Menu Close
Settings Close

Language and Page Formatting Options

Chapter 4. Insights client data obfuscation

The Insights client provides IP address obfuscation and host name obfuscation. The obfuscation is controlled by settings in the /etc/insights-client/insights-client.conf configuration file.

In the configuration file you select whether or not to enable obfuscation. You can choose IP address obfuscation and add host name obfuscation. You cannot select only host name obfuscation.

Obfuscation works by using a Python SoS process that replaces the host name and IP address with preset values when it processes the Insights for RHEL client archive. The processed archive file is sent to Red Hat Insights for Red Hat Enterprise Linux.

You cannot choose the obfuscation replacement values.

Note

The Red Hat Insights for Red Hat Enterprise Linux compliance service uses OpenSCAP tools to generate compliance reports based on information from the host system. The collaboration with OpenSCAP prevents the compliance service’s ability to completely obfuscate or redact host name and IP address data. Also, host information is sent to the Insights for RHEL when a compliance data collection launches on the host system. Red Hat Insights for Red Hat Enterprise Linux is working to improve obfuscation options for host information.

For information about how Red Hat Insights for Red Hat Enterprise Linux handles data collection, see Red Hat Insights Data & Application Security.

4.1. Configuring Insights client obfuscation

The following procedures show how to configure obfuscation options in the Insights client.

4.2. Obfuscating the IPv4 address

You can obfuscate the IPv4 host address in the archive file before it is sent to Red Hat Insights for Red Hat Enterprise Linux.

Note

You must obfuscate the IP address if you want to obfuscate the host name.

Procedure

  1. Open the /etc/insights-client/insights-client.conf file with an editor.
  2. Locate the line that contains

    #obfuscate=False
  3. Remove the # and change False to True.

    obfuscate=True
  4. Save and close the the /etc/insights-client/insights-client.conf file.

When you choose IP address obfuscation, your host address in the archive file is changed to the value that is provided in the Python SoS file. The value provided for obfuscation is not configurable. You cannot mask or select which portion of the IPv4 host IP address to obfuscate.

Example

  • Original host IP address

    192.168.0.24
  • Obfuscated host IP address as it appears in Red Hat Insights for Red Hat Enterprise Linux

    10.230.230.1

If you choose IP address obfuscation on another system, its IP address in the archive file is changed to the same obfuscated value, 10.230.230.1. In the Red Hat Insights for Red Hat Enterprise Linux GUI, you might see multiple systems with the same IP address as a result of obfuscation.

Note

IP address obfuscation is supported only for IPv4 addresses.

4.3. Obfuscating the hostname

You can obfuscate the host name in the archive file before it is sent to Red Hat Insights for Red Hat Enterprise Linux. The hostname in /etc/hostname changes to host0 if you have a single host name assigned to your system. Additional host names change to host1, host2, up to the number of host names you configured for your system.

Note

The Red Hat Insights for Red Hat Enterprise Linux compliance service uses OpenSCAP tools to generate compliance reports based on information from the host system. The collaboration with OpenSCAP prevents the compliance service’s ability to completely obfuscate or redact host name and IP address data. Also, host information is sent to Insights for RHEL when a compliance data collection job launches on the host system. Red Hat Insights for Red Hat Enterprise Linux is working to improve obfuscation options for host information.

For information about how Red Hat Insights for Red Hat Enterprise Linux handles data collection, see Red Hat Insights Data & Application Security.

Procedure

  1. Open the /etc/insights-client/insights-client.conf file with an editor.
  2. Locate the line that contains obfuscate_hostname.

    #obfuscate_hostname=False
  3. Remove the # and change False to True.

    obfuscate_hostname=True
  4. Save and close the the /etc/insights-client/insights-client.conf file.
  5. (Optional) Use the insights-client command with the --display-name option to assign a display name for your system. The display name is not obfuscated.

    [root@insights]# insights-client --display-name ITC-4

When you choose host name obfuscation, your /etc/hostname value in the archive file is changed to the value that is provided in the Python SoS file. The obfuscated host name is displayed in Red Hat Insights for Red Hat Enterprise Linux application.

Example

  • Original /etc/hostname

    RTP.data.center.01
  • Obfuscated /etc/hostname as it appears in Red Hat Insights for Red Hat Enterprise Linux

    host0

In order to use host name obfuscation, you must also enable IP address obfuscation.

Note

If you configure host name obfuscation on another system, its name uses the same obfuscation values. In the Red Hat Insights for Red Hat Enterprise Linux GUI, you might see multiple systems with the same hostname as a result of obfuscation.

Note

You can assign a display name to your system that is not obfuscated and will appear in Red Hat Insights for Red Hat Enterprise Linux application. Only the /etc/hostname is obfuscated.