|
 |
969eeb |
From 190a92a1b19a773d20c80739747e74ad215138ad Mon Sep 17 00:00:00 2001
|
|
|
969eeb |
From: Barbora Vassova <bvassova@redhat.com>
|
|
|
969eeb |
Date: Thu, 11 Jan 2024 13:18:43 +0100
|
|
|
969eeb |
Subject: [PATCH] [foreman] scrub admin init password in installer logs
|
|
|
969eeb |
Obfuscate several instances of passwords:
|
|
|
969eeb |
|
|
|
969eeb |
"--foreman-initial-admin-password", "mySecret",
|
|
|
969eeb |
+candlepin.amqp.keystore_password=secretHash1
|
|
|
969eeb |
+jpa.config.hibernate.connection.password=secretHash2
|
|
|
969eeb |
|
|
|
969eeb |
by enhancing the scrubbing of:
|
|
|
969eeb |
|
|
|
969eeb |
--password='secretPwd'
|
|
|
969eeb |
|
|
|
969eeb |
Relevant: #3475
|
|
|
969eeb |
|
|
|
969eeb |
Signed-off-by: Barbora Vassova <bvassova@redhat.com>
|
|
|
969eeb |
---
|
|
|
969eeb |
sos/plugins/foreman.py | 5 +++++
|
|
|
969eeb |
1 file changed, 5 insertions(+)
|
|
|
969eeb |
|
|
|
969eeb |
diff --git a/sos/plugins/foreman.py b/sos/plugins/foreman.py
|
|
|
969eeb |
index e0b6eeb159..891540fed6 100644
|
|
|
969eeb |
--- a/sos/plugins/foreman.py
|
|
|
969eeb |
+++ b/sos/plugins/foreman.py
|
|
|
969eeb |
@@ -290,7 +290,12 @@ def postproc(self):
|
|
|
969eeb |
"/var/log/foreman-installer/sat*",
|
|
|
969eeb |
sat_debug_reg,
|
|
|
969eeb |
r"\1 \2 ********")
|
|
|
969eeb |
+ # also hide passwords in yet different formats
|
|
|
969eeb |
self.do_path_regex_sub(
|
|
|
969eeb |
+ "/var/log/foreman-installer/sat*",
|
|
|
969eeb |
+ r"(\.|_|-)password(=\'|=|\", \")(\w*)",
|
|
|
969eeb |
+ r"\1password\2********")
|
|
|
969eeb |
+ self.do_path_regex_sub(
|
|
|
969eeb |
"/var/log/foreman-installer/foreman-proxy*",
|
|
|
969eeb |
r"(\s*proxy_password\s=) (.*)",
|
|
|
969eeb |
r"\1 ********")
|