Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

sos report masking not working if we not used following plugins - host, login, networking. #3433

Open
gholakemohit opened this issue Dec 1, 2023 · 3 comments
Open

sos report masking not working if we not used following plugins - host, login, networking. #3433

gholakemohit opened this issue Dec 1, 2023 · 3 comments

Comments

@gholakemohit
Copy link

gholakemohit commented Dec 1, 2023
edited

When we tried customized sos report collection with following plugins in disabled mode - host, login, networking.
Then we found that "hostname_map" and "username_map" is not generated in default_mapping of sos_cleaner and private mapping per sos report collection.
Is this expected behaviour. If yes, where can I found the documentation for this?

login:

sos/sos/cleaner/preppers/usernames.py

Line 39 in ffeb7d9

'sos_commands/login/lastlog_-u_1000-60000',

host: for host ->

sos/sos/cleaner/preppers/hostname.py

Line 32 in ffeb7d9

_file = 'sos_commands/host/hostname'

networking: for mac :

sos/sos/cleaner/preppers/mac.py

Line 23 in ffeb7d9

return ['sos_commands/networking/ip_-d_address']

Thanks
@arif-ali
Copy link
Member

arif-ali commented Dec 1, 2023

the concept of sos clean is that it will grab the details that it grabbed from the system, and will obfuscate the data based on this, as you can also run sos clean <sos-tar-ball> too.

If it is not collecting the host, login or networking details, then it is not allowed to collect that data, and possibly not allow to grab this information from the system.

something to note is that with sos clean or sos report --clean, the obfuscation takes place after the fact the data is collected

But, I also understand, that if we ignore those plugins, and we are running sos report --clean, we should be potentially expecting to obfuscate the data, maybe collect the same information separately, but not include the data in the sos report. So doing slightly different with in-flight clean may be something we can do. I'll let others chime in on this

@NikhilKakade-1 NikhilKakade-1 mentioned this issue Apr 10, 2024
Open
@NikhilKakade-1
Copy link
Contributor

NikhilKakade-1 commented Apr 10, 2024
edited

+1 On in-flight required files for obfuscation with --clean.

@pmoravec
Copy link
Contributor

Just a warning: the in-flight data collection must be run only on the original system where the sos report was run. Roughly speaking, we can perform it only for sos report --clean executions, but not to sos clean ones.

Assume a case we run sos report on one system, move the file else-where and run sos clean with in-flight obfuscation. We will clean some sensitive data like hostnames, but definitely not necessarily (all) the required ones. While user's perception might be different.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@arif-ali @pmoravec @gholakemohit @NikhilKakade-1