Clear passwords present in some collected log files
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
StarlingX |
Fix Released
|
Medium
|
Enzo Candotti |
Bug Description
Brief Description
-----------------
It is found that some files collected by "collect" tool have clear passwords in them. In particular:
var/extra/
var/extra/
var/extra/
Severity
--------
Minor
Steps to Reproduce
------------------
Run "collect" to collect logs as sysadmin.
Expected Behavior
------------------
There are no clear passwords in the 3 collected files.
Actual Behavior
----------------
There are clear passwords in the 3 collected files.
Reproducibility
---------------
100% reproducible
System Configuration
-------
Any
Branch/Pull Time/Commit
-------
Latest from stx master
Last Pass
---------
Unknown
Timestamp/Logs
--------------
N/A
Test Activity
-------------
Developer Testing
Workaround
----------
N/A
Changed in starlingx: | |
importance: | Undecided → Medium |
status: | New → Triaged |
tags: | added: stx.5.0 |
Changed in starlingx: | |
assignee: | nobody → Gustavo Dobro (mgdobro) |
Changed in starlingx: | |
assignee: | Gustavo Dobro (mgdobro) → Enzo Candotti (ecandotti) |
Changed in starlingx: | |
status: | Triaged → In Progress |
Changed in starlingx: | |
status: | In Progress → Fix Committed |
It it noticed in collect_ mask_passwords, the file path "/var/extra/ platform/ " is used in several places while the collect actually collects files in "/var/extra/ opt/platform/ ", missing "/opt/" in them.
This will cause the passwords in sysinv.conf.default not masked.
As for the secure_static.yaml and secure_system.yaml, looks like we just want to delete them from the final collected tar ball (this makes sense as masking the passwords up in these 2 files is equivalent to just remove them), but since the path is wrong, they are not deleted.