diff options
author | Jose Castillo <jcastillo@redhat.com> | 2021-03-24 10:25:36 +0100 |
---|---|---|
committer | Jake Hunsaker <jhunsake@redhat.com> | 2021-03-25 14:36:53 -0400 |
commit | a5d157b2f9b3dfdf218653ec484c92d65a909497 (patch) | |
tree | 2924f2de49fa8dbcf122a2305c83a192e8a69e3b | |
parent | a8b421478830c7dc99da41bd6fc6d90a7fd8fcf9 (diff) | |
download | sos-a5d157b2f9b3dfdf218653ec484c92d65a909497.tar.gz |
[iscsi] Mask passwords in iscsid.conf file
The following passwords are collected unencrypted:
node.session.auth.password
discovery.sendtargets.auth.password
This patch ofbuscates these two entries in
/etc/iscsi/iscsid.conf
Resolves: #2461
Signed-off-by: Jose Castillo <jcastillo@redhat.com>
Signed-off-by: Jake Hunsaker <jhunsake@redhat.com>
-rw-r--r-- | sos/report/plugins/iscsi.py | 14 |
1 files changed, 14 insertions, 0 deletions
diff --git a/sos/report/plugins/iscsi.py b/sos/report/plugins/iscsi.py index 74d2704d..70b130ee 100644 --- a/sos/report/plugins/iscsi.py +++ b/sos/report/plugins/iscsi.py @@ -33,6 +33,20 @@ class Iscsi(Plugin): "iscsiadm -m node --op=show" ]) + def postproc(self): + # Example for scrubbing node.session.auth.password + # + # node.session.auth.password = jfaiu1nNQJcsa,sti4lho'jZia=ia + # + # to + # + # node.session.auth.password = ******** + nodesessionpwd = r"(node\.session\.auth\.password\s+=\s+)(\S+)" + discoverypwd = r"(discovery\.sendtargets\.auth\.password\s+=\s+)(\S+)" + repl = r"\1********\n" + self.do_path_regex_sub('/etc/iscsi/iscsid.conf', nodesessionpwd, repl) + self.do_path_regex_sub('/etc/iscsi/iscsid.conf', discoverypwd, repl) + class RedHatIscsi(Iscsi, RedHatPlugin): |