View all Worklets
Linux

Linux - Forensics - Get Reboot History

Gathers and logs full reboot history from Linux system.

Worklet Details

Introduction to the Bash-Based Linux - Forensics - Get Reboot History Worklet

The Get Reboot History Worklet is a valuable tool designed for Linux system administrators and cybersecurity professionals seeking to gain insight into the reboot history of their systems. This Worklet retrieves the full reboot history from the targeted Linux system and outputs it to your Automox Activity Log, providing an organized and comprehensive view of all system reboots.

Why would you use the Get Reboot History Worklet?

Understanding the reboot history of a Linux system can be crucial in various scenarios, such as troubleshooting performance issues or investigating potential security breaches. By utilizing this Worklet, administrators can quickly gather essential information about past system reboots, enabling them to identify patterns, determine if unauthorized access has occurred, or pinpoint configuration changes that may have resulted in unexpected behavior.

Components of the Get Reboot History Worklet

The core component of this Worklet is a bash script that utilizes the 'last' command to obtain information about prior reboots. The 'last' command reads data from log files stored under /var/log directory on a Linux machine. 

It then processes this data to output in an easily readable table structure, displaying information such as event type, kernel version, day of week, month, day, and reboot time.

How does the Get Reboot History Worklet work?

Upon execution, this Worklet will first schedule remediation by exiting with an exit code 1 during its evaluation phase. When remediation begins, it calls a function named 'get_history,' which retrieves and formats reboot history using shell commands like 'last' and AWK scripting.

If successful in gathering reboot history data and formatting it accordingly, the script will return an exit code 0, indicating successful execution. If any issues are encountered, the Worklet will provide an error message in the Automox Activity Log and exit with an exit code 1 for troubleshooting purposes.

What is the expected outcome when you use the Linux - Forensics - Get Reboot History Worklet?

Once implemented and executed successfully, the Get Reboot History Worklet will provide a detailed report of all recorded system reboots in your Automox Activity Log. 

This information can then be analyzed by administrators or cybersecurity professionals to identify potential issues, assess system stability and performance, or investigate possible security threats. Overall, this Worklet serves as a practical and efficient means to gather essential data about Linux system reboots in a clear and organized manner.

View in app

Consider Worklets your easy button

What's a Worklet?

A Worklet is an automation script, written in Bash or PowerShell, designed for seamless execution on endpoints – at scale – within the Automox platform. Worklet automation scripts perform configuration, remediation, and the installation or removal of applications and settings across Windows, macOS, and Linux.

do more with worklets