From 43cd10d392e64abd810b8032a01bcbf4a29524b6 Mon Sep 17 00:00:00 2001
From: Lu Yao Chen <luyao.chen@windriver.com>
Date: Mon, 23 Nov 2020 13:58:11 -0500
Subject: [PATCH] Masking passwords with collect script

Using collect script to mask cleartext password incidents
in /var/log/user.log, done by grepping for -password,
password: prefixes and headers and redacting password
with xxxxxx string, used user.log with cleartext
passwords to test

Partial-Bug: 1896116

Signed-off-by: Lu Yao Chen <luyao.chen@windriver.com>
Change-Id: I3a3c02b61994d53589d673b2335d0eb023adfac6
---
 tools/collector/scripts/collect_mask_passwords | 11 ++++++++---
 1 file changed, 8 insertions(+), 3 deletions(-)

diff --git a/tools/collector/scripts/collect_mask_passwords b/tools/collector/scripts/collect_mask_passwords
index 5cda3426..d881e95e 100644
--- a/tools/collector/scripts/collect_mask_passwords
+++ b/tools/collector/scripts/collect_mask_passwords
@@ -97,17 +97,21 @@ sed -i -r 's/(trap2sink  *[^ ]*).*/\1 xxxxxx/' ${COLLECT_NAME_DIR}/var/extra/pla
 USER_HISTORY_FILES=$(find ${COLLECT_NAME_DIR} -type f -name .bash_history 2>/dev/null)
 sed -i -r 's/(snmp-comm-(delete|show))  *((\"[^\"]*\"|'\''[^'"'"']*'"'"'|[^ ]*) *){1,}/\1 xxxxxx/;
            s/(snmp.*)  *(--community|-c)  *(\"[^\"]*\"|'\''[^'"'"']*'"'"'|[^ ]*)/\1 \2 xxxxxx/;
-           s/(password)=(\"[^\"]*\"|'\''[^'"'"']*'"'"'|[^ ]*)/\1=xxxxxx/;
+           s/(-password)=(\"[^\"]*\"|'\''[^'"'"']*'"'"'|[^ ]*)/\1=xxxxxx/;
+           s/(-password) (\"[^\"]*\"|'\''[^'"'"']*'"'"'|[^ ]*)/\1 xxxxxx/g;
+           s/(password)'\'': (\"[^\"]*\"|'\''[^'"'"']*'"'"'|[^ ]*)/\1'\':' xxxxxx/g;
            s/(openstack.*) *(--password) *(\"[^\"]*\"|'\''[^'"'"']*'"'"'|[^ ]*)/\1 \2 xxxxxx/;
            s/(ldapmodifyuser.*userPassword  *)(\"[^\"]*\"|'\''[^'"'"']*'"'"'|[^ ]*)/\1 xxxxxx/' \
     ${USER_HISTORY_FILES} \
     ${COLLECT_NAME_DIR}/var/extra/history.info \
     ${COLLECT_NAME_DIR}/var/log/bash.log \
     ${COLLECT_NAME_DIR}/var/log/auth.log \
+    ${COLLECT_NAME_DIR}/var/log/user.log
     ${COLLECT_NAME_DIR}/var/log/ldapscripts.log
 
 for f in ${COLLECT_NAME_DIR}/var/log/bash.log.*.gz \
          ${COLLECT_NAME_DIR}/var/log/auth.log.*.gz \
+         ${COLLECT_NAME_DIR}/var/log/user.log.*.gz \
          ${COLLECT_NAME_DIR}/var/log/ldapscripts.log.*.gz
 do
     zgrep -q 'snmp|password' $f || continue
@@ -115,9 +119,10 @@ do
     unzipped=${f%%.gz}
     sed -i -r 's/(snmp-comm-(delete|show))  *((\"[^\"]*\"|'\''[^'"'"']*'"'"'|[^ ]*) *){1,}/\1 xxxxxx/;
                s/(snmp.*)  *(--community|-c)  *(\"[^\"]*\"|'\''[^'"'"']*'"'"'|[^ ]*)/\1 \2 xxxxxx/;
-               s/(password)=(\"[^\"]*\"|'\''[^'"'"']*'"'"'|[^ ]*)/\1=xxxxxx/;
+               s/(-password)=(\"[^\"]*\"|'\''[^'"'"']*'"'"'|[^ ]*)/\1=xxxxxx/;
+               s/(-password) (\"[^\"]*\"|'\''[^'"'"']*'"'"'|[^ ]*)/\1 xxxxxx/g;
+               s/(password)'\'': (\"[^\"]*\"|'\''[^'"'"']*'"'"'|[^ ]*)/\1'\':' xxxxxx/g;
                s/(openstack.*) *(--password) *(\"[^\"]*\"|'\''[^'"'"']*'"'"'|[^ ]*)/\1 \2 xxxxxx/;
                s/(ldapmodifyuser.*userPassword  *)(\"[^\"]*\"|'\''[^'"'"']*'"'"'|[^ ]*)/\1 xxxxxx/' $unzipped
     gzip $unzipped
 done
-