diff -up sos-2.2/sos/plugins/apache.py.orig sos-2.2/sos/plugins/apache.py --- sos-2.2/sos/plugins/apache.py.orig 2012-05-15 18:27:52.822404631 +0100 +++ sos-2.2/sos/plugins/apache.py 2012-05-15 18:28:03.005464754 +0100 @@ -18,10 +18,16 @@ class apache(sos.plugintools.PluginBase) """Apache related information """ optionList = [("log", "gathers all apache logs", "slow", False)] + + def checkenabled(self): + if self.isInstalled("httpd"): + return True + return False def setup(self): self.addCopySpec("/etc/httpd/conf/httpd.conf") self.addCopySpec("/etc/httpd/conf.d/*.conf") + self.addForbiddenPath("/etc/httpd/conf/password.conf") if self.getOption("log"): self.addCopySpec("/var/log/httpd/*") return diff -up sos-2.2/sos/plugins/ipa.py.orig sos-2.2/sos/plugins/ipa.py --- sos-2.2/sos/plugins/ipa.py.orig 2012-05-15 18:27:52.823404637 +0100 +++ sos-2.2/sos/plugins/ipa.py 2012-05-15 18:28:03.006464760 +0100 @@ -20,18 +20,56 @@ import os class ipa(sos.plugintools.PluginBase): """IPA diagnostic information """ - # ntp and dirserver stuff are covered in existing sos plugins, so we really only - # need to get kerberos and ipa specific addons. + + ipa_server = False + ipa_client = False def checkenabled(self): - if self.isInstalled("ipa-server") or os.path.exists("/etc/ipa"): - return True - return False + self.ipa_server = self.isInstalled("ipa-server") + self.ipa_client = self.isInstalled("ipa-client") + if self.ipa_server or self.ipa_client: + return True + return False def setup(self): - self.addCopySpec("/etc/dirsrv/ds.keytab") - self.addCopySpec("/etc/ipa/ipa.conf") - self.addCopySpec("/etc/krb5.conf") - self.addCopySpec("/etc/krb5.keytab") + self.addCopySpec("/etc/hosts") + if self.ipa_server: + self.addCopySpec("/var/log/ipaserver-install.log") + self.addCopySpec("/var/log/ipareplica-install.log") + if self.ipa_client: + self.addCopySpec("/var/log/ipaclient-install.log") + + self.addCopySpec("/var/log/ipaupgrade.log") + + self.addCopySpec("/var/log/krb5kdc.log") + + self.addCopySpec("/var/log/pki-ca/debug") + self.addCopySpec("/var/log/pki-ca/catalina.out") + self.addCopySpec("/var/log/pki-ca/system") + self.addCopySpec("/var/log/pki-ca/transactions") + self.addForbiddenPath("/etc/pki/nssdb/key*") + self.addForbiddenPath("/etc/pki-ca/flatfile.txt") + self.addForbiddenPath("/etc/pki-ca/password.conf") + self.addForbiddenPath("/var/lib/pki-ca/alias/key*") + + self.addCopySpec("/var/log/dirsrv/slapd-*/logs/access") + self.addCopySpec("/var/log/dirsrv/slapd-*/logs/errors") + self.addCopySpec("/etc/dirsrv/slapd-*/dse.ldif") + self.addCopySpec("/etc/dirsrv/slapd-*/schema/99user.ldif") + self.addForbiddenPath("/etc/dirsrv/slapd-*/key*") + self.addForbiddenPath("/etc/dirsrv/slapd-*/pin.txt") + self.addForbiddenPath("/etc/dirsrv/slapd-*/pwdfile.txt") + + self.collectExtOutput("ls -la /etc/dirsrv/slapd-*/schema/") + + self.collectExtOutput("ipa-getcert list") + + self.collectExtOutput("certutil -L -d /etc/httpd/alias/") + self.collectExtOutput("certutil -L -d /etc/dirsrv/slapd-*/") + + self.collectExtOutput("klist -ket /etc/dirsrv/ds.keytab") + self.collectExtOutput("klist -ket /etc/httpd/conf/ipa.keytab") + self.collectExtOutput("klist -ket /etc/krb5.keytab") + return diff -up sos-2.2/sos/plugins/named.py.orig sos-2.2/sos/plugins/named.py --- sos-2.2/sos/plugins/named.py.orig 2012-05-15 18:27:52.825404648 +0100 +++ sos-2.2/sos/plugins/named.py 2012-05-15 18:28:03.006464760 +0100 @@ -40,5 +40,15 @@ class named(sos.plugintools.PluginBase): self.addCopySpec(self.getDnsDir(cfg)) self.addForbiddenPath(join(self.getDnsDir(cfg),"chroot/dev")) self.addForbiddenPath(join(self.getDnsDir(cfg),"chroot/proc")) + + self.addCopySpec("/etc/named/") self.addCopySpec("/etc/sysconfig/named") + self.collectExtOutput("klist -ket /etc/named.keytab") + self.addForbiddenPath("/etc/named.keytab") return + + def postproc(self): + match = r"(\s*arg \"password )[^\"]*" + subst = r"\1*** PASSWORD REDACTED ***" + self.doRegexSub("/etc/named.conf", match, subst) +