-
Notifications
You must be signed in to change notification settings - Fork 18
/
Copy pathconfigsnap.help2man
72 lines (61 loc) · 2.5 KB
/
configsnap.help2man
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
[Files]
\fI/etc/configsnap/additional.conf\fR
.RS 4
Optional configuration file to define additional command output and files to collect.
.RE
.PP
Commands are all run as root, so the custom collection configuration file must
be owned by root and not read or writable by other users. The file format is:
.PP
All custom file collections in the additional.conf file must begin with a "[section]" which contains the following options.
.PP
\fIType=\fR
.RS 4
Can take values \fBCommand\fR, \fBFile\fR, or \fBDirectory\fR depending on the action that needs to be performed.
.RS 4
If \fBType=Command\fR then the output from the specified command will be save to a file named after the section. The command must be specified using the full path to the executable. e.g. /bin/ss -tanp. \fBCommand\fR supports several additional configuration options.
If \fBType=File\fR then the specified file will be save to the backup directory with suffix matching the stage. The full path to the file must be used. \fBType=File\fR supports the same \fBFailOk\fR and \fBCompare\fR options as \fBCommand\fR.
If \fBType=Directory\fR then the contents of the directory will be a subfolder of the same name within the backup directory. The path to the directory should include a trailing '/'. \fBDirectory\fR supports the \fBFailOk\fR, \fBCompare\fR (see \fBType=Command\fR), and the following.
.RE
.RE
.PP
\fISort=\fR
.RS 4
Whether to sort the output of the command, (default: False)
.RE
.PP
\fIFailOk=\fR
.RS 4
Report errors when configsnap runs this section, (default: False)
.RE
.PP
\fICompare=\fR
.RS 4
Produce a diff between the pre/post files when running configsnap, (default: False)
.RE
.PP
\fIFile_Pattern=\fR
.RS 4
Rather than saving every file in a directory, backup only ones matching the Python regex pattern, (default: .*). See \fBExamples\fR below.
.RE
.RE
\fBExamples\fR
# Recording the output of a command into a "psspecial.<phase>" file containing the output.
[psspecial]
Type: command
Command: /bin/ps -aux
Compare: True
# Recording an additional file, stored as "debconf.<phase>"
[debconf.conf]
Type: file
File: /etc/debconf.conf
Failok: True
# Recursively Recording all files from /etc/ssh/ directory, with sub-files appended with ".<phase>".
[ssh]
Type: directory
Directory: /etc/ssh/
# Recording all files from /etc/fail2ban/ directory matching '.*\\.local$', with sub-files appended with ".<phase>"
[fail2ban]
Type: directory
Directory: /etc/fail2ban
File_Pattern: .*\\.local$