Detailed breakdown of gathered data v4
GNU/Linux operating system
barman crontab/cron (barman_crontab_cron
)
Output from crontab -l
, if running as barman. Content of
/etc/cron.d/barman
, if it exists.
Report output:
- File
/linux/barman_cron.data
: Content of/etc/cron.d/barman
, if it exists - File
/linux/barman_crontab.data
: Output frombarman crontab -l
, if barman user
Depth: Surface
Security impact: Low —
Might have entries in crontab/cron
with sensitive data.
debug_sources (debug_sources
)
Count files under /usr/src/debug
to detect the applications whose
source code is present in the system and facilitate live debugging.
Report output:
- File
/linux/debug_sources.data
: Sources for GNU debugger
Depth: Surface
Security impact: Low — No known security impact.
EFM CLI (efm_cli
)
Get output of efm cluster-status
command.
Report output:
- File
/tools/efm/cli/cluster_status.out
: Output ofefm cluster-status cluster_name
command
Depth: Surface
Security impact: Low — No known security impact.
EFM configuration (efm_configuration
)
EFM properties and nodes configuration files.
Report output:
- File
/tools/efm/config/efm.nodes
: EFM nodes file - File
/tools/efm/config/efm.properties
: EFM properties file
Depth: Surface
Security impact: Low — No known security impact.
EFM systemctl (efm_systemctl
)
When EFM services are detected, collects status and cat of the
corresponding services. Checks for any service whose name starts
with edb-efm-
.
Report output:
- File
/tools/efm/systemd/service_name_cat.data
: Output ofsystemctl cat service_name
- File
/tools/efm/systemd/service_name_status.data
: Output ofsystemctl status service_name
Depth: Surface
Security impact: Low — No known security impact.
etcd CLI (etcd_cli
)
Gathers the output of some etcdctl
commands, if etcdctl
is
available in the server. The commands are endpoint status
and
endpoint health
.
Report output:
- File
/tools/etcd/cli/endpoint_status.out
: Output ofetcdctl endpoint status
command - File
/tools/etcd/cli/endpoint_health.out
: Output ofetcdctl endpoint health
command
Depth: Surface
Security impact: Low — No known security impact.
etcd configuration (etcd_configuration
)
Collects etcd
configuration file that's found in the server.
Report output:
- File
/tools/etcd/config/basename
:etcd
configuration file
Depth: Surface
Security impact: Low — No known security impact.
etcd systemctl (etcd_systemctl
)
When etcd services are detected, collects status and cat of the
corresponding services. Checks for any service whose name starts
with etcd
.
Report output:
- File
/tools/etcd/systemd/service_name_cat.data
: Output of 'systemctl cat service_name - File
/tools/etcd/systemd/service_name_status.data
: Output of 'systemctl status service_name
Depth: Surface
Security impact: low — No known security impact.
HARP CLI (harp_cli
)
Gathers output of a few harpctl
command outputs using the
config.yml
file, which is found in the server. The commands are:
cluster
, proxies
, locations
, nodes
, and version
.
Report output:
- File
/tools/harp/cli/version.out
: Output ofharpctl -f conf_file_path version
command - File
/tools/harp/cli/proxies.out
: Output ofharpctl -f conf_file_path get proxies -o yaml
command - File
/tools/harp/cli/nodes.out
: Output ofharpctl -f conf_file_path get nodes -o yaml
command - File
/tools/harp/cli/locations.out
: Output ofharpctl -f conf_file_path get locations -o yaml
command - File
/tools/harp/cli/cluster.out
: Output ofharpctl -f conf_file_path get cluster -o yaml
command
Depth: Surface
Security impact: Low — No known security impact.
HARP configuration (harp_configuration
)
Collects HARP configuration file that's found in the server.
Report output:
- File
/tools/harp/config/harp.cluster.init.yml
: HARP bootstrap configuration file - File
/tools/harp/config/basename
: HARP configuration file
Depth: Surface
Security impact: Low — No known security impact.
HARP systemctl (harp_systemctl
)
When HARP services are detected, collects status and cat of the
corresponding services. Checks for any service whose name starts
with harp
.
Report output:
- File
/tools/harp/systemd/service_name_cat.data
: Output ofsystemctl cat service_name
- File
/tools/harp/systemd/service_name_status.data
: Output ofsystemctl status service_name
Depth: Surface
Security impact: Low — No known security impact.
Block devices layout (linux_block_devices_layout
)
Information on block devices layout from the lsblk
command.
Report output:
- File
/linux/lsbk.data
:lsbk
command output
Depth: Surface
Security impact: Low — No known security impact.
Processor governor (linux_cpu_governor
)
Processor scaling governor from the files in /sys/devices/system/cpu
.
Report output:
- File
/linux/sys/energy_perf_bias.data
: Intel Performance and Energy Bias attributes - File
/linux/sys/intel_pstate.data
: Intel pstate configuration - File
/linux/sys/cpu_scaling_driver.data
: Available CPU scaling driver - File
/linux/sys/cpu_scaling_available_governors.data
: Available CPU scaling governors - File
/linux/sys/cpu_scaling_governor.data
: Active CPU scaling governor
Depth: Surface
Security impact: Low — No known security impact.
Mounted file systems and available space (linux_devices_info
)
List-mounted file systems through the mount
command and free space
using df
.
Report output:
- File
/linux/diskspace.data
: Amount of available disk space - File
/linux/mount.data
: Output of themount
command
Depth: Surface
Security impact: Low — No known security impact.
File systems configuration (linux_disk_configuration
)
Disk configuration obtained through the /etc/fstab
file.
Report output:
- File
/linux/fstab.data
: Contents of /etc/fstab
Depth: Surface
Security impact: Low — No known security impact.
OS distribution, kernel, and device data (linux_distro_collector
)
Information about the Linux distribution currently in use returned
by the lsb_release
command.
Report output:
- File
/linux/release.data
: Linux distribution currently in use - File
/linux/release_source.data
: Name of the collected file or the executed command
Depth: Surface
Security impact: Low — No known security impact.
Hardware (linux_hardware_info
)
Hardware info through lspci
.
Report output:
- File
/linux/lspci.data
: Hardware info fromlspci
Depth: Surface
Security impact: Low — No known security impact.
HTTP(s) proxies in use for package downloads (linux_http_proxy_configuration
)
Gathers information about HTTP(s) proxies in use for package downloads. Passwords are redacted.
Report output:
- File
/linux/packages-yum-config-manager.data
: YUM configuration - File
/linux/packages-dnf-config-manager.data
: DNF configuration - File
/linux/etc_environment.data
: Contents of /etc/environment
Depth: Surface
Security impact: Low — No known security impact.
Hypervisor (linux_hypervisor_collector
)
Information about the type of virtualization used, as returned by the
systemd-detect-virt
command.
Report output:
- File
/linux/hypervisor.data
: Name of the collected file or the executed command
Depth: Surface
Security impact: Low — No known security impact.
Kernel (linux_kernel_info
)
Kernel info, transparent huge pages status, and disk scheduler
configuration. Obtained by combining the output of the commands uname
and ipcs
with the contents of the /proc
and /sys
file systems.
Report output:
- File
/linux/read_ahead.data
: Info on the read ahead - File
/linux/schedulers.data
: Scheduler info from/sys
dir - File
/linux/sys/kernel_mm_transparent_hugepage.data
: Transparent huge pages info - File
/linux/ipcs.data
:ipcs
command output - File
/linux/uname.data
:uname
command output
Depth: Surface
Security impact: Low — No known security impact.
Kernel limits (linux_kernel_limits
)
Configuration file for the pam_limits
module.
Report output:
- File
/linux/limits.data
: Content of thelimits.conf
file
Depth: Surface
Security impact: Low — No known security impact.
ld.so configuration (linux_ldso
)
Dynamic linker configuration (overloads).
Report output:
- File
/linux/ldso/env_LD_AUDIT.data
: Current$LD_AUDIT
variable - File
/linux/ldso/env_LD_PRELOAD.data
: Current$LD_PRELOAD
variable - File
/linux/ldso/ld.so.conf.data
: Contents of allld.so
config files under/etc/ld.so.conf*
- File
/linux/ldso/ld.so.preload.data
: Contents of/etc/ld.so.preload
file - File
/linux/ldso/ldconfig-cache.data
: Output ofldconfig --print-cache
Depth: Deep
Security impact: Low — No known security impact.
Configured locale (linux_locale
)
Information about the system locale.
Report output:
- File
/linux/localectl.data
: Currently configured locale - File
/linux/locale--all-locales.data
: List of installed locales - File
/linux/locale.data
: Currently configured locale - File
/linux/locale-conf.data
: Currently configured locale
Depth: Surface
Security impact: Low — No known security impact.
Processor usage statistics (linux_mpstat
)
Processor statistics from the mpstat
command.
Report output:
- File
/linux/mpstat.data
: Output frommpstat -P ALL 1 10
Depth: Surface
Security impact: Low — No known security impact.
Network interfaces (linux_network_interfaces
)
Network interface information from the ip
and ifconfig
commands.
Report output:
- File
/linux/ifconfig.data
: Output fromifconfig
- File
/linux/ip_address_list.data
: Output fromip address list
Depth: Surface
Security impact: Low — No known security impact.
Installed packages via rpm or dpkg (linux_packages_info
)
Information about the system packages installed using rpm
or dpkg
.
Report output:
- File
/linux/packages-dpkg.data
: List of packages installed usingdpkg
- File
/linux/packages-rpm.data
: List of packages installed usingrpm
Depth: Surface
Security impact: Low — No known security impact.
Installed packages origins (linux_packages_origin_info
)
Information about the packages origins.
Report output:
- File
/linux/packages-apt_conf.data
:apt
configuration - File
/linux/packages-apt-cache-policy.data
:apt
configuration - File
/linux/packages-apt-list-installed.data
: Repositories that were used to install packages - File
/linux/packages-yum-repolist.data
: Repositories that are enabled inyum
- File
/linux/packages-dnf-module-list.data
: Repositories that are enabled indnf
- File
/linux/packages-dnf-repolist.data
: Repositories that are enabled indnf
- File
/linux/packages-yum-list-installed.data
: Repositories that were used to install packages - File
/linux/packages-dnf-list-installed.data
: Repositories that were used to install packages
Depth: Surface
Security impact: Low — No known security impact.
PostgreSQL disk layout (linux_postgresql_disk_layout
)
List all files in the PostgreSQL data directory using find
for
links and ls
for files.
Report output:
- File
/linux/pg_ls.data
: List of files inside the data directory - File
/linux/pg_links.data
: List of links inside the data directory
Depth: Surface
Security impact: Low — No known security impact.
SELinux (linux_sestatus
)
SELinux status from sestatus
.
Report output:
- File
/linux/sestatus.data
: Output fromsestatus
Depth: Surface
Security impact: Low — No known security impact.
OpenSSL version and configuration (linux_ssl
)
Collect OpenSSL version, enabled engines, and ciphers/configurations.
Report output:
- File
/linux/openssl/crypto-policies-isapplied.data
: Output ofupdate-crypto-policies --is-applied
RHEL tool - File
/linux/openssl/crypto-policies-show.data
: Output ofupdate-crypto-policies --show
RHEL tool - File
/linux/openssl/fips-mode-setup.data
: Output offips-mode-setup --check
RHEL tool - File
/linux/openssl/ciphers.data
: Output ofopenssl ciphers
- File
/linux/openssl/engines.data
: Output ofopenssl engine
- File
/linux/openssl/version.data
: Output ofopenssl version
Depth: Surface
Security impact: Low — No known security impact.
System identification (linux_system_identity
)
Collect hostname, network interfaces, system info (uname), system identifier, and release info.
Report output:
- File
/linux/id/system_release.data
: OS information from/etc/system-release
- File
/linux/id/os_release.data
: OS information from/etc/os-release
- File
/linux/id/machine_id.data
: Machine ID contained in/etc/machine-id
- File
/linux/id/uname.data
: Information about the running kernel - File
/linux/id/hostname.data
: Fully qualified domain name - File
/linux/id/interfaces.data
: Network addresses of the host
Depth: Surface
Security impact: Low — No known security impact.
dmesg and /proc information (linux_system_info
)
System info from the contents of the /proc
filesystem and through
the output of dmesg
command.
Report output:
- File
/linux/lsmod.data
:lsmod
output - File
/linux/dmesg_with_timestamp.data
:Dmesg
output (human-readable timestamps) - File
/linux/dmesg.data
:dmesg
output - File
/linux/proc/sys_net_ipv4.data
: Network info from/proc
- File
/linux/proc/sys_vm.data
: VM info from/proc
- File
/linux/proc/sys_kernel.data
: Kernel info from/proc
- File
/linux/vmstat.data
: VM statistics from/proc
- File
/linux/proc/mounts.data
: Mount points from/proc
- File
/linux/proc/uptime.data
: Uptime info from/proc
- File
/linux/proc/loadavg.data
: Load avg from/proc
- File
/linux/proc/meminfo.data
: Memory info from/proc
Depth: Surface
Security impact: Low — No known security impact.
System status — device mapper devices (linux_system_status_dmdevices
)
Get information about device mapper devices.
Report output:
- File
/linux/lsdevmapper.data
: Information about/dev/mapper
device mapper symlinks
Depth: Surface
Security impact: Low — No known security impact.
System status — iostat (linux_system_status_iostat
)
System status from the iostat
command.
Report output:
- File
/linux/iostat.data
: Info on I/O statistics
Depth: Surface
Security impact: Low — No known security impact.
System status — nfsiostat (linux_system_status_nfsiostat
)
System status from the nfsiostat
command.
Report output:
- File
/linux/nfsiostat.data
: nfs I/O statistics
Depth: Surface
Security impact: Low — No known security impact.
System status — ps (linux_system_status_ps
)
System status from the ps
command.
Report output:
- File
/linux/ps.data
: Active processes info
Depth: Surface
Security impact: Low — Some processes might contain sensitive data in their names.
System status — sar (linux_system_status_sar
)
System status from the sar
command.
Report output:
- File
/linux/sar.data
: Actualsar
info - File
/linux/sar-yesterday.data
:sar
info from yesterday
Depth: Surface
Security impact: Low — No known security impact.
System status — top (linux_system_status_top
)
System status from the top
command.
Report output:
- File
/linux/top.data
: Process information
Depth: Surface
Security impact: Low — Some processes might contain sensitive data in their names.
System status — vmstat (linux_system_status_vmstat
)
System status from the vmstat
command.
Report output:
- File
/linux/vmstat.data
: Info on processes, memory, paging, block IO, traps, disks, and CPU activity
Depth: Surface
Security impact: Low — No known security impact.
systemctl units (linux_systemctl_units
)
Systemctl list-units on a systemd
server.
Report output:
- File
/linux/systemd/list-units.data
: Output ofsystemctl list-units
Depth: Surface
Security impact: Low — No known security impact.
tuned (linux_tuned
)
Tuned status and profiles.
Report output:
- Directory
/linux/tuned/tune-profiles
: Files from/etc/tune-profiles
- Directory
/linux/tuned/tuned
: Files from/etc/tuned
- File
/linux/tuned/tuned.conf
: File/etc/tuned.conf
- File
/linux/tuned/tuned-list.data
: Output fromtuned_adm list
- File
/linux/tuned/tuned-active.data
: Output fromtuned_adm active
Depth: Surface
Security impact: Low — No known security impact.
PEM configuration (pem_configuration
)
PEM configuration files from PEM agent, PEM server, and PEM web server.
Report output:
- File
/tools/pem/config/edb-ssl-pem.conf
: PEM web server SSL configuration file - File
/tools/pem/config/edb-pem.conf
: PEM web server configuration file - File
/tools/pem/config/install-config
: PEM server configuration file (installation config file) - File
/tools/pem/config/config_setup.py
: PEM server setup configuration file - File
/tools/pem/config/pem.wsgi
: PEM server WSGI definition file - File
/tools/pem/config/agent.cfg
: PEM agent configuration file
Depth: Surface
Security impact: Low — No known security impact.
PEM systemctl (pem_systemctl
)
When PEM is detected, collects PEM agent and PEM web server status and content.
Report output:
- File
/tools/pem/systemd/service_name_cat.data
: Output ofsystemctl cat service_name
- File
/tools/pem/systemd/service_name_status.data
: Output ofsystemctl status service_name
Depth: Surface
Security impact: Low — No known security impact.
PgBouncer configuration (pgbouncer_configuration
)
PgBouncer configuration files.
Report output:
- File
/tools/pgbouncer/num/config/basename
: PgBouncer configuration file from instance num
Depth: Surface
Security impact: Low — No known security impact.
PgBouncer systemctl (pgbouncer_systemctl
)
When PgBouncer services are detected, collects status and cat of the corresponding services. Checks for any service that contains any of the PgBouncer configuration files.
Report output:
- File
/tools/pgbouncer/num/systemd/service_name_cat.data
: Output ofsystemctl cat service_name
from instance num - File
/tools/pgbouncer/num/systemd/service_name_status.data
: Output ofsystemctl status service_name
from instance num
Depth: Surface
Security impact: Low — No known security impact.
PGD Proxy configuration (pgd_proxy_configuration
)
Collects PGD Proxy configuration file that's found in the server.
Report output:
- File
/tools/pgd-proxy/config/basename
: PGD Proxy configuration file
Depth: Surface
Security impact: Low — No known security impact.
PGD Proxy systemctl (pgd_proxy_systemctl
)
When PGD Proxy services are detected, collects status and cat of the
corresponding services. Checks for any service whose name starts
with pgd-proxy
.
Report output:
- File
/tools/pgd-proxy/systemd/service_name_cat.data
: Output ofsystemctl cat service_name
- File
/tools/pgd-proxy/systemd/service_name_status.data
: Output ofsystemctl status service_name
Depth: Surface
Security impact: Low — No known security impact.
postgres/enterprisedb crontab (postgres_enterprisedb_crontab
)
Output from crontab -l
, if running as postgres or enterprisedb.
Report output:
- File
/linux/enterprisedb_crontab.data
: Output fromenterprisedb crontab -l
, if enterprisedb user - File
/linux/postgres_crontab.data
: Output frompostgres crontab -l
, if postgres user
Depth: Surface
Security impact: Low — Might have entries in crontab/cron with sensitive data.
PostgreSQL systemctl (postgresql_systemctl
)
Collects PostgreSQL service status and content.
Report output:
- File
/linux/systemd/service_name_cat.data
: Output ofsystemctl cat service_name
- File
/linux/systemd/service_name_status.data
: Output ofsystemctl status service_name
Depth: Surface
Security impact: Low — No known security impact.
repmgr CLI (repmgr_cli
)
Collects output of repmgr cluster crosscheck
and repmgr daemon status
using the repmgr.conf
file, which is found in the server.
Report output:
- File
/tools/repmgr/cli/daemon_status.out
: Output ofrepmgr daemon status -f conf_file_path
command - File
/tools/repmgr/cli/cluster_crosscheck.out
: Output ofrepmgr cluster crosscheck -f conf_file_path
command
Depth: Surface
Security impact: Low — No known security impact.
repmgr configuration (repmgr_configuration
)
Collects repmgr configuration file that's found in the server.
Report output:
- File
/tools/repmgr/config/repmgr.conf
: repmgr configuration file
Depth: Surface
Security impact: Low — No known security impact.
repmgr systemctl (repmgr_systemctl
)
When repmgr services are detected, collects status and cat of the
corresponding services. Checks for any service whose name starts
with repmgr
.
Report output:
- File
/tools/repmgr/systemd/service_name_cat.data
: Output ofsystemctl cat service_name
- File
/tools/repmgr/systemd/service_name_status.data
: Output ofsystemctl status service_name
Depth: Surface
Security impact: Low — No known security impact.
xDB CLI (xdb_cli
)
xDB output from several CLI commands, from the xDB publication and subscription server that are running.
Report output:
- Directory
/tools/xdb/cli
: xDB CLI print commands
Depth: Surface
Security impact: Low — No known security impact.
xDB configuration (xdb_configuration
)
xDB configuration files.
Report output:
- File
/tools/xdb/config/xdbReplicationServer.config
: xDB startup configuration - File
/tools/xdb/config/edb-repl.conf
: xDB replication configuration - File
/tools/xdb/config/xdb_subserver.conf
: xDB subscription server configuration - File
/tools/xdb/config/xdb_pubserver.conf
: xDB publication server configuration
Depth: Surface
Security impact: Low — No known security impact.
xDB systemctl (xdb_systemctl
)
When xDB services are detected, collects status and cat of edb-
xdbpubserver
and edb-xdbsubserver
.
Report output:
- File
/tools/xdb/systemd/service_name_cat.data
: Output ofsystemctl cat service_name
- File
/tools/xdb/systemd/service_name_status.data
: Output ofsystemctl status service_name
Depth: Surface
Security impact: Low — No known security impact.
Microsoft Windows operating system
PEM configuration — Windows (pem_configuration_windows
)
PEM configuration files from PEM agent, PEM server, and PEM web server in a Windows environment.
Report output:
- File
/tools/pem/config/edb-ssl-pem.conf
: PEM web server SSL configuration file - File
/tools/pem/config/edb-pem.conf
: PEM web server configuration file - File
/tools/pem/config/pem.wsgi
: PEM server WSGI definition file - File
/tools/pem/config/agent.cfg
: PEM agent configuration file
Depth: Surface
Security impact: Low — No known security impact.
PEM sc (pem_sc
)
When PEM is detected, collects PEM agent and PEM web server status and content
Report output:
- File
/tools/pem/sc/service_name_query.data
: Output ofsc query service_name
Depth: Surface
Security impact: Low — No known security impact.
Disk information (win_disk_information
)
Disk and controller information from the system registry.
Report output:
- File
/windows/enum_ide.reg
: Local machine ide device settings - File
/windows/enum_scsi.reg
: Local machine scsi device settings
Depth: Surface
Security impact: Low — No known security impact.
Hosts file (win_hosts
)
Host files and network-related information.
Report output:
- File
/windows/services.data
: Windowsservices
file - File
/windows/protocol.data
: Windowsprotocol
file - File
/windows/networks.data
: Windowsnetworks
file - File
/windows/hosts.sam
: Windowshosts.sam
file - File
/windows/hosts.data
: Windowshosts
file
Depth: Surface
Security impact: Low