From 29a40b793345443b1fa71ca268858eb5536ecd8d Mon Sep 17 00:00:00 2001 From: "Bryn M. Reeves" Date: Thu, 26 Apr 2018 13:33:20 +0100 Subject: [plugins] convert plugins to new add_forbidden_path() Replace multiple calls to add_forbidden_path() with a single call passing a list of paths to blacklist. Signed-off-by: Bryn M. Reeves --- sos/plugins/apparmor.py | 10 +++++++--- sos/plugins/ceph.py | 26 ++++++++++++-------------- sos/plugins/ds.py | 17 ++++++++++------- sos/plugins/ipa.py | 22 ++++++++++++---------- sos/plugins/ldap.py | 13 ++++++++----- sos/plugins/libvirt.py | 11 ++++++----- sos/plugins/named.py | 8 ++++---- sos/plugins/networking.py | 19 +++++++++++-------- sos/plugins/nss.py | 9 ++++++--- sos/plugins/ovirt.py | 7 +++++-- sos/plugins/pcp.py | 10 ++++++---- sos/plugins/rear.py | 6 ++++-- sos/plugins/system.py | 8 ++++---- sos/plugins/x11.py | 8 ++++++-- sos/plugins/yum.py | 7 +++++-- 15 files changed, 106 insertions(+), 75 deletions(-) diff --git a/sos/plugins/apparmor.py b/sos/plugins/apparmor.py index 0ff63850..6c322c95 100644 --- a/sos/plugins/apparmor.py +++ b/sos/plugins/apparmor.py @@ -28,9 +28,13 @@ class Apparmor(Plugin, UbuntuPlugin): self.add_copy_spec([ "/etc/apparmor*" ]) - self.add_forbidden_path("/etc/apparmor.d/cache") - self.add_forbidden_path("/etc/apparmor.d/libvirt/libvirt*") - self.add_forbidden_path("/etc/apparmor.d/abstractions") + + self.add_forbidden_path([ + "/etc/apparmor.d/cache", + "/etc/apparmor.d/libvirt/libvirt*", + "etc/apparmor.d/abstractions" + ]) + self.add_cmd_output([ "apparmor_status", "ls -alh /etc/apparmor.d/abstractions", diff --git a/sos/plugins/ceph.py b/sos/plugins/ceph.py index 0b375d17..0006f2fe 100644 --- a/sos/plugins/ceph.py +++ b/sos/plugins/ceph.py @@ -75,19 +75,17 @@ class Ceph(Plugin, RedHatPlugin, UbuntuPlugin): "ceph-disk list" ]) - self.add_forbidden_path("/etc/ceph/*keyring*") - self.add_forbidden_path("/var/lib/ceph/*keyring*") - self.add_forbidden_path("/var/lib/ceph/*/*keyring*") - self.add_forbidden_path("/var/lib/ceph/*/*/*keyring*") - self.add_forbidden_path("/var/lib/ceph/osd/*") - self.add_forbidden_path("/var/lib/ceph/mon/*") - -# Excludes temporary ceph-osd mount location like -# /var/lib/ceph/tmp/mnt.XXXX from sos collection. -# In the /var/lib/ceph/tmp/ can still other files of potential -# interest exists, so exclude only known temporary mount locations. - - self.add_forbidden_path("/var/lib/ceph/tmp/*mnt*") - self.add_forbidden_path("/etc/ceph/*bindpass*") + self.add_forbidden_path([ + "/etc/ceph/*keyring*", + "/var/lib/ceph/*keyring*", + "/var/lib/ceph/*/*keyring*", + "/var/lib/ceph/*/*/*keyring*", + "/var/lib/ceph/osd/*", + "/var/lib/ceph/mon/*", + # Excludes temporary ceph-osd mount location like + # /var/lib/ceph/tmp/mnt.XXXX from sos collection. + "var/lib/ceph/tmp/*mnt*", + "/etc/ceph/*bindpass*" + ]) # vim: set et ts=4 sw=4 : diff --git a/sos/plugins/ds.py b/sos/plugins/ds.py index 4a7f5851..78787f18 100644 --- a/sos/plugins/ds.py +++ b/sos/plugins/ds.py @@ -39,13 +39,16 @@ class DirectoryServer(Plugin, RedHatPlugin): return False def setup(self): - self.add_forbidden_path("/etc/dirsrv/slapd*/pin.txt") - self.add_forbidden_path("/etc/dirsrv/slapd*/key3.db") - self.add_forbidden_path("/etc/dirsrv/slapd*/pwfile.txt") - self.add_forbidden_path("/etc/dirsrv/slapd*/*passw*") - self.add_forbidden_path("/etc/dirsrv/admin-serv/key[3-4].db") - self.add_forbidden_path("/etc/dirsrv/admin-serv/admpw") - self.add_forbidden_path("/etc/dirsrv/admin-serv/password.conf") + self.add_forbidden_path([ + "/etc/dirsrv/slapd*/pin.txt", + "/etc/dirsrv/slapd*/key3.db", + "/etc/dirsrv/slapd*/pwfile.txt", + "/etc/dirsrv/slapd*/*passw*", + "/etc/dirsrv/admin-serv/key[3-4].db", + "/etc/dirsrv/admin-serv/admpw", + "/etc/dirsrv/admin-serv/password.conf" + ]) + try: for d in os.listdir("/etc/dirsrv"): if d[0:5] == 'slapd': diff --git a/sos/plugins/ipa.py b/sos/plugins/ipa.py index 08f9bcf1..916df45a 100644 --- a/sos/plugins/ipa.py +++ b/sos/plugins/ipa.py @@ -120,12 +120,6 @@ class Ipa(Plugin, RedHatPlugin): "/var/lib/certmonger/cas/[0-9]*" ]) - self.add_forbidden_path("/etc/pki/nssdb/key*") - self.add_forbidden_path("/etc/dirsrv/slapd-*/key*") - self.add_forbidden_path("/etc/dirsrv/slapd-*/pin.txt") - self.add_forbidden_path("/etc/dirsrv/slapd-*/pwdfile.txt") - self.add_forbidden_path("/etc/named.keytab") - # Make sure to use the right PKI config and NSS DB folders if ipa_version == "v4": self.pki_tomcat_dir = self.pki_tomcat_dir_v4 @@ -136,9 +130,17 @@ class Ipa(Plugin, RedHatPlugin): self.add_cmd_output("certutil -L -d %s/alias" % self.pki_tomcat_dir) self.add_copy_spec("%s/CS.cfg" % self.pki_tomcat_conf_dir) - self.add_forbidden_path("%s/alias/key*" % self.pki_tomcat_dir) - self.add_forbidden_path("%s/flatfile.txt" % self.pki_tomcat_conf_dir) - self.add_forbidden_path("%s/password.conf" % self.pki_tomcat_conf_dir) + + self.add_forbidden_path([ + "/etc/pki/nssdb/key*", + "/etc/dirsrv/slapd-*/key*", + "/etc/dirsrv/slapd-*/pin.txt", + "/etc/dirsrv/slapd-*/pwdfile.txt", + "/etc/named.keytab", + "%s/alias/key*" % self.pki_tomcat_dir, + "%s/flatfile.txt" % self.pki_tomcat_conf_dir, + "%s/password.conf" % self.pki_tomcat_conf_dir, + ]) self.add_cmd_output([ "ls -la /etc/dirsrv/slapd-*/schema/", @@ -149,7 +151,7 @@ class Ipa(Plugin, RedHatPlugin): ]) for certdb_directory in glob("/etc/dirsrv/slapd-*/"): - self.add_cmd_output(["certutil -L -d %s" % certdb_directory]) + self.add_cmd_output("certutil -L -d %s" % certdb_directory) return def postproc(self): diff --git a/sos/plugins/ldap.py b/sos/plugins/ldap.py index d2a03c2d..b9ae6f7c 100644 --- a/sos/plugins/ldap.py +++ b/sos/plugins/ldap.py @@ -38,11 +38,14 @@ class RedHatLdap(Ldap, RedHatPlugin): def setup(self): super(RedHatLdap, self).setup() - self.add_forbidden_path("/etc/openldap/certs/password") - self.add_forbidden_path("/etc/openldap/certs/pwfile.txt") - self.add_forbidden_path("/etc/openldap/certs/pin.txt") - self.add_forbidden_path("/etc/openldap/certs/*passw*") - self.add_forbidden_path("/etc/openldap/certs/key3.db") + self.add_forbidden_path([ + "/etc/openldap/certs/password", + "/etc/openldap/certs/pwfile.txt", + "/etc/openldap/certs/pin.txt", + "/etc/openldap/certs/*passw*", + "/etc/openldap/certs/key3.db" + ]) + self.add_copy_spec([ self.ldap_conf, "/etc/openldap/certs/cert8.db", diff --git a/sos/plugins/libvirt.py b/sos/plugins/libvirt.py index 4dad3d3a..68930db0 100644 --- a/sos/plugins/libvirt.py +++ b/sos/plugins/libvirt.py @@ -28,11 +28,12 @@ class Libvirt(Plugin, RedHatPlugin, UbuntuPlugin, DebianPlugin): libvirt_keytab = "/etc/libvirt/krb5.tab" # authentication databases used for libvirt SASL authentication - self.add_forbidden_path("/etc/libvirt/passwd.db") - self.add_forbidden_path("/etc/libvirt/krb5.tab") - - self.add_forbidden_path("/var/lib/libvirt/qemu/*/master-key.aes") - self.add_forbidden_path("/etc/libvirt/secrets") + self.add_forbidden_path([ + "/etc/libvirt/passwd.db", + "/etc/libvirt/krb5.tab", + "/var/lib/libvirt/qemu/*/master-key.aes", + "/etc/libvirt/secrets" + ]) self.add_copy_spec([ "/etc/libvirt/libvirt.conf", diff --git a/sos/plugins/named.py b/sos/plugins/named.py index ae888b6c..15107ca5 100644 --- a/sos/plugins/named.py +++ b/sos/plugins/named.py @@ -32,10 +32,10 @@ class Named(Plugin): cfg, self.get_dns_dir(cfg) ]) - self.add_forbidden_path(join(self.get_dns_dir(cfg), - "chroot/dev")) - self.add_forbidden_path(join(self.get_dns_dir(cfg), - "chroot/proc")) + self.add_forbidden_path([ + join(self.get_dns_dir(cfg), "chroot/dev"), + join(self.get_dns_dir(cfg), "chroot/proc") + ]) def get_dns_dir(self, config_file): """ grab directory path from named{conf,boot} diff --git a/sos/plugins/networking.py b/sos/plugins/networking.py index 9612c424..e4e2bcd0 100644 --- a/sos/plugins/networking.py +++ b/sos/plugins/networking.py @@ -140,14 +140,17 @@ class Networking(Plugin): "/sys/class/net/*/flags", "/etc/iproute2" ]) - self.add_forbidden_path("/proc/net/rpc/use-gss-proxy") - self.add_forbidden_path("/proc/net/rpc/*/channel") - self.add_forbidden_path("/proc/net/rpc/*/flush") - # Cisco CDP - self.add_forbidden_path("/proc/net/cdp") - self.add_forbidden_path("/sys/net/cdp") - # Dialogic Diva - self.add_forbidden_path("/proc/net/eicon") + + self.add_forbidden_path([ + "/proc/net/rpc/use-gss-proxy", + "/proc/net/rpc/*/channel", + "/proc/net/rpc/*/flush", + # Cisco CDP + "/proc/net/cdp", + "/sys/net/cdp", + # Dialogic Diva + "/proc/net/eicon" + ]) self.add_cmd_output("ip -o addr", root_symlink="ip_addr") self.add_cmd_output("route -n", root_symlink="route") diff --git a/sos/plugins/nss.py b/sos/plugins/nss.py index 859e0bde..f22372e1 100644 --- a/sos/plugins/nss.py +++ b/sos/plugins/nss.py @@ -25,9 +25,12 @@ class NSS(Plugin, RedHatPlugin, DebianPlugin, UbuntuPlugin): verify_packages = ('nss.*',) def setup(self): - self.add_forbidden_path("/etc/pki/nssdb/cert*") - self.add_forbidden_path("/etc/pki/nssdb/key*") - self.add_forbidden_path("/etc/pki/nssdb/secmod.db") + self.add_forbidden_path([ + "/etc/pki/nssdb/cert*", + "/etc/pki/nssdb/key*", + "/etc/pki/nssdb/secmod.db" + ]) + self.add_copy_spec("/etc/pki/nssdb/pkcs11.txt") # vim: set et ts=4 sw=4 : diff --git a/sos/plugins/ovirt.py b/sos/plugins/ovirt.py index 68fcdcaa..ebda0a55 100644 --- a/sos/plugins/ovirt.py +++ b/sos/plugins/ovirt.py @@ -82,8 +82,11 @@ class Ovirt(Plugin, RedHatPlugin): except OSError as e: self.soslog.error('Unable to send signal to %d' % pid, e) - self.add_forbidden_path('/etc/ovirt-engine/.pgpass') - self.add_forbidden_path('/etc/rhevm/.pgpass') + self.add_forbidden_path([ + '/etc/ovirt-engine/.pgpass', + '/etc/rhevm/.pgpass' + ]) + # Copy all engine tunables and domain information self.add_cmd_output("engine-config --all") diff --git a/sos/plugins/pcp.py b/sos/plugins/pcp.py index 8f17a5de..d40ec35f 100644 --- a/sos/plugins/pcp.py +++ b/sos/plugins/pcp.py @@ -99,10 +99,12 @@ class Pcp(Plugin, RedHatPlugin, DebianPlugin): # pmlogrewrite} as in 99% of the cases they are just copies from the # rpms. It does not make up for a lot of size but it contains many # files - self.add_forbidden_path(os.path.join(var_conf_dir, 'pmchart')) - self.add_forbidden_path(os.path.join(var_conf_dir, 'pmlogconf')) - self.add_forbidden_path(os.path.join(var_conf_dir, 'pmieconf')) - self.add_forbidden_path(os.path.join(var_conf_dir, 'pmlogrewrite')) + self.add_forbidden_path([ + os.path.join(var_conf_dir, 'pmchart'), + os.path.join(var_conf_dir, 'pmlogconf'), + os.path.join(var_conf_dir, 'pmieconf'), + os.path.join(var_conf_dir, 'pmlogrewrite') + ]) # Take PCP_LOG_DIR/pmlogger/`hostname` + PCP_LOG_DIR/pmmgr/`hostname` # The *default* directory structure for pmlogger is the following: diff --git a/sos/plugins/rear.py b/sos/plugins/rear.py index c70663c4..1d4439b4 100644 --- a/sos/plugins/rear.py +++ b/sos/plugins/rear.py @@ -29,8 +29,10 @@ class Rear(Plugin, RedHatPlugin): limit = self.get_option('log_size') # don't collect recovery ISOs or tar archives - self.add_forbidden_path('/var/log/rear/*.iso') - self.add_forbidden_path('/var/log/rear/*.tar.gz') + self.add_forbidden_path([ + '/var/log/rear/*.iso', + '/var/log/rear/*.tar.gz' + ]) rdirs = [ '/etc/rear/*conf', diff --git a/sos/plugins/system.py b/sos/plugins/system.py index dad5f6d4..9229088d 100644 --- a/sos/plugins/system.py +++ b/sos/plugins/system.py @@ -30,10 +30,10 @@ class System(Plugin, RedHatPlugin, DebianPlugin, UbuntuPlugin): "/etc/default", ]) - self.add_forbidden_path( - "/proc/sys/net/ipv6/neigh/*/retrans_time") - self.add_forbidden_path( - "/proc/sys/net/ipv6/neigh/*/base_reachable_time") + self.add_forbidden_path([ + "/proc/sys/net/ipv6/neigh/*/retrans_time", + "/proc/sys/net/ipv6/neigh/*/base_reachable_time" + ]) # vim: set et ts=4 sw=4 : diff --git a/sos/plugins/x11.py b/sos/plugins/x11.py index 92b8fcbc..72b77b90 100644 --- a/sos/plugins/x11.py +++ b/sos/plugins/x11.py @@ -30,8 +30,12 @@ class X11(Plugin, RedHatPlugin, DebianPlugin, UbuntuPlugin): "/var/log/Xorg.*.log", "/var/log/XFree86.*.log", ]) - self.add_forbidden_path("/etc/X11/X") - self.add_forbidden_path("/etc/X11/fontpath.d") + + self.add_forbidden_path([ + "/etc/X11/X", + "/etc/X11/fontpath.d" + ]) + self.add_cmd_output([ "xrandr --verbose" ]) diff --git a/sos/plugins/yum.py b/sos/plugins/yum.py index 1746389c..c8124204 100644 --- a/sos/plugins/yum.py +++ b/sos/plugins/yum.py @@ -65,8 +65,11 @@ class Yum(Plugin, RedHatPlugin): self.add_copy_spec("/etc/yum/pluginconf.d") # candlepin info - self.add_forbidden_path("/etc/pki/entitlement/key.pem") - self.add_forbidden_path("/etc/pki/entitlement/*-key.pem") + self.add_forbidden_path([ + "/etc/pki/entitlement/key.pem", + "/etc/pki/entitlement/*-key.pem" + ]) + self.add_copy_spec([ "/etc/pki/product/*.pem", "/etc/pki/consumer/cert.pem", -- cgit