bossjones · May 16, 2025 23:54
diff --git a/so_audit.sh b/so_audit.sh
 sudo du -sch /etc /opt/so/conf /opt/so/saltstack /opt/so/log /opt/so/state /etc/docker /etc/sysctl.d /nsm/backup /opt/so/custom /opt/so/rules



 BACKUP_DATE=$(date +%Y%m%d)
 sudo tar czpf /tmp/so_backup_$BACKUP_DATE.tar.gz \
    /opt/so \
    /etc/docker/daemon.json \
    /etc/sysctl.d/99-reserved-ports.conf \
    /etc/soversion \
    /nsm/backup \
    /root/.bash_history \
    /root/crontab.txt \
    /root/.bashrc
    /root/soup.log
    /root/.config
    /root/sosigs
    /root/.zshrc
    /root/salt-server.log
    /root/kibana-curl.config \
    /root/.vulcanizer.yaml \
    /root/.ssh \
    /root/ps.log \
    /root/history.bash \
    /root/history.zsh \
    /root/rpm.log \
    /root/sosetup.log \
    /root/so-user-add.log \
    /root/fleet-setup.log \
    /etc/sysctl.d \
    /root/install_summary \
    /var/log \
    /etc \
    /var/so-launcher/securityonion/
	sudo du -sch /etc /opt/so/conf /opt/so/saltstack /opt/so/log /opt/so/state /etc/docker /etc/sysctl.d /nsm/backup /opt/so/custom /opt/so/rules



	BACKUP_DATE=$(date +%Y%m%d)
	sudo tar czpf /tmp/so_backup_$BACKUP_DATE.tar.gz \
	/opt/so \
	/etc/docker/daemon.json \
	/etc/sysctl.d/99-reserved-ports.conf \
	/etc/soversion \
	/nsm/backup \
	/root/.bash_history \
	/root/crontab.txt \
	/root/.bashrc
	/root/soup.log
	/root/.config
	/root/sosigs
	/root/.zshrc
	/root/salt-server.log
	/root/kibana-curl.config \
	/root/.vulcanizer.yaml \
	/root/.ssh \
	/root/ps.log \
	/root/history.bash \
	/root/history.zsh \
	/root/rpm.log \
	/root/sosetup.log \
	/root/so-user-add.log \
	/root/fleet-setup.log \
	/etc/sysctl.d \
	/root/install_summary \
	/var/log \
	/etc \
	/var/so-launcher/securityonion/