UPDATED 2-1-2017 to Version 0.4
Changelog:
1-20-2017 (0.2) : Added capability to auto-populate all appliance IP addresses. Substitute "autoiplist" rather than
user defined iplist. See help for more information. Also fixed help file (previous typo). Removed prompts.
1-27-2017 (0.3): Added a number of SDK checks. Changed the logic on how it identifies the server type, added a size check for VolGroup00. If it shows up as 29.XX GB and your appliance is an R620, you're likely still utilizing the SD cards as part of the OS. Also added a check showing currently free memory.
2-1-2017 (0.4): Added DRAC Firmware version check
I've worked with dozens of Security Analytics instances and have found myself repeatedly compiling the same information, usually relating to basic asset inventory, configuration information and simple health checks. In order to expedite this process, I've created a simple shell script that will log into each appliance in an environment, pull important information and aggregate it all into a csv file for easy reference. The nice thing about this script is that it obtains many of the important configuration items without needing to log into REST or perform NwConsole commands.
Prerequisites:
Installation Instructions:
[root@NW-GUI new]# md5sum SA_Enviro_Check.sh
1853be56f44cc6f6f223be48367058ab SA_Enviro_Check.sh
Usage:
./SA_Enviro_Check.sh <options>
This Script is used to generate a comma-delimited inventory of a Security Analytics Environment while also
compiling several important configuration items per appliance.
IMPORTANT: This script functions best when key exchange has been performed between the SA Server and the
Appliances. If not, it will prompt for a password for each appliance in the IP List
Options:
-h : This help file
-v : version information
-a : Generates a list of all currently enabled appliance IPs and quits. File will be named "all_appliance_ips.out"
-p : when this option is used, all arguments must be passed in the proper order. if the user chooses "autoiplist" rather than defining a set list of ips (see EX2), all appliances connected to the NW GUI will be examined. The arguments must be passed in the following order:
EX: ./SA_Enviro_Check.sh -p <username> <iplist> </output/path/filename.csv> </output/path/logfile.log>
EX2: ./SA_Enviro_Check.sh -p <username> autoiplist </output/path/filename.csv> </output/path/logfile.log>
What the script gathers and where it comes from:
Information | Retrieval Method | ||||
Date Checked | date command | ||||
Hostname | hostname command | ||||
IP Address | hostname command | ||||
Server Type | dmidecode | ||||
Bios Version | dmidecode | ||||
Booting Kernel | uname -r | ||||
Installed Kernels | rpm -qa | ||||
Serial Number | dmidecode | ||||
Memory | /proc/meminfo | ||||
Free Memory | /proc/meminfo | ||||
CPU Cores | /proc/cpuinfo | ||||
DNS Servers | resolv.conf | ||||
Search Domain | resolv.conf | ||||
Puppetmaster | /etc/hosts | ||||
NTP Status | ntpstat | ||||
Puppet Node ID | /var/lib/puppet/node_id | ||||
Services Installed | rpm -qa | ||||
Local Accounts per Service | /etc/netwitness/ng/Nw*.cfg files | ||||
Max Concurrent Queries Per Service | /etc/netwitness/ng/Nw*.cfg files | ||||
Max Pending Queries | /etc/netwitness/ng/Nw*.cfg files | ||||
Parallel Query | /etc/netwitness/ng/Nw*.cfg files | ||||
Parallel Value | /etc/netwitness/ng/Nw*.cfg files | ||||
Query Parse | /etc/netwitness/ng/Nw*.cfg files | ||||
Cache Window Minutes Per Service | /etc/netwitness/ng/Nw*.cfg files | ||||
DRAC IP | ipmitool | ||||
DRAC Firmware Version | ipmitool | ||||
PFring Version | rpm -qa | ||||
Capture Autostart | /etc/netwitness/ng/Nw*.cfg files | ||||
Capture Interface | /etc/netwitness/ng/Nw*.cfg files | ||||
Capture Device Params | /etc/netwitness/ng/Nw*.cfg files | ||||
Aggregating Devices | /etc/netwitness/ng/Nw*.cfg files | ||||
Aggregate Autostart | /etc/netwitness/ng/Nw*.cfg files | ||||
Aggregate Hours | /etc/netwitness/ng/Nw*.cfg files | ||||
Aggregate Interval | /etc/netwitness/ng/Nw*.cfg files | ||||
Aggregate Max Session | /etc/netwitness/ng/Nw*.cfg files | ||||
Active App Rules | /etc/netwitness/ng/Nw*.cfg files | ||||
Active Correlation Rules | /etc/netwitness/ng/Nw*.cfg files | ||||
Installed Feeds | deduplicated files in /etc/netwitness/ng/feeds | ||||
Custom Index Entries | cleaned index-*-custom.xml files |
| |||
VolGroup00 Size | vgs (volume group scan) |
| |||
Meta DIR Mounts | /etc/netwitness/ng/Nw*.cfg files | ||||
Packet DIR Mounts | /etc/netwitness/ng/Nw*.cfg files | ||||
Session DIR Mounts | /etc/netwitness/ng/Nw*.cfg files | ||||
Save Session Cound | /etc/netwitness/ng/Nw*.cfg Files | ||||
Index DIR Mounts | /etc/netwitness/ng/Nw*.cfg files |
Index Slices Open /etc/netwitness/ng/Nw*.cfg files
Notes:
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.