[iscsi] Mask passwords in iscsid.conf file

The following passwords are collected unencrypted: node.session.auth.password discovery.sendtargets.auth.password This patch ofbuscates these two entries in /etc/iscsi/iscsid.conf Resolves: #2461 Signed-off-by: Jose Castillo <jcastillo@redhat.com> Signed-off-by: Jake Hunsaker <jhunsake@redhat.com>
author: Jose Castillo <jcastillo@redhat.com> 2021-03-24 10:25:36 +0100
committer: Jake Hunsaker <jhunsake@redhat.com> 2021-03-25 14:36:53 -0400
commit: a5d157b2f9b3dfdf218653ec484c92d65a909497 (patch)
tree: 2924f2de49fa8dbcf122a2305c83a192e8a69e3b
parent: a8b421478830c7dc99da41bd6fc6d90a7fd8fcf9 (diff)
download: sos-a5d157b2f9b3dfdf218653ec484c92d65a909497.tar.gz
1 files changed, 14 insertions, 0 deletions
diff --git a/sos/report/plugins/iscsi.py b/sos/report/plugins/iscsi.py
index 74d2704d..70b130ee 100644
--- a/sos/report/plugins/iscsi.py
+++ b/sos/report/plugins/iscsi.py
@@ -33,6 +33,20 @@ class Iscsi(Plugin):
             "iscsiadm -m node --op=show"
         ])
 
+    def postproc(self):
+        # Example for scrubbing node.session.auth.password
+        #
+        # node.session.auth.password = jfaiu1nNQJcsa,sti4lho'jZia=ia
+        #
+        # to
+        #
+        # node.session.auth.password = ********
+        nodesessionpwd = r"(node\.session\.auth\.password\s+=\s+)(\S+)"
+        discoverypwd = r"(discovery\.sendtargets\.auth\.password\s+=\s+)(\S+)"
+        repl = r"\1********\n"
+        self.do_path_regex_sub('/etc/iscsi/iscsid.conf', nodesessionpwd, repl)
+        self.do_path_regex_sub('/etc/iscsi/iscsid.conf', discoverypwd, repl)
+
 
 class RedHatIscsi(Iscsi, RedHatPlugin):
author	Jose Castillo <jcastillo@redhat.com>	2021-03-24 10:25:36 +0100
committer	Jake Hunsaker <jhunsake@redhat.com>	2021-03-25 14:36:53 -0400
commit	a5d157b2f9b3dfdf218653ec484c92d65a909497 (patch)
tree	2924f2de49fa8dbcf122a2305c83a192e8a69e3b
parent	a8b421478830c7dc99da41bd6fc6d90a7fd8fcf9 (diff)
download	sos-a5d157b2f9b3dfdf218653ec484c92d65a909497.tar.gz