8. Using soscleaner

8.1. CLI quickstart

8.1.1. CLI help output

The default way to use SOSCleaner is using the command-line application of the same name.

Usage: soscleaner <OPTIONS> /path/to/sosreport

Options:
  --version             show program's version number and exit
  -h, --help            show this help message and exit
  -l LOGLEVEL, --log_level=LOGLEVEL
                        The Desired Log Level (default = INFO) Options are
                        DEBUG, INFO, WARNING, ERROR
  -d DOMAIN, --domain=DOMAIN
                        additional domain to obfuscate (optional). use a flag
                        for each additional domain
  -f FILES, --file=FILES
                        additional files to be analyzed in addition to or in
                        exception of sosreport
  -q, --quiet           disable output to STDOUT
  -k KEYWORD, --keyword=KEYWORD
                        additional keywords to obfuscate. use multiple times
                        for multiple keywords
  -K KEYWORDS_FILE, --keywords_file=KEYWORDS_FILE
                        line-delimited list of keywords to obfuscate
  -H HOSTNAMEPATH, --hostname-path=HOSTNAMEPATH
                        optional path to hostname file.
  -n NETWORK, --network=NETWORK
                        networks to be obfuscatedi (optional). by default it
                        looks through known routes to generate a list from a
                        sosreport
  -u USER, --user=USER  additional usernames to obfuscate in the sosreport or
                        dataset - one user per flag
  -U USERS_FILE, --users-file=USERS_FILE
                        line-delimited list of users to obfuscate
  -o DIRECTORY, --output-dir=DIRECTORY
                        Directory to store soscleaner obfuscated sosreport or
                        dataset
  -m, --macs            disable MAC address obfuscation

8.2. Using a config file

If you find yourself having to use additional command line options a lot, you can create a config file at /etc/soscleaner.conf to handle these default values for you. Note: Please make sure the config file is own by root for both the UID & GID and that permission is set to READ & WRITE for the user ONLY (0600/-rw——-).

A sample config file:

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
[Default]
loglevel = debug  # the loglevel to run at, default is 'info'
root_domain = example.com  # domain to use for obfuscation
quiet = True # defaults to False, True suppresses output to stdout

[DomainConfig]
domains: example.com,foo.com,domain.com  # additional domains to obfuscate

[KeywordConfig]
keywords: foo,bar,some,other,words  # keywords to obfuscate
keyword_files: keywords.txt  # keyword files to obfuscate

[NetworkConfig]
networks: 172.16.0.0/16  # additional networks to obfuscate

[MacConfig]
obfuscate_macs = False  # True/False (defaults to True) - if False MAC obfuscation will not occur

8.3. Using within a python prompt

SOSCleaner is a python library at its heart, and can be used in other applications as a library. The following sample is useful when testing SOSCleaner functionality from a python prompt, like when we’re writing unit tests and other such incredibly fun activities.

1
2
3
4
5
 from soscleaner import SOSCleaner
 cleaner = SOSCleaner()
 cleaner.loglevel = 'DEBUG'
 cleaner.origin_path, cleaner.dir_path, cleaner.session, cleaner.logfile, cleaner.uuid = cleaner._prep_environment()
 cleaner._start_logging(cleaner.logfile)

Once the cleaner instance has been created, you can begin to populate the data structures. For example:

1
2
3
4
 cleaner.hostname = 'somehost'
 cleaner.domainname = 'example.com'
 cleaner.domains.append('foo.com')
 cleaner._domains2db()