summaryrefslogtreecommitdiff
path: root/lib/oxidized/model
diff options
context:
space:
mode:
authorytti <saku@ytti.fi>2018-06-03 14:18:51 +0300
committerGitHub <noreply@github.com>2018-06-03 14:18:51 +0300
commitc394e5176377df6f637bbd652c86fa06fb07185b (patch)
tree546602e8325b9fae760768805c45ef5d7e5e1919 /lib/oxidized/model
parenta5b0963ccd9f79d26399761dd488223cd05e7bae (diff)
parent39dbb74c527c054007e26ad34c8921d4be6cb638 (diff)
Merge pull request #1250 from vppencilsharpener/FortiOS-Push
Rework the Exclusions for FortiOS
Diffstat (limited to 'lib/oxidized/model')
-rw-r--r--lib/oxidized/model/fortios.rb10
1 files changed, 7 insertions, 3 deletions
diff --git a/lib/oxidized/model/fortios.rb b/lib/oxidized/model/fortios.rb
index 2ae6db3..7269568 100644
--- a/lib/oxidized/model/fortios.rb
+++ b/lib/oxidized/model/fortios.rb
@@ -14,18 +14,22 @@ class FortiOS < Oxidized::Model
end
cmd :secret do |cfg|
- cfg.gsub! /(set (?:passwd|password|psksecret|secret|key|group-password|secondary-secret|tertiary-secret|auth-password-l1|auth-password-l2|rsso|history0|history1|inter-controller-key ENC|passphrase ENC|login-passwd ENC|auth-pwd ENC|priv-pwd ENC)).*/, '\\1 <configuration removed>'
+ # ENC indicates an encrypted password, and secret indicates a secret string
+ cfg.gsub! /(set .+ ENC) .+/, '\\1 <configuration removed>'
+ cfg.gsub! /(set .*secret) .+/, '\\1 <configuration removed>'
+ # A number of other statements also contains sensitive strings
+ cfg.gsub! /(set (?:passwd|password|key|group-password|auth-password-l1|auth-password-l2|rsso|history0|history1)) .+/, '\\1 <configuration removed>'
cfg.gsub! /(set private-key).*-+END ENCRYPTED PRIVATE KEY-*"$/m, '\\1 <configuration removed>'
cfg.gsub! /(set ca ).*-+END CERTIFICATE-*"$/m, '\\1 <configuration removed>'
cfg.gsub! /(set csr ).*-+END CERTIFICATE REQUEST-*"$/m, '\\1 <configuration removed>'
- cfg.gsub! /(Virus-DB|Extended DB|IPS-DB|IPS-ETDB|APP-DB|INDUSTRIAL-DB|Botnet DB|IPS Malicious URL Database).*/, '\\1 <configuration removed>'
- cfg.gsub! /(Cluster uptime:).*/, '\\1 <configuration removed>'
+ cfg.gsub! /(Cluster uptime:).*/, '\\1 <stripped>'
cfg
end
cmd 'get system status' do |cfg|
@vdom_enabled = cfg.include? 'Virtual domain configuration: enable'
cfg.gsub!(/(System time: )(.*)/, '\1<stripped>\3')
+ cfg.gsub! /(Virus-DB|Extended DB|IPS-DB|IPS-ETDB|APP-DB|INDUSTRIAL-DB|Botnet DB|IPS Malicious URL Database).*/, '\\1 <db version stripped>'
comment cfg
end