From 189586728de22dd55122c1f7e06b19590f9a788f Mon Sep 17 00:00:00 2001 From: Jake Hunsaker Date: Tue, 30 Nov 2021 12:47:58 -0500 Subject: [username] Improve username sourcing and remove case sensitivity First, don't skip the first line of `last` output, and instead add the header from lastlog to the skip list. Additionally, add `/etc/cron.allow` and `/etc/cron.deny` as sources for usernames that might not appear in other locations in certain environments. Also, make matching and replacement case insensitive. Signed-off-by: Jake Hunsaker --- sos/cleaner/archives/sos.py | 4 +++- sos/cleaner/mappings/username_map.py | 2 +- sos/cleaner/parsers/username_parser.py | 14 +++++++++----- 3 files changed, 13 insertions(+), 7 deletions(-) diff --git a/sos/cleaner/archives/sos.py b/sos/cleaner/archives/sos.py index f8720c88..12766496 100644 --- a/sos/cleaner/archives/sos.py +++ b/sos/cleaner/archives/sos.py @@ -35,7 +35,9 @@ class SoSReportArchive(SoSObfuscationArchive): 'sos_commands/login/lastlog_-u_65537-4294967295', # AD users will be reported here, but favor the lastlog files since # those will include local users who have not logged in - 'sos_commands/login/last' + 'sos_commands/login/last', + 'etc/cron.allow', + 'etc/cron.deny' ] } diff --git a/sos/cleaner/mappings/username_map.py b/sos/cleaner/mappings/username_map.py index cdbf36fe..7ecccd7b 100644 --- a/sos/cleaner/mappings/username_map.py +++ b/sos/cleaner/mappings/username_map.py @@ -33,5 +33,5 @@ class SoSUsernameMap(SoSMap): ob_name = "obfuscateduser%s" % self.name_count self.name_count += 1 if ob_name in self.dataset.values(): - return self.sanitize_item(username) + return self.sanitize_item(username.lower()) return ob_name diff --git a/sos/cleaner/parsers/username_parser.py b/sos/cleaner/parsers/username_parser.py index 35377a31..229c7de4 100644 --- a/sos/cleaner/parsers/username_parser.py +++ b/sos/cleaner/parsers/username_parser.py @@ -8,6 +8,7 @@ # # See the LICENSE file in the source distribution for further information. +import re from sos.cleaner.parsers import SoSCleanerParser from sos.cleaner.mappings.username_map import SoSUsernameMap @@ -34,6 +35,7 @@ class SoSUsernameParser(SoSCleanerParser): 'reboot', 'root', 'ubuntu', + 'username', 'wtmp' ] @@ -47,12 +49,12 @@ class SoSUsernameParser(SoSCleanerParser): this parser, we need to override the initial parser prepping here. """ users = set() - for line in content.splitlines()[1:]: + for line in content.splitlines(): try: user = line.split()[0] except Exception: continue - if user in self.skip_list: + if user.lower() in self.skip_list: continue users.add(user) for each in users: @@ -61,7 +63,9 @@ class SoSUsernameParser(SoSCleanerParser): def parse_line(self, line): count = 0 for username in sorted(self.mapping.dataset.keys(), reverse=True): - if username in line: - count = line.count(username) - line = line.replace(username, self.mapping.get(username)) + _reg = re.compile(username, re.I) + if _reg.search(line): + line, count = _reg.subn( + self.mapping.get(username.lower()), line + ) return line, count -- cgit