1.5. 清理 sos 报告
sos
实用程序提供了一个代码来混淆潜在的敏感数据,如用户名、主机名、IP 或 MAC 地址或其他用户指定的关键字。原始的 sos report
或 sos collect
都会保持不变,但会生成一个新的 *-obfuscated.tar.xz
文件用于在与第三方共享。
注意
您可以同使用 --clean
选项为 sos report
或 sos collect
命令增加清理的功能。
[user@server1 ~]$ sudo sos report --clean
先决条件
-
您已生成了
sos report
或sos collect
tarball。 - (可选) 您拥有特定关键字列表,除了用户名、主机名和其他您要模糊处理的数据之外。
步骤
针对
sos report
或sos collect
tarball 运行sos clean
命令,并按照屏幕上的说明进行操作。-
您可以添加
--keywords
选项,以额外清理指定关键字列表。 您可以添加
--usernames
选项以进一步混淆敏感用户名。自动用户名清理将通过
lastlog
文件为 UID 为 1000 及以上的用户自动运行。这个选项适用于可能不显示为实际登录的 LDAP 用户,但可能会在某些日志文件中发生。
-
您可以添加
[user@server1 ~]$ sudo sos clean /var/tmp/sos-collector-2022-05-15-pafsr.tar.xz [sudo] password for user: sos clean (version 4.2) This command will attempt to obfuscate information that is generally considered to be potentially sensitive. Such information includes IP addresses, MAC addresses, domain names, and any user-provided keywords. Note that this utility provides a best-effort approach to data obfuscation, but it does not guarantee that such obfuscation provides complete coverage of all such data in the archive, or that any obfuscation is provided to data that does not fit the description above. Users should review any resulting data and/or archives generated or processed by this utility for remaining sensitive content before being passed to a third party. Press ENTER to continue, or CTRL-C to quit. Found 4 total reports to obfuscate, processing up to 4 concurrently sosreport-primary-rhel9-2022-05-15-nchbdmd : Extracting... sosreport-sos-node1-2022-05-15-wmlomgu : Extracting... sosreport-sos-node2-2022-05-15-obsudzc : Extracting... sos-collector-2022-05-15-pafsr : Beginning obfuscation... sosreport-sos-node1-2022-05-15-wmlomgu : Beginning obfuscation... sos-collector-2022-05-15-pafsr : Obfuscation completed sosreport-primary-rhel9-2022-05-15-nchbdmd : Beginning obfuscation... sosreport-sos-node2-2022-05-15-obsudzc : Beginning obfuscation... sosreport-primary-rhel9-2022-05-15-nchbdmd : Re-compressing... sosreport-sos-node2-2022-05-15-obsudzc : Re-compressing... sosreport-sos-node1-2022-05-15-wmlomgu : Re-compressing... sosreport-primary-rhel9-2022-05-15-nchbdmd : Obfuscation completed sosreport-sos-node2-2022-05-15-obsudzc : Obfuscation completed sosreport-sos-node1-2022-05-15-wmlomgu : Obfuscation completed Successfully obfuscated 4 report(s) A mapping of obfuscated elements is available at /var/tmp/sos-collector-2022-05-15-pafsr-private_map The obfuscated archive is available at /var/tmp/sos-collector-2022-05-15-pafsr-obfuscated.tar.xz Size 157.10KiB Owner root Please send the obfuscated archive to your support representative and keep the mapping file private
验证步骤
验证
sos clean
命令在与命令输出的描述上创建了模糊的归档和/var/tmp/
目录中的模糊处理映射。[user@server1 ~]$ sudo ls -l /var/tmp/sos-collector-2022-05-15-pafsr-private_map /var/tmp/sos-collector-2022-05-15-pafsr-obfuscated.tar.xz [sudo] password for user: -rw-------. 1 root root 160868 May 15 16:10 /var/tmp/sos-collector-2022-05-15-pafsr-obfuscated.tar.xz -rw-------. 1 root root 96622 May 15 16:10 /var/tmp/sos-collector-2022-05-15-pafsr-private_map
检查
*-private_map
文件中的模糊处理映射:[user@server1 ~]$ sudo cat /var/tmp/sos-collector-2022-05-15-pafsr-private_map [sudo] password for user: { "hostname_map": { "pmoravec-rhel9": "host0" }, "ip_map": { "10.44.128.0/22": "100.0.0.0/22", .. "username_map": { "foobaruser": "obfuscateduser0", "jsmith": "obfuscateduser1", "johndoe": "obfuscateduser2" } }
重要
将原始的 unobfuscated 归档和 *private_map
文件在本地保留,因为红帽支持可能会需要您提供与模糊术语相关的原始数据。