Chapter 3. Red Hat Insights client data obfuscation

The Red Hat Insights client provides IP address obfuscation and host name obfuscation. The obfuscation is controlled by settings in the /etc/insights-client/insights-client.conf configuration file.

In the configuration file you select whether or not to enable obfuscation. You can choose IP address obfuscation and add host name obfuscation. You cannot select only host name obfuscation.

Obfuscation works by using a Python SoS process that replaces the host name and IP address with preset values when it processes the Insights client archive. The processed archive file is sent to Red Hat Insights.

You cannot choose the obfuscation replacement values.

3.1. IPv4 address obfuscation

When you choose IP address obfuscation, your host address in the archive file is changed to the value that is provided in the Python SoS file. The value provided for obfuscation is not configurable. You cannot mask or select which portion of the IPv4 host IP address to obfuscate.

Consider the following example that shows the original host IP address compared to how it appears when obfuscated:

  • Original host IP address

    192.168.0.24
  • Obfuscated host IP address as it appears in Red Hat Insights

    10.230.230.1

If you choose IP address obfuscation on another system, its IP address in the archive file is changed to the same obfuscated value, 10.230.230.1. In the Red Hat Insights GUI, you might see multiple systems with the same IP address as a result of obfuscation.

Note

IP address obfuscation is supported only for IPv4 addresses.

3.2. Host name obfuscation

When you choose host name obfuscation, your /etc/hostname value in the archive file is changed to the value that is provided in the Python SoS file. The obfuscated host name is displayed in Red Hat Insights. Consider the following example:

  • Original /etc/hostname

    RTP.data.center.01
  • Obfuscated /etc/hostname as it appears in Red Hat Insights

    host0

In order to use host name obfuscation, you must also enable IP address obfuscation.

Note

If you configure host name obfuscation on another system, its name uses the same obfuscation values. In the Red Hat Insights GUI, you might see multiple systems with the same hostname as a result of obfuscation.

Note

You can assign a display name to your system that is not obfuscated and will appear in Red Hat Insights. Only the /etc/hostname is obfuscated.

3.3. Configuring Red Hat Insights client obfuscation

The following procedures show how to configure obfuscation options in the Red Hat Insights client.

3.4. Obfuscating the IPv4 address

You can obfuscate the IPv4 host address in the archive file before it is sent to Red Hat Insights.

Note

You must obfuscate the IP address if you want to obfuscate the host name.

Procedure

  1. Open the /etc/insights-client/insights-client.conf file with an editor.
  2. Locate the line that contains

    #obfuscate=False
  3. Remove the # and change False to True.

    obfuscate=True
  4. Save and close the the /etc/insights-client/insights-client.conf file.

3.5. Obfuscating the hostname

You can obfuscate the host name in the archive file before it is sent to Red Hat Insights. The hostname in /etc/hostname changes to host0 if you have a single host name assigned to your system. Additional host names change to host1, host2, up to the number of host names you configured for your system.

Procedure

  1. Open the /etc/insights-client/insights-client.conf file with an editor.
  2. Locate the line that contains obfuscate_hostname.

    #obfuscate_hostname=False
  3. Remove the # and change False to True.

    obfuscate_hostname=True
  4. Save and close the the /etc/insights-client/insights-client.conf file.
  5. (Optional) Use the insights-client command with the --display-name option to assign a display name for your system. The display name is not obfuscated.

    [root@insights]# insights-client --display-name ITC-4