diff options
| author | Christian Poessinger <christian@poessinger.com> | 2018-11-11 20:46:55 +0100 |
|---|---|---|
| committer | Christian Poessinger <christian@poessinger.com> | 2018-11-11 20:49:14 +0100 |
| commit | 00bfd88d0a643b4b576f19f67a0f077b9b3a113b (patch) | |
| tree | 74e3e0ffe2adf0e8eddd384accb7ff01bf7be337 /scripts | |
| parent | 7c27777d222cad560a7002b52cd4b45b8d6cf070 (diff) | |
| download | vyatta-op-00bfd88d0a643b4b576f19f67a0f077b9b3a113b.tar.gz vyatta-op-00bfd88d0a643b4b576f19f67a0f077b9b3a113b.zip | |
T999: "strip-private" does not strip pre-shared-secret
Private information as the IPSec pre shared key was not removed on:
vyos@vyos# show vpn ipsec | strip-private
(cherry picked from commit 1b94994d3f9c7ca32dfad3051fe9c3330edcfd98)
Diffstat (limited to 'scripts')
| -rw-r--r-- | scripts/vyos-strip-config.pl | 3 |
1 files changed, 3 insertions, 0 deletions
diff --git a/scripts/vyos-strip-config.pl b/scripts/vyos-strip-config.pl index a1e2f23..7b1d9ed 100644 --- a/scripts/vyos-strip-config.pl +++ b/scripts/vyos-strip-config.pl @@ -158,6 +158,9 @@ $input =~ s/ (peer|remote-host|local-host|server) ([\w-]+\.)+[\w-]+/ $1 xxxxx.tl # Strip OpenVPN secrets $input =~ s/(shared-secret-key-file|ca-cert-file|cert-file|dh-file|key-file|client) (\S+)/$1 xxxxxx/g if $stripOvpnSecrets; +# Strip IPSEC secrets +$input =~ s/pre-shared-secret \S+/pre-shared-secret xxxxxx/g if !($keepKeys); + # Strip BGP ASNs $input =~ s/(bgp|remote-as) (\d+)/$1 XXXXXX/g if $stripASN; |