[Bug 1811098] [NEW] [SRU] ceilometer writing snmp credentials to log file
Launchpad Bug Tracker
1811098 at bugs.launchpad.net
Sat Jan 12 00:22:15 UTC 2019
You have been subscribed to a public bug by Ubuntu Foundations Team Bug Bot (crichton):
The ceilometer-agent-central is always writing the contents of
polling.yaml to its log file (and as INFO) [1]
This presents a security risk if e.g. resources contain sensitive
information like when specifying snmp targets with the url containing
the username, password etc.
There are a couple of ways we could solve this, namely; (1) don't log
this info at all, (2) sanitise the contents prior to logging as DEBUG
(3) switch to using config for the snmp credentials in a similar way to
how the Triple0Discoverer does it [2] - this would only support having
the same creds everywhere thought which may not be desirable.
[1] https://github.com/openstack/ceilometer/blob/stable/rocky/ceilometer/agent.py#L70
[2] https://github.com/openstack/ceilometer/blob/stable/rocky/ceilometer/hardware/discovery.py#L24
** Affects: ceilometer
Importance: Undecided
Assignee: Edward Hope-Morley (hopem)
Status: In Progress
** Affects: cloud-archive
Importance: Undecided
Status: New
** Affects: ceilometer (Ubuntu)
Importance: Undecided
Status: New
** Tags: patch sts sts-sru-needed
--
[SRU] ceilometer writing snmp credentials to log file
https://bugs.launchpad.net/bugs/1811098
You received this bug notification because you are a member of Ubuntu Sponsors Team, which is subscribed to the bug report.
More information about the Ubuntu-sponsors
mailing list