89b86368f8
Update sos in rawhide to the upstream 3.2 release and additional patches including the fix for CVE-2015-7529.
63 lines
2.4 KiB
Diff
63 lines
2.4 KiB
Diff
From 0d2dd0d9ccc3242dd2dd4513924c8f308000242e Mon Sep 17 00:00:00 2001
|
|
From: Shane Bradley <sbradley@redhat.com>
|
|
Date: Wed, 6 May 2015 15:47:07 -0400
|
|
Subject: [PATCH] [cluster] enable crm_report password scrubbing
|
|
|
|
Default to specifying a password pattern of 'passw.*' when calling
|
|
the crm_report script. This causes matching strings to be elided
|
|
from the report data.
|
|
|
|
Since this scrubbing can affect the use of pacemaker state machine
|
|
snapshots for debugging the behaviour is controlled by a new option
|
|
that defaults to enabled: cluster.crm_scrub
|
|
|
|
This can be used to obtain an sosreport containing virgin crm_report
|
|
data with no password scrubbing:
|
|
|
|
# sosreport -k cluster.crm_scrub=False
|
|
|
|
Signed-off-by: Shane Bradley <sbradley@redhat.com>
|
|
Signed-off-by: Bryn M. Reeves <bmr@redhat.com>
|
|
---
|
|
sos/plugins/cluster.py | 14 +++++++++++---
|
|
1 file changed, 11 insertions(+), 3 deletions(-)
|
|
|
|
diff --git a/sos/plugins/cluster.py b/sos/plugins/cluster.py
|
|
index 8dd9a4d..084c030 100644
|
|
--- a/sos/plugins/cluster.py
|
|
+++ b/sos/plugins/cluster.py
|
|
@@ -25,10 +25,12 @@ class Cluster(Plugin, RedHatPlugin):
|
|
|
|
plugin_name = 'cluster'
|
|
profiles = ('cluster',)
|
|
+
|
|
option_list = [
|
|
("gfs2lockdump", 'gather output of gfs2 lockdumps', 'slow', False),
|
|
("crm_from", 'specify the start time for crm_report', 'fast', False),
|
|
- ('lockdump', 'gather dlm lockdumps', 'slow', False)
|
|
+ ('lockdump', 'gather dlm lockdumps', 'slow', False),
|
|
+ ('crm_scrub', 'enable password scrubbing for crm_report', '', True),
|
|
]
|
|
|
|
packages = [
|
|
@@ -112,8 +114,14 @@ class Cluster(Plugin, RedHatPlugin):
|
|
"default" % self.get_option('crm_from'))
|
|
|
|
crm_dest = self.get_cmd_output_path(name='crm_report', make=False)
|
|
- self.add_cmd_output('crm_report -S -d --dest %s --from "%s"'
|
|
- % (crm_dest, crm_from))
|
|
+ crm_scrub = '-p "passw.*"'
|
|
+ if not self.get_option("crm_scrub"):
|
|
+ crm_scrub = ''
|
|
+ self._log_warn("scrubbing of crm passwords has been disabled:")
|
|
+ self._log_warn("data collected by crm_report may contain"
|
|
+ " sensitive values.")
|
|
+ self.add_cmd_output('crm_report %s -S -d --dest %s --from "%s"'
|
|
+ % (crm_scrub, crm_dest, crm_from))
|
|
|
|
def do_lockdump(self):
|
|
if self._mount_debug():
|
|
--
|
|
1.8.3.1
|
|
|