Detailed breakdown of gathered data v4
GNU/Linux operating system
barman crontab/cron (barman_crontab_cron
)
Output from crontab -l
, if running as barman. Content of
/etc/cron.d/barman
, if it exists.
Report output:
- File
/linux/barman_cron.data
: Content of/etc/cron.d/barman
, if it exists - File
/linux/barman_crontab.data
: Output frombarman crontab -l
, if barman user
Depth: Surface
Security impact: Low —
Might have entries in crontab/cron
with sensitive data.
debug_sources (debug_sources
)
Count files under /usr/src/debug
to detect the applications whose
source code is present in the system and facilitate live debugging.
Report output:
- File
/linux/debug_sources.data
: Sources for GNU debugger
Depth: Surface
Security impact: Low — No known security impact.
EFM CLI (efm_cli
)
Get output of efm cluster-status
command.
Report output:
- File
/tools/efm/cli/cluster_status.out
: Output ofefm cluster-status cluster_name
command
Depth: Surface
Security impact: Low — No known security impact.
EFM configuration (efm_configuration
)
EFM properties and nodes configuration files.
Report output:
- File
/tools/efm/config/efm.nodes
: EFM nodes file - File
/tools/efm/config/efm.properties
: EFM properties file
Depth: Surface
Security impact: Low — No known security impact.
EFM systemctl (efm_systemctl
)
When EFM services are detected, collects status and cat of the
corresponding services. Checks for any service whose name starts
with edb-efm-
.
Report output:
- File
/tools/efm/systemd/service_name_cat.data
: Output ofsystemctl cat service_name
- File
/tools/efm/systemd/service_name_status.data
: Output ofsystemctl status service_name
Depth: Surface
Security impact: Low — No known security impact.
etcd CLI (etcd_cli
)
Gathers the output of some etcdctl
commands, if etcdctl
is
available in the server. The commands are endpoint status
and
endpoint health
.
Report output:
- File
/tools/etcd/cli/endpoint_status.out
: Output ofetcdctl endpoint status
command - File
/tools/etcd/cli/endpoint_health.out
: Output ofetcdctl endpoint health
command
Depth: Surface
Security impact: Low — No known security impact.
etcd configuration (etcd_configuration
)
Collects etcd
configuration file that's found in the server.
Report output:
- File
/tools/etcd/config/basename
:etcd
configuration file
Depth: Surface
Security impact: Low — No known security impact.
etcd systemctl (etcd_systemctl
)
When etcd services are detected, collects status and cat of the
corresponding services. Checks for any service whose name starts
with etcd
.
Report output:
- File
/tools/etcd/systemd/service_name_cat.data
: Output of 'systemctl cat service_name - File
/tools/etcd/systemd/service_name_status.data
: Output of 'systemctl status service_name
Depth: Surface
Security impact: low — No known security impact.
HARP CLI (harp_cli
)
Gathers output of a few harpctl
command outputs using the
config.yml
file, which is found in the server. The commands are:
cluster
, proxies
, locations
, nodes
, and version
.
Report output:
- File
/tools/harp/cli/version.out
: Output ofharpctl -f conf_file_path version
command - File
/tools/harp/cli/proxies.out
: Output ofharpctl -f conf_file_path get proxies -o yaml
command - File
/tools/harp/cli/nodes.out
: Output ofharpctl -f conf_file_path get nodes -o yaml
command - File
/tools/harp/cli/locations.out
: Output ofharpctl -f conf_file_path get locations -o yaml
command - File
/tools/harp/cli/cluster.out
: Output ofharpctl -f conf_file_path get cluster -o yaml
command
Depth: Surface
Security impact: Low — No known security impact.
HARP configuration (harp_configuration
)
Collects HARP configuration file that's found in the server.
Report output:
- File
/tools/harp/config/harp.cluster.init.yml
: HARP bootstrap configuration file - File
/tools/harp/config/basename
: HARP configuration file
Depth: Surface
Security impact: Low — No known security impact.
HARP systemctl (harp_systemctl
)
When HARP services are detected, collects status and cat of the
corresponding services. Checks for any service whose name starts
with harp
.
Report output:
- File
/tools/harp/systemd/service_name_cat.data
: Output ofsystemctl cat service_name
- File
/tools/harp/systemd/service_name_status.data
: Output ofsystemctl status service_name
Depth: Surface
Security impact: Low — No known security impact.
Block devices layout (linux_block_devices_layout
)
Information on block devices layout from the lsblk
command.
Report output:
- File
/linux/lsbk.data
:lsbk
command output
Depth: Surface
Security impact: Low — No known security impact.
Processor governor (linux_cpu_governor
)
Processor scaling governor from the files in /sys/devices/system/cpu
.
Report output:
- File
/linux/sys/energy_perf_bias.data
: Intel Performance and Energy Bias attributes - File
/linux/sys/intel_pstate.data
: Intel pstate configuration - File
/linux/sys/cpu_scaling_driver.data
: Available CPU scaling driver - File
/linux/sys/cpu_scaling_available_governors.data
: Available CPU scaling governors - File
/linux/sys/cpu_scaling_governor.data
: Active CPU scaling governor
Depth: Surface
Security impact: Low — No known security impact.
Mounted file systems and available space (linux_devices_info
)
List-mounted file systems through the mount
command and free space
using df
.
Report output:
- File
/linux/diskspace.data
: Amount of available disk space - File
/linux/mount.data
: Output of themount
command
Depth: Surface
Security impact: Low — No known security impact.
File systems configuration (linux_disk_configuration
)
Disk configuration obtained through the /etc/fstab
file.
Report output:
- File
/linux/fstab.data
: Contents of /etc/fstab
Depth: Surface
Security impact: Low — No known security impact.
OS distribution, kernel, and device data (linux_distro_collector
)
Information about the Linux distribution currently in use returned
by the lsb_release
command.
Report output:
- File
/linux/release.data
: Linux distribution currently in use - File
/linux/release_source.data
: Name of the collected file or the executed command
Depth: Surface
Security impact: Low — No known security impact.
Hardware (linux_hardware_info
)
Hardware info through lspci
.
Report output:
- File
/linux/lspci.data
: Hardware info fromlspci
Depth: Surface
Security impact: Low — No known security impact.
HTTP(s) proxies in use for package downloads (linux_http_proxy_configuration
)
Gathers information about HTTP(s) proxies in use for package downloads. Passwords are redacted.
Report output:
- File
/linux/packages-yum-config-manager.data
: YUM configuration - File
/linux/packages-dnf-config-manager.data
: DNF configuration - File
/linux/etc_environment.data
: Contents of /etc/environment
Depth: Surface
Security impact: Low — No known security impact.
Hypervisor (linux_hypervisor_collector
)
Information about the type of virtualization used, as returned by the
systemd-detect-virt
command.
Report output:
- File
/linux/hypervisor.data
: Name of the collected file or the executed command
Depth: Surface
Security impact: Low — No known security impact.
Kernel (linux_kernel_info
)
Kernel info, transparent huge pages status, and disk scheduler
configuration. Obtained by combining the output of the commands uname
and ipcs
with the contents of the /proc
and /sys
file systems.
Report output:
- File
/linux/read_ahead.data
: Info on the read ahead - File
/linux/schedulers.data
: Scheduler info from/sys
dir - File
/linux/sys/kernel_mm_transparent_hugepage.data
: Transparent huge pages info - File
/linux/ipcs.data
:ipcs
command output - File
/linux/uname.data
:uname
command output
Depth: Surface
Security impact: Low