Bug#637729: bug script should hide secrets in named.conf

Sat, 13 Aug 2011 15:03:27 -0700 

Package: bind9
Version: 1:9.7.3.dfsg-1~squeeze3
Severity: normal

When including named.conf, the bug script should try to hide secrets.
As an example, in the linux-image-* bug script we do:

  # Hide passwords/keys
  awk '$1 ~ /key|pass|^wpa-(anonymous|identity|phase|pin|private|psk)/ { 
gsub(".", "*", $2); }
       $1 == "ethtool-wol" { gsub(".", "*", $3); }
       !/^[[:space:]]*\#/ { print; }
      ' </etc/network/interfaces >&3

The above also removes comments, since secrets might be present in
comments too.

Ben.

-- System Information:
Debian Release: 6.0.2
  APT prefers stable
  APT policy: (990, 'stable'), (500, 'stable-updates'), (100, 
'proposed-updates'), (100, 'unstable')
Architecture: i386 (i686)

Kernel: Linux 2.6.32-5-486
Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash

Versions of packages bind9 depends on:
ii  adduser          3.112+nmu2              add and remove users and groups
ii  bind9utils       1:9.7.3.dfsg-1~squeeze3 Utilities for BIND
ii  debconf [debconf 1.5.36.1                Debian configuration management sy
ii  libbind9-60      1:9.7.3.dfsg-1~squeeze3 BIND9 Shared Library used by BIND
ii  libc6            2.11.2-10               Embedded GNU C Library: Shared lib
ii  libcap2          1:2.19-3                support for getting/setting POSIX.
ii  libdb4.8         4.8.30-2                Berkeley v4.8 Database Libraries [
ii  libdns69         1:9.7.3.dfsg-1~squeeze3 DNS Shared Library used by BIND
ii  libgssapi-krb5-2 1.8.3+dfsg-4squeeze1    MIT Kerberos runtime libraries - k
ii  libisc62         1:9.7.3.dfsg-1~squeeze3 ISC Shared Library used by BIND
ii  libisccc60       1:9.7.3.dfsg-1~squeeze3 Command Channel Library used by BI
ii  libisccfg62      1:9.7.3.dfsg-1~squeeze3 Config File Handling Library used 
ii  libldap-2.4-2    2.4.23-7.2              OpenLDAP libraries
ii  liblwres60       1:9.7.3.dfsg-1~squeeze3 Lightweight Resolver Library used 
ii  libssl0.9.8      0.9.8o-4squeeze1        SSL shared libraries
ii  libxml2          2.7.8.dfsg-2+squeeze1   GNOME XML library
ii  lsb-base         3.2-23.2squeeze1        Linux Standard Base 3.2 init scrip
ii  net-tools        1.60-23                 The NET-3 networking toolkit
ii  netbase          4.45                    Basic TCP/IP networking system

bind9 recommends no packages.

Versions of packages bind9 suggests:
ii  bind9-doc        1:9.7.3.dfsg-1~squeeze3 Documentation for BIND
ii  dnsutils         1:9.7.3.dfsg-1~squeeze3 Clients provided with BIND
pn  resolvconf       <none>                  (no description available)
pn  ufw              <none>                  (no description available)

-- Configuration Files:
/etc/bind/named.conf changed [not included]

-- debconf information excluded



-- 
To UNSUBSCRIBE, email to [email protected]
with a subject of "unsubscribe". Trouble? Contact [email protected]

Reply via email to