumps:                yes
Memory protection from swap writings:             no
Max. memory lock ok:                              no (32 kB)
Memory protection from ptrace spying:             yes
Validation of environment variables:              yes

Maximum security level not reached. Are you sure you want to continue?
Press CTRL+C to stop now or any other key to continue.
[/code]

USAGE - RUNNING THE PROGRAM

You simply use the cpm command from a console or shell. If the program is not set suid root, you will receive this message:

For me to run the program, as per my instructions above, I have to run it using sudo which gives some error messages. This is again related to a security setting of the 2.6 series kernels, specifically CONFIG_SECURITY_CAPABILITIES=y

You will receive an error message the first time it is run because it does not have a database created yet.

[code]
     ┌──────────────────────────────────────────────────────────────────┐
     │file error                                                        │
     │error 2 (No such file or directory) opening file '~/.cpmdb'.      │
     ├──────────────────────────────────────────────────────────────────┤
     │                                Ok                                │
     └──────────────────────────────────────────────────────────────────┘
[/code]

Simply press enter on the keyboard for o.k.

The next screen that appears is below:

For those not familiar with navigating ncurses screens, you basically use the ctrl + X key pairs, where X is either H for Help, A for Add, E for Edit. Additional keys are enter to select and ESC key to exit. You can also us the up and down arrows to select existing entries.

cpm works on a host basis. Pressing ctrl + A will add a new host Simply enter the hostname - it is usually a good idea to enter the FQDN (an example is myserver.mydomain.tld ).

After you create a host, you can then use the up arrow to select it and then press enter. Next is adding a service, so you need to press CTRL + A to add a new service for this host.:

For the service, you could for instance use ssh, ftp, mail, login, etc.

cpm can be used to manage any type of password, but it becomes obvious really quick that it is made to manage passwords for hosts and their services (along with many users). cpm then becomes a great application for those who manage many servers, or for someone who manages many accounts on a server, or for someone with many remote accounts.

Tip: What I found I could do though was to create generic names for host such as URL for web sites, and then use that generic host name to hold all web site accounts.

After the service is created, you then use the up arrow to select the service where you can then create a user of that service by selecting CTRL + A:

After creating user(s) of the service, you can then select the user using the up arrow and CTRL + A to add a password for the user. If you have more than one user created for the service, the up and down arrows allow you to select from the users:

After the password is entered, you are pretty much done with entering the data.

You go back to a previous screen by using the ESC key on the keyboard. If at any time you are entering data and type something wrong and it appears the backspace key does not work, try to use the left or right arrow key to place the curser where you want it and then us the Delete key.

You can also add comments by pressing CTRL + O (capital letter o and not zero 0). If you want the comment to be on more than one line, you have to add for newline -- see example below:

When a comment has been entered, it then shows up in the bottom left corner of the application:

When you are done entering information, you then need to use the CTRL + K command which selects an encryption key. This encryption key is the gpg email address of the key you want to encrypt the data with. You can have more than one key added if more than one person needs to access the password database (again, a nice feature for system administrators that share administration duties with others).

Selecting CTRL + K brings up the next window:

You can then use CTRL + A to add a new key -- enter the email address of the gpg key you want to add - this is the key that can be used to read the database and to encrypt the data -- this allows for sharing the database with multiple system admins:

After the new key is entered, it will be listed in the list of available keys:

Now that you have a key entered, you can now press ESC to return you back to the main program. To save the data you entered. You select the CTRL + W key to write the database to disk. You will be required to supply the passphrase for the gpg key used to encrypt the data:

You will then recieve a confirmation message that the data was written to disk:

Press enter to select OK. You will be returned back to the main program. To exit the program, just use the ESC key.

The next time you run the program, you will be asked for the gpg key passphrase to unlock the database:

After you enter the correct passphrase, you will then have access to the database of passwords.

KEY COMMAND & COMBINATIONS

CTRL + A = Add

CTRL + D = Delete

CTRL + E = Edit

CTRL + H = Help

CTRL + K = edit encryption key

CTRL + N = Edit Name of current level

CTRL + O = Edit comment

CTRL + P = Edit current node and suggest a Password

CTRL + W = Write database to disk

ESC = gp back to previous screen

up/down arrow = make selections (i.e. from host list, service list, user list)

SUMMARY

cpm is really an excellent program. It is light-weight, fast, and pretty simple to use. I like the ability to have a database of passwords that can be shared among many system administrators simply by adding their gpg key to the program. Of course, the program is aimed more at hosts + services + accounts than normal single user password managers, but can still be used by single users. The nice thing about cpm is that it uses your existing gpg key to encrypt and decrypt the data.

Ed Wiget, http://www.edwiget.name, has been a linux/unix system admin since 1995. He has many certifications. He is currently working on a degree in computer engineering, with an emphasis on computer/network security and forensics.