The View Object page of a Discovered Process shows the command used to start the process. In some cases, a user name and password, or some other sensitive data is shown in clear text. You can also view the contents of a discovered file, and in some cases these too can contain passwords or other sensitive data. You can prevent this using Sensitive data filters.
Sensitive data filters for processes only mask information from the discovered process or file; not from, for example, package names.
A sensitive data filter is a regular expression to define data that you do not want displayed. When matched, the sensitive portion of the data is hashed using MD5. The hashed data can be compared with earlier versions to determine whether it has changed, while the actual data remains hidden from users.
Sensitive data filters use MD5 hash
Common passwords and dictionary words can be extracted from MD5 hashes using commonly available tools. If you rely on sensitive data filters to entirely mask passwords, you should ensure that any that may appear in discovered data are good strong passwords.
To reorder sensitive data filters, click the up or down arrow in the ordering column for the filter you want to move. You can also move a filter to the top or bottom of the list using the top or bottom arrow buttons.
The regular expression will usually match more than just the sensitive data, including for instance an identifying argument name like "-password". The portion of data to be hashed must be enclosed in brackets to form a regular expression group. Portions of the regular expression not enclosed in the brackets will be unmodified.
The following command has the "--password" in clear text. The regular expression needs to use "--password" to locate the data, and define how much to mask around it.
./pfg_serv -h -Hj -g lob -l full --user gussie --password finknottle --dominion emea
After rediscovery, the new process node will have the password portion replaced with an md5 hash.
./pfg_serv -h -Hj -g lob -l full --user gussie --password 4343ab718997a9570ab20c0c1b5e18ad --dominion emea