Skip to content

[cleaner] Add option to prep audit logs#4277

Open
pmoravec wants to merge 1 commit intososreport:mainfrom
pmoravec:sos-pmoravec-cleaner-prep-auditlogs
Open

[cleaner] Add option to prep audit logs#4277
pmoravec wants to merge 1 commit intososreport:mainfrom
pmoravec:sos-pmoravec-cleaner-prep-auditlogs

Conversation

@pmoravec
Copy link
Copy Markdown
Contributor

@pmoravec pmoravec commented Mar 30, 2026
edited
Loading

Some (short)hostnames or usernames can be hidden in audit logs.

Allow parsing audit logs to obfuscate this type of sensitive data.

Closes: #4277
Relevant: #4258

Please place an 'X' inside each '[]' to confirm you adhere to our Contributor Guidelines

  • Is the commit message split over multiple lines and hard-wrapped at 72 characters?
  • Is the subject and message clear and concise?
  • Does the subject start with [plugin_name] if submitting a plugin patch or a [section_name] if part of the core sosreport code?
  • Does the commit contain a Signed-off-by: First Lastname email@example.com?
  • Are any related Issues or existing PRs properly referenced via a Closes (Issue) or Resolved (PR) line?
  • Are all passwords or private data gathered by this PR obfuscated?

@pmoravec pmoravec marked this pull request as draft March 30, 2026 19:07
@pmoravec
Copy link
Copy Markdown
Contributor Author

pmoravec commented Mar 30, 2026

This isnt final yet, rather asking for a feedback of the direction.

IMHO we should scrub hostnames and usernames in audit logs, like I discussed in https://github.com/orgs/sosreport/discussions/4258.

To prevent repetitive reading of audit logs, I hook the prepping into the main cleaner class in some way. Does this sound good to you?

Should we deal with compressed audit logs - should we decompress and parse them? Even if --keep-binary-files is not set?

Does this behaviour deserve a cmdline option? And if so, what default value? I feel no cmdline option is the best choice, but I think there can be different opinions and valid arguments here.

I am looking for your feedback before I complete the PR (just some bits remain, functionality is there).

@packit-as-a-service
Copy link
Copy Markdown

packit-as-a-service Bot commented Mar 30, 2026

Congratulations! One of the builds has completed. 🍾

You can install the built RPMs by following these steps:

  • sudo dnf install -y 'dnf*-command(copr)'
  • dnf copr enable packit/sosreport-sos-4277
  • And now you can install the packages.

Please note that the RPMs should be used only in a testing environment.

@pmoravec
[cleaner] Add option to prep audit logs
4080257 
Some (short) hostnames or usernames can be hidden in audit logs.

Allow parsing audit logs to obfuscate this type of sensitive data.

Closes: sosreport#4277
Relevant: sosreport#4258

Signed-off-by: Pavel Moravec <pmoravec@redhat.com>
@pmoravec pmoravec force-pushed the sos-pmoravec-cleaner-prep-auditlogs branch from 1a9be8e to 4080257 Compare April 1, 2026 17:12
@jcastill jcastill added the Kind/cleaner cleaner component of sos label Apr 9, 2026
@pmoravec pmoravec marked this pull request as ready for review April 9, 2026 20:22
@pmoravec
Copy link
Copy Markdown
Contributor Author

pmoravec commented Apr 9, 2026

This PR is ready for a review, though not yet for merge. Before merge, I need to know answers to #4277 (comment) to let me incorporate the feedback in the PR.

Is the RFE behind the PR sane and worth implementing?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

Kind/cleaner cleaner component of sos

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@pmoravec @jcastill