aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorPavel Moravec <pmoravec@redhat.com>2017-03-20 22:13:29 +0100
committerBryn M. Reeves <bmr@redhat.com>2017-03-23 17:35:51 +0000
commit0003e6e3617f23cc68d08ebc35534cf1e23a4609 (patch)
tree57e9632d35620958889e8c6c3d1fd804d01c28e5
parent75c4c1c039f7e152b6f702557d96ebe89c794d0a (diff)
downloadsos-0003e6e3617f23cc68d08ebc35534cf1e23a4609.tar.gz
[plugins] prevent collecting some key[3-4].db private keys3.4beta
Stop collecting: /etc/dirsrv/admin-serv/key4.db /etc/pam_pkcs11/nssdb/key[3-4].db /etc/ipsec.d/key[3-4].db Resolves: #964 Signed-off-by: Pavel Moravec <pmoravec@redhat.com>
-rw-r--r--sos/plugins/ds.py2
-rw-r--r--sos/plugins/openswan.py2
-rw-r--r--sos/plugins/smartcard.py1
3 files changed, 4 insertions, 1 deletions
diff --git a/sos/plugins/ds.py b/sos/plugins/ds.py
index 8a2babc6..2def2622 100644
--- a/sos/plugins/ds.py
+++ b/sos/plugins/ds.py
@@ -43,7 +43,7 @@ class DirectoryServer(Plugin, RedHatPlugin):
self.add_forbidden_path("/etc/dirsrv/slapd*/key3.db")
self.add_forbidden_path("/etc/dirsrv/slapd*/pwfile.txt")
self.add_forbidden_path("/etc/dirsrv/slapd*/*passw*")
- self.add_forbidden_path("/etc/dirsrv/admin-serv/key3.db")
+ self.add_forbidden_path("/etc/dirsrv/admin-serv/key[3-4].db")
self.add_forbidden_path("/etc/dirsrv/admin-serv/admpw")
self.add_forbidden_path("/etc/dirsrv/admin-serv/password.conf")
try:
diff --git a/sos/plugins/openswan.py b/sos/plugins/openswan.py
index 0da4e07d..44cd0463 100644
--- a/sos/plugins/openswan.py
+++ b/sos/plugins/openswan.py
@@ -42,4 +42,6 @@ class Openswan(Plugin, RedHatPlugin, DebianPlugin, UbuntuPlugin):
if self.get_option("ipsec-barf"):
self.add_cmd_output("ipsec barf")
+ self.add_forbidden_path("/etc/ipsec.d/key[3-4].db")
+
# vim: set et ts=4 sw=4 :
diff --git a/sos/plugins/smartcard.py b/sos/plugins/smartcard.py
index 4863499e..5a668ae1 100644
--- a/sos/plugins/smartcard.py
+++ b/sos/plugins/smartcard.py
@@ -37,5 +37,6 @@ class Smartcard(Plugin, RedHatPlugin):
"pklogin_finder debug",
"ls -nl /usr/lib*/pam_pkcs11/"
])
+ self.add_forbidden_path("/etc/pam_pkcs11/nssdb/key[3-4].db")
# vim: set et ts=4 sw=4 :