sos - vault#sos#sos#sos#sos
01. What is the sos Report Command? back to the blog 03. What does sos Report offer that no other Linux tool has?

02. How to execute sos Report Command?

02. How to execute sos Report Command?
NOTE: The following description is based in the sos command version 4.5.6 executed in an Ubuntu 20.04 server (hostname ganymede)
 
The sos report command gathers system diagnostics for troubleshooting. The following are basic examples of how to run the sos command to emphasize the usage of the --clean, --encrypt-pass ,  --case-id and --label options. As per the sos command manual page:
 
  • --encrypt: Encrypt  the  resulting  archive, and determine the method by which that encryption is done by either a  user prompt or  environment variables.
  • --encrypt-pass: Encrypts  the  resulting  archive that sosreport produces using GPG. The provided PASS for symmetric encryption
  • --clean: This function is designed to obfuscate potentially sensitive information from an sos report archive in a consistent and reproducible manner.
  • --label LABEL: Specify an arbitrary identifier to associate with the archive.  Labels will be appended after the  system's short hostname and may contain alphanumeric characters.
  • --case-id NUMBER: Specify  a case identifier to associate with the archive.  Identifiers may include alphanumeric characters, commas and periods ('.').
Running an sos report is straightforward, the simplest way to execute it is through a single command:
 
1. sudo sos report
 
When you run sos report without any extra options, it will ask for a case id this report is for in this example we used SUPP-0001 as case id and after a few seconds It will generate an output like this:
 
  
Finishing plugins              [Running: logs]                                          
  Finished running plugins                                                               
Creating compressed archive...


Your sosreport has been generated and saved in:
	/tmp/sosreport-ganymede-SUPP-0001-2024-10-01-xgsjkdb.tar.xz

 Size	11.87MiB
 Owner	root
 sha256	de66aa92c59f179af7ce0906056a58e8360772b56bbcbaed2f935bc9c009ee75

Please send this file to your support representative.
The command generated an 11.87 MiB compressed tar file inside the /tmp directory. The name of the tar file is sosreport-ganymede-SUPP-0001-2024-10-01-xgsjkdb.tar.xz (sosreport-HOSTNAME-CASE-ID-DATE-ID.tar.xz). Also note that the file sha256 checksum is provided for integrity verification after upload.
 
To generate a report while ensuring obfuscation for sensitive information such as hostnames or IP addresses, the following command can be used:
 
2. sudo sos report --clean
 
The --clean option, is designed to obfuscate potentially sensitive information from an sos report archive in a consistent and reproducible manner. When you run sos with this option, it will ask for a case id as before and after a several minutes It will generate an output like this:
 
  
  Finishing plugins              [Running: logs]                                          
  Finished running plugins                                                               
Found 1 total reports to obfuscate, processing up to 4 concurrently

sosreport-ganymede-SUPP-0001-2024-10-01-euofqva :  Beginning obfuscation...
sosreport-ganymede-SUPP-0001-2024-10-01-euofqva :  Obfuscation completed [removed 88 unprocessable files]

Successfully obfuscated 1 report(s)

Creating compressed archive...

A mapping of obfuscated elements is available at
	/tmp/sosreport-host0-SUPP-0001-2024-10-01-euofqva-private_map

Your sosreport has been generated and saved in:
	/tmp/sosreport-host0-SUPP-0001-2024-10-01-euofqva-obfuscated.tar.xz

 Size	11.14MiB
 Owner	root
 sha256	3d8c1efa5f4b241469a32b4807d3210d58fb971731d785e13501257c468105ee

Please send this file to your support representative.
The command generated an 11.87 MiB compressed tar file and took almost 10 minutes to finish. Notice how the name of the file no longer contains the hostname but host0 instead. The name of the tar file is now sosreport-host0-SUPP-0001-2024-10-01-euofqva-obfuscated.tar.xz (sosreport-HOSTNAME-CASE-ID-DATE-ID.obfuscated.tar.xz). Also note that the file sha256 checksum is provided for integrity verification after upload.
 
 
To generate an encrypted report the following command can be used:
 
3. sudo sos report --encrypt-pass "aPassword"
 
The --encrypt-pass option encrypts  the  resulting  archive with GPG using the provided password for symmetric encryption. When you run sos report with the --encrypt-pass option, it will ask for a case id this report is for in this example we used SUPP-0001 as case id and after a few seconds It will generate an output like this:
 
  
  Finishing plugins              [Running: logs]                                          
  Finished running plugins                                                               
Creating compressed archive...

Your sosreport has been generated and saved in:
	/tmp/secured-sosreport-ganymede-SUPP-0001-2024-10-01-plyzuet.tar.xz.gpg

 Size	11.90MiB
 Owner	root
 sha256	01bd4e339e6823235c36f6ef044d0d60e0243d80bda65f333fca31ce2dd8e894

Please send this file to your support representative.
The command generated an 11.90 MiB encrypted and compressed tar file and took just a few seconds to finish. Notice how the file extension change to gpg indicating that this is a GNU Privacy Guard encrypted file. The name of the tar file is now secured-sosreport-ganymede-SUPP-0001-2024-10-01-plyzuet.tar.xz.gpg (secured-sosreport-HOSTNAME-CASE-ID-DATE-ID.tar.xz.gpg).
Also note that the file sha256 checksum is provided for integrity verification after upload.
 
The following is an example of both an ecrypted and obfuscated report:
 
4. sudo sos report --encrypt-pass "aPassword" --clean --case-id SUPP-0001 --label "a label"
 
It is possible to specify a label for the final file name with the --label option. Note that in this example, it will not ask for a case id this time as we specified it in the command line with the --case-id option and after several minutes (because we used the clean option) seconds It will generate an output like this:
 
  
  Finishing plugins              [Running: logs]                                          
  Finished running plugins                                                               
Found 1 total reports to obfuscate, processing up to 4 concurrently

sosreport-ganymede-alabel-SUPP-0001-2024-10-01-iwormbj : Beginning obfuscation...
sosreport-ganymede-alabel-SUPP-0001-2024-10-01-iwormbj : Obfuscation completed [removed 88 unprocessable files]

Successfully obfuscated 1 report(s)

Creating compressed archive...

A mapping of obfuscated elements is available at
	/tmp/sosreport-host0-alabel-SUPP-0001-2024-10-01-iwormbj-private_map

Your sosreport has been generated and saved in:
	/tmp/secured-sosreport-host0-alabel-SUPP-0001-2024-10-01-iwormbj-obfuscated.tar.xz.gpg

 Size	11.20MiB
 Owner	root
 sha256	743902e923340381d5d559b90bdbf336a4d5e98701d19c233006e7825a9298ec

Please send this file to your support representative.
The command generated an 11.20 MiB encrypted and compressed tar file. Notice how the file contains the label with all spaces removed. The name of the tar file is now secured-sosreport-host0-alabel-SUPP-0001-2024-10-01-iwormbj-obfuscated.tar.xz.gpg (secured-sosreport-HOSTNAME-LABEL-CASE-ID-DATE-ID.obfuscated.tar.xz.gpg).
 
In any of the examples above, a tar file is generated and to review its contents it is necessary to extract it in the computer where the analysis is goint to be performed and if required provide the decryption password. In our next articles we will explore how to explore and analyse a sos report. 
 
 
01. What is the sos Report Command? back to the blog 03. What does sos Report offer that no other Linux tool has?