From 4dc844ab91aed617fda6f194541774ecb21eebd6 Mon Sep 17 00:00:00 2001 From: Alexey Pustovalov Date: Tue, 23 Jun 2020 15:42:13 +0300 Subject: [PATCH] Added masking for secure params --- agent/alpine/docker-entrypoint.sh | 8 +++++++- agent/centos/docker-entrypoint.sh | 8 +++++++- agent/ubuntu/docker-entrypoint.sh | 8 +++++++- proxy-mysql/alpine/docker-entrypoint.sh | 8 +++++++- proxy-mysql/centos/docker-entrypoint.sh | 8 +++++++- proxy-mysql/ubuntu/docker-entrypoint.sh | 8 +++++++- proxy-sqlite3/alpine/docker-entrypoint.sh | 8 +++++++- proxy-sqlite3/centos/docker-entrypoint.sh | 8 +++++++- proxy-sqlite3/ubuntu/Dockerfile | 5 ++--- proxy-sqlite3/ubuntu/docker-entrypoint.sh | 8 +++++++- server-mysql/alpine/docker-entrypoint.sh | 8 +++++++- server-mysql/centos/docker-entrypoint.sh | 8 +++++++- server-mysql/ubuntu/docker-entrypoint.sh | 8 +++++++- server-pgsql/alpine/docker-entrypoint.sh | 8 +++++++- server-pgsql/centos/docker-entrypoint.sh | 8 +++++++- server-pgsql/ubuntu/docker-entrypoint.sh | 8 +++++++- 16 files changed, 107 insertions(+), 18 deletions(-) diff --git a/agent/alpine/docker-entrypoint.sh b/agent/alpine/docker-entrypoint.sh index c63af987d..723881cf4 100755 --- a/agent/alpine/docker-entrypoint.sh +++ b/agent/alpine/docker-entrypoint.sh @@ -44,12 +44,18 @@ update_config_var() { local var_value=$3 local is_multiple=$4 + local masklist=("TLSPSKIdentity") + if [ ! -f "$config_path" ]; then echo "**** Configuration file '$config_path' does not exist" return fi - echo -n "** Updating '$config_path' parameter \"$var_name\": '$var_value'... " + if [[ " ${masklist[@]} " =~ " $var_name " ]]; then + echo -n "** Updating '$config_path' parameter \"$var_name\": '****'. Enable DEBUG_MODE to view value ..." + else + echo -n "** Updating '$config_path' parameter \"$var_name\": '$var_value'..." + fi # Remove configuration parameter definition in case of unset parameter value if [ -z "$var_value" ]; then diff --git a/agent/centos/docker-entrypoint.sh b/agent/centos/docker-entrypoint.sh index c63af987d..723881cf4 100755 --- a/agent/centos/docker-entrypoint.sh +++ b/agent/centos/docker-entrypoint.sh @@ -44,12 +44,18 @@ update_config_var() { local var_value=$3 local is_multiple=$4 + local masklist=("TLSPSKIdentity") + if [ ! -f "$config_path" ]; then echo "**** Configuration file '$config_path' does not exist" return fi - echo -n "** Updating '$config_path' parameter \"$var_name\": '$var_value'... " + if [[ " ${masklist[@]} " =~ " $var_name " ]]; then + echo -n "** Updating '$config_path' parameter \"$var_name\": '****'. Enable DEBUG_MODE to view value ..." + else + echo -n "** Updating '$config_path' parameter \"$var_name\": '$var_value'..." + fi # Remove configuration parameter definition in case of unset parameter value if [ -z "$var_value" ]; then diff --git a/agent/ubuntu/docker-entrypoint.sh b/agent/ubuntu/docker-entrypoint.sh index c63af987d..723881cf4 100755 --- a/agent/ubuntu/docker-entrypoint.sh +++ b/agent/ubuntu/docker-entrypoint.sh @@ -44,12 +44,18 @@ update_config_var() { local var_value=$3 local is_multiple=$4 + local masklist=("TLSPSKIdentity") + if [ ! -f "$config_path" ]; then echo "**** Configuration file '$config_path' does not exist" return fi - echo -n "** Updating '$config_path' parameter \"$var_name\": '$var_value'... " + if [[ " ${masklist[@]} " =~ " $var_name " ]]; then + echo -n "** Updating '$config_path' parameter \"$var_name\": '****'. Enable DEBUG_MODE to view value ..." + else + echo -n "** Updating '$config_path' parameter \"$var_name\": '$var_value'..." + fi # Remove configuration parameter definition in case of unset parameter value if [ -z "$var_value" ]; then diff --git a/proxy-mysql/alpine/docker-entrypoint.sh b/proxy-mysql/alpine/docker-entrypoint.sh index 4c0b69cd1..78e989068 100755 --- a/proxy-mysql/alpine/docker-entrypoint.sh +++ b/proxy-mysql/alpine/docker-entrypoint.sh @@ -74,12 +74,18 @@ update_config_var() { local var_value=$3 local is_multiple=$4 + local masklist=("DBPassword TLSPSKIdentity") + if [ ! -f "$config_path" ]; then echo "**** Configuration file '$config_path' does not exist" return fi - echo -n "** Updating '$config_path' parameter \"$var_name\": '$var_value'... " + if [[ " ${masklist[@]} " =~ " $var_name " ]]; then + echo -n "** Updating '$config_path' parameter \"$var_name\": '****'. Enable DEBUG_MODE to view value ..." + else + echo -n "** Updating '$config_path' parameter \"$var_name\": '$var_value'..." + fi # Remove configuration parameter definition in case of unset parameter value if [ -z "$var_value" ]; then diff --git a/proxy-mysql/centos/docker-entrypoint.sh b/proxy-mysql/centos/docker-entrypoint.sh index 4c0b69cd1..78e989068 100755 --- a/proxy-mysql/centos/docker-entrypoint.sh +++ b/proxy-mysql/centos/docker-entrypoint.sh @@ -74,12 +74,18 @@ update_config_var() { local var_value=$3 local is_multiple=$4 + local masklist=("DBPassword TLSPSKIdentity") + if [ ! -f "$config_path" ]; then echo "**** Configuration file '$config_path' does not exist" return fi - echo -n "** Updating '$config_path' parameter \"$var_name\": '$var_value'... " + if [[ " ${masklist[@]} " =~ " $var_name " ]]; then + echo -n "** Updating '$config_path' parameter \"$var_name\": '****'. Enable DEBUG_MODE to view value ..." + else + echo -n "** Updating '$config_path' parameter \"$var_name\": '$var_value'..." + fi # Remove configuration parameter definition in case of unset parameter value if [ -z "$var_value" ]; then diff --git a/proxy-mysql/ubuntu/docker-entrypoint.sh b/proxy-mysql/ubuntu/docker-entrypoint.sh index 2088b38a4..fcdfa1a26 100755 --- a/proxy-mysql/ubuntu/docker-entrypoint.sh +++ b/proxy-mysql/ubuntu/docker-entrypoint.sh @@ -74,12 +74,18 @@ update_config_var() { local var_value=$3 local is_multiple=$4 + local masklist=("DBPassword TLSPSKIdentity") + if [ ! -f "$config_path" ]; then echo "**** Configuration file '$config_path' does not exist" return fi - echo -n "** Updating '$config_path' parameter \"$var_name\": '$var_value'... " + if [[ " ${masklist[@]} " =~ " $var_name " ]]; then + echo -n "** Updating '$config_path' parameter \"$var_name\": '****'. Enable DEBUG_MODE to view value ..." + else + echo -n "** Updating '$config_path' parameter \"$var_name\": '$var_value'..." + fi # Remove configuration parameter definition in case of unset parameter value if [ -z "$var_value" ]; then diff --git a/proxy-sqlite3/alpine/docker-entrypoint.sh b/proxy-sqlite3/alpine/docker-entrypoint.sh index e27cc15fc..db6c33e15 100755 --- a/proxy-sqlite3/alpine/docker-entrypoint.sh +++ b/proxy-sqlite3/alpine/docker-entrypoint.sh @@ -43,12 +43,18 @@ update_config_var() { local var_value=$3 local is_multiple=$4 + local masklist=("TLSPSKIdentity") + if [ ! -f "$config_path" ]; then echo "**** Configuration file '$config_path' does not exist" return fi - echo -n "** Updating '$config_path' parameter \"$var_name\": '$var_value'... " + if [[ " ${masklist[@]} " =~ " $var_name " ]]; then + echo -n "** Updating '$config_path' parameter \"$var_name\": '****'. Enable DEBUG_MODE to view value ..." + else + echo -n "** Updating '$config_path' parameter \"$var_name\": '$var_value'..." + fi # Remove configuration parameter definition in case of unset parameter value if [ -z "$var_value" ]; then diff --git a/proxy-sqlite3/centos/docker-entrypoint.sh b/proxy-sqlite3/centos/docker-entrypoint.sh index e27cc15fc..db6c33e15 100755 --- a/proxy-sqlite3/centos/docker-entrypoint.sh +++ b/proxy-sqlite3/centos/docker-entrypoint.sh @@ -43,12 +43,18 @@ update_config_var() { local var_value=$3 local is_multiple=$4 + local masklist=("TLSPSKIdentity") + if [ ! -f "$config_path" ]; then echo "**** Configuration file '$config_path' does not exist" return fi - echo -n "** Updating '$config_path' parameter \"$var_name\": '$var_value'... " + if [[ " ${masklist[@]} " =~ " $var_name " ]]; then + echo -n "** Updating '$config_path' parameter \"$var_name\": '****'. Enable DEBUG_MODE to view value ..." + else + echo -n "** Updating '$config_path' parameter \"$var_name\": '$var_value'..." + fi # Remove configuration parameter definition in case of unset parameter value if [ -z "$var_value" ]; then diff --git a/proxy-sqlite3/ubuntu/Dockerfile b/proxy-sqlite3/ubuntu/Dockerfile index a150100c8..4dd6ec1cc 100644 --- a/proxy-sqlite3/ubuntu/Dockerfile +++ b/proxy-sqlite3/ubuntu/Dockerfile @@ -1,10 +1,10 @@ FROM ubuntu:bionic -LABEL org.opencontainers.image.title="Zabbix proxy (MySQL)" \ +LABEL org.opencontainers.image.title="Zabbix proxy (SQLite3)" \ org.opencontainers.image.authors="Alexey Pustovalov " \ org.opencontainers.image.vendor="Zabbix LLC" \ org.opencontainers.image.url="https://zabbix.com/" \ - org.opencontainers.image.description="Zabbix proxy with MySQL database support" \ + org.opencontainers.image.description="Zabbix proxy with SQLite3 database support" \ org.opencontainers.image.licenses="GPL v2.0" STOPSIGNAL SIGTERM @@ -32,7 +32,6 @@ RUN set -eux && \ mkdir -p /var/lib/zabbix/ssl/keys && \ mkdir -p /var/lib/zabbix/ssl/ssl_ca && \ mkdir -p /usr/lib/zabbix/externalscripts && \ - mkdir -p /usr/share/doc/zabbix-proxy-mysql && \ apt-get -y update && \ DEBIAN_FRONTEND=noninteractive apt-get -y --no-install-recommends install \ curl \ diff --git a/proxy-sqlite3/ubuntu/docker-entrypoint.sh b/proxy-sqlite3/ubuntu/docker-entrypoint.sh index aca41de4f..5bf751dc5 100755 --- a/proxy-sqlite3/ubuntu/docker-entrypoint.sh +++ b/proxy-sqlite3/ubuntu/docker-entrypoint.sh @@ -43,12 +43,18 @@ update_config_var() { local var_value=$3 local is_multiple=$4 + local masklist=("TLSPSKIdentity") + if [ ! -f "$config_path" ]; then echo "**** Configuration file '$config_path' does not exist" return fi - echo -n "** Updating '$config_path' parameter \"$var_name\": '$var_value'... " + if [[ " ${masklist[@]} " =~ " $var_name " ]]; then + echo -n "** Updating '$config_path' parameter \"$var_name\": '****'. Enable DEBUG_MODE to view value ..." + else + echo -n "** Updating '$config_path' parameter \"$var_name\": '$var_value'..." + fi # Remove configuration parameter definition in case of unset parameter value if [ -z "$var_value" ]; then diff --git a/server-mysql/alpine/docker-entrypoint.sh b/server-mysql/alpine/docker-entrypoint.sh index 5943bc826..b074ebd55 100755 --- a/server-mysql/alpine/docker-entrypoint.sh +++ b/server-mysql/alpine/docker-entrypoint.sh @@ -69,12 +69,18 @@ update_config_var() { local var_value=$3 local is_multiple=$4 + local masklist=("DBPassword TLSPSKIdentity") + if [ ! -f "$config_path" ]; then echo "**** Configuration file '$config_path' does not exist" return fi - echo -n "** Updating '$config_path' parameter \"$var_name\": '$var_value'... " + if [[ " ${masklist[@]} " =~ " $var_name " ]]; then + echo -n "** Updating '$config_path' parameter \"$var_name\": '****'. Enable DEBUG_MODE to view value ..." + else + echo -n "** Updating '$config_path' parameter \"$var_name\": '$var_value'..." + fi # Remove configuration parameter definition in case of unset parameter value if [ -z "$var_value" ]; then diff --git a/server-mysql/centos/docker-entrypoint.sh b/server-mysql/centos/docker-entrypoint.sh index 5943bc826..b074ebd55 100755 --- a/server-mysql/centos/docker-entrypoint.sh +++ b/server-mysql/centos/docker-entrypoint.sh @@ -69,12 +69,18 @@ update_config_var() { local var_value=$3 local is_multiple=$4 + local masklist=("DBPassword TLSPSKIdentity") + if [ ! -f "$config_path" ]; then echo "**** Configuration file '$config_path' does not exist" return fi - echo -n "** Updating '$config_path' parameter \"$var_name\": '$var_value'... " + if [[ " ${masklist[@]} " =~ " $var_name " ]]; then + echo -n "** Updating '$config_path' parameter \"$var_name\": '****'. Enable DEBUG_MODE to view value ..." + else + echo -n "** Updating '$config_path' parameter \"$var_name\": '$var_value'..." + fi # Remove configuration parameter definition in case of unset parameter value if [ -z "$var_value" ]; then diff --git a/server-mysql/ubuntu/docker-entrypoint.sh b/server-mysql/ubuntu/docker-entrypoint.sh index 41ad7ccbd..7629aa602 100755 --- a/server-mysql/ubuntu/docker-entrypoint.sh +++ b/server-mysql/ubuntu/docker-entrypoint.sh @@ -69,12 +69,18 @@ update_config_var() { local var_value=$3 local is_multiple=$4 + local masklist=("DBPassword TLSPSKIdentity") + if [ ! -f "$config_path" ]; then echo "**** Configuration file '$config_path' does not exist" return fi - echo -n "** Updating '$config_path' parameter \"$var_name\": '$var_value'... " + if [[ " ${masklist[@]} " =~ " $var_name " ]]; then + echo -n "** Updating '$config_path' parameter \"$var_name\": '****'. Enable DEBUG_MODE to view value ..." + else + echo -n "** Updating '$config_path' parameter \"$var_name\": '$var_value'..." + fi # Remove configuration parameter definition in case of unset parameter value if [ -z "$var_value" ]; then diff --git a/server-pgsql/alpine/docker-entrypoint.sh b/server-pgsql/alpine/docker-entrypoint.sh index 481d9dee5..e74e5dc15 100755 --- a/server-pgsql/alpine/docker-entrypoint.sh +++ b/server-pgsql/alpine/docker-entrypoint.sh @@ -69,12 +69,18 @@ update_config_var() { local var_value=$3 local is_multiple=$4 + local masklist=("DBPassword TLSPSKIdentity") + if [ ! -f "$config_path" ]; then echo "**** Configuration file '$config_path' does not exist" return fi - echo -n "** Updating '$config_path' parameter \"$var_name\": '$var_value'... " + if [[ " ${masklist[@]} " =~ " $var_name " ]]; then + echo -n "** Updating '$config_path' parameter \"$var_name\": '****'. Enable DEBUG_MODE to view value ..." + else + echo -n "** Updating '$config_path' parameter \"$var_name\": '$var_value'..." + fi # Remove configuration parameter definition in case of unset parameter value if [ -z "$var_value" ]; then diff --git a/server-pgsql/centos/docker-entrypoint.sh b/server-pgsql/centos/docker-entrypoint.sh index 481d9dee5..e74e5dc15 100755 --- a/server-pgsql/centos/docker-entrypoint.sh +++ b/server-pgsql/centos/docker-entrypoint.sh @@ -69,12 +69,18 @@ update_config_var() { local var_value=$3 local is_multiple=$4 + local masklist=("DBPassword TLSPSKIdentity") + if [ ! -f "$config_path" ]; then echo "**** Configuration file '$config_path' does not exist" return fi - echo -n "** Updating '$config_path' parameter \"$var_name\": '$var_value'... " + if [[ " ${masklist[@]} " =~ " $var_name " ]]; then + echo -n "** Updating '$config_path' parameter \"$var_name\": '****'. Enable DEBUG_MODE to view value ..." + else + echo -n "** Updating '$config_path' parameter \"$var_name\": '$var_value'..." + fi # Remove configuration parameter definition in case of unset parameter value if [ -z "$var_value" ]; then diff --git a/server-pgsql/ubuntu/docker-entrypoint.sh b/server-pgsql/ubuntu/docker-entrypoint.sh index 6a74eec48..23042e193 100755 --- a/server-pgsql/ubuntu/docker-entrypoint.sh +++ b/server-pgsql/ubuntu/docker-entrypoint.sh @@ -69,12 +69,18 @@ update_config_var() { local var_value=$3 local is_multiple=$4 + local masklist=("DBPassword TLSPSKIdentity") + if [ ! -f "$config_path" ]; then echo "**** Configuration file '$config_path' does not exist" return fi - echo -n "** Updating '$config_path' parameter \"$var_name\": '$var_value'... " + if [[ " ${masklist[@]} " =~ " $var_name " ]]; then + echo -n "** Updating '$config_path' parameter \"$var_name\": '****'. Enable DEBUG_MODE to view value ..." + else + echo -n "** Updating '$config_path' parameter \"$var_name\": '$var_value'..." + fi # Remove configuration parameter definition in case of unset parameter value if [ -z "$var_value" ]; then