jail-monkey
jail-monkey copied to clipboard
Disable RootBeer logs in production
Hello,
We've got a pentest report on our app classifying the RootBeer logs as a low vulnerability, and we'd like to fix it.
The logs:
I RootBeer: LOOKING FOR BINARY: /data/local/su Absent :(
I RootBeer: LOOKING FOR BINARY: /data/local/bin/su Absent :(
I RootBeer: LOOKING FOR BINARY: /data/local/xbin/su Absent :(
I RootBeer: LOOKING FOR BINARY: /sbin/su Absent :(
I RootBeer: LOOKING FOR BINARY: /su/bin/su Absent :(
I RootBeer: LOOKING FOR BINARY: /system/bin/su Absent :(
I RootBeer: LOOKING FOR BINARY: /system/bin/.ext/su Absent :(
I RootBeer: LOOKING FOR BINARY: /system/bin/failsafe/su Absent :(
I RootBeer: LOOKING FOR BINARY: /system/sd/xbin/su Absent :(
I RootBeer: LOOKING FOR BINARY: /system/usr/we-need-root/su Absent :(
I RootBeer: LOOKING FOR BINARY: /system/xbin/su Absent :(
I RootBeer: LOOKING FOR BINARY: /cache/su Absent :(
I RootBeer: LOOKING FOR BINARY: /data/su Absent :(
I RootBeer: LOOKING FOR BINARY: /dev/su Absent :(
I RootBeer: LOOKING FOR BINARY: /product/bin/su Absent :(
I RootBeer: LOOKING FOR BINARY: /apex/com.android.runtime/bin/su Absent :(
I RootBeer: LOOKING FOR BINARY: /apex/com.android.art/bin/su Absent :(
I RootBeer: LOOKING FOR BINARY: /system_ext/bin/su Absent :(
I RootBeer: LOOKING FOR BINARY: /odm/bin/su Absent :(
I RootBeer: LOOKING FOR BINARY: /vendor/bin/su Absent :(
I RootBeer: LOOKING FOR BINARY: /vendor/xbin/su Absent :disappointed:
It seems RootBeer added a few years back an option to disable the logs: https://github.com/scottyab/rootbeer/pull/32, but jail-monkey doesn't seem to provide a way to enable this option. Is there something I'm missing? Or would we need to extend jail-monkey options to disable all logging in production?
We're happy to contribute if needed!