YAML-style blacklist configuration for Red Hat Insights Client

Updated -

Traditionally, the Insights Client utilizes an INI-style configuration, located at /etc/insights-client/remove.conf, with comma separated entries, for defining which files/commands/patterns to optionally omit in collection, like so:

[remove]
commands=/bin/date,/bin/df -al
files=/etc/hosts,/var/log/httpd/error_log
patterns=localhost,abc

With such a config, the full output of the commands and files defined would be omitted, and any lines containing the strings localhost or abc would be omitted from other command and file outputs.

This style of configuration is limited in its ability and expandability, so a new YAML configuration style has been devised.

Firstly, the functionality of remove.conf is split into two new files:
- /etc/insights-client/file-redaction.yaml -- containing thefiles and commands directives
- /etc/insights-client/file-content-redaction.yaml -- containing the patterns and keywords directives

This configuration also allows egrep-style regex matching for the patterns section, if desired. Documentation on how to use the format is included inline.

Example configuration of of /etc/insights-client/file-redaction.yaml

# file-redaction.yaml
---
# Omit entire output of commands
# Commands can be specified either by full command or
#   by the "symbolic_name" listed in /etc/insights-client/.cache.json
commands:
- /bin/rpm -qa
- /bin/ls
- ethtool_i

# Omit entire output of files
# Files can be specified either by full filename or
#   by the "symbolic_name" listed in .cache.json
files:
- /etc/audit/auditd.conf
- cluster_conf

Example configuration of of /etc/insights-client/file-content-redaction.yaml

# file-content-redaction.yaml
---
# Omit lines from files and command output using parameters listed here.
# Lines matching the parameters specified will be omitted
#   in the order that the parameters are given, e.g.,
#
# patterns:
# - example_string_1
# - example_string_2
#
# Lines containing "example_string_1" or "example_string_2" will be 
# omitted from output.
#
# To use regular expressions, wrap the array with "regex" like the following example:
#
# patterns:
#   regex:
#   - abc.*
#   - localhost[[:digit:]]
#
# Lines matching these regular expressions will be omitted
# from output.
patterns:
  regex:
  - abc.*

# Replace keywords in files and command output with generic identifiers by the soscleaner module
keywords:
- 1.1.1.1
- keyword_example

Related Resources

Red Hat Insights security information
System information collected by Red Hat Insights
Obfuscating IP addresses