Server IP : 172.67.216.182 / Your IP : 162.158.170.97 Web Server : Apache System : Linux krdc-ubuntu-s-2vcpu-4gb-amd-blr1-01.localdomain 5.15.0-142-generic #152-Ubuntu SMP Mon May 19 10:54:31 UTC 2025 x86_64 User : www ( 1000) PHP Version : 7.4.33 Disable Function : passthru,exec,system,putenv,chroot,chgrp,chown,shell_exec,popen,proc_open,pcntl_exec,ini_alter,ini_restore,dl,openlog,syslog,readlink,symlink,popepassthru,pcntl_alarm,pcntl_fork,pcntl_waitpid,pcntl_wait,pcntl_wifexited,pcntl_wifstopped,pcntl_wifsignaled,pcntl_wifcontinued,pcntl_wexitstatus,pcntl_wtermsig,pcntl_wstopsig,pcntl_signal,pcntl_signal_dispatch,pcntl_get_last_error,pcntl_strerror,pcntl_sigprocmask,pcntl_sigwaitinfo,pcntl_sigtimedwait,pcntl_exec,pcntl_getpriority,pcntl_setpriority,imap_open,apache_setenv MySQL : OFF | cURL : ON | WGET : ON | Perl : ON | Python : OFF | Sudo : ON | Pkexec : ON Directory : /lib/python3/dist-packages/sos/report/plugins/ |
Upload File : |
# Copyright (C) 2007 Sadique Puthen <[email protected]> # Copyright (C) 2019 Red Hat Inc., Stepan Broz <[email protected]> # This file is part of the sos project: https://github.com/sosreport/sos # # This copyrighted material is made available to anyone wishing to use, # modify, copy, or redistribute it subject to the terms and conditions of # version 2 of the GNU General Public License. # # See the LICENSE file in the source distribution for further information. from sos.report.plugins import (Plugin, IndependentPlugin, SoSPredicate, PluginOpt) class Libreswan(Plugin, IndependentPlugin): short_desc = 'Libreswan IPsec' plugin_name = 'libreswan' profiles = ('network', 'security', 'openshift') option_list = [ PluginOpt('ipsec-barf', default=False, desc='collect ipsec barf output') ] files = ('/etc/ipsec.conf',) packages = ('libreswan', 'openswan') def setup(self): self.add_copy_spec([ "/etc/ipsec.conf", "/etc/ipsec.d", "/proc/net/xfrm_stat" ]) # although this is 'verification' it's normally a very quick # operation so is not conditional on --verify self.add_cmd_output([ 'ipsec verify', 'ipsec whack --status', 'ipsec whack --listall', 'certutil -L -d sql:/etc/ipsec.d' ]) # may load xfrm kmods xfrm_pred = SoSPredicate(self, kmods=['xfrm_user', 'xfrm_algo'], required={'kmods': 'all'}) self.add_cmd_output([ 'ip xfrm policy', 'ip xfrm state' ], pred=xfrm_pred) if self.get_option("ipsec-barf"): self.add_cmd_output("ipsec barf") self.add_forbidden_path([ '/etc/ipsec.secrets', '/etc/ipsec.secrets.d', '/etc/ipsec.d/*.db', '/etc/ipsec.d/*.secrets' ]) def postproc(self): # Remove any sensitive data. # "ip xfrm state" output contains encryption or authentication private # keys: xfrm_state_regexp = r'(aead|auth|auth-trunc|enc)' \ r'(\s.*\s)(0x[0-9a-f]+)' self.do_cmd_output_sub("state", xfrm_state_regexp, r"\1\2********") if self.get_option("ipsec-barf"): self.do_cmd_output_sub("barf", xfrm_state_regexp, r"\1\2********") # vim: set et ts=4 sw=4 :