aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorBryn M. Reeves <bmr@redhat.com>2014-07-18 19:05:12 +0100
committerBryn M. Reeves <bmr@redhat.com>2014-07-18 20:13:37 +0100
commit462c830fa661e308a52067fc8290b31e45be67c3 (patch)
treeff247ef91428e2ae5e2681761588d99b34f4cfaa
parent4f69d5c6e0ec24cd821c614977b328e8436a5456 (diff)
downloadsos-462c830fa661e308a52067fc8290b31e45be67c3.tar.gz
[ldap] add more forbidden paths and restrict file collection
Signed-off-by: Bryn M. Reeves <bmr@redhat.com>
Diffstat
-rw-r--r--sos/plugins/ldap.py11
1 files changed, 9 insertions, 2 deletions
diff --git a/sos/plugins/ldap.py b/sos/plugins/ldap.py
index a7ba9762..31a227ac 100644
--- a/sos/plugins/ldap.py
+++ b/sos/plugins/ldap.py
@@ -38,8 +38,15 @@ class RedHatLdap(Ldap, RedHatPlugin):
def setup(self):
super(RedHatLdap, self).setup()
+ self.add_forbidden_path("/etc/openldap/certs/password")
+ self.add_forbidden_path("/etc/openldap/certs/pwfile.txt")
+ self.add_forbidden_path("/etc/openldap/certs/pin.txt")
+ self.add_forbidden_path("/etc/openldap/certs/*passw*")
+ self.add_forbidden_path("/etc/openldap/certs/key3.db")
self.add_copy_specs([
- "/etc/openldap",
+ ldap_conf,
+ "/etc/openldap/certs/cert8.db",
+ "/etc/openldap/certs/secmod.db",
"/etc/nslcd.conf",
"/etc/pam_ldap.conf"
])
@@ -70,7 +77,7 @@ class DebianLdap(Ldap, DebianPlugin, UbuntuPlugin):
ldap_search = "ldapsearch -Q -LLL -Y EXTERNAL -H ldapi:/// "
self.add_copy_specs([
- "/etc/ldap/ldap.conf",
+ ldap_conf,
"/etc/slapd.conf",
"/etc/ldap/slapd.d"
])
generated by cgit (git 2.34.1) at 2024-11-13 10:54:33 +0000