New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Hide the bgp password from logs #1721
Conversation
I'm of the opinion that logging the password when debug is on is useful when troubleshooting (only reason why one would enable debug) |
frr-reloader/frr-reloader.sh
Outdated
@@ -14,14 +14,14 @@ reload_frr() { | |||
kill_sleep | |||
|
|||
echo "Checking the configuration file syntax" | |||
if ! python3 /usr/lib/frr/frr-reload.py --test --stdout "$FILE_TO_RELOAD" ; then | |||
if ! python3 /usr/lib/frr/frr-reload.py --test --stdout "$FILE_TO_RELOAD" 2>&1 | sed 's/password.*/password xxxxx/g'; then |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
password <retracted>
is more descriptive of what happend here IMHO
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
done, thanks!
you can read the secret if what you need is (only) the password. but getting the password from debug log is wrong. consider the fact that logs can be stored on unencrypted disks and even in backups as well as (most common!) shipped to aggregator tools such as logstash/ splunk/ etc. so the opportunities of unauthorized access and data leak are growing. |
This, plus the fact that we can still rely on |
2cc0115
to
3588546
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
lgtm
3588546
to
748ec44
Compare
We obfuscate the password to avoid having it in clear in logs. Signed-off-by: Federico Paolinelli <fpaoline@redhat.com>
When we have some errors or we have debug verb level enabled we dump the full resources and the related configuration, including the bgp peer password set by the user. Here we obfuscate it so it won't be visible in logs. Signed-off-by: Federico Paolinelli <fpaoline@redhat.com>
748ec44
to
1a0702f
Compare
We expose the password in the logs in two places:
Here, in both places we replace the password before logging.