commit 7e2eb09dc02eb90672ce16ac234812acb12eea48 Author: Bryn M. Reeves Date: Thu Aug 1 16:43:43 2013 +0100 Split kerberos data collection into separate plug-in The krb5 data collection in the samba plug-in is misplaced. Since this is collecting information about the system keytab move it to its own plug-in that can be activated on any kerberos enabled system. Signed-off-by: Bryn M. Reeves Conflicts: sos/plugins/samba.py diff --git a/sos/plugins/krb5.py b/sos/plugins/krb5.py new file mode 100644 index 0000000..72d7af0 --- /dev/null +++ b/sos/plugins/krb5.py @@ -0,0 +1,30 @@ +## Copyright (C) 2013 Red Hat, Inc., Bryn M. Reeves + +### This program is free software; you can redistribute it and/or modify +## it under the terms of the GNU General Public License as published by +## the Free Software Foundation; either version 2 of the License, or +## (at your option) any later version. + +## This program is distributed in the hope that it will be useful, +## but WITHOUT ANY WARRANTY; without even the implied warranty of +## MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +## GNU General Public License for more details. + +## You should have received a copy of the GNU General Public License +## along with this program; if not, write to the Free Software +## Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. + +from sos.plugins import Plugin, RedHatPlugin, DebianPlugin, UbuntuPlugin + +class krb5(sos.plugintools.PluginBase): + """Samba related information + """ + + packages = [ 'krb5-libs' ] + + def setup(self): + self.addCopySpecs([ + "/etc/krb5.conf", + "/etc/krb5.keytab"]) + return + diff --git a/sos/plugins/samba.py b/sos/plugins/samba.py index 2d1413b..4710e0b 100644 --- a/sos/plugins/samba.py +++ b/sos/plugins/samba.py @@ -26,3 +26,4 @@ class samba(sos.plugintools.PluginBase): self.collectExtOutput("/usr/bin/wbinfo --domain='.' -u") self.collectExtOutput("/usr/bin/testparm -s -v") return + commit 94644ddd187671a89cefb78dae9c1053b17aa3c8 Author: Bryn M. Reeves Date: Thu Aug 1 16:48:19 2013 +0100 Do not collect krb5.keytab Avoid collecting kerberos keytabs to prevent unintended information disclosures. Instead retrieve a list using the klist command. Also remove the duplicative collection of this information from the ipa plug-in (which should only be collecting non-system keytabs that are specific to the IPA tools). Signed-off-by: Bryn M. Reeves Conflicts: sos/plugins/ipa.py sos/plugins/krb5.py diff --git a/sos/plugins/krb5.py b/sos/plugins/krb5.py index 72d7af0..542a4de 100644 --- a/sos/plugins/krb5.py +++ b/sos/plugins/krb5.py @@ -23,8 +23,6 @@ class krb5(sos.plugintools.PluginBase): packages = [ 'krb5-libs' ] def setup(self): - self.addCopySpecs([ - "/etc/krb5.conf", - "/etc/krb5.keytab"]) - return + self.addCopySpec("/etc/krb5.conf") + self.collectExtOutput("/usr/bin/klist -ket /etc/krb5.keytab") diff --git a/sos/plugins/samba.py b/sos/plugins/samba.py index 4710e0b..0a90138 100644 --- a/sos/plugins/samba.py +++ b/sos/plugins/samba.py @@ -21,7 +21,7 @@ class samba(sos.plugintools.PluginBase): self.addCopySpec("/etc/samba") self.addCopySpec("/var/log/samba/*") self.addCopySpec("/etc/krb5.conf") - self.addCopySpec("/etc/krb5.keytab") + self.collectExtOutput("/usr/bin/klist -ket /etc/krb5.keytab") self.collectExtOutput("/usr/bin/wbinfo --domain='.' -g") self.collectExtOutput("/usr/bin/wbinfo --domain='.' -u") self.collectExtOutput("/usr/bin/testparm -s -v")