rpms / sos

Clone
Source Code
GIT

Files

c4 c5 c5-plus c6 c6-plus c7 c7-alt c7-atomic c7-beta c8 c8-beta c8s c9 c9-beta
  1.   c7
  2.   SOURCES
  3.   sos-RHELPLAN-143027-scrub-admin-init-password-in-installer-logs.patch
Blob Blame History Raw 
From 190a92a1b19a773d20c80739747e74ad215138ad Mon Sep 17 00:00:00 2001
From: Barbora Vassova <bvassova@redhat.com>
Date: Thu, 11 Jan 2024 13:18:43 +0100
Subject: [PATCH] [foreman] scrub admin init password in installer logs
 Obfuscate several instances of passwords:

"--foreman-initial-admin-password", "mySecret",
+candlepin.amqp.keystore_password=secretHash1
+jpa.config.hibernate.connection.password=secretHash2

by enhancing the scrubbing of:

--password='secretPwd'

Relevant: #3475

Signed-off-by: Barbora Vassova <bvassova@redhat.com>
---
 sos/plugins/foreman.py | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/sos/plugins/foreman.py b/sos/plugins/foreman.py
index e0b6eeb159..891540fed6 100644
--- a/sos/plugins/foreman.py
+++ b/sos/plugins/foreman.py
@@ -290,7 +290,12 @@ def postproc(self):
             "/var/log/foreman-installer/sat*",
             sat_debug_reg,
             r"\1 \2 ********")
+        # also hide passwords in yet different formats
         self.do_path_regex_sub(
+            "/var/log/foreman-installer/sat*",
+	    r"(\.|_|-)password(=\'|=|\", \")(\w*)",
+            r"\1password\2********")
+	self.do_path_regex_sub(
             "/var/log/foreman-installer/foreman-proxy*",
             r"(\s*proxy_password\s=) (.*)",
             r"\1 ********")

Powered by Pagure 5.14.1

SSH Hostkey/Fingerprint | Documentation