search

varnish / varnishgather

Information gathering tool for Varnish Cache.
45 stars 36 forks source link

Extract the username from the repo address #27

Closed freshteapot closed 6 years ago

freshteapot commented 7 years ago

I would like to have where possible the username from the repos url, so we can see in the gather how the machine links to the customer.

I feel we must filter out the password.

Via apt or yum

structure in apt source file:

deb https://USER:PASSWORD@repo.varnish-software.com/ubuntu trusty non-free

structure in yum source file:

baseurl=https://USER:PASSWORD@repo.varnish-cache.org/redhat/varnish/el$releasever

apt

/etc/apt/sources.list.d/varnish-XXXX.list

yum

/etc/yum/sources.list.d/varnish-XXXX.list
huayra commented 7 years ago

Do not really see the point with that as we have the repository logs anyway.

But if you get it, we can cross-match that information.

What is the goal with this information? On Dec 8, 2016 11:44 AM, "Chris" notifications@github.com wrote:

I would like to have where possible the username from the repos url, so we can see in the gather how the machine links to the customer.

I feel we must filter out the password.

Via apt or yum

structure in apt source file:

deb https://USER:PASSWORD@repo.varnish-software.com/ubuntu trusty non-free

structure in yum source file:

baseurl=https://USER:PASSWORD@repo.varnish-cache.org/redhat/varnish/el$releasever

apt

/etc/apt/sources.list.d/varnish-XXXX.list

yum

/etc/yum/sources.list.d/varnish-XXXX.list

— You are receiving this because you are subscribed to this thread. Reply to this email directly, view it on GitHub https://github.com/varnish/varnishgather/issues/27, or mute the thread https://github.com/notifications/unsubscribe-auth/AAURXHJAsPyUaa20FwlB_F8eQpEEEznYks5rF9-HgaJpZM4LHrUj .

dridi commented 7 years ago

This is also not very reliable, some users may use a (Red Hat) Satellite or something similar to avoid having production machines getting packages directly from the Internet.

freshteapot commented 7 years ago

@Dridi unreliable is fine, then we don't get a username. I still feel for those that do it is invaluable.

@huayra you don't need to get it ;). [Edited my comment]. Let us chat

freshteapot commented 7 years ago

For debian:

grep -InHR  'varnish' /etc/apt/

Slightly concerned about, possibly sharing the password part.

Another variation is this:

grep -InHR  'varnish' /etc/apt/ | awk -F'@' '{print $1}' | awk -F'://' '{print $2}' | cut -d':' -f1

Of course, we could try and replace the password with *** or something.

rezan commented 6 years ago

We have package info already. Not sure if we need repo login. Please re-open if this is needed.