Public bug reported: sos 4.3 seems to have a regression in mac address obfuscation. We found this in the ubuntu package testing. The file concerned seems to be the etc/netplan/50-cloud-init.yaml which seems to end up with an unobfuscated mac address inspite of using --mask flag to sos report command.
---- autopkgtest run shows, Found 1 total reports to obfuscate, processing up to 4 concurrently sosreport-autopkgtest-2022-03-02-kluxwcz : Beginning obfuscation... sosreport-autopkgtest-2022-03-02-kluxwcz : Obfuscation completed [removed 16 unprocessable files] Successfully obfuscated 1 report(s) Creating compressed archive... A mapping of obfuscated elements is available at /tmp/sosreport-host0-2022-03-02-kluxwcz-private_map Your sosreport has been generated and saved in: /tmp/sosreport-host0-2022-03-02-kluxwcz-obfuscated.tar.xz Size 2.28MiB Owner root sha256 42db961f8cde1aa72f78afbef825d7bd54884e76996f96ce657a37fca5e1fa44 Please send this file to your support representative. ### end stdout ### start extraction ### stop extraction ######### DONE WITH --mask ######### !!! TEST FAILED: MAC address not obfuscated in all places !!! /tmp/sosreport_test/etc/netplan/50-cloud-init.yaml: macaddress: '52:54:00:12:34:56' ------------- sos 4.2 shows correct behavior. testing shows.. /etc/netplan/50-cloud-init.yaml contains network: ethernets: ens3: dhcp4: true match: macaddress: '52:54:00:12:34:56' set-name: ens3 version: 2 4.2 sos contains the file but with the obfuscated mac address. correct behavior. # This file is generated from information provided by the datasource. Changes # to it will not persist across an instance reboot. To disable cloud-init's # network configuration capabilities, write a file # /etc/cloud/cloud.cfg.d/99-disable-network-config.cfg with the following: # network: {config: disabled} network: ethernets: ens3: dhcp4: true match: macaddress: '53:4f:53:cf:3a:9e' set-name: ens3 version: 2 ---------------------- 4.3 testing shows the bug, the /etc/netplan/50-cloud-init.yaml contains # This file is generated from information provided by the datasource. Changes # to it will not persist across an instance reboot. To disable cloud-init's # network configuration capabilities, write a file # /etc/cloud/cloud.cfg.d/99-disable-network-config.cfg with the following: # network: {config: disabled} network: ethernets: ens3: dhcp4: true match: macaddress: '52:54:00:12:34:56' set-name: ens3 version: 2 --- generated sosreport (run with --mask) contains # This file is generated from information provided by the datasource. Changes # to it will not persist across an instance reboot. To disable cloud-init's # network configuration capabilities, write a file # /etc/cloud/cloud.cfg.d/99-disable-network-config.cfg with the following: # network: {config: disabled} network: ethernets: ens3: dhcp4: true match: macaddress: '52:54:00:12:34:56' set-name: ens3 version: 2 So the mac address isnt being obfuscated. Whats interesting is.. sosreport-host0-2022-03-02-kluxwcz-private_map stored in /tmp does indeed contain that entry and the obfuscated entry too.. { "hostname_map": { "autopkgtest": "host0" }, "ip_map": { "10.0.2.0/24": "100.0.0.0/24", "10.0.2.15/24": "100.0.0.1/24", "10.0.2.255": "100.0.0.255", "10.0.2.3": "100.0.0.2/24", "91.189.89.199": "96.79.58.28", "5.4.0.102": "73.90.65.47", "5.4.0.100": "69.14.29.26", "5.4.0.26": "58.82.14.73", "224.0.0.1": "34.30.38.86", "91.189.89.198": "59.29.50.62", "3.192.30.10": "14.98.98.25", "5.4.0.99": "74.19.96.35", "10.0.2.0/28": "101.0.0.1/28", "10.0.2.0/30": "102.0.0.1/30", "192.168.200.1": "20.50.36.98", "192.168.200.4": "28.58.14.33", "192.168.200.9": "97.65.46.86", "192.168.201.0/24": "103.0.0.1/24", "192.168.201.0/25": "104.0.0.1/25", "224.0.0.251": "67.40.56.81", "239.255.255.250": "26.23.39.82", "123.45.67.89": "20.91.68.26", "192.168.0.133": "79.76.79.11" }, "mac_map": { "52:54:00:12:34:56": "53:4f:53:79:76:69", <--- "33:33:00:00:00:16": "53:4f:53:73:7a:0e", "33:33:00:00:00:02": "53:4f:53:5e:53:b8", "33:33:ff:12:34:56": "53:4f:53:eb:10:e9", "33:33:00:00:00:01": "53:4f:53:dc:de:c4", "01:00:5e:00:00:01": "53:4f:53:4d:05:93", "01:80:c2:00:00:00": "53:4f:53:b6:04:55", "01:80:c2:00:00:03": "53:4f:53:34:cb:ef", "01:80:c2:00:00:0e": "53:4f:53:f1:77:bc", "52:55:0a:00:02:02": "53:4f:53:08:59:72", "52:55:0a:00:02:03": "53:4f:53:97:23:da", "52:56:00:00:00:02": "53:4f:53:80:ba:7d" }, "keyword_map": {}, "username_map": {} } But somehow the file itself is collected without changing the ip address from original ("52:54:00:12:34:56") to the obfuscated one ("53:4f:53:79:76:69") ---- Tested with upstream sos: root@autopkgtest:/home/nikhil/sos# git remote -v origin https://github.com/sosreport/sos/ (fetch) origin https://github.com/sosreport/sos/ (push) root@autopkgtest:/home/nikhil/sos# ls AUTHORS bin docs LICENSE man MANIFEST.in plugins_overview.py po README.md requirements.txt setup.py snap sos sos.conf sos.spec tests tmpfilesd-sos.conf root@autopkgtest:/home/nikhil/sos# root@autopkgtest:/home/nikhil/sos/bin# cat /etc/netplan/50-cloud-init.yaml # This file is generated from information provided by the datasource. Changes # to it will not persist across an instance reboot. To disable cloud-init's # network configuration capabilities, write a file # /etc/cloud/cloud.cfg.d/99-disable-network-config.cfg with the following: # network: {config: disabled} network: ethernets: ens3: dhcp4: true match: macaddress: '52:54:00:12:34:56' set-name: ens3 version: 2 Note it contains the mac addr 52:54:00:12:34:56 Now we will run the sos report, (upstream version) oot@autopkgtest:/home/nikhil/sos/bin# ls sos sos-collector sosreport root@autopkgtest:/home/nikhil/sos/bin# pwd /home/nikhil/sos/bin root@autopkgtest:/home/nikhil/sos/bin# ./sos report --mask sosreport (version 4.3) This command will collect system configuration and diagnostic information from this Ubuntu system. For more information on Canonical visit: Community Website : https://www.ubuntu.com/ Commercial Support : https://www.canonical.com The generated archive may contain data considered sensitive and its content should be reviewed by the originating organization before being passed to any third party. No changes will be made to system configuration. Press ENTER to continue, or CTRL-C to quit. Optionally, please enter the case id that you are generating this report for []: Setting up archive ... Setting up plugins ... [plugin:firewall_tables] skipped command 'nft list ruleset': required kmods missing: nf_tables, nfnetlink. Use '--allow-system-changes' to enable collection. [plugin:firewall_tables] skipped command 'iptables -vnxL': required kmods missing: nf_tables, iptable_filter. [plugin:firewall_tables] skipped command 'ip6tables -vnxL': required kmods missing: ip6table_filter, nf_tables. [plugin:networking] skipped command 'ip -s macsec show': required kmods missing: macsec. Use '--allow-system-changes' to enable collection. [plugin:networking] skipped command 'ss -peaonmi': required kmods missing: unix_diag, udp_diag, netlink_diag, af_packet_diag, inet_diag, xsk_diag, tcp_diag. Use '--allow-system-changes' to enable collection. [plugin:ufw] skipped command 'ufw status numbered': required kmods missing: bpfilter, iptable_filter. [plugin:ufw] skipped command 'ufw app list': required kmods missing: bpfilter, iptable_filter. [plugin:wireless] skipped command 'iw list': required kmods missing: cfg80211. [plugin:wireless] skipped command 'iw dev': required kmods missing: cfg80211. [plugin:wireless] skipped command 'iwconfig': required kmods missing: cfg80211. [plugin:wireless] skipped command 'iwlist scanning': required kmods missing: cfg80211. Running plugins. Please wait ... Finishing plugins [Running: systemd] Finished running plugins Found 1 total reports to obfuscate, processing up to 4 concurrently sosreport-autopkgtest-2022-03-02-abhwscl : Beginning obfuscation... sosreport-autopkgtest-2022-03-02-abhwscl : Obfuscation completed [removed 16 unprocessable files] Successfully obfuscated 1 report(s) Creating compressed archive... A mapping of obfuscated elements is available at /tmp/sosreport-host0-2022-03-02-abhwscl-private_map Your sosreport has been generated and saved in: /tmp/sosreport-host0-2022-03-02-abhwscl-obfuscated.tar.xz Size 2.27MiB Owner root sha256 e9d19933cfed512a59790edf65f70a0139f8da162f406153c298bb093bfbd939 Please send this file to your support representative. Lets open the file and see if mac address in that file is left unobfuscated, root@autopkgtest:/tmp# cat sosreport-host0-2022-03-02-abhwscl/etc/netplan/50-cloud-init.yaml # This file is generated from information provided by the datasource. Changes # to it will not persist across an instance reboot. To disable cloud-init's # network configuration capabilities, write a file # /etc/cloud/cloud.cfg.d/99-disable-network-config.cfg with the following: # network: {config: disabled} network: ethernets: ens3: dhcp4: true match: macaddress: '52:54:00:12:34:56' set-name: ens3 version: 2 root@autopkgtest:/tmp# Note, root@autopkgtest:/tmp# ls -lrt total 9448 drwx------ 3 root root 4096 Mar 2 15:48 systemd-private-e709306472c1435993a0b8d1f15e9dd3-systemd-resolved.service-7kMEUf drwx------ 3 root root 4096 Mar 2 15:48 systemd-private-e709306472c1435993a0b8d1f15e9dd3-systemd-timesyncd.service-FqCM6e drwx------ 3 root root 4096 Mar 2 15:48 systemd-private-e709306472c1435993a0b8d1f15e9dd3-systemd-logind.service-xFJpBh drwx------ 3 root root 4096 Mar 2 15:48 systemd-private-e709306472c1435993a0b8d1f15e9dd3-ModemManager.service-x5UZXh -rwxr-xr-x 1 root root 691 Mar 2 15:48 eofcat -rwxr-xr-x 1 root root 285 Mar 2 15:48 autopkgtest-reboot -rwxr-xr-x 1 root root 269 Mar 2 15:48 autopkgtest-reboot-prepare drwxrwxrwt 5 root root 4096 Mar 2 15:48 autopkgtest.RixDKr drwx------ 10 root root 4096 Mar 2 15:48 sosreport-autopkgtest-2022-03-02-zwngejm drwx------ 3 root root 4096 Mar 2 15:48 systemd-private-e709306472c1435993a0b8d1f15e9dd3-fwupd.service-Zasqxf drwx------ 3 root root 4096 Mar 2 15:48 systemd-private-e709306472c1435993a0b8d1f15e9dd3-upower.service-qb69Wg -rw------- 1 root root 1645 Mar 2 15:49 sosreport-host0-2022-03-02-bwcteqj-private_map -rw------- 1 root root 2389116 Mar 2 15:50 sosreport-host0-2022-03-02-bwcteqj-obfuscated.tar.xz drwxr-xr-x 12 root root 4096 Mar 2 15:50 sosreport_test drwx------ 12 root root 4096 Mar 2 15:55 sosreport-autopkgtest-2022-03-02-nwzytde -rw------- 1 root root 2409380 Mar 2 15:55 sosreport-autopkgtest-2022-03-02-nwzytde.tar.xz -rw-r--r-- 1 root root 65 Mar 2 15:55 sosreport-autopkgtest-2022-03-02-nwzytde.tar.xz.sha256 -rw------- 1 root root 2411848 Mar 2 15:58 sosreport-autopkgtest-2022-03-02-hkqkbak.tar.xz -rw-r--r-- 1 root root 65 Mar 2 15:58 sosreport-autopkgtest-2022-03-02-hkqkbak.tar.xz.sha256 drwx------ 12 root root 4096 Mar 2 15:58 sosreport-host0-2022-03-02-abhwscl -rw------- 1 root root 1645 Mar 2 15:59 sosreport-host0-2022-03-02-abhwscl-private_map <--- -rw------- 1 root root 2378324 Mar 2 15:59 sosreport-host0-2022-03-02-abhwscl-obfuscated.tar.xz -rw------- 1 root root 65 Mar 2 15:59 sosreport-host0-2022-03-02-abhwscl-obfuscated.tar.xz.sha256 root@autopkgtest:/tmp# cat sosreport-host0-2022-03-02-abhwscl-private_map { "hostname_map": { "autopkgtest": "host0" }, "ip_map": { "10.0.2.0/24": "100.0.0.0/24", "10.0.2.15/24": "100.0.0.1/24", "10.0.2.255": "100.0.0.255", "10.0.2.3": "100.0.0.2/24", "91.189.89.198": "33.43.50.21", "5.4.0.102": "80.74.90.96", "5.4.0.100": "69.87.15.65", "5.4.0.26": "13.16.68.51", "224.0.0.1": "92.20.91.63", "91.189.94.4": "42.38.68.46", "3.192.30.10": "93.87.22.28", "5.4.0.99": "37.44.72.50", "10.0.2.0/28": "101.0.0.1/28", "10.0.2.0/30": "102.0.0.1/30", "192.168.200.1": "37.72.13.85", "192.168.200.4": "19.35.86.99", "192.168.200.9": "39.80.73.13", "192.168.201.0/24": "103.0.0.1/24", "192.168.201.0/25": "104.0.0.1/25", "224.0.0.251": "19.45.84.66", "239.255.255.250": "93.52.70.42", "123.45.67.89": "92.20.45.84", "192.168.0.133": "29.81.60.51" }, "mac_map": { "52:54:00:12:34:56": "53:4f:53:45:22:61", <----- never made it into the file collected "33:33:00:00:00:16": "53:4f:53:63:ca:e1", "33:33:00:00:00:02": "53:4f:53:46:bc:12", "33:33:ff:12:34:56": "53:4f:53:9a:2e:fa", "33:33:00:00:00:01": "53:4f:53:e6:29:f1", "01:00:5e:00:00:01": "53:4f:53:67:6f:e7", "01:80:c2:00:00:00": "53:4f:53:20:c4:71", "01:80:c2:00:00:03": "53:4f:53:fb:50:f9", "01:80:c2:00:00:0e": "53:4f:53:2d:57:8a", "52:55:0a:00:02:03": "53:4f:53:50:2b:72", "52:55:0a:00:02:02": "53:4f:53:64:ec:34", "52:56:00:00:00:02": "53:4f:53:3e:92:21" }, "keyword_map": {}, "username_map": {} ------------- Upstream issue filed - https://github.com/sosreport/sos/issues/2873 ** Affects: sosreport (Ubuntu) Importance: Medium Assignee: nikhil kshirsagar (nkshirsagar) Status: New ** Affects: sosreport (Ubuntu Bionic) Importance: Medium Assignee: nikhil kshirsagar (nkshirsagar) Status: New ** Affects: sosreport (Ubuntu Focal) Importance: Medium Assignee: nikhil kshirsagar (nkshirsagar) Status: New ** Affects: sosreport (Ubuntu Impish) Importance: Medium Assignee: nikhil kshirsagar (nkshirsagar) Status: New -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1962733 Title: sosreport does not obfuscate a mac address even with --mask is used To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/sosreport/+bug/1962733/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs