1SOS(CLEAN)                                                          SOS(CLEAN)
2
3
4

NAME

6       sos clean - Obfuscate sensitive data from one or more sosreports
7

SYNOPSIS

9       sos clean TARGET [options]
10           [--domains]
11           [--keywords]
12           [--keyword-file]
13           [--map-file]
14           [--jobs]
15           [--no-update]
16           [--keep-binary-files]
17
18

DESCRIPTION

20       sos  clean or sos mask is an sos subcommand used to obfuscate sensitive
21       information from previously generated sosreports that is not covered by
22       the standard plugin-based post processing executed during report gener‐
23       ation, for example IP addresses.
24
25       Data obfuscated via this utility is done so consistently,  meaning  for
26       example  an  IP address of 192.168.1.1 in an unprocessed sosreport that
27       gets  obfuscated  to,  for  example,  100.0.0.1,  will  be  changed  to
28       100.0.0.1 in all occurrences found in the report.
29
30       Additionally,  by  default  all  such obfuscations are stored in "maps"
31       that will be persistently saved to /etc/sos/cleaner/default_mapping and
32       be re-used on subsequent runs.
33
34       This  utility may also be used in-line with sos report and  sos collect
35       by specifying the --clean or --mask option.
36
37       When called directly via sos clean, the obfuscated archive  is  written
38       as  an  additional  file, meaning the original unprocessed report still
39       remains on the filesystem. When  called  via  report  or  collect,  the
40       changes are done in-line and thus only an obfuscated archive is written
41       and available.  In either case, a mapping file containing the relation‐
42       ships  between  unprocessed  and obfuscated elements will be written in
43       the same location as the resulting archive. This mapping file should be
44       kept private by system administrators.
45
46

REQUIRED ARGUMENTS

48       TARGET
49
50       The  path  to  the archive that is to be obfuscated. This may be an ar‐
51       chive or an unbuilt sos temporary
52              directory. If an archive, it will first be  extracted  and  then
53              after  obfuscation is complete re-compressed using the same com‐
54              pression method as the original.
55
56

OPTIONS

58       --domains DOMAINS
59              Provide a comma-delimited list of domain names to obfuscate,  in
60              addition  to those matching the hostname of the system that cre‐
61              ated the sosreport. Subdomains that match  a  domain  given  via
62              this option will also be obfuscated.
63
64              For  example,  if  --domains redhat.com is specified, then 'red‐
65              hat.com' will be obfuscated, as will 'www.redhat.com' and subdo‐
66              mains such as 'foo.redhat.com'.
67
68       --keywords KEYWORDS
69              Provide  a comma-delimited list of keywords to scrub in addition
70              to the default parsers.
71
72              Keywords provided by this option will be obfuscated  as  "obfus‐
73              catedwordX"  where  X is an integer based on the keyword's index
74              in the parser. Note that  keywords  will  be  replaced  as  both
75              standalone words and in substring matches.
76
77       --keyword-file FILE
78              Provide  a  file that contains a list of keywords that should be
79              obfuscated. Each word must be specified on a newline within  the
80              file.
81
82       --map-file FILE
83              Provide a location to a valid mapping file to use as a reference
84              for existing obfuscation pairs.  If one is found,  the  contents
85              are  loaded  before  parsing is started. This allows consistency
86              between runs of this command for obfuscated pairs.  By  default,
87              sos   will   write   the   generated   private   map   file   to
88              /etc/sos/cleaner/default_mapping so that  consistency  is  main‐
89              tained  by default. Users may use this option to reference a map
90              file from a different run (perhaps one that was done on  another
91              system).
92
93              Default: /etc/sos/cleaner/default_mapping
94
95       --jobs JOBS
96              The  number of concurrent archives to process, if more than one.
97              If this utility is called by sos collect then the value  of  the
98              jobs option for that utility will be used here.
99
100              Default: 4
101
102       --no-update
103              Do  not  write the mapping file contents to /etc/sos/cleaner/de‐
104              fault_mapping
105
106       --keep-binary-files
107              Keep unprocessable binary files in the archive, rather than  re‐
108              moving them.
109
110              Note  that  binary  files cannot be obfuscated, and thus keeping
111              them in the archive may result in otherwise  sensitive  informa‐
112              tion  being  included in the final archive.  Users should review
113              any archive that keeps binary files in place before sending to a
114              third party.
115
116              Default: False (remove encountered binary files)
117
118

SEE ALSO

120       sos(1) sos-report(1) sos-collect(1) sos.conf(5)
121
122

MAINTAINER

124       Jake Hunsaker <jhunsake@redhat.com>
125

AUTHORS & CONTRIBUTORS

127       See AUTHORS file in the package documentation.
128
129
130
131Thu May 21 2020                        1                            SOS(CLEAN)
Impressum