RHEL Engineering is moving the tracking of its product development work on RHEL 6 through RHEL 9 to Red Hat Jira (issues.redhat.com). If you're a Red Hat customer, please continue to file support cases via the Red Hat customer portal. If you're not, please head to the "RHEL project" in Red Hat Jira and file new tickets here. Individual Bugzilla bugs in the statuses "NEW", "ASSIGNED", and "POST" are being migrated throughout September 2023. Bugs of Red Hat partners with an assigned Engineering Partner Manager (EPM) are migrated in late September as per pre-agreed dates. Bugs against components "kernel", "kernel-rt", and "kpatch" are only migrated if still in "NEW" or "ASSIGNED". If you cannot log in to RH Jira, please consult article #7032570. That failing, please send an e-mail to the RH Jira admins at rh-issues@redhat.com to troubleshoot your issue as a user management inquiry. The email creates a ServiceNow ticket with Red Hat. Individual Bugzilla bugs that are migrated will be moved to status "CLOSED", resolution "MIGRATED", and set with "MigratedToJIRA" in "Keywords". The link to the successor Jira issue will be found under "Links", have a little "two-footprint" icon next to it, and direct you to the "RHEL project" in Red Hat Jira (issue links are of type "https://issues.redhat.com/browse/RHEL-XXXX", where "X" is a digit). This same link will be available in a blue banner at the top of the page informing you that that bug has been migrated.
Bug 1748894 - [RFE] Add soscleaner functionality to sosreport
Summary: [RFE] Add soscleaner functionality to sosreport
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Red Hat Enterprise Linux 8
Classification: Red Hat
Component: sos
Version: 8.2
Hardware: All
OS: Linux
medium
medium
Target Milestone: rc
: 8.4
Assignee: Pavel Moravec
QA Contact: Miroslav Hradílek
URL:
Whiteboard:
: 1122207 (view as bug list)
Depends On:
Blocks: 1203710 1797896 1894575
TreeView+ depends on / blocked
 
Reported: 2019-09-04 11:55 UTC by Rainer Beyel
Modified: 2023-10-06 18:32 UTC (History)
16 users (show)

Fixed In Version: sos-4.0-2.el8
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed: 2021-05-18 14:47:21 UTC
Type: Feature Request
Target Upstream Version:
Embargoed:

Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Github sosreport sos pull 2093 0 None closed [sos] Add soscleaner functionality natively into sos 2021-02-16 08:49:45 UTC

Internal Links: 1504776

Description Rainer Beyel 2019-09-04 11:55:13 UTC 
Description of problem:
  Sometimes customers are not allowed to share sosreports, as their security policy prohibits it. A workaround is to run soscleaner on the already created (sosreport) archive.
  sosreport is an official Red Hat tool, while soscleaner is not. We like to request the soscleaner functionality within the sosreport tool.

Version-Release number of selected component (if applicable):
  RHEL 8

Actual results:
  Running sosreport creates a sosreport archive, including sensitive data (e.g. usernames, IPs, hostnames)

Expected results:
  Run sosreport with an option (e.g. --clean) so the resulting sosreport archive doesn't contain any sensitive data (e.g. like the outcome of soscleaner)
Comment 8 Pavel Moravec 2019-09-23 18:24:51 UTC 
*** Bug 1122207 has been marked as a duplicate of this bug. ***
Comment 10 Pavel Moravec 2020-05-11 12:35:21 UTC 
deferring to 8.4 where we will rebase to sos 4.0 where sos cleaner might be finally implemented natively.
Comment 15 Pavel Moravec 2020-06-16 11:19:00 UTC 
Current plan is to provide a cleaner functionality since RHEL8.4. It will be achieved by a new implementation under "sos" umbrella. For current almost-complete PR, see:

https://github.com/sosreport/sos/pull/2093

One could either:

- run "sos report --clean" to obfuscate sensitive data on just-being generated sosreport
- run "sos clean <sosreport-archive>" to apply the cleanup on a previously generated archive

Mapping what was obfuscated by what will be available for the user (and re-used automatically during next runs of sos).


Currently, these types of data will be obfuscated:
- MAC addresses
- IP addresses (not sure of status of IPv6)
- hostnames and domainnames
- any user-defined keywords
Comment 18 Pavel Moravec 2020-08-17 06:54:03 UTC 
As sos-4.0 will have a new implementation of soscleaner, the functionality might differ from the soscleaner one. It would be great if anyone interested in the feature tests the upstream bits and provide any feedback. Such feedback could still be incorporated in 8.4 / 9.0 where we plan to include the sos clean in.

Ways of testing the feature:

current upstream:

rm -rf master.zip sos-master
curl -L -O https://github.com/sosreport/sos/archive/master.zip
unzip master.zip
cd sos-master
python3 bin/sos --help
python3 bin/sos report --clean
..


sos-4.0 once released (very soon):

rm -rf 4.0.zip sos-4.0
https://github.com/sosreport/sos/archive/4.0.zip
unzip 4.0.zip
cd sos-4.0
python3 bin/sos --help
python3 bin/sos report --clean
..
Comment 19 Jens Kuehnel 2020-08-24 17:05:31 UTC 
Hi,


this looks very nice. But "username" are very personal information and under strict protection under GDPR. 
Is it possible to replace username the same way as hostname and networks? The current tool looks really nice, but in the current form it is not helping.

Thanks
CU
Jens

P.S.: I'm one of Rainer's aforementioned customer.
Comment 21 Jake Hunsaker 2020-08-24 18:02:27 UTC 
(In reply to Jens Kuehnel from comment #19)
> Is it possible to replace username the same way as hostname and networks?

You can provide the usernames via the keyword option, and you'll get the same functionality. We can look at adding a dedicated parser for usernames for sos-4.1, i.e. automatic detection of usernames from /etc/passwd.

E.G.

# sos clean --keywords=user1,tom,user24601 $archive

or

# sos report --clean --keywords=user1,tom,user24601
Comment 36 errata-xmlrpc 2021-05-18 14:47:21 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (sos bug fix and enhancement update), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHEA-2021:1604
Note You need to log in before you can comment on or make changes to this bug.