Impact

Security Onion 2 prior to 2.3.30 has incorrect permissions on /nsm/backup/ which allows non-root users to access backup files.

Patches

This issue has been resolved in Security Onion 2.3.30. Starting in 2.3.30, new installations will automatically have correct permissions on /nsm/backup/. Older installations running soup to update will automatically get correct permissions on /nsm/backup/.

Workarounds

Affected users who cannot immediately upgrade to 2.3.30 can manually fix the permissions on /nsm/backup/ as follows:

chmod 700 /nsm/backup

For more information

If you have any questions or comments about this advisory:

• Open a public discussion at https://securityonion.net/discuss
• Our responsible disclosure process can be found at https://docs.securityonion.net/en/2.3/security.html