How Much and What Kind of Information is OK to Put Out to the Forums/World?
Linux - SecurityThis forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
How Much and What Kind of Information is OK to Put Out to the Forums/World?
In a forum, I was asked to post the results of
Code:
"inxi -Fxz"
What a command!! That one gave out a lot of information! I wasn't sure I wanted to post all of that to the forums and the world. It gave everything I could think of about my computer, even the "ports" used.
With the inxi -Fxz command, could someone use that to do harm? I've seen in other threads, replies that they told the person it's not good to post a certain part, but don't know what is the bad parts.
What command results are OK to post and what information should not be posted?
Distribution: Void, Linux From Scratch, Slackware64
Posts: 3,150
Rep:
you should usually sanitize any output from system commands before posting, usually just removing ip address's, email's etc, just use a bit of common sense, it's not gonna do you any harm to post what cpu you have, but nevet post your email thats just asking for agro
You could start by reading the man page on inxi to see what information that might divulge. I gather it is a hardware diagnostic--generic hardware information is unlikely to open a vector for attack.
For my own part, I tend to obscure user names, email addresses, and other personally identifiable information, as for example
Code:
/home/[username]
[somebody]@[somewhere or other]
I do not mind including my generic internal ip addresses (192.168.xxx.xxx), but would not intentionally publish my public-facing ip address.
If you posted that (or even as little as my: XPsp2 1000HA), on some other website *where you didn't want anyone to know it's you@LQ*, you'd be 'outed'!
i think the original question is valid (*).
but, as already pointed out, it could have been solved by reading a single man page (or actually looking at the output before you post it).
it does, however, take a little experience to recognize what is "personal" or machine specific info and what not.
in the 'inxi - Fxz' output above, the only potential i see is the hostname. sometimes the hostname contains quite detailed information about the machine & IP.
i also like to err on the side of caution, and if i see a long hex string like "ab2f:ef29:367b:......" i replace it with XXX just to be sure...
(*) when i was using my brother's web space, he had ssh on a non-standard port. i posted my dotfiles on github, incl. a script to connect to his server. he found out by googling, and admonished me, and had to change the port.
Chris:
On https://forums.linuxmint.com/ on this forum, it's the first vital piece of a system summary that helps us know where you and your system stands. Completely benign, using -z
Code:
man inxi
for all the values. -z strips out unique identifier like MAC address (full mac: <filter>)
Here's mine.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.