commit c18486621d2df774f270f8bc1dc602d6487681aa Author: Bryn M. Reeves Date: Thu Aug 1 16:43:43 2013 +0100 Split kerberos data collection into separate plug-in The krb5 data collection in the samba plug-in is misplaced. Since this is collecting information about the system keytab move it to its own plug-in that can be activated on any kerberos enabled system. Signed-off-by: Bryn M. Reeves diff --git a/sos/plugins/krb5.py b/sos/plugins/krb5.py new file mode 100644 index 0000000..d9dca89 --- /dev/null +++ b/sos/plugins/krb5.py @@ -0,0 +1,29 @@ +## Copyright (C) 2013 Red Hat, Inc., Bryn M. Reeves + +### This program is free software; you can redistribute it and/or modify +## it under the terms of the GNU General Public License as published by +## the Free Software Foundation; either version 2 of the License, or +## (at your option) any later version. + +## This program is distributed in the hope that it will be useful, +## but WITHOUT ANY WARRANTY; without even the implied warranty of +## MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +## GNU General Public License for more details. + +## You should have received a copy of the GNU General Public License +## along with this program; if not, write to the Free Software +## Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. + +from sos.plugins import Plugin, RedHatPlugin, DebianPlugin, UbuntuPlugin + +class Krb5(Plugin, RedHatPlugin, DebianPlugin, UbuntuPlugin): + """Kerberos related information + """ + packages = ('krb5-libs', 'krb5-user') + plugin_name = 'krb5' + + def setup(self): + self.add_copy_specs([ + "/etc/krb5.conf", + "/etc/krb5.keytab"]) + diff --git a/sos/plugins/samba.py b/sos/plugins/samba.py index f3a44b7..f3dc862 100644 --- a/sos/plugins/samba.py +++ b/sos/plugins/samba.py @@ -14,9 +14,10 @@ from sos.plugins import Plugin, RedHatPlugin, DebianPlugin, UbuntuPlugin -class Samba(Plugin): +class Samba(Plugin, RedHatPlugin, DebianPlugin, UbuntuPlugin): """Samba related information """ + packages = ('samba-common',) plugin_name = "samba" def setup(self): @@ -27,19 +28,3 @@ class Samba(Plugin): self.add_cmd_output("wbinfo --domain='.' -u") self.add_cmd_output("testparm -s -v") - -class RedHatSamba(Samba, RedHatPlugin): - """Samba related information for RedHat based distributions - """ - def setup(self): - super(RedHatSamba, self).setup() - # FIXME: krb5 specific - self.add_copy_specs([ - "/etc/krb5.conf", - "/etc/krb5.keytab"]) - -class DebianSamba(Samba, DebianPlugin, UbuntuPlugin): - """Samba related information for Debian based distributions - """ - def setup(self): - super(DebianSamba, self).setup() commit 54eb134fb78a64782560df8f0aa2f5e51c6ae410 Author: Bryn M. Reeves Date: Thu Aug 1 16:48:19 2013 +0100 Do not collect krb5.keytab Avoid collecting kerberos keytabs to prevent unintended information disclosures. Instead retrieve a list using the klist command. Also remove the duplicative collection of this information from the ipa plug-in (which should only be collecting non-system keytabs that are specific to the IPA tools). Signed-off-by: Bryn M. Reeves diff --git a/sos/plugins/ipa.py b/sos/plugins/ipa.py index 3244f34..0061659 100644 --- a/sos/plugins/ipa.py +++ b/sos/plugins/ipa.py @@ -73,7 +73,6 @@ class Ipa(Plugin, RedHatPlugin): self.add_cmd_output("klist -ket /etc/dirsrv/ds.keytab") self.add_cmd_output("klist -ket /etc/httpd/conf/ipa.keytab") - self.add_cmd_output("klist -ket /etc/krb5.keytab") return diff --git a/sos/plugins/krb5.py b/sos/plugins/krb5.py index d9dca89..0d33094 100644 --- a/sos/plugins/krb5.py +++ b/sos/plugins/krb5.py @@ -23,7 +23,6 @@ class Krb5(Plugin, RedHatPlugin, DebianPlugin, UbuntuPlugin): plugin_name = 'krb5' def setup(self): - self.add_copy_specs([ - "/etc/krb5.conf", - "/etc/krb5.keytab"]) + self.add_copy_spec("/etc/krb5.conf") + self.add_cmd_output("klist -ket /etc/krb5.keytab")