Elide bootloader password in grub plugin

The grub.conf configuration file collected by the grub plugin may contain a plaintext or md5 hashed bootloader password. Add a regex substitution for all files matching '.*\/grub\.conf' and replace the password with '*'s. Signed-off-by: Bryn M. Reeves <bmr@redhat.com>
author: Bryn M. Reeves <bmr@redhat.com> 2014-06-02 14:55:03 +0100
committer: Bryn M. Reeves <bmr@redhat.com> 2014-06-02 14:55:03 +0100
commit: 23182c4f13fbadc9b7c2ab75c1ca249d5ba987d1 (patch)
tree: 27ff9f84d9be501e22fb1635756f2e079b10a613
parent: 5447facd2edd3b3e5f1d3ad736b411f8e6406077 (diff)
download: sos-23182c4f13fbadc9b7c2ab75c1ca249d5ba987d1.tar.gz
1 files changed, 7 insertions, 0 deletions
diff --git a/sos/plugins/grub.py b/sos/plugins/grub.py
index 39110419..33b9f7a8 100644
--- a/sos/plugins/grub.py
+++ b/sos/plugins/grub.py
@@ -30,4 +30,11 @@ class Grub(Plugin, RedHatPlugin, DebianPlugin, UbuntuPlugin):
             "/etc/grub.d"
         ])
 
+    def postproc(self):
+        self.do_path_regex_sub(
+            r".*\/grub.conf",
+            r"(password)\s(--md5)\s(.*)",
+            r"\1 \2 ********"
+        )
+
 # vim: et ts=4 sw=4
author	Bryn M. Reeves <bmr@redhat.com>	2014-06-02 14:55:03 +0100
committer	Bryn M. Reeves <bmr@redhat.com>	2014-06-02 14:55:03 +0100
commit	23182c4f13fbadc9b7c2ab75c1ca249d5ba987d1 (patch)
tree	27ff9f84d9be501e22fb1635756f2e079b10a613
parent	5447facd2edd3b3e5f1d3ad736b411f8e6406077 (diff)
download	sos-23182c4f13fbadc9b7c2ab75c1ca249d5ba987d1.tar.gz