The future of exclusion of specific data is being enhanced, and eventually will replace the remove.conf . For more information please see Yaml-style Denylist configuration for Red Hat Insights Client
The Red Hat Insights collection agent has the ability to exclude (deny) entire files, specific commands, specific patterns, and specific keywords from the data that is sent to Red Hat.
To enable these exclusions, you must create a file called
/etc/insights-client/remove.conf and specify this file in the
remove_file line of
/etc/insights-client/insights-client.conf, as in the following example:
remove.conf file, there are four options available to control the types of information that is sent to Red Hat.
- files: A comma-separated list of files to be excluded. Each element in the list of files must be the absolute path to the file. To ensure exclusion, file names listed here must match exactly what is shown in the collection rules.
- commands: A comma-separated list of commands that should not be executed and whose output should not be sent. To ensure exclusion, command names listed here must match exactly what is shown in the collection rules.
- patterns: A comma-separated list of patterns that should not be sent. Importantly, patterns affect entire lines so any line that includes a matching pattern will not be sent.
- keywords: A comma-separated list of keywords that should not be sent. Matching keywords will be replaced with the literal
keyword. For this option to take effect, the
obfuscateoption must be set to
NOTE: Regular expression is not supported for all values of these options
The structure of the
remove.conf file must match what is shown below.
[remove] files=/etc/cluster/cluster.conf,/etc/hosts commands=/bin/dmesg patterns=password,username keywords=super$ecret,ultra$ecret
You can validate that your exclusions are having an effect with the
insights-client --no-upload command. This command will perform a test run and save the output to a local temporary directory. The contents of this directory show all the data that will be sent to Red Hat and can be inspected to ensure satisfactory denylisting results.
# insights-client --no-upload Attempting to download collection rules from https://cert-api.access.redhat.com/r/insights/v1/static/uploader.json Successfully downloaded collection rules Attempting to download collection rules GPG signature from https://cert-api.access.redhat.com/r/insights/v1/static/uploader.json.asc Successfully downloaded GPG signature Verifying GPG signature of Insights configuration Starting to collect Insights data See Insights data in /var/tmp/dJmbXS/insights-localhost-20151113145133.tar.gz
For more information on what metadata Red Hat Insights collects, see System Information Collected by Red Hat Insights.