From fec14d2d9e0114e959d9626ca1457cd578c1d029 Mon Sep 17 00:00:00 2001 From: "Bryn M. Reeves" Date: Fri, 14 Feb 2014 20:12:14 +0000 Subject: [PATCH 23/72] Scrub ldap_default_authtok password in sssd plugin The file sssd.conf collected by the sssd plugin may contain an ldap password. Add a postproc() method to replace the string with blanks. Signed-off-by: Bryn M. Reeeves --- sos/plugins/sssd.py | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) diff --git a/sos/plugins/sssd.py b/sos/plugins/sssd.py index b28f4b4..0d201f4 100644 --- a/sos/plugins/sssd.py +++ b/sos/plugins/sssd.py @@ -24,7 +24,15 @@ class Sssd(Plugin): packages = ('sssd',) def setup(self): - self.add_copy_specs(["/etc/sssd", "/var/log/sssd/*"]) + self.add_copy_specs([ + "/etc/sssd/sssd.conf", + "/var/log/sssd/*" + ]) + + def postproc(self): + self.do_file_sub("/etc/sssd/sssd.conf", + r"(\s*ldap_default_authtok\s*=\s*)\S+", + r"\1********") class RedHatSssd(Sssd, RedHatPlugin): """sssd-related Diagnostic Information on Red Hat based distributions -- 1.9.3