1SOS(CLEAN)                                                          SOS(CLEAN)
2
3
4

NAME

6       sos clean - Obfuscate sensitive data from one or more sosreports
7

SYNOPSIS

9       sos clean TARGET [options]
10           [--domains]
11           [--disable-parsers]
12           [--keywords]
13           [--keyword-file]
14           [--map-file]
15           [--jobs]
16           [--no-update]
17           [--keep-binary-files]
18           [--archive-type]
19
20

DESCRIPTION

22       sos  clean or sos mask is an sos subcommand used to obfuscate sensitive
23       information from previously generated sosreports that is not covered by
24       the standard plugin-based post processing executed during report gener‐
25       ation, for example IP addresses.
26
27       Data obfuscated via this utility is done so consistently,  meaning  for
28       example  an  IP address of 192.168.1.1 in an unprocessed sosreport that
29       gets  obfuscated  to,  for  example,  100.0.0.1,  will  be  changed  to
30       100.0.0.1 in all occurrences found in the report.
31
32       Additionally,  by  default  all  such obfuscations are stored in "maps"
33       that will be persistently saved to /etc/sos/cleaner/default_mapping and
34       be re-used on subsequent runs.
35
36       This  utility may also be used in-line with sos report and  sos collect
37       by specifying the --clean or --mask option.
38
39       When called directly via sos clean, the obfuscated archive  is  written
40       as  an  additional  file, meaning the original unprocessed report still
41       remains on the filesystem. When  called  via  report  or  collect,  the
42       changes are done in-line and thus only an obfuscated archive is written
43       and available.  In either case, a mapping file containing the relation‐
44       ships  between  unprocessed  and obfuscated elements will be written in
45       the same location as the resulting archive. This mapping file should be
46       kept private by system administrators.
47
48

REQUIRED ARGUMENTS

50       TARGET
51
52       The  path  to  the archive that is to be obfuscated. This may be an ar‐
53       chive or an unbuilt sos temporary
54              directory. If an archive, it will first be  extracted  and  then
55              after  obfuscation is complete re-compressed using the same com‐
56              pression method as the original.
57
58

OPTIONS

60       --domains DOMAINS
61              Provide a comma-delimited list of domain names to obfuscate,  in
62              addition  to those matching the hostname of the system that cre‐
63              ated the sosreport. Subdomains that match  a  domain  given  via
64              this option will also be obfuscated.
65
66              For  example,  if  --domains redhat.com is specified, then 'red‐
67              hat.com' will be obfuscated, as will 'www.redhat.com' and subdo‐
68              mains such as 'foo.redhat.com'.
69
70       --disable-parsers PARSERS
71              Provide a comma-delimited list of parsers to disable when clean‐
72              ing an archive. By default all parsers are enabled.
73
74              Note that using this option is very likely  to  leave  sensitive
75              information in place in the target archive, so only use this op‐
76              tion when absolutely necessary or you have complete trust in the
77              party/parties that may handle the generated report.
78
79              Valid  values for this option are currently: hostname, ip, ipv6,
80              mac, keyword, and username.
81
82       --keywords KEYWORDS
83              Provide a comma-delimited list of keywords to scrub in  addition
84              to the default parsers.
85
86              Keywords  provided  by this option will be obfuscated as "obfus‐
87              catedwordX" where X is an integer based on the  keyword's  index
88              in  the  parser.  Note  that  keywords  will be replaced as both
89              standalone words and in substring matches.
90
91       --keyword-file FILE
92              Provide a file that contains a list of keywords that  should  be
93              obfuscated.  Each word must be specified on a newline within the
94              file.
95
96       --map-file FILE
97              Provide a location to a valid mapping file to use as a reference
98              for  existing  obfuscation pairs.  If one is found, the contents
99              are loaded before parsing is started.  This  allows  consistency
100              between  runs  of this command for obfuscated pairs. By default,
101              sos   will   write   the   generated   private   map   file   to
102              /etc/sos/cleaner/default_mapping  so  that  consistency is main‐
103              tained by default. Users may use this option to reference a  map
104              file  from a different run (perhaps one that was done on another
105              system).
106
107              Default: /etc/sos/cleaner/default_mapping
108
109       --jobs JOBS
110              The number of concurrent archives to process, if more than  one.
111              If  this  utility is called by sos collect then the value of the
112              jobs option for that utility will be used here.
113
114              Default: 4
115
116       --no-update
117              Do not write the mapping file contents  to  /etc/sos/cleaner/de‐
118              fault_mapping
119
120       --keep-binary-files
121              Keep  unprocessable binary files in the archive, rather than re‐
122              moving them.
123
124              Note that binary files cannot be obfuscated,  and  thus  keeping
125              them  in  the archive may result in otherwise sensitive informa‐
126              tion being included in the final archive.  Users  should  review
127              any archive that keeps binary files in place before sending to a
128              third party.
129
130              Default: False (remove encountered binary files)
131
132       --archive-type TYPE
133              Specify the type of archive that TARGET was generated as.   When
134              sos inspects a TARGET archive, it tries to identify what type of
135              archive it is.  For example, it may be a report generated by sos
136              report,  or  a collection of those reports generated by sos col‐
137              lect, which require separate approaches.
138
139              This option may be useful if a given TARGET archive is known  to
140              be  of  a specific type, but due to unknown reasons or some mal‐
141              formed/missing information in the archive directly, that is  not
142              properly identified by sos.
143
144              The following are accepted values for this option:
145
146                  auto          Automatically detect the archive type
147                  report        An archive generated by sos report
148                  collect       An archive generated by sos collect
149                  insights       An  archive  generated by the insights-client
150              package
151
152              The following may also be used, however note that these  do  not
153              attempt  to  pre-load any information from the archives into the
154              parsers. This means that, among other  limitations,  items  like
155              host and domain names may not be obfuscated unless an obfuscated
156              mapping already exists on the system from a previous execution.
157
158                  data-dir      A plain directory on the filesystem.
159                  tarball       A generic tar archive not associated with  any
160              known tool
161
162

SEE ALSO

164       sos(1) sos-report(1) sos-collect(1) sos.conf(5)
165
166

MAINTAINER

168       Maintained on GitHub at https://github.com/sosreport/sos
169

AUTHORS & CONTRIBUTORS

171       See AUTHORS file in the package documentation.
172
173
174
175Thu May 21 2020                        1                            SOS(CLEAN)
Impressum