SEARCH
NEW RPMS
DIRECTORIES
ABOUT
FAQ
VARIOUS
BLOG
DONATE


YUM REPOSITORY

 
 

MAN page from CentOS Other sos-4.1-4.el8.noarch.rpm

SOS

Section: Misc. Reference Manual Pages (CLEAN)
Updated: 1
Index 

NAME

sos clean - Obfuscate sensitive data from one or more sosreports 

SYNOPSIS

sos clean TARGET [options]
    [--domains]
    [--keywords]
    [--keyword-file]
    [--map-file]
    [--jobs]
    [--no-update]
    [--keep-binary-files]

 

DESCRIPTION

sos clean or sos mask is an sos subcommand used to obfuscate sensitive information frompreviously generated sosreports that is not covered by the standard plugin-based postprocessing executed during report generation, for example IP addresses.

Data obfuscated via this utility is done so consistently, meaning for example an IP address of192.168.1.1 in an unprocessed sosreport that gets obfuscated to, for example, 100.0.0.1, will bechanged to 100.0.0.1 in all occurrences found in the report.

Additionally, by default all such obfuscations are stored in "maps" that will be persistentlysaved to /etc/sos/cleaner/default_mapping and be re-used on subsequent runs.

This utility may also be used in-line with sos report and sos collect by specifying the--clean or --mask option.

When called directly via sos clean, the obfuscated archive is written as an additional file,meaning the original unprocessed report still remains on the filesystem. When called via report orcollect, the changes are done in-line and thus only an obfuscated archive is written and available.In either case, a mapping file containing the relationships between unprocessed and obfuscated elements willbe written in the same location as the resulting archive. This mapping file should be kept privateby system administrators.

 

REQUIRED ARGUMENTS

TARGET
The path to the archive that is to be obfuscated. This may be an archive or an unbuilt sos temporary
directory. If an archive, it will first be extracted and then after obfuscation is complete re-compressedusing the same compression method as the original.

 

OPTIONS

--domains DOMAINS
Provide a comma-delimited list of domain names to obfuscate, in addition to thosematching the hostname of the system that created the sosreport. Subdomains thatmatch a domain given via this option will also be obfuscated.

For example, if --domains redhat.com is specified, then 'redhat.com' willbe obfuscated, as will 'www.redhat.com' and subdomains such as 'foo.redhat.com'.

--keywords KEYWORDS
Provide a comma-delimited list of keywords to scrub in addition to the default parsers.

Keywords provided by this option will be obfuscated as "obfuscatedwordX" where X is aninteger based on the keyword's index in the parser. Note that keywords will be replaced asboth standalone words and in substring matches.

--keyword-file FILE
Provide a file that contains a list of keywords that should be obfuscated. Each word mustbe specified on a newline within the file.
--map-file FILE
Provide a location to a valid mapping file to use as a reference for existing obfuscation pairs.If one is found, the contents are loaded before parsing is started. This allows consistency betweenruns of this command for obfuscated pairs. By default, sos will write the generated private map fileto /etc/sos/cleaner/default_mapping so that consistency is maintained by default. Users may use thisoption to reference a map file from a different run (perhaps one that was done on another system).

Default: /etc/sos/cleaner/default_mapping

--jobs JOBS
The number of concurrent archives to process, if more than one. If this utility is called bysos collect then the value of the jobs option for that utility will be used here.

Default: 4

--no-update
Do not write the mapping file contents to /etc/sos/cleaner/default_mapping
--keep-binary-files
Keep unprocessable binary files in the archive, rather than removing them.

Note that binary files cannot be obfuscated, and thus keeping them in the archivemay result in otherwise sensitive information being included in the final archive.Users should review any archive that keeps binary files in place before sending toa third party.

Default: False (remove encountered binary files)

 

SEE ALSO

sos(1)sos-report(1)sos-collect(1)

 

MAINTAINER

Jake Hunsaker <jhunsakeAATTredhat.com>
 

AUTHORS & CONTRIBUTORS

See AUTHORS file in the package documentation.


 

Index

NAME
SYNOPSIS
DESCRIPTION
REQUIRED ARGUMENTS
OPTIONS
SEE ALSO
MAINTAINER
AUTHORS & CONTRIBUTORS

This document was created byman2html,using the manual pages.