1.5. 清理 sos 报告

先决条件

• 您已生成 sos 报告 或 sos 收集 tarball。
• （可选） 您可以在用户名、主机名和其他想要模糊处理以外的特定关键字列表中。

流程

• 针对 sos report 或 sos collect tarball 运行 sos clean 命令，并按照屏幕上的说明进行操作。

  1. 您可以添加 --keywords 选项，以额外清理给定关键字列表。

  2. 您可以添加 --usernames 选项以模糊处理进一步敏感的用户名。

     对于通过 lastlog 文件报告的 UID 为 1000 及以上的用户，将自动运行自动用户名清理。这个选项用于可能未显示为实际登录的 LDAP 用户，但可能会在某些日志文件中发生。

     [user@server1 ~]$ sudo sos clean /var/tmp/sos-collector-2022-05-15-pafsr.tar.xz
     [sudo] password for user:
     
     sos clean (version 4.2)
     
     This command will attempt to obfuscate information that is generally considered to be potentially sensitive. Such information includes IP addresses, MAC addresses, domain names, and any user-provided keywords.
     
     Note that this utility provides a best-effort approach to data obfuscation, but it does not guarantee that such obfuscation provides complete coverage of all such data in the archive, or that any obfuscation is provided to data that does not fit the description above.
     
     Users should review any resulting data and/or archives generated or processed by this utility for remaining sensitive content before being passed to a third party.
     
     
     Press ENTER to continue, or CTRL-C to quit.
     
     Found 4 total reports to obfuscate, processing up to 4 concurrently
     
     sosreport-primary-rhel8-2022-05-15-nchbdmd :      Extracting...
     sosreport-sos-node1-2022-05-15-wmlomgu :      Extracting...
     sosreport-sos-node2-2022-05-15-obsudzc :      Extracting...
     sos-collector-2022-05-15-pafsr :                   Beginning obfuscation...
     sosreport-sos-node1-2022-05-15-wmlomgu :      Beginning obfuscation...
     sos-collector-2022-05-15-pafsr :                   Obfuscation completed
     sosreport-primary-rhel8-2022-05-15-nchbdmd :      Beginning obfuscation...
     sosreport-sos-node2-2022-05-15-obsudzc :      Beginning obfuscation...
     sosreport-primary-rhel8-2022-05-15-nchbdmd :      Re-compressing...
     sosreport-sos-node2-2022-05-15-obsudzc :      Re-compressing...
     sosreport-sos-node1-2022-05-15-wmlomgu :      Re-compressing...
     sosreport-primary-rhel8-2022-05-15-nchbdmd :      Obfuscation completed
     sosreport-sos-node2-2022-05-15-obsudzc :      Obfuscation completed
     sosreport-sos-node1-2022-05-15-wmlomgu :      Obfuscation completed
     
     Successfully obfuscated 4 report(s)
     
     A mapping of obfuscated elements is available at
         /var/tmp/sos-collector-2022-05-15-pafsr-private_map
     
     The obfuscated archive is available at
         /var/tmp/sos-collector-2022-05-15-pafsr-obfuscated.tar.xz
     
         Size    157.10KiB
         Owner    root
     
     Please send the obfuscated archive to your support representative and keep the mapping file private

     Copy to Clipboard Toggle word wrap

验证

• 验证 sos clean 命令是否在与命令输出中描述匹配的 /var/tmp/ 目录中创建了模糊的存档和模糊的归档。

  [user@server1 ~]$ sudo ls -l /var/tmp/sos-collector-2022-05-15-pafsr-private_map /var/tmp/sos-collector-2022-05-15-pafsr-obfuscated.tar.xz
  [sudo] password for user:
  
  -rw-------. 1 root root 160868 May 15 16:10 /var/tmp/sos-collector-2022-05-15-pafsr-obfuscated.tar.xz
  -rw-------. 1 root root  96622 May 15 16:10 /var/tmp/sos-collector-2022-05-15-pafsr-private_map

  Copy to Clipboard Toggle word wrap

• 检查 *-private_map 文件中的 obfuscation 映射：

  [user@server1 ~]$ sudo cat /var/tmp/sos-collector-2022-05-15-pafsr-private_map
  [sudo] password for user:
  
  {
      "hostname_map": {
          "pmoravec-rhel8": "host0"
      },
      "ip_map": {
          "10.44.128.0/22": "100.0.0.0/22",
  ..
      "username_map": {
          "foobaruser": "obfuscateduser0",
          "jsmith": "obfuscateduser1",
          "johndoe": "obfuscateduser2"
      }
  }

  Copy to Clipboard Toggle word wrap