This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Register Now
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
NetWitness Knowledge Base
Find answers to your questions and identify resolutions for known issues with knowledge base articles written by NetWitness experts.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

How to obfuscate sensitive information(ip address, hostname and MAC) from sosreport in RSA NetWitness Platform

Article Number

000001074

Applies To

RSA Product Set: NetWitness Platform
RSA Product/Service Type: Core Appliance
RSA Version/Condition: 11.x

Issue

Some customer does not want to provide the output of sosreport or nwtech dump, because it has potentially sensitive information like ip address, MAC and host/domain name.
SOSCleaner is a tool to consistently obfuscate sensitive information in large datasets like Red Hat sosreports. It works on any dataset, from 1 file to thousands.
For more information, refer to the following documents.
Github: https://github.com/soscleaner/soscleaner
SOSCleaner documentation: https://soscleaner.readthedocs.io/en/latest/

Resolution

  1. Go to the sosreport output directory and run the soscleaner.

    And copy the log file name. (in the following example, /tmp/soscleaner-xxxxxxxxxxxxxxx.log)

    
# cd /var/tmp/sos.CioOkc/
# soscleaner sosreport-sa-server-xxxxxxxxxxxxxxx.tar.xz
ERROR:root:code for hash md5 was not found.
Traceback (most recent call last):
  File "/usr/lib64/python2.7/hashlib.py", line 129, in <module>
    globals()[__func_name] = __get_hash(__func_name)
  File "/usr/lib64/python2.7/hashlib.py", line 98, in __get_openssl_constructor
    f(usedforsecurity=False)
ValueError: error:3207A06D:lib(50):B_HASH_init:cr new
02-16 16:21:25 soscleaner CONSOLE: Log File Created at /tmp/soscleaner-xxxxxxxxxxxxxxx.log
CONSOLE:soscleaner:Log File Created at /tmp/soscleaner-xxxxxxxxxxxxxxx.log

    
*Note: NetWitness 11.x version has a problem with creating the /tmp/soscleaner-*.log file, so you must create the log file manually right after you run the soscleaner.

     
  2. Open a new ssl console and create the log file right after running the soscleaner. 
    
# touch /tmp/soscleaner-xxxxxxxxxxxxxxx.log
    
*Note: If you do not create the above log file, soscleaner could not complete the job with following error message.
    
OSError: [Errno 2] No such file or directory: '/tmp/soscleaner-2711957584681717.log'
# gunzip soscleaner-2711957584681717.tar.gz
gzip: soscleaner-2711957584681717.tar.gz: unexpected end of file 
     
  3. After finish the soscleaner, output files are in the /tmp directory. soscleaner-*.tar.gz has data with obfuscate information and the mappings are recorded in each csv file. 
    
# ls -al | grep sos
-rw-r--r--.   1 root       root            229 Feb 16 16:33 soscleaner-1845103887629427-dn.csv
-rw-r--r--.   1 root       root            202 Feb 16 16:33 soscleaner-1845103887629427-hostname.csv
-rw-r--r--.   1 root       root           3288 Feb 16 16:33 soscleaner-1845103887629427-ip.csv
-rw-r--r--.   1 root       root              0 Feb 16 16:28 soscleaner-1845103887629427.log
-rw-r--r--.   1 root       root            594 Feb 16 16:33 soscleaner-1845103887629427-mac.csv
-rw-r--r--.   1 root       root       22249438 Feb 16 16:33 soscleaner-1845103887629427.tar.gz
-rw-r--r--.   1 root       root             59 Feb 16 16:33 soscleaner-1845103887629427-username.csv

     
0 Likes
Was this article helpful? Yes No
No ratings

In this article

Version history
Last update:
‎2022-02-10 02:22 PM
Updated by:
Administrator Administrator

Related Content

© 2022 RSA Security LLC or its affiliates. All rights reserved.