{"id":13842222,"url":"https://github.com/perlogix/cmon","last_synced_at":"2026-01-12T02:37:38.151Z","repository":{"id":54826835,"uuid":"214847219","full_name":"perlogix/cmon","owner":"perlogix","description":"NIST Information Security Continuous Monitoring (ISCM) and configuration baseline data collector","archived":false,"fork":false,"pushed_at":"2023-04-04T21:23:02.000Z","size":684,"stargazers_count":16,"open_issues_count":4,"forks_count":3,"subscribers_count":3,"default_branch":"master","last_synced_at":"2024-08-05T17:30:55.044Z","etag":null,"topics":["audit","cloud","configuration-management","continuous-monitoring","docker","elasticsearch","kubernetes","nist","nist800-53","security-automation","security-tools"],"latest_commit_sha":null,"homepage":"","language":"Go","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"gpl-3.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/perlogix.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":"security/certs.go","support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2019-10-13T15:45:24.000Z","updated_at":"2024-07-31T01:18:13.000Z","dependencies_parsed_at":"2024-06-19T04:12:14.347Z","dependency_job_id":"b024aded-b8cb-4861-bbe3-db8ac583904e","html_url":"https://github.com/perlogix/cmon","commit_stats":{"total_commits":101,"total_committers":4,"mean_commits":25.25,"dds":0.4653465346534653,"last_synced_commit":"ee189960f43dd7eecb4325ca4ffdb49a40867e31"},"previous_names":["yeticloud/yeti-discover"],"tags_count":1,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/perlogix%2Fcmon","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/perlogix%2Fcmon/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/perlogix%2Fcmon/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/perlogix%2Fcmon/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/perlogix","download_url":"https://codeload.github.com/perlogix/cmon/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":225729911,"owners_count":17515187,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["audit","cloud","configuration-management","continuous-monitoring","docker","elasticsearch","kubernetes","nist","nist800-53","security-automation","security-tools"],"created_at":"2024-08-04T17:01:29.732Z","updated_at":"2026-01-12T02:37:38.131Z","avatar_url":"https://github.com/perlogix.png","language":"Go","funding_links":[],"categories":["Go"],"sub_categories":[],"readme":"# cmon\n\n[![Go Report Card](https://goreportcard.com/badge/github.com/perlogix/cmon)](https://goreportcard.com/report/github.com/perlogix/cmon)\n![Go](https://github.com/perlogix/cmon/workflows/Go/badge.svg)\n\n#### Table of Contents\n\n1. [Overview](#overview)\n - [Example JSON Output](#example-json-output)\n2. [Install](#install)\n3. [Install Dependencies](#install-dependencies)\n - [Server](#server)\n - [Client](#client-development)\n4. [Getting Started Vagrant](#getting-started-vagrant)\n5. [Command-Line Arguments](#command-line-arguments)\n6. [Configuration](#configuration)\n7. [Vagrant](#vagrant)\n8. [Platforms Tested On](#platforms-tested-on)\n\n## Overview\n\nNIST Information Security Continuous Monitoring (ISCM) and configuration baseline data collector.\n\nGreat for keeping track of elastic environments, auditing or migrating servers by storing data in ElasticSearch or outputting to STDOUT.\n\nResources gathered if applicable:\n\n- Asset Type\n- Auditd Rules\n- Chassis Type\n- Cloud / Container Detection\n- CPU Count\n- CPU Stats\n- CPU Vulnerabilities\n- ClamAV Definitions\n- Crontabs\n- Disk Stats\n- DMesg Errors\n- Docker Containers\n- Docker Images\n- Docker Stats\n- Domain Name\n- EC2 Instance Metadata\n- Environment\n- Expired SSL Certs\n- Failed Logins\n- Ruby Gems\n- Hostname\n- IP Address\n- IPTables Rules\n- IP Routes\n- Kernel Version\n- Load Averages\n- Loaded Kernel Modules\n- Memory Stats\n- Network Interface Stats\n- NTP Servers\n- NTP Running\n- RPM / Deb Packages\n- Python Pip Packages\n- Public\n- Snap Packages\n- Sysctl Kernel Parameters\n- Systemd Failed Services\n- Systemd Timers\n- Processes\n- OpenSCAP XCCDF Scan\n- OS Platform\n- OS Family\n- OS Version\n- TCP 4/6 Listening Open Ports\n- Timezone\n- Trivy Scan\n- Uptime\n- Users\n- Users Logged In\n- Virtualization\n- Virtualization System\n\n### Example JSON Output\n\n```json\n{\n \"audit_rules\":[\n \"-w /var/log/audit/ -p wa -k LOG_audit\",\n \"-w /etc/audit/auditd.conf -p wa -k CFG_audit\",\n \"-w /etc/rc.d/init.d/auditd -p wa -k CFG_audit\",\n \"-w /etc/sysconfig/auditd -p wa -k CFG_audit\",\n \"-w /etc/audit/audit.rules -p wa -k CFG_audit\",\n \"-w /etc/localtime -p wa -k time-change,CFG_system\"\n ],\n \"chassis_type\":\"notebook\",\n \"cloud\":\"k8s container\",\n \"cpu_count\":4,\n \"cpu_pct\":76,\n \"cpu_vulns\":[\n \"/sys/devices/system/cpu/vulnerabilities/spectre_v2:Vulnerable, IBPB: disabled, STIBP: disabled\",\n \"/sys/devices/system/cpu/vulnerabilities/itlb_multihit:KVM: Vulnerable\"\n ],\n \"clamav_defs\": \"ClamAV 0.102.4/26037/Sun Jan 3 12:37:28 2021\",\n \"crontabs\":[\n \"25 6 * * * root test -x /usr/sbin/anacron || ( cd / \u0026\u0026 run-parts --report /etc/cron.daily )\",\n \"47 6 * * 7 root test -x /usr/sbin/anacron || ( cd / \u0026\u0026 run-parts --report /etc/cron.weekly )\",\n \"52 6 1 * * root test -x /usr/sbin/anacron || ( cd / \u0026\u0026 run-parts --report /etc/cron.monthly )\",\n \"@monthly 15 cron.monthly run-parts --report /etc/cron.monthly\"\n ],\n \"diskfree_gb\":6,\n \"disktotal_gb\":8,\n \"diskused_gb\":19,\n \"dns_nameserver\":[\n \"8.8.8.8\",\n \"8.8.4.4\"\n ],\n \"dmesg_errors\":\"ACPI BIOS Error (bug): Failure creating named object [B.PCI0.RP17.PXSX.TBDU], AE_ALREADY_EXISTS (20200717/dswload2-326) ACPI Error: AE_ALREADY_EXISTS, During name lookup/catalog (20200717/psobject-220)\",\n \"docker_containers\":[\n \"name=kibana image=kibana:7.4.0 command=/usr/local/bin/dumb-init -- /usr/local/bin/kibana-docker ports=[] state=running status=Up About a minute\",\n \"name=elasticsearch image=elasticsearch:7.4.0 command=/usr/local/bin/docker-entrypoint.sh eswrapper ports=[] state=running status=Up 3 minutes\",\n \"name=redis image=redis command=docker-entrypoint.sh redis-server ports=[{127.0.0.1 6379 6379 tcp}] state=running status=Up About an hour\"\n ],\n \"docker_running\":3,\n \"docker_images_count\":3,\n \"docker_images\":[\n \"name=kibana:7.4.0 size=1.097GB created=2019-09-27T05:25:49-04:00\",\n \"name=elasticsearch:7.4.0 size=858.7MB created=2019-09-27T04:42:16-04:00\",\n \"name=redis:latest size=95MB created=2019-03-26T20:49:00-04:00\"\n ],\n \"domain\":\"ec2.internal\",\n \"ec2_ami_id\":\"ami-bc8131d4\",\n \"ec2_availability_zone\":\"us-east-1b\",\n \"ec2_instance_id\":\"i-1b8cc9cc\",\n \"ec2_instance_type\":\"t1.micro\",\n \"ec2_profile\":\"default-paravirtual\",\n \"ec2_public_ip4\":\"54.145.182.91\",\n \"ec2_security_groups\":\"default\",\n \"environment\":\"dev\",\n \"expired_certs\":[\n \"/etc/ssl/server.crt Certificate will expire\",\n \"/etc/nginx/server.crt Certificate will expire\",\n \"/etc/httpd/server.crt Certificate will expire\"\n ],\n \"failed_logins\":[\n \"root pts/1 Sun Jan 3 17:30 - 17:30 (00:00)\"\n ],\n \"gem\":[\n \"arr-pm-0.0.9\",\n \"backports-3.6.4\",\n \"cabin-0.7.1\",\n \"childprocess-0.5.6\",\n \"clamp-0.6.4\",\n \"ffi-1.9.8\",\n \"fpm-1.3.3\",\n \"json-1.8.2\"\n ],\n \"hostname\":\"ip-10-28-229-205\",\n \"ipaddress\":\"10.28.229.205\",\n \"iptables\":[\n \"ACCEPT tcp -- anywhere anywhere state RELATED,ESTABLISHED\",\n \"DROP all -f anywhere anywhere \",\n \"ACCEPT tcp -- localhost anywhere tcp dpt:webcache\",\n \"ACCEPT tcp -- localhost anywhere tcp dpt:webcache\",\n \"DROP tcp -- anywhere anywhere tcp dpt:webcache\",\n \"ACCEPT tcp -- anywhere anywhere tcp dpt:http state NEW,ESTABLISHED\",\n \"ACCEPT tcp -- anywhere anywhere tcp dpt:http limit: avg 25/min burst 100\",\n \"ACCEPT tcp -- anywhere anywhere tcp spt:http state ESTABLISHED\",\n \"ACCEPT tcp -- anywhere anywhere tcp spt:webcache state ESTABLISHED\"\n ],\n \"ip_route\":[\n \"default via 192.168.1.1 dev eth0 \",\n \"172.17.0.0/16 dev docker0 proto kernel scope link src 172.17.42.1 \",\n \"192.168.1.0/24 dev eth0 proto kernel scope link src 192.168.1.10 \"\n ],\n \"network_interfaces\":[\n {\n \"interface\":\"enp60s0\",\n \"mtu\":1500,\n \"rx_ok\":0,\n \"rx_err\":0,\n \"rx_drop\":0,\n \"rx_overrun\":0,\n \"tx_ok\":0,\n \"tx_err\":0,\n \"tx_drop\":0,\n \"tx_overrun\":0,\n \"flag\":\"BMU\"\n }\n ],\n \"kernel_version\":\"2.6.32-431.29.2.el6.x86_64\",\n \"lastrun\":\"2015-05-21T23:29:49-04:00\",\n \"load15\":0,\n \"load1\":0,\n \"load5\":0,\n \"loaded_kernel_modules\":[\n \"uinput 20480 0\",\n \"binfmt_misc 16384 1\"\n ],\n \"memoryfree_gb\":2,\n \"memorytotal_gb\":16,\n \"memoryused_gb\":14,\n \"ntp_servers\":[\n \"server ntp.server.com\"\n ],\n \"ntp_running\": true,\n \"os\":\"linux\",\n \"packages\":[\n \"acl-2.2.49-6.el6.x86_64\",\n \"acpid-1.0.10-2.1.el6.x86_64\",\n \"alsa-lib-1.0.22-3.el6.x86_64\",\n \"atk-1.30.0-1.el6.x86_64\"\n ],\n \"pip\":[\n \"distribute-0.6.10\",\n \"Flask-0.10.1\",\n \"Flask-Limiter-0.7.4\"\n ],\n \"pip3\":[\n \"aiofiles-0.4.0\",\n \"aiohttp-3.3.2\",\n \"apturl-0.5.2\"\n ],\n \"platform\":\"centos\",\n \"platform_family\":\"rhel\",\n \"platform_verison\":\"6.5\",\n \"processes\":[\n \"pid=1 ppid=0 name=systemd user=root cpu_pct=0 mem_pct=0\",\n \"pid=2 ppid=0 name=kthreadd user=root cpu_pct=0 mem_pct=0\"\n ],\n \"public\":false,\n \"snaps\":[\n \"core-16-2.31.1\",\n \"slack-3.0.5\"\n ],\n \"sysctl\":[\n \"abi.vsyscall32=1\",\n \"debug.exception-trace=1\"\n ],\n \"systemctl_failed\":[\n \"0 loaded units listed.\"\n ],\n \"systemd_timers\":[\n \"Wed 2020-12-09 17:31:09 EST 30min left Wed 2020-12-09 16:34:56 EST 25min ago anacron.timer anacron.service\",\n \"Wed 2020-12-09 19:56:18 EST 2h 56min left Wed 2020-12-09 13:57:56 EST 3h 2min ago fwupd-refresh.timer fwupd-refresh.service\"\n ],\n \"open_ports\":[\n \"addr=127.0.0.1 port=58494 name=code proto=tcp\",\n \"addr=0.0.0.0 port=5601 name=node proto=tcp\",\n \"addr=:: port=9200 name=0 proto=tcp\"\n ],\n \"openscap\":{\n \"status\":false,\n \"checks\":71,\n \"failed\":[\n {\n \"title\":\"Enable auditd Service\",\n \"rule\":\"xccdf_org.ssgproject.content_rule_service_auditd_enabled\",\n \"result\":\"fail\"\n },\n {\n \"title\":\"Ensure auditd Collects System Administrator Actions\",\n \"rule\":\"xccdf_org.ssgproject.content_rule_audit_rules_sysadmin_actions\",\n \"result\":\"fail\"\n }\n ],\n \"warnings\":null\n },\n \"timezone\":\"UTC\",\n \"trivy\":[\n {\n \"Target\":\"k3s (ubuntu 20.04)\",\n \"Type\":\"ubuntu\",\n \"Vulnerabilities\":[\n {\n \"VulnerabilityID\":\"CVE-2012-6655\",\n \"PkgName\":\"accountsservice\",\n \"InstalledVersion\":\"0.6.55-0ubuntu12~20.04.1\",\n \"Layer\":{\n \"DiffID\":\"sha256:7a32807fe5359af26e10053cb110e4a7576afa4a63c26d4af5ab763d6784fae7\"\n },\n \"SeveritySource\":\"ubuntu\",\n \"Title\":\"accountsservice: local encrypted password disclosure when changing password\",\n \"Description\":\"An issue exists AccountService 0.6.37 in the user_change_password_authorized_cb() function in user.c which could let a local users obtain encrypted passwords.\",\n \"Severity\":\"LOW\",\n \"CweIDs\":[\n \"CWE-732\"\n ],\n \"VendorVectors\":{\n \"nvd\":{\n \"v2\":\"AV:L/AC:L/Au:N/C:P/I:N/A:N\",\n \"v3\":\"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N\"\n },\n \"redhat\":{\n \"v2\":\"AV:L/AC:M/Au:N/C:P/I:N/A:N\"\n }\n },\n \"CVSS\":{\n \"nvd\":{\n \"V2Vector\":\"AV:L/AC:L/Au:N/C:P/I:N/A:N\",\n \"V3Vector\":\"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N\",\n \"V2Score\":2.1,\n \"V3Score\":3.3\n },\n \"redhat\":{\n \"V2Vector\":\"AV:L/AC:M/Au:N/C:P/I:N/A:N\",\n \"V2Score\":1.9\n }\n },\n \"References\":[\n \"http://openwall.com/lists/oss-security/2014/08/15/5\",\n \"http://www.openwall.com/lists/oss-security/2014/08/16/7\",\n \"http://www.securityfocus.com/bid/69245\",\n \"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-6655\",\n \"https://bugzilla.suse.com/show_bug.cgi?id=CVE-2012-6655\",\n \"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-6655\",\n \"https://exchange.xforce.ibmcloud.com/vulnerabilities/95325\",\n \"https://security-tracker.debian.org/tracker/CVE-2012-6655\"\n ],\n \"PublishedDate\":\"2019-11-27T18:15:00Z\",\n \"LastModifiedDate\":\"2019-12-16T19:47:00Z\"\n }\n ]\n }\n ],\n \"uptime_days\":9,\n \"users\":[\n \"root:x:0:0:root:/root:/bin/bash\",\n \"adm:x:3:4:adm:/var/adm:/sbin/nologin\",\n \"shutdown:x:6:0:shutdown:/sbin:/sbin/shutdown\",\n \"nginx:x:998:997:Nginx web server:/var/lib/nginx:/sbin/nologin\",\n \"varnish:x:997:996:Varnish Cache:/var/lib/varnish:/sbin/nologin\"\n ],\n \"users_loggedin\":[\n \"root-pts/0\",\n \"timski-pts/1\"\n ],\n \"virtualization\":true,\n \"virtualization_system\":\"xen\"\n}\n```\n\nAverage payload size: `200k`\n\nElasticSearch terminology:\n\nhttp://elasticsearch:9200/index/type\n\nDiscover terminology:\n\nhttp://elasticsearch:9200/servers/environment\n\nAgent Run Time:\n\nThe agent runs every twenty minutes, and post real-time data to ElasticSearch.\n\nIf you were to delete all hosts in the environment nightly. If the agent is running and the server is up, it will populate the inventory currently with only running hosts and their data. This works very well in elastic compute environments.\n\nExample with cURL:\n\nIf you want to manually / cron schedule cmon to post to ElasticSearch\n\n```sh\n# HTTP unauth\nsudo ./cmon | curl -XPOST -H \"Content-Type: application/json\" -d @- \"http://localhost:9200/servers/_doc/$(hostid)\"\n\n\n# Insecure SSL and basic auth\nsudo ./cmon | curl -XPOST -k -u admin:admin -H \"Content-Type: application/json\" -d @- \"https://localhost:9200/servers/_doc/$(hostid)\"\n```\n\n## Install\n\nInstall the statically linked Linux binary:\n\n```sh\ncurl -OL \"https://github.com/perlogix/cmon/releases/download/1.0/cmon\" \u0026\u0026 chmod -f 0755 ./cmon\n```\n\nInstall DEB file:\n\n```sh\ncurl -LO $(curl -s https://api.github.com/repos/perlogix/cmon/releases/latest | grep browser_download_url | grep deb | cut -d '\"' -f 4)\n\ndpkg -i ./cmon*.deb\n```\n\nInstall RPM file:\n\n```sh\ncurl -LO $(curl -s https://api.github.com/repos/perlogix/cmon/releases/latest | grep browser_download_url | grep rpm | cut -d '\"' -f 4)\n\nrpm -i ./cmon*.rpm\n```\n\n**ElasticSearch Mappings Needed**\n\n```sh\n# Create index\ncurl -XPUT \"http://localhost:9200/servers\"\n\n# Put mappings to existing index\ncurl -XPUT \"http://localhost:9200/servers/_mapping\" -H 'Content-Type: application/json' -d@mapping.json\n```\n\n## Install Dependencies\n\n### Server\n\n- ElasticSearch 7.x\n- Kibana 7.x\n\n### Client (development)\n\n- Go 1.15\u003e=\n- Make\n- Docker (Optional)\n\nTo build the binary with Go run the following command:\n\n```sh\nmake build\n```\n\nTo build the binary with Docker run the following command:\n\n```sh\nmake docker\n```\n\nTo build the RPM and Deb packages with Docker run the following command:\n\n```sh\nmake VER=1.0 pkgs\n```\n\n## Getting Started Vagrant\n\n```sh\ngit clone https://github.com/perlogix/cmon.git\n\ncd cmon\n\ncurl -LO \"https://github.com/perlogix/cmon/releases/download/1.0/cmon\"\n\nvagrant up\n```\n\n## Command-Line Arguments\n\nNo flags / arguments will do a one-time run and produce a JSON file in the current path of the binary\n\n -d, --daemon Run in daemon mode\n -c, --config Set configuration path, defaults are ['./', '/opt/perlogix/cmon', '/etc/perlogix/cmon']\n\n## Configuration\n\nConfigurations can be written in YAML, JSON or TOML.\n\n_/etc/perlogix/cmon/cmon.yaml_\n_DEFAULT values if no config is present_\n\n```yaml\n# ElasticSearch DB\nhost: localhost\nport: 9200\n\n# ElasticSearch Index Name\n# This can be anything, it could be aws, softlayer, prod, staging\nenvironment: dev\n\n# Interval of agent runs in seconds\n# Default is every twenty minutes\ninterval: 1200\n\n# Username if http-basic plugin is enabled\nusername:\n\n# Password if http-basic plugin is enabled\npassword:\n\n# https true enables HTTPS instead of HTTP)\nhttps: false\n\n# Verify SSL for HTTPS endpoints\ninsecure_ssl: false\n\n# Public facing asset\npublic: false\n\n# Asset type\nasset_type:\n\n# OpenSCAP XCCDF XML file path\noscap_xccdf_xml: /usr/share/scap-security-guide/ssg-ubuntu1804-ds.xml\n\n# OpenSCAP Profile\noscap_profile: xccdf_org.ssgproject.content_profile_cis\n```\n\n## Vagrant\n\n```sh\ngit clone https://github.com/perlogix/cmon.git\ncd cmon\nvagrant up\nvagrant ssh\n```\n\n## Platforms Tested On\n\n- CentOS/RHEL 7 - latest\n- Fedora 20 - latest\n- Ubuntu 16 - latest\n- Mac OS X 16.7.0 - latest\n- Windows 10 - latest\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fperlogix%2Fcmon","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fperlogix%2Fcmon","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fperlogix%2Fcmon/lists"}