Back to Resources

Level Verified

Linux Endpoint Intelligence Gathering

Created by

Level

Type

Script

Category

Security

Platforms
WindowsApple iOSLinux

Problem Overview

When managing Linux endpoints, IT professionals and MSPs often need quick access to essential system and network details for troubleshooting, audits, or tracking lost/stolen devices. Manually retrieving this data can be time-consuming, especially in critical situations. This script automates the process, delivering a comprehensive snapshot of the device’s state within seconds.

Description

This script gathers crucial details about a Linux endpoint, including:

  • System Information – Runs hostnamectl && lsb_release -a && uname -r to collect OS details, kernel version, and hardware information.
  • Local Network Data – Uses ip a to display active network interfaces, IP addresses, and MAC addresses.
  • Public IP Address – Fetches the external IP and perform a geo-based DNS lookup.
  • Wi-Fi Networks – Lists all visible wireless networks using nmcli dev wifi list.
  • ARP Table – Displays active ARP cache entries with arp -a to help identify devices on the local network.

This script enables IT teams to quickly assess system and network configurations, improving troubleshooting efficiency, security monitoring, and asset tracking.

Script

#!/bin/bash

# This resource is provided as a convenience for Level users. We cannot 
# guarantee it will work in all environments. Please test before deploying 
# to your production environment. We welcome contributions to our community 
# library

# Level Library
# https://level.io/library/script-linux-endpoint-intelligence-gathering

# Get System Details
uname -a
cat /etc/*release

# Get Local IP
ip addr show

# Get Remote IP
curl https://ip.level.io/json

# Get list of all visible wireless networks (requires NetworkManager)
nmcli dev wifi

# Get ARP table
arp -a

Use Cases

  • Lost or Stolen Linux Device Recovery – Pair with automation workflows to automate erasing of lost or stolen device.
  • Security & Compliance Audits – Collect system and network data for security assessments.
  • Troubleshooting Network Issues – Identify IP conflicts, connectivity issues, and rogue devices.
  • Asset Management & Inventory – Gather system and network details for IT documentation.
  • Incident Response – Quickly obtain endpoint intelligence during security investigations.

Recommendations

  • Pair with Lost/Stolen Endpoint Automation – Automate execution when a device is marked missing.
  • Test in a Controlled Environment – Run on a test device before deploying widely.
  • Schedule for Routine Audits – Automate periodic execution to monitor system and network changes.

FAQ

  • How do I run this script?
    Execute it in directly from Level.
  • Can this script help locate a stolen Linux device?
    It gathers key network details and performs a basic geo-based DNS lookup. Pairing with Level’s lost/stolen endpoint automation is recommended.
  • Will this script work on all Linux distributions?
    Yes, it supports major distributions including Ubuntu, Debian, CentOS, Fedora, and Arch Linux.
  • Do I need to install any dependencies?
    No, all commands use built-in Linux utilities. However, ensure nmcli (for Wi-Fi scanning) is installed if using on a system without NetworkManager.
  • Can I modify this script to collect additional data?
    Absolutely! You can extend it by adding more Linux commands based on your specific needs.

Included with this Script:

Below is a list of what you can expect to find when importing this Script.

Script details:

The following data and settings will be imported with your script.

Script Name

Linux - Gather Intel

Description

This Linux shell script collects essential system and network information, including OS details, local and public IP addresses, nearby wireless networks, and ARP table data for network diagnostics.

Language

Bash

Timeout (In Seconds)

300

Run As

Local system

Import into Level

Related resources

Explore more automations, scripts, and policies to further enhance your IT operations.

View all resources