Chapter 5. Insights client data obfuscation

The Insights client provides obfuscation for both IP addresses and host names. Obfuscation uses a Python SoS process to replace the host name and IP address with preset values when it processes the Insights client archive. The processed archive file is then sent to Red Hat Insights for Red Hat Enterprise Linux.

You can enable or disable obfuscation in the /etc/insights-client/insights-client.conf configuration file. You can either choose to obfuscate the system IP address, or you can choose to obfuscate both the IP address and host name. You cannot select obfuscation for only the host name.

Note

You cannot choose the values for obfuscation. The Python SoS process automatically selects the values.

Note

The Red Hat Insights for Red Hat Enterprise Linux compliance service uses OpenSCAP tools to generate compliance reports based on information from the host system. The collaboration with OpenSCAP prevents the compliance service’s ability to completely obfuscate or redact host name and IP address data. Also, host information is sent to Insights for Red Hat Enterprise Linux when a compliance data collection job launches on the host system. Red Hat Insights for Red Hat Enterprise Linux is working to improve obfuscation options for host information.

For information about how Red Hat Insights for Red Hat Enterprise Linux handles data collection, see Red Hat Insights Data & Application Security.

5.1. Obfuscating the IPv4 address

You can obfuscate the IPv4 host address in the archive file before it is sent to Red Hat Insights for Red Hat Enterprise Linux.

When you choose IP address obfuscation, your host address in the archive file is changed to the value provided in the Python SoS file. You cannot configure the value provided for obfuscation. You also cannot mask or select the portion of the host IP address to obfuscate.

Note

IP address obfuscation is supported only for IPv4 addresses.

Procedure

  1. Open the /etc/insights-client/insights-client.conf file with an editor.
  2. Locate the line that contains the following setting:

    #obfuscate=False
  3. Remove the # and change False to True.

    obfuscate=True
  4. Save and close the the /etc/insights-client/insights-client.conf file.

Example

  • Original host IP address

    192.168.0.24
  • Obfuscated host IP address as it appears in Red Hat Insights for Red Hat Enterprise Linux

    10.230.230.1

If you choose IP address obfuscation on another system, the Python SoS process changed its IP address to the same obfuscated value in the archive file. In this example, the additional system also shows an obfuscated IP address of 10.230.230.1. In the Red Hat Insights for Red Hat Enterprise Linux GUI, you might see multiple systems with the same IP address as a result of obfuscation.

5.2. Obfuscating the host name

You can obfuscate the host name in the archive file before it is sent to Red Hat Insights for Red Hat Enterprise Linux. The hostname in /etc/hostname changes to host0 if you have a single host name assigned to your system. Additional host names change to host1, host2, up to the number of host names you configured for your system.

You can assign a display name to your system that is not obfuscated. The display name appears in Red Hat Insights for Red Hat Enterprise Linux application. Only the /etc/hostname is obfuscated.

Note

You must also obfuscate the IP address if you want to obfuscate the host name.

Prerequisites

Procedure

  1. Open the /etc/insights-client/insights-client.conf file with an editor.
  2. Locate the line that contains obfuscate_hostname.

    #obfuscate_hostname=False
  3. Remove the # and change False to True.

    obfuscate_hostname=True
  4. Save and close the the /etc/insights-client/insights-client.conf file.
  5. (Optional) Use the insights-client command with the --display-name option to assign a display name for your system. The display name is not obfuscated.

    [root@insights]# insights-client --display-name ITC-4

When you choose host name obfuscation, the /etc/hostname value in the archive file is changed to the value that is provided in the Python SoS file. The obfuscated host name then displays in Red Hat Insights for Red Hat Enterprise Linux application.

Example

  • Original /etc/hostname

    RTP.data.center.01
  • Obfuscated /etc/hostname as it appears in Red Hat Insights for Red Hat Enterprise Linux

    host0
Note

If you configure host name obfuscation on another system, its name uses the same obfuscation values. In the Red Hat Insights for Red Hat Enterprise Linux GUI, you might see multiple systems with the same hostname as a result of obfuscation.