红帽全球峰会1.5. Cleaning an sos report
The sos utility offers a routine to obfuscate potentially sensitive data, such as user names, host names, IP or MAC addresses, or other user-specified keywords. The original sos report or sos collect stays unchanged, and a new *-obfuscated.tar.xz file is generated and intended to be shared with a third party.
You can append the cleaner functionality to the sos report or sos collect commands with the --clean option:
[user@server1 ~]$ sudo sos report --clean
Prerequisites
-
You have generated an
sos reportor ansos collecttarball. - (Optional) You have a list of specific keywords beyond the user names, host names, and other data you want to obfuscate.
Procedure
Run the
sos cleancommand on either ansos reportorsos collecttarball and follow the on-screen instructions.-
You can add the
--keywordsoption to additionally clean a given list of keywords. You can add the
--usernamesoption to obfuscate further sensitive user names.The automatic user name cleaning will automatically run for users reported through the
lastlogfile for users with an UID of 1000 and above. This option is used for LDAP users that may not appear as an actual login, but may occur in certain log files.[user@server1 ~]$ sudo sos clean /var/tmp/sos-collector-2022-05-15-pafsr.tar.xz [sudo] password for user: sos clean (version 4.2) This command will attempt to obfuscate information that is generally considered to be potentially sensitive. Such information includes IP addresses, MAC addresses, domain names, and any user-provided keywords. Note that this utility provides a best-effort approach to data obfuscation, but it does not guarantee that such obfuscation provides complete coverage of all such data in the archive, or that any obfuscation is provided to data that does not fit the description above. Users should review any resulting data and/or archives generated or processed by this utility for remaining sensitive content before being passed to a third party. Press ENTER to continue, or CTRL-C to quit. Found 4 total reports to obfuscate, processing up to 4 concurrently sosreport-primary-rhel10-2022-05-15-nchbdmd : Extracting... sosreport-sos-node1-2022-05-15-wmlomgu : Extracting... sosreport-sos-node2-2022-05-15-obsudzc : Extracting... sos-collector-2022-05-15-pafsr : Beginning obfuscation... sosreport-sos-node1-2022-05-15-wmlomgu : Beginning obfuscation... sos-collector-2022-05-15-pafsr : Obfuscation completed sosreport-primary-rhel10-2022-05-15-nchbdmd : Beginning obfuscation... sosreport-sos-node2-2022-05-15-obsudzc : Beginning obfuscation... sosreport-primary-rhel10-2022-05-15-nchbdmd : Re-compressing... sosreport-sos-node2-2022-05-15-obsudzc : Re-compressing... sosreport-sos-node1-2022-05-15-wmlomgu : Re-compressing... sosreport-primary-rhel10-2022-05-15-nchbdmd : Obfuscation completed sosreport-sos-node2-2022-05-15-obsudzc : Obfuscation completed sosreport-sos-node1-2022-05-15-wmlomgu : Obfuscation completed Successfully obfuscated 4 report(s) A mapping of obfuscated elements is available at /var/tmp/sos-collector-2022-05-15-pafsr-private_map The obfuscated archive is available at /var/tmp/sos-collector-2022-05-15-pafsr-obfuscated.tar.xz Size 157.10KiB Owner root Please send the obfuscated archive to your support representative and keep the mapping file private
-
You can add the
Verification
Verify that the
sos cleancommand created an obfuscated archive and an obfuscation mapping in the/var/tmp/directory matching the description from the command output.[user@server1 ~]$ sudo ls -l /var/tmp/sos-collector-2022-05-15-pafsr-private_map /var/tmp/sos-collector-2022-05-15-pafsr-obfuscated.tar.xz [sudo] password for user: -rw-------. 1 root root 160868 May 15 16:10 /var/tmp/sos-collector-2022-05-15-pafsr-obfuscated.tar.xz -rw-------. 1 root root 96622 May 15 16:10 /var/tmp/sos-collector-2022-05-15-pafsr-private_mapCheck the
*-private_mapfile for the obfuscation mapping:[user@server1 ~]$ sudo cat /var/tmp/sos-collector-2022-05-15-pafsr-private_map [sudo] password for user: { "hostname_map": { "pmoravec-rhel10": "host0" }, "ip_map": { "10.44.128.0/22": "100.0.0.0/22", .. "username_map": { "foobaruser": "obfuscateduser0", "jsmith": "obfuscateduser1", "johndoe": "obfuscateduser2" } }
Keep both the original unobfuscated archive and the *private_map files locally as Red Hat support might refer to the obfuscated terms that you will need to translate to the original values.
'%20d='M201.5%20305.5c-13.8%200-24.9-11.1-24.9-24.6%200-13.8%2011.1-24.9%2024.9-24.9%2013.6%200%2024.6%2011.1%2024.6%2024.9%200%2013.6-11.1%2024.6-24.6%2024.6zM504%20256c0%20137-111%20248-248%20248S8%20393%208%20256%20119%208%20256%208s248%20111%20248%20248zm-132.3-41.2c-9.4%200-17.7%203.9-23.8%2010-22.4-15.5-52.6-25.5-86.1-26.6l17.4-78.3%2055.4%2012.5c0%2013.6%2011.1%2024.6%2024.6%2024.6%2013.8%200%2024.9-11.3%2024.9-24.9s-11.1-24.9-24.9-24.9c-9.7%200-18%205.8-22.1%2013.8l-61.2-13.6c-3-.8-6.1%201.4-6.9%204.4l-19.1%2086.4c-33.2%201.4-63.1%2011.3-85.5%2026.8-6.1-6.4-14.7-10.2-24.1-10.2-34.9%200-46.3%2046.9-14.4%2062.8-1.1%205-1.7%2010.2-1.7%2015.5%200%2052.6%2059.2%2095.2%20132%2095.2%2073.1%200%20132.3-42.6%20132.3-95.2%200-5.3-.6-10.8-1.9-15.8%2031.3-16%2019.8-62.5-14.9-62.5zM302.8%20331c-18.2%2018.2-76.1%2017.9-93.6%200-2.2-2.2-6.1-2.2-8.3%200-2.5%202.5-2.5%206.4%200%208.6%2022.8%2022.8%2087.3%2022.8%20110.2%200%202.5-2.2%202.5-6.1%200-8.6-2.2-2.2-6.1-2.2-8.3%200zm7.7-75c-13.6%200-24.6%2011.1-24.6%2024.9%200%2013.6%2011.1%2024.6%2024.6%2024.6%2013.8%200%2024.9-11.1%2024.9-24.6%200-13.8-11-24.9-24.9-24.9z'/%3e%3c/svg%3e){kind=small}