Problem Overview
When managing Linux endpoints, IT professionals and MSPs often need quick access to essential system and network details for troubleshooting, audits, or tracking lost/stolen devices. Manually retrieving this data can be time-consuming, especially in critical situations. This script automates the process, delivering a comprehensive snapshot of the device’s state within seconds.
Description
This script gathers crucial details about a Linux endpoint, including:
- System Information – Runs hostnamectl && lsb_release -a && uname -r to collect OS details, kernel version, and hardware information.
- Local Network Data – Uses ip a to display active network interfaces, IP addresses, and MAC addresses.
- Public IP Address – Fetches the external IP and perform a geo-based DNS lookup.
- Wi-Fi Networks – Lists all visible wireless networks using nmcli dev wifi list.
- ARP Table – Displays active ARP cache entries with arp -a to help identify devices on the local network.
This script enables IT teams to quickly assess system and network configurations, improving troubleshooting efficiency, security monitoring, and asset tracking.
Script
#!/bin/bash
# This resource is provided as a convenience for Level users. We cannot
# guarantee it will work in all environments. Please test before deploying
# to your production environment. We welcome contributions to our community
# library
# Level Library
# https://level.io/library/script-linux-endpoint-intelligence-gathering
# Get System Details
uname -a
cat /etc/*release
# Get Local IP
ip addr show
# Get Remote IP
curl https://ip.level.io/json
# Get list of all visible wireless networks (requires NetworkManager)
nmcli dev wifi
# Get ARP table
arp -a
Use Cases
- Lost or Stolen Linux Device Recovery – Pair with automation workflows to automate erasing of lost or stolen device.
- Security & Compliance Audits – Collect system and network data for security assessments.
- Troubleshooting Network Issues – Identify IP conflicts, connectivity issues, and rogue devices.
- Asset Management & Inventory – Gather system and network details for IT documentation.
- Incident Response – Quickly obtain endpoint intelligence during security investigations.
Recommendations
- Pair with Lost/Stolen Endpoint Automation – Automate execution when a device is marked missing.
- Test in a Controlled Environment – Run on a test device before deploying widely.
- Schedule for Routine Audits – Automate periodic execution to monitor system and network changes.
FAQ
- How do I run this script?
Execute it in directly from Level.
- Can this script help locate a stolen Linux device?
It gathers key network details and performs a basic geo-based DNS lookup. Pairing with Level’s lost/stolen endpoint automation is recommended.
- Will this script work on all Linux distributions?
Yes, it supports major distributions including Ubuntu, Debian, CentOS, Fedora, and Arch Linux.
- Do I need to install any dependencies?
No, all commands use built-in Linux utilities. However, ensure nmcli (for Wi-Fi scanning) is installed if using on a system without NetworkManager.
- Can I modify this script to collect additional data?
Absolutely! You can extend it by adding more Linux commands based on your specific needs.