1SOS(CLEAN) SOS(CLEAN)
2
6 sos clean - Obfuscate sensitive data from one or more sosreports
7
9 sos clean TARGET [options]
10 [--domains]
11 [--keywords]
12 [--keyword-file]
13 [--map-file]
14 [--jobs]
15 [--no-update]
16
19 sos clean or sos mask is an sos subcommand used to obfuscate sensitive
20 information from previously generated sosreports that is not covered by
21 the standard plugin-based post processing executed during report gener‐
22 ation, for example IP addresses.
23 Data obfuscated via this utility is done so consistently, meaning for
25 example an IP address of 192.168.1.1 in an unprocessed sosreport that
26 gets obfuscated to, for example, 100.0.0.1, will be changed to
27 100.0.0.1 in all occurrences found in the report.
28 Additionally, by default all such obfuscations are stored in "maps"
30 that will be persistently saved to /etc/sos/cleaner/default_mapping and
31 be re-used on subsequent runs.
32 This utility may also be used in-line with sos report and sos collect
34 by specifying the --clean or --mask option.
35 When called directly via sos clean, the obfuscated archive is written
37 as an additional file, meaning the original unprocessed report still
38 remains on the filesystem. When called via report or collect, the
39 changes are done in-line and thus only an obfuscated archive is written
40 and available. In either case, a mapping file containing the relation‐
41 ships between unprocessed and obfuscated elements will be written in
42 the same location as the resulting archive. This mapping file should be
43 kept private by system administrators.
44
47 TARGET
48 The path to the archive that is to be obfuscated. This may be an ar‐
50 chive or an unbuilt sos temporary
51 directory. If an archive, it will first be extracted and then
52 after obfuscation is complete re-compressed using the same com‐
53 pression method as the original.
54
57 --domains DOMAINS
58 Provide a comma-delimited list of domain names to obfuscate, in
59 addition to those matching the hostname of the system that cre‐
60 ated the sosreport. Subdomains that match a domain given via
61 this option will also be obfuscated.
62 For example, if --domains redhat.com is specified, then 'red‐
64 hat.com' will be obfuscated, as will 'www.redhat.com' and subdo‐
65 mains such as 'foo.redhat.com'.
66 --keywords KEYWORDS
68 Provide a comma-delimited list of keywords to scrub in addition
69 to the default parsers.
70 Keywords provided by this option will be obfuscated as "obfus‐
72 catedwordX" where X is an integer based on the keyword's index
73 in the parser. Note that keywords will be replaced as both
74 standalone words and in substring matches.
75 --keyword-file FILE
77 Provide a file that contains a list of keywords that should be
78 obfuscated. Each word must be specified on a newline within the
79 file.
80 --map-file FILE
82 Provide a location to a valid mapping file to use as a reference
83 for existing obfuscation pairs. If one is found, the contents
84 are loaded before parsing is started. This allows consistency
85 between runs of this command for obfuscated pairs. By default,
86 sos will write the generated private map file to
87 /etc/sos/cleaner/default_mapping so that consistency is main‐
88 tained by default. Users may use this option to reference a map
89 file from a different run (perhaps one that was done on another
90 system).
91 Default: /etc/sos/cleaner/default_mapping
93 --jobs JOBS
95 The number of concurrent archives to process, if more than one.
96 If this utility is called by sos collect then the value of the
97 jobs option for that utility will be used here.
98 Default: 4
100 --no-update
102 Do not write the mapping file contents to /etc/sos/cleaner/de‐
103 fault_mapping
104
106 Jake Hunsaker <jhunsake@redhat.com>
107
109 See AUTHORS file in the package documentation.
110Thu May 21 2020 1 SOS(CLEAN)