[ansible] Skip collecting redundant dirs and files from /etc/ansible

Forbid collecting some files and dirs from /etc/ansible that are not interesting for any investigation but might potentially collect sensitive data. Resolves: sosreport#3423 Signed-off-by: Pavel Moravec <[email protected]>
pmoravec · Nov 27, 2023 · 27b0828 · 27b0828
1 parent 2e6ca7b
commit 27b0828
Showing 1 changed file with 6 additions and 2 deletions.
diff --git a/sos/report/plugins/ansible.py b/sos/report/plugins/ansible.py
@@ -29,7 +29,11 @@ def setup(self):
             "ansible --version"
         ])
 
-        # let rhui plugin collects the RHUI specific files
-        self.add_forbidden_path("/etc/ansible/facts.d/rhui_*.fact")
+        # don't generic & collect potentially sensitive files and dirs
+        self.add_forbidden_path([
+            "/etc/ansible/facts.d/",
+            "/etc/ansible/roles/",
+            "/etc/ansible/hosts",
+        ])
 
 # vim: set et ts=4 sw=4 :