Does the Boot Repair output contain private information?

boot-repair privacy

I have successfully recovered my system with the help of a software called Boot Repair. After the recovery, it sent some information to Ubuntu Pastebin, something like this one.

Does this kind of paste contain private information?


TL;DR: you're safe enough

Boot Repair report that you have linked there only lists the layout of your hard drive and bootloader settings. This is quite low level information that reveals nothing useful about you as far as crackers are concerned.

The only tiny bit is on line 997, where it shows /home/adam. Users are usually assigned home folders same as their username, so this reveals your username. However, as far as an attacker is concerned, this is still nothing. Suppose you have ssh enabled or telnet enabled. Now, there is a possibility of bruteforce attack, with tools such as hydra, which basically go through multiple combinations of passwords. If you have strong password, it will take forever for an attacker to crack it. In addition, there is no IP address of your system. A random guy online may figure out your username, but won't know where you are. Now, if there is a man-in-the-middle, then someone is intentionally would be looking at your packets, could potentially intercept this info. But in such case, you'd have a drone flying over your house or a van parked outside. You'd have to be really VIP target for this to happen. Then attacker also would need to go through your router; I suggest you have an admin password there - I've known a couple cases here on askubuntu where router settings were altered.

If you are still concerned about the bruteforce attack, do this:

Open /etc/security/limits.conf. here's how mine looks at the end :

#<domain>      <type>  <item>         <value>
#

#*               soft    core            0
#root            hard    core            100000
#*               hard    rss             10000
#@student        hard    nproc           20
#@faculty        soft    nproc           20
#@faculty        hard    nproc           50
#ftp             hard    nproc           0
#ftp             -       chroot          /ftp
#@student        -       maxlogins       4

xieerqi         hard    maxlogins       6
# End of file

See line xieerqi ? That's my login name. This line limits amount of logins for my username on my computer, i.e, max amount of sessions open.

Now look into /etc/login.defs . Again, here is mine :

# 
# Max number of login retries if password is bad. This will most likely be
# overriden by PAM, since the default pam_unix module has it's own built
# in of 3 retries. However, this is a safe fallback in case you are using
# an authentication module that does not enforce PAM_MAXTRIES.
#
LOGIN_RETRIES           3

To prevent an attacker going forever and ever guessing passwords, login page will give 3 strikes, and then terminate the connection.

Note: to open these files for writing, you'd need sudo, like so sudo vi /etc/security/limits.conf

For more info you can also ask this question on security.stackexchange.com . Those guys know more about security than we do here


While the answer from Serg gives in-depth security concerns, guessing that nobody except the admin of http://paste.ubuntu.com gets the information you submit, here is the official privacy policy of the boot-repair.

Related

Is "LD_LIBRARY_PATH" a security risk?
Where is documentation for [ x$feature_... = xy ] in grub.cfg?
Libvirt Qemu password
How to fix mouse cursor out of sync with VirtualBox Ubuntu Server 16.04.3 LTS VM?
Can't reinstall MongoDB on Ubuntu 17
Are apt-file and apt-cache part of apt? [duplicate]
Package php7.2-mbstring unmet dependencies in Ubuntu 18.04
htop displays identical program in multiple lines
How do I uninstall Telegram which was installed from the tar.xz obtained from the official website?
How to remove title bar from terminal on the new Ubuntu 20.04?
How to create desktop shortcuts for folders in Ubuntu 20.04
CD tray won't open. What can I do?