Red Hat Summit Red Hat SummitSupportConsoleDevelopersStart a trialContact

Chapter 5. Insights client data obfuscation

Red Hat Insights has optional controls for excluding the IP address or hostname from the data file transmitted to Red Hat and to obfuscate the values within the user interface. You can also set a custom display name for the identification of obfuscated hosts.

5.1. Obfuscation overview

The Insights client obfuscation feature uses a Python data cleaning process to replace the hostname and IP address with preset values when it processes the Insights archive. The processed archive file containing the obfuscated values is then sent to Red Hat Insights for Red Hat Enterprise Linux.

To enable obfuscation, configure the applicable options in the /etc/insights-client/insights-client.conf file. You can choose to obfuscate the system IP address, or you can choose to obfuscate both the IP address and hostname. You cannot obfuscate the hostname only. Obfuscation is disabled by default.

Note
  • The Python data cleaning process automatically generates the masked values. You cannot choose the values for obfuscation.
  • The Red Hat Insights for Red Hat Enterprise Linux compliance service uses OpenSCAP tools to generate compliance reports based on information from the host system. The collaboration with OpenSCAP prevents the compliance service’s ability to completely obfuscate or redact hostname and IP address data. Also, host information is sent to Insights for Red Hat Enterprise Linux when a compliance data collection job launches on the host system. Red Hat Insights for Red Hat Enterprise Linux is working to improve obfuscation options for host information.

For information about how Red Hat Insights for Red Hat Enterprise Linux handles data collection, see Red Hat Insights Data & Application Security.

Important

Double obfuscation is required if you use Red Hat Satellite to manage clients and register them on console.redhat.com. This means you must enable obfuscation in both the insights-client.conf and the Satellite web UI. For more information about enabling obfuscation in Satellite, see the Red Hat Cloud settings chapter of the Administering Red Hat Satellite guide.

5.2. Obfuscating the IPv4 address

You can mask the IPv4 host address in the archive file before it is sent to Red Hat Insights for Red Hat Enterprise Linux by enabling obfuscation.

When you choose IP address obfuscation, your host address in the archive file is changed to the value provided in the Python data cleaning file. You cannot configure the value provided for obfuscation. You also cannot obfuscate or select the portion of the host IP address to obfuscate.

Important

Red Hat Insights supports IP address obfuscation for IPv4 addresses only.

Prerequisites

  • If you are using Red Hat Satellite to manage clients and register them on console.redhat.com, complete the following step:

    • In the Satellite web UI, go to the Red Hat Cloud settings and enable the Obfuscate host IPv4 addresses option.

Procedure

  1. Open the /etc/insights-client/insights-client.conf file with an editor.

  2. Locate the following section: 

    # Obfuscate IP addresses
#obfuscate=False

  3. Remove the preceding hash (#) character, and change False to True, as follows: 

    obfuscate=True
  4. Save and close the /etc/insights-client/insights-client.conf file.

Result

When obfuscation is successfully enabled, the original IP address is masked in the console UI, logs, and in any archive data files that Red Hat collects, as shown in the following example.

Important

After you enable obfuscation, you will continue to see the original IP address in the command-line output of some insights-client commands.

Example

  • The original host system IP address: 

    192.168.0.24

  • The obfuscated host IP address 

    10.230.230.1

  • The following screenshot provides an example of an obfuscated IP address in the Red Hat Hybrid Cloud Console UI:

    An example of an obfuscated IP address in the Red Hat Hybrid Cloud Console UI

Note

When you enable obfuscation on multiple systems, the same obfuscated IP address gets generated. Therefore, in the example scenario provided, when you search or filter by IP address in the Insights UI on the Hybrid Cloud Console you might see several instances of 10.230.230.1. This is because the Python data cleaning process that the Insights obfuscation feature uses, can generate the same obfuscated IP address in the archive file.

5.3. Obfuscating the hostname

When you obfuscate the hostname of a system in Insights, the value of the hostname configured in /etc/hostname is masked in the console GUI and in the archive file before it is sent to Red Hat.

To obfuscate the hostname of a system, you must also enable obfuscation on the IP address. You cannot obfuscate only the hostname.

When obfuscation is enabled in Insights, the hostname value in /etc/hostname changes to a 12-character UUID that is automatically generated by the Python data cleaning process.

Tip

Assign a display name to your system so that you can more easily find and manage your obfuscated hosts. The display name does not get obfuscated and displays in the Insights console UI. Only the value of /etc/hostname gets obfuscated.

Prerequisites

  • You have obfuscated the IP address. For more information, see Obfuscating the IPv4 address.

  • If you are using Red Hat Satellite to manage clients and register them on console.redhat.com, complete the following step before you enable hostname obfuscation:

    • In the Satellite web UI, go to the Red Hat Cloud settings and enable the Obfuscate host names option.

Procedure

  1. Open the /etc/insights-client/insights-client.conf file with an editor.

  2. Locate the line that has obfuscate_hostname. 

    #obfuscate_hostname=False

  3. Remove the # and change False to True. 

    obfuscate_hostname=True

  4. (Optional) To help you find and manage your obfuscated hosts in the Insights console UI, set a display name for your system in the insights-client.conf file, as follows: 

    display_name=example-display-name
    Note

    You can also set a display name on the console by using the following command: 

    [root@insights]# insights-client --display-name ITC-4
  5. Save and close the /etc/insights-client/insights-client.conf file.

Result

When obfuscation is successfully enabled, the hostname gets masked in the Insights console UI, logs, and in any archive data files that Red Hat collects.

Note
  • If you configure hostname obfuscation on more than one system, you might see multiple systems with the same hostname in the Red Hat Insights for Red Hat Enterprise Linux GUI as a result of obfuscation. Setting a display name can help you to more easily identify your obfuscated hosts.
  • After you enable obfuscation, there are some instances where the original hostname displays in the command-line output of some insights-client commands.

Example

  • The original hostname of the system in /etc/hostname: 

    RTP.data.center.01

  • The obfuscated /etc/hostname as it displays in Red Hat Insights for Red Hat Enterprise Linux: 

    90f4a9365ce0.example.com

  • The following screenshot of the Red Hat Hybrid Cloud Console UI shows an example of a system whose hostname and IP address are obfuscated:

    An example of an obfuscated hostname in the Red Hat Hybrid Cloud Console UI

Additional resources

Red Hat logoGithubRedditYoutubeTwitter

Learn

Try, buy, & sell

Communities

About Red Hat Documentation

We help Red Hat users innovate and achieve their goals with our products and services with content they can trust.

Making open source more inclusive

Red Hat is committed to replacing problematic language in our code, documentation, and web properties. For more details, see the Red Hat Blog.

About Red Hat

We deliver hardened solutions that make it easier for enterprises to work across platforms and environments, from the core datacenter to the network edge.

© 2024 Red Hat, Inc.