From c8f62ea4b6193a175add12e1795c18dad500c38e Mon Sep 17 00:00:00 2001

From: Pavel Moravec <pmoravec@redhat.com>

Date: Tue, 2 Aug 2016 11:55:23 +0200

Subject: [PATCH] [ceph] skip collecting of all keyring and bindpass files

Do not collect any keyring files - expand the add_forbidden_path

regular expressions accordingly to cover there filenames like:

/var/lib/ceph/tmp/keyring.mon.magna055

Do not either collect any /etc/ceph/*bindpass* that can store LDAP

bind passwords.

Resolves: #861

Signed-off-by: Pavel Moravec <pmoravec@redhat.com>

---

 sos/plugins/ceph.py | 9 +++++----

 1 file changed, 5 insertions(+), 4 deletions(-)

diff --git a/sos/plugins/ceph.py b/sos/plugins/ceph.py

index 10fee88..74b7c4c 100644

--- a/sos/plugins/ceph.py

+++ b/sos/plugins/ceph.py

@@ -59,11 +59,12 @@ class Ceph(Plugin, RedHatPlugin, UbuntuPlugin):

             "ceph report"

         ])

-        self.add_forbidden_path("/etc/ceph/*keyring")

-        self.add_forbidden_path("/var/lib/ceph/*keyring")

-        self.add_forbidden_path("/var/lib/ceph/*/*keyring")

-        self.add_forbidden_path("/var/lib/ceph/*/*/*keyring")

+        self.add_forbidden_path("/etc/ceph/*keyring*")

+        self.add_forbidden_path("/var/lib/ceph/*keyring*")

+        self.add_forbidden_path("/var/lib/ceph/*/*keyring*")

+        self.add_forbidden_path("/var/lib/ceph/*/*/*keyring*")

         self.add_forbidden_path("/var/lib/ceph/osd/*")

         self.add_forbidden_path("/var/lib/ceph/osd/mon/*")

+        self.add_forbidden_path("/etc/ceph/*bindpass*")

 # vim: set et ts=4 sw=4 :

-- 

2.4.11