From 0aec209ec6870c6ec3cbb6e2209d35adb2b62009 Mon Sep 17 00:00:00 2001 From: Sandro Bonazzola Date: Tue, 16 Dec 2014 12:29:57 +0000 Subject: [PATCH] [ovirt] remove ovirt-engine setup answer file password leak Signed-off-by: Sandro Bonazzola Signed-off-by: Bryn M. Reeves --- sos/plugins/ovirt.py | 15 +++++++++++++++ 1 file changed, 15 insertions(+) diff --git a/sos/plugins/ovirt.py b/sos/plugins/ovirt.py index b169b90..407c918 100644 --- a/sos/plugins/ovirt.py +++ b/sos/plugins/ovirt.py @@ -171,4 +171,19 @@ class Ovirt(Plugin, RedHatPlugin): r'{key}=********'.format(key=key) ) + # Answer files contain passwords + for key in ( + 'OVESETUP_CONFIG/adminPassword', + 'OVESETUP_CONFIG/remoteEngineHostRootPassword', + 'OVESETUP_DWH_DB/password', + 'OVESETUP_DB/password', + 'OVESETUP_REPORTS_CONFIG/adminPassword', + 'OVESETUP_REPORTS_DB/password', + ): + self.do_path_regex_sub( + r'/var/lib/ovirt-engine/setup/answers/.*', + r'{key}=(.*)'.format(key=key), + r'{key}=********'.format(key=key) + ) + # vim: expandtab tabstop=4 shiftwidth=4 -- 1.8.3.1