Detailed breakdown of gathered data v4
GNU/Linux operating system
barman crontab/cron (barman_crontab_cron
)
Output from crontab -l
, if running as barman. Content of
/etc/cron.d/barman
, if it exists.
Report output:
- File
/linux/barman_cron.data
: Content of/etc/cron.d/barman
, if it exists - File
/linux/barman_crontab.data
: Output frombarman crontab -l
, if barman user
Depth: Surface
Security impact: Low —
Might have entries in crontab/cron
with sensitive data.
debug_sources (debug_sources
)
Count files under /usr/src/debug
to detect the applications whose
source code is present in the system and facilitate live debugging.
Report output:
- File
/linux/debug_sources.data
: Sources for GNU debugger
Depth: Surface
Security impact: Low — No known security impact.
EFM CLI (efm_cli
)
Get output of efm cluster-status
command.
Report output:
- File
/tools/efm/cli/cluster_status.out
: Output ofefm cluster-status cluster_name
command
Depth: Surface
Security impact: Low — No known security impact.
EFM configuration (efm_configuration
)
EFM properties and nodes configuration files.
Report output:
- File
/tools/efm/config/efm.nodes
: EFM nodes file - File
/tools/efm/config/efm.properties
: EFM properties file
Depth: Surface
Security impact: Low — No known security impact.
EFM systemctl (efm_systemctl
)
When EFM services are detected, collects status and cat of the
corresponding services. Checks for any service whose name starts
with edb-efm-
.
Report output:
- File
/tools/efm/systemd/service_name_cat.data
: Output ofsystemctl cat service_name
- File
/tools/efm/systemd/service_name_status.data
: Output ofsystemctl status service_name
Depth: Surface
Security impact: Low — No known security impact.
etcd CLI (etcd_cli
)
Gathers the output of some etcdctl
commands, if etcdctl
is
available in the server. The commands are endpoint status
and
endpoint health
.
Report output:
- File
/tools/etcd/cli/endpoint_status.out
: Output ofetcdctl endpoint status
command - File
/tools/etcd/cli/endpoint_health.out
: Output ofetcdctl endpoint health
command
Depth: Surface
Security impact: Low — No known security impact.
etcd configuration (etcd_configuration
)
Collects etcd
configuration file that's found in the server.
Report output:
- File
/tools/etcd/config/basename
:etcd
configuration file
Depth: Surface
Security impact: Low — No known security impact.
etcd systemctl (etcd_systemctl
)
When etcd services are detected, collects status and cat of the
corresponding services. Checks for any service whose name starts
with etcd
.
Report output:
- File
/tools/etcd/systemd/service_name_cat.data
: Output of 'systemctl cat service_name - File
/tools/etcd/systemd/service_name_status.data
: Output of 'systemctl status service_name
Depth: Surface
Security impact: low — No known security impact.
HARP CLI (harp_cli
)
Gathers output of a few harpctl
command outputs using the
config.yml
file, which is found in the server. The commands are:
cluster
, proxies
, locations
, nodes
, and version
.
Report output:
- File
/tools/harp/cli/version.out
: Output ofharpctl -f conf_file_path version
command - File
/tools/harp/cli/proxies.out
: Output ofharpctl -f conf_file_path get proxies -o yaml
command - File
/tools/harp/cli/nodes.out
: Output ofharpctl -f conf_file_path get nodes -o yaml
command - File
/tools/harp/cli/locations.out
: Output ofharpctl -f conf_file_path get locations -o yaml
command - File
/tools/harp/cli/cluster.out
: Output ofharpctl -f conf_file_path get cluster -o yaml
command
Depth: Surface
Security impact: Low — No known security impact.
HARP configuration (harp_configuration
)
Collects HARP configuration file that's found in the server.
Report output:
- File
/tools/harp/config/harp.cluster.init.yml
: HARP bootstrap configuration file - File
/tools/harp/config/basename
: HARP configuration file
Depth: Surface
Security impact: Low — No known security impact.
HARP systemctl (harp_systemctl
)
When HARP services are detected, collects status and cat of the
corresponding services. Checks for any service whose name starts
with harp
.
Report output:
- File
/tools/harp/systemd/service_name_cat.data
: Output ofsystemctl cat service_name
- File
/tools/harp/systemd/service_name_status.data
: Output ofsystemctl status service_name
Depth: Surface
Security impact: Low — No known security impact.
Block devices layout (linux_block_devices_layout
)
Information on block devices layout from the lsblk
command.
Report output:
- File
/linux/lsbk.data
:lsbk
command output
Depth: Surface
Security impact: Low — No known security impact.
Processor governor (linux_cpu_governor
)
Processor scaling governor from the files in /sys/devices/system/cpu
.
Report output:
- File
/linux/sys/energy_perf_bias.data
: Intel Performance and Energy Bias attributes - File
/linux/sys/intel_pstate.data
: Intel pstate configuration - File
/linux/sys/cpu_scaling_driver.data
: Available CPU scaling driver - File
/linux/sys/cpu_scaling_available_governors.data
: Available CPU scaling governors - File
/linux/sys/cpu_scaling_governor.data
: Active CPU scaling governor
Depth: Surface
Security impact: Low — No known security impact.
Mounted file systems and available space (linux_devices_info
)
List-mounted file systems through the mount
command and free space
using df
.
Report output:
- File
/linux/diskspace.data
: Amount of available disk space - File
/linux/mount.data
: Output of themount
command
Depth: Surface
Security impact: Low — No known security impact.
File systems configuration (linux_disk_configuration
)
Disk configuration obtained through the /etc/fstab
file.
Report output:
- File
/linux/fstab.data
: Contents of /etc/fstab
Depth: Surface
Security impact: Low — No known security impact.
OS distribution, kernel, and device data (linux_distro_collector
)
Information about the Linux distribution currently in use returned
by the lsb_release
command.
Report output:
- File
/linux/release.data
: Linux distribution currently in use - File
/linux/release_source.data
: Name of the collected file or the executed command
Depth: Surface
Security impact: Low — No known security impact.
Hardware (linux_hardware_info
)
Hardware info through lspci
.
Report output:
- File
/linux/lspci.data
: Hardware info fromlspci
Depth: Surface
Security impact: Low — No known security impact.
HTTP(s) proxies in use for package downloads (linux_http_proxy_configuration
)
Gathers information about HTTP(s) proxies in use for package downloads. Passwords are redacted.
Report output:
- File
/linux/packages-yum-config-manager.data
: YUM configuration - File
/linux/packages-dnf-config-manager.data
: DNF configuration - File
/linux/etc_environment.data
: Contents of /etc/environment
Depth: Surface
Security impact: Low — No known security impact.
Hypervisor (linux_hypervisor_collector
)
Information about the type of virtualization used, as returned by the
systemd-detect-virt
command.
Report output:
- File
/linux/hypervisor.data
: Name of the collected file or the executed command
Depth: Surface
Security impact: Low — No known security impact.
Kernel (linux_kernel_info
)
Kernel info, transparent huge pages status, and disk scheduler
configuration. Obtained by combining the output of the commands uname
and ipcs
with the contents of the /proc
and /sys
file systems.
Report output:
- File
/linux/read_ahead.data
: Info on the read ahead - File
/linux/schedulers.data
: Scheduler info from/sys
dir - File
/linux/sys/kernel_mm_transparent_hugepage.data
: Transparent huge pages info - File
/linux/ipcs.data
:ipcs
command output - File
/linux/uname.data
:uname
command output
Depth: Surface
Security impact: Low — No known security impact.
Kernel limits (linux_kernel_limits
)
Configuration file for the pam_limits
module.
Report output:
- File
/linux/limits.data
: Content of thelimits.conf
file
Depth: Surface
Security impact: Low — No known security impact.
ld.so configuration (linux_ldso
)
Dynamic linker configuration (overloads).
Report output:
- File
/linux/ldso/env_LD_AUDIT.data
: Current$LD_AUDIT
variable - File
/linux/ldso/env_LD_PRELOAD.data
: Current$LD_PRELOAD
variable - File
/linux/ldso/ld.so.conf.data
: Contents of allld.so
config files under/etc/ld.so.conf*
- File
/linux/ldso/ld.so.preload.data
: Contents of/etc/ld.so.preload
file - File
/linux/ldso/ldconfig-cache.data
: Output ofldconfig --print-cache
Depth: Deep
Security impact: Low — No known security impact.
Configured locale (linux_locale
)
Information about the system locale.
Report output:
- File
/linux/localectl.data
: Currently configured locale - File
/linux/locale--all-locales.data
: List of installed locales - File
/linux/locale.data
: Currently configured locale - File
/linux/locale-conf.data
: Currently configured locale
Depth: Surface
Security impact: Low — No known security impact.
Processor usage statistics (linux_mpstat
)
Processor statistics from the mpstat
command.
Report output:
- File
/linux/mpstat.data
: Output frommpstat -P ALL 1 10
Depth: Surface
Security impact: Low — No known security impact.
Network interfaces (linux_network_interfaces
)
Network interface information from the ip
and ifconfig
commands.
Report output:
- File
/linux/ifconfig.data
: Output fromifconfig
- File
/linux/ip_address_list.data
: Output fromip address list
Depth: Surface
Security impact: Low — No known security impact.
Installed packages via rpm or dpkg (linux_packages_info
)
Information about the system packages installed using rpm
or dpkg
.
Report output:
- File
/linux/packages-dpkg.data
: List of packages installed usingdpkg
- File
/linux/packages-rpm.data
: List of packages installed usingrpm
Depth: Surface
Security impact: Low — No known security impact.
Installed packages origins (linux_packages_origin_info
)
Information about the packages origins.
Report output:
- File
/linux/packages-apt_conf.data
:apt
configuration - File
/linux/packages-apt-cache-policy.data
:apt
configuration - File
/linux/packages-apt-list-installed.data
: Repositories that were used to install packages - File
/linux/packages-yum-repolist.data
: Repositories that are enabled inyum
- File
/linux/packages-dnf-module-list.data
: Repositories that are enabled indnf
- File
/linux/packages-dnf-repolist.data
: Repositories that are enabled indnf
- File
/linux/packages-yum-list-installed.data
: Repositories that were used to install packages - File
/linux/packages-dnf-list-installed.data
: Repositories that were used to install packages
Depth: Surface
Security impact: Low — No known security impact.
PostgreSQL disk layout (linux_postgresql_disk_layout
)
List all files in the PostgreSQL data directory using find
for
links and ls
for files.
Report output:
- File
/linux/pg_ls.data
: List of files inside the data directory - File
/linux/pg_links.data
: List of links inside the data directory
Depth: Surface
Security impact: Low — No known security impact.
SELinux (linux_sestatus
)
SELinux status from sestatus
.
Report output:
- File
/linux/sestatus.data
: Output fromsestatus
Depth: Surface
Security impact: Low — No known security impact.
OpenSSL version and configuration (linux_ssl
)
Collect OpenSSL version, enabled engines, and ciphers/configurations.
Report output:
- File
/linux/openssl/crypto-policies-isapplied.data
: Output ofupdate-crypto-policies --is-applied
RHEL tool - File
/linux/openssl/crypto-policies-show.data
: Output ofupdate-crypto-policies --show
RHEL tool - File
/linux/openssl/fips-mode-setup.data
: Output offips-mode-setup --check
RHEL tool - File
/linux/openssl/ciphers.data
: Output ofopenssl ciphers
- File
/linux/openssl/engines.data
: Output ofopenssl engine
- File
/linux/openssl/version.data
: Output ofopenssl version
Depth: Surface
Security impact: Low — No known security impact.
System identification (linux_system_identity
)
Collect hostname, network interfaces, system info (uname), system identifier, and release info.
Report output:
- File
/linux/id/system_release.data
: OS information from/etc/system-release
- File
/linux/id/os_release.data
: OS information from/etc/os-release
- File
/linux/id/machine_id.data
: Machine ID contained in/etc/machine-id
- File
/linux/id/uname.data
: Information about the running kernel - File
/linux/id/hostname.data
: Fully qualified domain name - File
/linux/id/interfaces.data
: Network addresses of the host
Depth: Surface
Security impact: Low — No known security impact.
dmesg and /proc information (linux_system_info
)
System info from the contents of the /proc
filesystem and through
the output of dmesg
command.
Report output:
- File
/linux/lsmod.data
:lsmod
output - File
/linux/dmesg_with_timestamp.data
:Dmesg
output (human-readable timestamps) - File
/linux/dmesg.data
:dmesg
output - File
/linux/proc/sys_net_ipv4.data
: Network info from/proc
- File
/linux/proc/sys_vm.data
: VM info from/proc
- File
/linux/proc/sys_kernel.data
: Kernel info from/proc
- File
/linux/vmstat.data
: VM statistics from/proc
- File
/linux/proc/mounts.data
: Mount points from/proc
- File
/linux/proc/uptime.data
: Uptime info from/proc
- File
/linux/proc/loadavg.data
: Load avg from/proc
- File
/linux/proc/meminfo.data
: Memory info from/proc
Depth: Surface
Security impact: Low — No known security impact.
System status — device mapper devices (linux_system_status_dmdevices
)
Get information about device mapper devices.
Report output:
- File
/linux/lsdevmapper.data
: Information about/dev/mapper
device mapper symlinks
Depth: Surface
Security impact: Low — No known security impact.
System status — iostat (linux_system_status_iostat
)
System status from the iostat
command.
Report output:
- File
/linux/iostat.data
: Info on I/O statistics
Depth: Surface
Security impact: Low — No known security impact.
System status — nfsiostat (linux_system_status_nfsiostat
)
System status from the nfsiostat
command.
Report output:
- File
/linux/nfsiostat.data
: nfs I/O statistics
Depth: Surface
Security impact: Low — No known security impact.
System status — ps (linux_system_status_ps
)
System status from the ps
command.
Report output:
- File
/linux/ps.data
: Active processes info
Depth: Surface
Security impact: Low — Some processes might contain sensitive data in their names.
System status — sar (linux_system_status_sar
)
System status from the sar
command.
Report output:
- File
/linux/sar.data
: Actualsar
info - File
/linux/sar-yesterday.data
:sar
info from yesterday
Depth: Surface
Security impact: Low — No known security impact.
System status — top (linux_system_status_top
)
System status from the top
command.
Report output:
- File
/linux/top.data
: Process information
Depth: Surface
Security impact: Low — Some processes might contain sensitive data in their names.
System status — vmstat (linux_system_status_vmstat
)
System status from the vmstat
command.
Report output:
- File
/linux/vmstat.data
: Info on processes, memory, paging, block IO, traps, disks, and CPU activity
Depth: Surface
Security impact: Low — No known security impact.
systemctl units (linux_systemctl_units
)
Systemctl list-units on a systemd
server.
Report output:
- File
/linux/systemd/list-units.data
: Output ofsystemctl list-units
Depth: Surface
Security impact: Low — No known security impact.
tuned (linux_tuned
)
Tuned status and profiles.
Report output:
- Directory
/linux/tuned/tune-profiles
: Files from/etc/tune-profiles
- Directory
/linux/tuned/tuned
: Files from/etc/tuned
- File
/linux/tuned/tuned.conf
: File/etc/tuned.conf
- File
/linux/tuned/tuned-list.data
: Output fromtuned_adm list
- File
/linux/tuned/tuned-active.data
: Output fromtuned_adm active
Depth: Surface
Security impact: Low — No known security impact.
PEM configuration (pem_configuration
)
PEM configuration files from PEM agent, PEM server, and PEM web server.
Report output:
- File
/tools/pem/config/edb-ssl-pem.conf
: PEM web server SSL configuration file - File
/tools/pem/config/edb-pem.conf
: PEM web server configuration file - File
/tools/pem/config/install-config
: PEM server configuration file (installation config file) - File
/tools/pem/config/config_setup.py
: PEM server setup configuration file - File
/tools/pem/config/pem.wsgi
: PEM server WSGI definition file - File
/tools/pem/config/agent.cfg
: PEM agent configuration file
Depth: Surface
Security impact: Low — No known security impact.
PEM systemctl (pem_systemctl
)
When PEM is detected, collects PEM agent and PEM web server status and content.
Report output:
- File
/tools/pem/systemd/service_name_cat.data
: Output ofsystemctl cat service_name
- File
/tools/pem/systemd/service_name_status.data
: Output ofsystemctl status service_name
Depth: Surface
Security impact: Low — No known security impact.
PgBouncer configuration (pgbouncer_configuration
)
PgBouncer configuration files.
Report output:
- File
/tools/pgbouncer/num/config/basename
: PgBouncer configuration file from instance num
Depth: Surface
Security impact: Low — No known security impact.
PgBouncer systemctl (pgbouncer_systemctl
)
When PgBouncer services are detected, collects status and cat of the corresponding services. Checks for any service that contains any of the PgBouncer configuration files.
Report output:
- File
/tools/pgbouncer/num/systemd/service_name_cat.data
: Output ofsystemctl cat service_name
from instance num - File
/tools/pgbouncer/num/systemd/service_name_status.data
: Output ofsystemctl status service_name
from instance num
Depth: Surface
Security impact: Low — No known security impact.
PGD Proxy configuration (pgd_proxy_configuration
)
Collects PGD Proxy configuration file that's found in the server.
Report output:
- File
/tools/pgd-proxy/config/basename
: PGD Proxy configuration file
Depth: Surface
Security impact: Low — No known security impact.
PGD Proxy systemctl (pgd_proxy_systemctl
)
When PGD Proxy services are detected, collects status and cat of the
corresponding services. Checks for any service whose name starts
with pgd-proxy
.
Report output:
- File
/tools/pgd-proxy/systemd/service_name_cat.data
: Output ofsystemctl cat service_name
- File
/tools/pgd-proxy/systemd/service_name_status.data
: Output ofsystemctl status service_name
Depth: Surface
Security impact: Low — No known security impact.
postgres/enterprisedb crontab (postgres_enterprisedb_crontab
)
Output from crontab -l
, if running as postgres or enterprisedb.
Report output:
- File
/linux/enterprisedb_crontab.data
: Output fromenterprisedb crontab -l
, if enterprisedb user - File
/linux/postgres_crontab.data
: Output frompostgres crontab -l
, if postgres user
Depth: Surface
Security impact: Low — Might have entries in crontab/cron with sensitive data.
PostgreSQL systemctl (postgresql_systemctl
)
Collects PostgreSQL service status and content.
Report output:
- File
/linux/systemd/service_name_cat.data
: Output ofsystemctl cat service_name
- File
/linux/systemd/service_name_status.data
: Output ofsystemctl status service_name
Depth: Surface
Security impact: Low — No known security impact.
repmgr CLI (repmgr_cli
)
Collects output of repmgr cluster crosscheck
and repmgr daemon status
using the repmgr.conf
file, which is found in the server.
Report output:
- File
/tools/repmgr/cli/daemon_status.out
: Output ofrepmgr daemon status -f conf_file_path
command - File
/tools/repmgr/cli/cluster_crosscheck.out
: Output ofrepmgr cluster crosscheck -f conf_file_path
command
Depth: Surface
Security impact: Low — No known security impact.
repmgr configuration (repmgr_configuration
)
Collects repmgr configuration file that's found in the server.
Report output:
- File
/tools/repmgr/config/repmgr.conf
: repmgr configuration file
Depth: Surface
Security impact: Low — No known security impact.
repmgr systemctl (repmgr_systemctl
)
When repmgr services are detected, collects status and cat of the
corresponding services. Checks for any service whose name starts
with repmgr
.
Report output:
- File
/tools/repmgr/systemd/service_name_cat.data
: Output ofsystemctl cat service_name
- File
/tools/repmgr/systemd/service_name_status.data
: Output ofsystemctl status service_name
Depth: Surface
Security impact: Low — No known security impact.
xDB CLI (xdb_cli
)
xDB output from several CLI commands, from the xDB publication and subscription server that are running.
Report output:
- Directory
/tools/xdb/cli
: xDB CLI print commands
Depth: Surface
Security impact: Low — No known security impact.
xDB configuration (xdb_configuration
)
xDB configuration files.
Report output:
- File
/tools/xdb/config/xdbReplicationServer.config
: xDB startup configuration - File
/tools/xdb/config/edb-repl.conf
: xDB replication configuration - File
/tools/xdb/config/xdb_subserver.conf
: xDB subscription server configuration - File
/tools/xdb/config/xdb_pubserver.conf
: xDB publication server configuration
Depth: Surface
Security impact: Low — No known security impact.
xDB systemctl (xdb_systemctl
)
When xDB services are detected, collects status and cat of edb-
xdbpubserver
and edb-xdbsubserver
.
Report output:
- File
/tools/xdb/systemd/service_name_cat.data
: Output ofsystemctl cat service_name
- File
/tools/xdb/systemd/service_name_status.data
: Output ofsystemctl status service_name
Depth: Surface
Security impact: Low — No known security impact.
Microsoft Windows operating system
PEM configuration — Windows (pem_configuration_windows
)
PEM configuration files from PEM agent, PEM server, and PEM web server in a Windows environment.
Report output:
- File
/tools/pem/config/edb-ssl-pem.conf
: PEM web server SSL configuration file - File
/tools/pem/config/edb-pem.conf
: PEM web server configuration file - File
/tools/pem/config/pem.wsgi
: PEM server WSGI definition file - File
/tools/pem/config/agent.cfg
: PEM agent configuration file
Depth: Surface
Security impact: Low — No known security impact.
PEM sc (pem_sc
)
When PEM is detected, collects PEM agent and PEM web server status and content
Report output:
- File
/tools/pem/sc/service_name_query.data
: Output ofsc query service_name
Depth: Surface
Security impact: Low — No known security impact.
Disk information (win_disk_information
)
Disk and controller information from the system registry.
Report output:
- File
/windows/enum_ide.reg
: Local machine ide device settings - File
/windows/enum_scsi.reg
: Local machine scsi device settings
Depth: Surface
Security impact: Low — No known security impact.
Hosts file (win_hosts
)
Host files and network-related information.
Report output:
- File
/windows/services.data
: Windowsservices
file - File
/windows/protocol.data
: Windowsprotocol
file - File
/windows/networks.data
: Windowsnetworks
file - File
/windows/hosts.sam
: Windowshosts.sam
file - File
/windows/hosts.data
: Windowshosts
file
Depth: Surface
Security impact: Low — No known security impact.
MsInfo (win_msinfo
)
MsInfo32
report in NFO
and TXT
format.
Report output:
- File
/windows/msinfo_report.txt
: Information from theMsInfo32
in textual format - File
/windows/msinfo_report.nfo
: Information from theMsInfo32
inNFO
Depth: Surface
Security impact: Low — No known security impact.
ODBC/64 (win_odbc32_info
)
ODBC configuration from the 64-bit registry section.
Report output:
- File
/windows/user_odbc_wow64.reg
: User DSN list - File
/windows/localmachine_odbcinst_wow64.reg
: List of installed ODBC drivers - File
/windows/localmachine_odbc_wow64.reg
: System DSN list
Depth: Surface
Security impact: Medium — ODBC connection information could expose the presence of other databases or connection information to PostgreSQL that can be used to attack the system.
ODBC/32 (win_odbc64_info
)
ODBC configuration from the 32-bit registry section.
Report output:
- File
/windows/user_odbc.reg
: User DSN list - File
/windows/localmachine_odbcinst.reg
: list of installed ODBC drivers - File
/windows/localmachine_odbc.reg
: System DSN list
Depth: Surface
Security impact: Medium — ODBC connection information could expose the presence of other databases or connection information to PostgreSQL that can be used to attack the system.
systeminfo (win_systeminfo
)
Output of the systeminfo
command.
Report output:
- File
/windows/systeminfo_report.txt
: Information from thesysteminfo
command
Depth: Surface
Security impact: Low — No known security impact.
Disk volumes (win_volumes
)
Volume list from WMI
.
Report output:
- File
/windows/association_structure
: Association between drive letters and physical drives - File
/windows/volume_disk
: Volume list from the WMI subsystem - File
/windows/logical_disk_list
: Logical disk list from the WMI subsystem - File
/windows/disk_partition_list
: Disk partition list from the WMI subsystem - File
/windows/disk_drive_list
: Disk list from the WMI subsystem
Depth: Surface
Security impact: Low — No known security impact.
xDB CLI — Windows (xdb_cli_windows
)
xDB output from several CLI commands, from the running xDB publication and subscription servers.
Report output:
- Directory
/tools/xdb/cli
: xDB CLI print commands
Depth: Surface
Security impact: Low — No known security impact.
xDB configuration — Windows (xdb_configuration_windows
)
xDB configuration files.
Report output:
- File
/tools/xdb/config/xdbReplicationServer.config
: xDB startup configuration` - File
/tools/xdb/config/edb-repl.conf
: xDB replication configuration` - File
/tools/xdb/config/xdb_subserver.conf
: xDB subscription server configuration - File
/tools/xdb/config/xdb_pubserver.conf
: xDB publication server configuration
Depth: Surface
Security impact: Low — No known security impact.
xDB sc (xdb_sc
)
When xDB is detected, collects xDB publication and subscription server status.
Report output:
- File
/tools/xdb/sc/service_name_query.data
: Output ofsc query service_name
Depth: Surface
Security impact: Low — No known security impact.
PostgreSQL/BDR3 instance
effective_logging_dest (postgresql_actual_logdest
)
Gather effective destination of log messages.
Report output:
- File
/postgresql/pg_log_file_path.out
: PostgreSQL log destination
Depth: Surface
Security impact: Low — No known security impact.
Current archiver stats (postgresql_archiver
)
Statistics about the archiver process activity (from
pg_stat_archiver
).
Report output:
- File
postgresql/archiver.out
Depth: Surface
Security impact: Low — No known security impact.
Available extensions (postgresql_available_extensions
)
List of extensions available on the server.
Report output:
- File
postgresql/available_extensions.out
Depth: Surface
Security impact: Low — No known security impact.
Current bg_writer stats (postgresql_bgwriter
)
Statistics about the background writer process activity (from
pg_stat_bgwriter
).
Report output:
- File
postgresql/bgwriter.out
Depth: Surface
Security impact: Low — No known security impact.
Directory with binaries (postgresql_bin_dir
)
PostgreSQL binary directory.
Report output:
- File
/postgresql/postgresql_bin_path.data
: Path to the PostgreSQL bin directory
Depth: Surface
Security impact: Low — No known security impact.
Current configuration (postgresql_configuration
)
PostgreSQL current configuration.
Report output:
- File
postgresql/configuration.out
Depth: Surface
Security impact: Medium —
postgresql.conf
might contain bad security policies
Configuration files (postgresql_configuration_files
)
PostgreSQL configuration files and the data directory path. Passwords contained in well-known connection strings are redacted for information-security reasons.
Report output:
- File
/postgresql/pg_ident.conf
: PostgreSQL ident configuration file - File
/postgresql/pg_hba.conf
: PostgreSQL host-based authentication file - File
/postgresql/postgresql.auto.conf
: PostgreSQL auto configuration file - File
/postgresql/recovery.done
: PostgreSQLrecovery.done
file - File
/postgresql/recovery.conf
: PostgreSQLrecovery.conf
file - File
/postgresql/postgresql.conf
: PostgreSQL configuration file
Depth: Surface
Security impact: Medium —
pg_hba.conf
and pg_ident.conf
might expose potential security
holes, such as trusted connections.
Current rate of new connections established to the DB (postgresql_conns_per_second
)
Current rate of new connections established during 3s observation period.
Report output:
- File
postgresql/conns_per_second.out
Depth: Surface
Security impact: Low — No known security impact.
Databases (postgresql_databases
)
List of databases in the PostgreSQL node.
Report output:
- File
postgresql/databases.out
Depth: Surface
Security impact: Low — No known security impact.
postgresql_db_bdr_tables_and_views (postgresql_db_bdr_tables_and_views
)
Collect all the tables and views of the BDR extension, except for:
bdr.apply_log
bdr.conflict_history
bdr.consensus_kv_data
bdr.internal_node_pre_commit
bdr.replication_status
bdr.state_journal
bdr.stat_activity
Report output:
- File
/postgresql/dbs/dbname/bdr/*
: Content of all tables under the BDR schema
Depth: Shallow
Security impact: Low — No known security impact.
postgresql_db_pglogical_tables_and_views (postgresql_db_pglogical_tables_and_views
)
Collect all the tables and views of the pglogical extension.
Report output:
- File
/postgresql/dbs/dbname/pglogical/*
: Content of all tables under the pglogical schema
Depth: Shallow
Security impact: Low — No known security impact.
Database/role setting (postgresql_db_role_setting
)
List of database/role settings in the PostgreSQL node.
Report output:
- File
postgresql/db_role_setting.out
Depth: Shallow
Security impact: Low — No known security impact.
EDB Postgres Advanced Server resource group active use information (postgresql_epas_edb_all_resource_groups
)
Live view of the system at the moment of the collection, showing how many active backends are being constrained by the resource groups.
Report output:
- File
postgresql/epas_edb_all_resource_groups.out
Depth: Surface
Security impact: Low — No known security impact.
EDB Postgres Advanced Server user profile policies (postgresql_epas_edb_profile
)
Contains user profiles and password policies.
Report output:
- File
postgresql/epas_edb_profile.out
Depth: Surface
Security impact: Low — No known security impact.
EDB Postgres Advanced Server resource group information (postgresql_epas_edb_resource_group
)
EDB Postgres Advanced Server resource group names and limits.
Report output:
- File
postgresql/epas_edb_resource_group.out
Depth: Surface
Security impact: Low — No known security impact.
postgresql_logdirfiles (postgresql_logdirfiles
)
Log file names in PostgreSQL log directory.
Report output:
- File
/postgresql/pg_log_files.out
: Log dir list
Depth: Surface
Security impact: Low — No known security impact.
Node and snapshot data (postgresql_node
)
Information about the running PostgreSQL node.
Report output:
- File
postgresql/node.out
Depth: Surface
Security impact: Low — No known security impact.
pg_config (postgresql_pg_config
)
PostgreSQL pg_config
command output.
Report output:
- File
/postgresql/pg_config.data
:pg_config
command output
Depth: Surface
Security impact: Low — No known security impact.
pg_controldata (postgresql_pg_controldata
)
PostgreSQL pg_controldata
information.
Report output:
- File
/postgresql/pg_controldata.data
:pg_controldata
command output
Depth: Surface
Security impact: Low — No known security impact.
Version (postgresql_pg_version
)
PostgreSQL client and server version.
Report output:
- File
/postgresql/postgresql_server_version.data
: PostgreSQL server version - File
/postgresql/postgresql_client_version.data
: PostgreSQL client version
Depth: Surface
Security impact: Low — No known security impact.
Current pg_prepared_xacts contents (postgresql_prepared_xacts
)
Status of prepared xacts (from pg_prepared_xacts
)
Report output:
- File
postgresql/prepared_xacts.out
Depth: Surface
Security impact: Low — No known security impact.
Current pg_replication_origin_status contents (postgresql_replication_origin
)
Status of replication origins (from pg_replication_origin_status
)
Report output:
- File
postgresql/replication_origins.out
Depth: Surface
Security impact: Low — No known security impact.
Current pg_replication_slots contents (postgresql_replication_slots
)
Replication slots (from pg_replication_slots
).
Report output:
- File
postgresql/replication_slots.out
Depth: Surface
Security impact: Low — No known security impact.
Roles (postgresql_roles
)
Database roles from pg_roles
.
Report output:
- File
postgresql/roles.out
Depth: Shallow
Security impact: Medium —
pg_roles
might contain bad security policies.
Current activity stats (postgresql_running_activity
)
Information related to the current activity on running processes (from
pg_stat_activity
).
Report output:
- File
postgresql/running_activity.out
Depth: Shallow
Security impact: Low —
Queries in pg_stat_activity
could contain user names and application
names.
Age of current oldest running backend/transaction/query in the cluster (postgresql_running_activity_oldestage
)
Age of current oldest running backend/transaction/query in the cluster.
Report output:
- File
postgresql/running_activity_maxage.out
Depth: Surface
Security impact: Low — No known security impact.
Active locks (postgresql_running_locks
)
List of active locks.
Report output:
- File
postgresql/running_locks.out
Depth: Surface
Security impact: Low — No known security impact.
pg_server_limits (postgresql_server_limits
)
Real effective kernel OS limits for the postmaster PID.
Report output:
- File
/postgresql/pg_server_limits_PORT.data
:prlimit
for postmaster PID
Depth: Surface
Security impact: Low — No known security impact.
Current pg_shmem_allocations contents (postgresql_shmem_allocations
)
Status of shared memory allocations (from pg_shmem_allocations
).
Report output:
- File
postgresql/shmem_allocations.out
Depth: Surface
Security impact: Low — No known security impact.
Current pg_stat_progress_analyze contents (postgresql_stat_progress_analyze
)
ANALYZE
progress.
Report output:
- File
postgresql/pg_stat_progress_analyze.out
Depth: Surface
Security impact: Low — No known security impact.
Current pg_stat_progress_basebackup contents (postgresql_stat_progress_basebackup
)
BASEBACKUP
progress.
Report output:
- File
postgresql/pg_stat_progress_basebackup.out
Depth: Surface
Security impact: Low — No known security impact.
Current pg_stat_progress_copy contents (postgresql_stat_progress_copy
)
COPY
progress.
Report output:
- File
postgresql/pg_stat_progress_copy.out
Depth: Surface
Security impact: Low — No known security impact.
Current pg_stat_progress_vacuum contents (postgresql_stat_progress_vacuum
)
VACUUM
progress.
Report output:
- File
postgresql/pg_stat_progress_vacuum.out
Depth: Surface
Security impact: Low — No known security impact.
Current pg_stat_replication contents (postgresql_stat_replication
)
Replication connections (from pg_stat_replication
).
Report output:
- File
postgresql/replication.out
Depth: Surface
Security impact: Low — No known security impact.
Server subscription statistics (postgresql_subscription_statistics
)
Statistics of subscriptions.
Report output:
- File
postgresql/subscription_statistics.out
Depth: Shallow
Security impact: Low — No known security impact.
Server subscriptions (postgresql_subscriptions
)
List of subscriptions.
Report output:
- File
postgresql/subscriptions.out
Depth: Shallow
Security impact: Low — No known security impact.
Tablespaces (postgresql_tablespaces
)
Tablespaces information and location.
Report output:
- File
postgresql/tablespaces.out
Depth: Surface
Security impact: Low — No known security impact.
Workload characteristics using waits (postgresql_waits_stats
)
PostgreSQL workload characterization using built-in wait events.
Report output:
- File
postgresql/running_waits_sample.out
: Workload characterization using built-in wait events
Depth: Surface
Security impact: Low — No known security impact.
Details for every PostgreSQL/BDR3 database
BDR1 replication slots (postgresql_db_bdr1_replication_slots
)
List of replication slots with 9.6 format for BDR1.
Report output:
- File
bdr1_replication_slots.out
Depth: Surface
Security impact: Low — No known security impact.
BDR2 replication slots (postgresql_db_bdr2_replication_slots
)
List of replication slots with 9.6 format for BDR2.
Report output:
- File
bdr2_replication_slots.out
Depth: Surface
Security impact: Low — No known security impact.
BDR conflict_history_summary aggregation (postgresql_db_bdr3_conflict_history_summary_agg
)
Collect aggregate count for all types of conflicts.
Report output:
- File
bdr_conflict_history_summary_agg.out
Depth: Surface
Security impact: Low — No known security impact.
BDR current activity stats (postgresql_db_bdr3_stat_activity
)
Information related to the current activity on running processes (from
bdr.stat_activity
).
Report output:
- File
bdr_stat_activity.out
Depth: Shallow
Security impact: Low —
Queries in bdr.stat_activity
could contain user names and
application names.
BDR sequences (postgresql_db_bdr_sequences
)
List of the BDR sequences.
Report output:
- File
bdr_sequences.out
Depth: Surface
Security impact: Low — No known security impact.
BDR version (postgresql_db_bdr_version
)
Currently used version of BDR.
Report output:
- File
bdr_version.out
Depth: Surface
Security impact: Low — No known security impact.
BDR get_decoding_worker_stat (postgresql_db_decoding_worker_stats
)
Single decoding worker status.
Report output:
- File
bdr_get_decoding_worker_stat.out
Depth: Surface
Security impact: Low — No known security impact.
edb_wait_states database settings (postgresql_db_edb_wait_states_database_settings
)
Shows information on database settings.
Report output:
- File
edb_wait_states/database_settings.out
Depth: Shallow
Security impact: Low — No known security impact.
edb_wait_states load profile (postgresql_db_edb_wait_states_load_profile
)
Average load profile of transactions.
*Report output:
- File
edb_wait_states/load_profile.out
Depth: Shallow
Security impact: Low — No known security impact.
edb_wait_states operating system information (postgresql_db_edb_wait_states_operating_system_information
)
Information about the operating system.
Report output:
- File
edb_wait_states/operating_system_information.out
Depth: Shallow
Security impact: Low — No known security impact.
edb_wait_states server information — part 1 (postgresql_db_edb_wait_states_server_information_1
)
Information about the Postgres server — part 1.
Report output:
- File
edb_wait_states/server_information_1.out
Depth: Shallow
Security impact: Low — No known security impact.
edb_wait_states server information — part 2 (postgresql_db_edb_wait_states_server_information_2
)
Information about the Postgres server — part 2.
Report output:
- File
edb_wait_states/server_information_2.out
Depth: Shallow
Security impact: Low — No known security impact.
edb_wait_states shared buffers statistics (postgresql_db_edb_wait_states_shared_buffers_stats
)
Shows statistics in terms of buffer hits and misses.
Report output:
- File
edb_wait_states/shared_buffers_stats.out
Depth: Shallow
Security impact: Low — No known security impact.
edb_wait_states temp file statistics (postgresql_db_edb_wait_states_temp_file_stats
)
Shows statistics about temp files usage.
Report output:
- File
edb_wait_states/temp_file_stats.out
Depth: Shallow
Security impact: Low — No known security impact.
edb_wait_states top 10 SQL statements by cputime (postgresql_db_edb_wait_states_top_sql_statements_cputime
)
Shows which SQL statements are taking more CPU time.
Report output:
- File
edb_wait_states/top_sql_statements_cputime.out
Depth: Shallow
Security impact: Low — No known security impact.
edb_wait_states top 10 SQL statements by dbtime (postgresql_db_edb_wait_states_top_sql_statements_dbtime
)
Shows which SQL statements are taking more database time.
Report output:
- File
edb_wait_states/top_sql_statements_dbtime.out
Depth: Shallow
Security impact: Low — No known security impact.
edb_wait_states top 10 SQL statements by waittime (postgresql_db_edb_wait_states_top_sql_statements_waittime
)
Shows which SQL statements are waiting for more time.
Report output:
- File
edb_wait_states/top_sql_statements_waittime.out
Depth: Shallow
Security impact: Low — No known security impact.
edb_wait_states top 10 wait events (postgresql_db_edb_wait_states_top_wait_events
)
Shows which events are taking more time on the cluster.
Report output:
- File
edb_wait_states/top_wait_events.out
Depth: Shallow
Security impact: Low — No known security impact.
edb_wait_states transactions statistics (postgresql_db_edb_wait_states_transaction_stats
)
Shows statistics in terms of commits and rollbacks.
Report output:
- File
edb_wait_states/transaction_stats.out
Depth: Shallow
Security impact: Low — No known security impact.
edb_wait_states tuple statistics (postgresql_db_edb_wait_states_tuple_stats
)
Shows statistics in terms of tuple reads and writes.
Report output:
- File
edb_wait_states/tuple_stats.out
Depth: Shallow
Security impact: Low — No known security impact.
edb_wait_states user sessions (postgresql_db_edb_wait_states_user_sessions
)
Shows information about user sessions.
Report output:
- File
edb_wait_states/user_sessions.out
Depth: Shallow
Security impact: Low — No known security impact.
edb_wait_states WAL statistics (postgresql_db_edb_wait_states_wal_stats
)
Shows statistics in terms of WAL writes.
Report output:
- File
edb_wait_states/wal_stats.out
Depth: Shallow
Database extensions (postgresql_db_extensions
)
List of extensions in the database.
Report output:
- File
extensions.out
Depth: Shallow
Security impact: Low — No known security impact.
Database indexes (postgresql_db_indexes
)
List of indexes in the database.
Report output:
- File
indexes.out
Depth: Shallow
Security impact: Low — No known security impact.
Database procedural languages (postgresql_db_languages
)
Procedural languages in the database.
Report output:
- File
language.out
Depth: Shallow
Security impact: Low — No known security impact.
BDR monitor_group_raft (postgresql_db_monitor_group_raft
)
Check the raft status in the BDR cluster.
Report output:
- File
bdr_monitor_group_raft.out
Depth: Surface
Security impact: Low — No known security impact.
BDR monitor_group_versions (postgresql_db_monitor_group_versions
)
Check the version of all BDR nodes.
Report output:
- File
bdr_monitor_group_versions.out
Depth: Surface
Security impact: Low — No known security impact.
BDR monitor_local_replslots (postgresql_db_monitor_local_replslots
)
Check all the replication slot status.
Report output:
- File
bdr_monitor_local_replslots.out
Depth: Surface
Security impact: Low — No known security impact.
Database operators (postgresql_db_operators
)
Operators in the database.
Report output:
- File
operator.out
Depth: Shallow
Security impact: Low — No known security impact.
Database partitioned tables (postgresql_db_partitioned_tables
)
Information about partitioned tables (using declarative partitioning).
Report output:
- File
partitioned_table.out
Depth: Shallow
Security impact: Low — No known security impact.
Database PEM pem.agent table tuples (postgresql_db_pem_agent
)
Data from metatable pem.agent
.
Report output:
- File
pem_agent.out
Depth: Shallow
Security impact: Low — No known security impact.
Database PEM pem.agent_config table tuples (postgresql_db_pem_agent_config
)
Data from metatable pem.agent_config
.
Report output:
- File
pem_agent_config.out
Depth: Shallow
Security impact: Low — No known security impact.
Database PEM pem.agent_heartbeat table tuples (postgresql_db_pem_agent_heartbeat
)
Data from metatable pem.agent_heartbeat
.
Report output:
- File
pem_agent_heartbeat.out
Depth: Shallow
Security impact: Low — No known security impact.
Database PEM pem.agent_server_binding table tuples (postgresql_db_pem_agent_server_binding
)
Data from metatable pem.agent_server_binding
.
Report output:
- File
pem_agent_server_binding.out
Depth: Shallow
Security impact: Low — No known security impact.
Database PEM pem.config table tuples (postgresql_db_pem_config
)
Data from metatable pem.config
.
Report output:
- File
pem_config.out
Depth: Shallow
Security impact: Low — No known security impact.
Database PEM pem.email_group table tuples (postgresql_db_pem_email_group
)
Data from metatable pem.email_group
.
Report output:
- File
pem_email_group.out
Depth: Shallow
Security impact: Low