diff options
author | Nick Bailey <nbailey@shermanhoward.com> | 2018-07-06 09:59:12 -0600 |
---|---|---|
committer | ytti <saku@ytti.fi> | 2018-07-07 12:09:03 +0300 |
commit | edb784636de189707dedcd01857ecacf7b2a88fd (patch) | |
tree | 33f4c9739180dc1d3aa500885296600371a210a2 | |
parent | ae2d1a202cdfa3c8dd488b8be045e025234913ae (diff) |
Changes to secret filtering:
Fixed secret regex which would strip config after secret string
(like "privilege 15") and which would not match on:
"bsd-username test secret $1$FAKESTRINGblahblah" which is created
whenever username secret is created.
Added regex to filter password hashes for configs not using
password 7 instead of secret such as:
username test password 7 8888blahblah8888 privilege 4
-rw-r--r-- | lib/oxidized/model/ftos.rb | 3 |
1 files changed, 2 insertions, 1 deletions
diff --git a/lib/oxidized/model/ftos.rb b/lib/oxidized/model/ftos.rb index 3ef4de6..e5669a5 100644 --- a/lib/oxidized/model/ftos.rb +++ b/lib/oxidized/model/ftos.rb @@ -9,7 +9,8 @@ class FTOS < Oxidized::Model cmd :secret do |cfg| cfg.gsub! /^(snmp-server community).*/, '\\1 <configuration removed>' - cfg.gsub! /secret (\d+) (\S+).*/, '<secret hidden>' + cfg.gsub! /(secret \d* {0,1})\S+(.*)/, '\\1<secret hidden>\\2' + cfg.gsub! /(password \d+) \S+(.*)/, '\\1 <hash hidden>\\2' cfg end |