1. User’s Guide
  2. Analyzing the Cluster Configuration
  3. Analyzing Risks and Complying with Best Practices
  4. Sanitizing Sensitive Information in the Diagnostic Collections

2.17 Sanitizing Sensitive Information in the Diagnostic Collections

Oracle Autonomous Health Framework uses Adaptive Classification and Redaction (ACR) to sanitize sensitive data.

After collecting copies of diagnostic data, Oracle ORAchk and Oracle EXAchk use Adaptive Classification and Redaction (ACR) to sanitize sensitive data in the collections. ACR uses a machine learning based engine to redact a pre-defined set of entity types in a given set of files. ACR also sanitizes or masks entities that occur in path names.

  • Sanitization replaces a sensitive value with random characters.
  • Masking replaces a sensitive value with a series of asterisks ("*").

ACR currently sanitizes the following entity types:

  • Host names
  • IP addresses
  • MAC addresses
  • Oracle Database names
  • Tablespace names
  • Service names
  • Ports
  • Operating system user names

ACR also masks Personally Identifiable Information (PII), that is, user data from the database appearing in block and redo dumps. There is no separate command for it.

To sanitize sensitive information: 

orachk -sanitize comma_delimited_list_of_collection_IDs

or

exachk -sanitize comma_delimited_list_of_collection_IDs
Block dumps before redaction:
14A533F40 00000000 00000000 00000000 002C0000 [..............,.]
14A533F50 35360C02 30352E30 31322E37 380C3938 [..650.507.2189.8]
14A533F60 31203433 37203332 2C303133 360C0200 [34 123 7310,...6]
Block dumps after redaction:
14A533F40 ******** ******** ******** ******** [****************]
14A533F50 ******** ******** ******** ******** [****************]
14A533F60 ******** ******** ******** ******** [****************]
Redo dumps before redaction:
col 74: [ 1] 80
col 75: [ 5] c4 0b 19 01 1f
col 76: [ 7] 78 77 06 16 0c 2f 26
Redo dumps after redaction:
col 74: [ 1] **
col 75: [ 5] ** ** ** ** **
col 76: [ 7] ** ** ** ** ** ** **

To print the reverse map of sanitized elements:

orachk -rmap all|comma_delimited_list_of_element_IDs

or

exachk -rmap all|comma_delimited_list_of_element_IDs

Parent topic: Analyzing Risks and Complying with Best Practices

2.17.1 Sanitizing Sensitive Information in Oracle ORAchk or Oracle EXAchk Output

  1. If you specify a file name that does not follow the naming convention:
    For example:
    $ orachk -sanitize orachk_invalid.html
/scratch/testuser/may31/orachk_invalid.html is not a valid orachk collection
  2. If you specify a file that does not exist:
    For example:
    $ orachk -sanitize /tmp/orachk_invalid.html
/tmp/orachk_invalid.html does not exist
  3. If you sanitize a file that exists with valid Oracle Autonomous Health Framework naming convention, but the file is not generated by Oracle Autonomous Health Framework:
    For example:
    $ orachk -sanitize orachk_invalidcollection.zip
orachk is sanitizing /scratch/testuser/may31/orachk_invalidcollection.zip. Please
wait...
ACR error occurred while sanitizing orachk collection
  4. To sanitize a file with relative path:
    For example:
    $ orachk -sanitize new/orachk_node061919_053119_001343.zip 
orachk is sanitizing
/scratch/testuser/may31/new/orachk_node061919_053119_001343.zip. Please wait...

Sanitized collection is:
/scratch/testuser/may31/orachk_aydv061919_053119_001343.zip
    $ orachk -sanitize .orachk_node061919_053119_001343.zip 
orachk is sanitizing
/scratch/testuser/may31/.orachk_node061919_053119_001343.zip. Please wait...

Sanitized collection is:
/scratch/testuser/may31/orachk_aydv061919_053119_001343.zip
  5. To sanitize Oracle Autonomous Health Framework debug log:
    For example:
    $ orachk -sanitize new/orachk_debug_053119_023653.log
orachk is sanitizing /scratch/testuser/may31/new/orachk_debug_053119_023653.log.
Please wait...

Sanitized collection is: /scratch/testuser/may31/orachk_debug_053119_023653.log
  6. To run full sanity check:
    For example:
    $ orachk -localonly -profile asm -sanitize -silentforce

Detailed report (html) - 
/scratch/testuser/may31/orachk_node061919_053119_04448/orachk_node061919_053119_04448.html

orachk is sanitizing /scratch/testuser/may31/orachk_node061919_053119_04448.
Please wait...

Sanitized collection is: /scratch/testuser/may31/orachk_aydv061919_053119_04448

UPLOAD [if required] - /scratch/testuser/may31/orachk_node061919_053119_04448.zip
  7. To print the reverse map of sanitized elements:
    For example:
    orachk -rmap pu406jKxg,kEvGFDT
________________________________________________________________________________
| Entity Type | Substituted Entity Name | Original Entity Name |
________________________________________________________________________________
| dbname      | XTT_MANUR               | ASM_POWER            |
| dbname      | fcb63u2                 | rac12c2              |
________________________________________________________________________________
    orachk -rmap all