sw-collector Tool

Synopsis

sw-collector [--debug level] [--quiet] [--count event-count]

sw-collector [--debug level] [--quiet] [--installed|--removed] --list|--unregistered

sw-collector [--debug level] [--quiet] [--installed|--removed] [--full] --generate

sw-collector [--debug level] [--quiet] --migrate

sw-collector [--debug level] [--quiet] --check

sw-collector -h | --help

Description

The sw-collector tool extracts information about software package installation, update or removal events from the apt history log and stores the software events in an SQLite database. The retrieved history information is then merged and made consistent with the actual list of installed software packages obtained with dpkg-query. The sw-collector is used to manage the local Software Inventory on an endpoint.

Options

-h

--help

Prints usage information and a short summary of the available commands

-v

--debug

Set debug level, default: 2

-q

--quiet

Disable debug output to stderr

-i

--installed

Apply command to installed software packages, only

-r

--removed

Apply command to removed software packages, only

-f

--full

Generate ISO 19770-2:2015 SWID tags with full file information (possible for installed software packages, only)

-l

--list

Lists all software packages stored in the collector database showing their installation status

-u

--unregistered

Lists all software packages residing in the local collector database but for which no SWID tags exist yet in a central collector database reachable via a REST interface.

-g

--generate

Generates ISO 19770-2:2015 SWID tags for all software packages residing in the local collector database but for which no SWID tags exist in a central collector database reachable via a REST interface

-m

--migrate

Can be used to migrate collector database versions. Currently all architecture suffixes are removed from dpkg package names

-C

--check

Checks the integrity of the collector database against the actual list of installed packages obtained with dpkg-query

Configuration

The following parameters can be configured in the sw-collector section of strongswan.conf:

Key Default Description

Key	Default	Description
database		URI to software collector database containing event timestamps, software creation and deletion events and collected software identifiers. If it contains a password, make sure to adjust the access permissions of the config file accordingly
first_file	[→]	Path pointing to file created when the Linux OS was installed. `[/var/log/bootstrap.log]`
first_time	[→]	Time in UTC when the Linux OS was installed. `[0000-00-00T00:00:00Z]`
history		Path pointing to apt `history.log` file
load		Plugins to load in `sw-collector` tool
rest_api.timeout	`120`	Timeout in seconds of `REST API` `HTTP POST` transaction
rest_api.uri		HTTP[S] URI of the central collector’s `REST API`

database

URI to software collector database containing event timestamps, software creation and deletion events and collected software identifiers. If it contains a password, make sure to adjust the access permissions of the config file accordingly

first_file

[→]

Path pointing to file created when the Linux OS was installed. [/var/log/bootstrap.log]

first_time

[→]

Time in UTC when the Linux OS was installed. [0000-00-00T00:00:00Z]

history

Path pointing to apt history.log file

load

Plugins to load in sw-collector tool

rest_api.timeout

120

Timeout in seconds of REST API HTTP POST transaction

rest_api.uri

HTTP[S] URI of the central collector’s REST API

Some Hints

The database URI is mandatory because otherwise the collector database is not found. You can create an empty collector database with the command
```
sudo -s
cat /usr/share/strongswan/templates/database/sw-collector/sw_collector_tables.sql | \
sqlite3 /etc/pts/collector.db
```
If the logrotate command splits the /var/log/apt/history.log file into multiple chunks then before version 5.9.5 of the sw-collector which now handles zipped history chunks automatically, you had to manually unzip, concatenate and store the multiple chunks in the correct order in a reconstructed history.log file and point the history parameter to this file for the initial run of sw-collector. For all subsequent runs the history setting must then be set back the to the default value.
The default value /var/log/bootstrap.log of the first_file parameter points to a file which is usually present on Debian and Ubuntu systems and which gives a good estimate of the date when the OS was initially installed. You can point first_file to another file of your choice or use first_time to explicitly define the system creation date.
The rest_api.uri parameter is needed for the --unregistered and --generate commands where sw-collector contacts an on-line strongTNC server and queries already registered SWID tags via a REST API.

The parameters of the swid_generator used with the --generate command can be changed in the libimcv section of strongswan.conf:

Key Default Description

Key	Default	Description
command	[→]	SWID generator command to be executed. `[/usr/local/bin/swid_generator]`
tag_creator.name	[→]	Name of the `tagCreator` entity. `[strongSwan Project]`
tag_creator.regid	[→]	regid of the `tagCreator` entity. `[strongswan.org]`

command

[→]

SWID generator command to be executed. [/usr/local/bin/swid_generator]

tag_creator.name

[→]

Name of the tagCreator entity. [strongSwan Project]

tag_creator.regid

[→]

regid of the tagCreator entity. [strongswan.org]

Example

sw-collector {
   database = sqlite:///etc/pts/collector.db
   history = /var/log/apt/history.log
   first_file = /var/log/bootstrap.log
   first_time = 2016-04-22T20:55:14Z
   rest_api {
      uri = https://admin-user:strongSwan@tnc.example.com/api/
      timeout = 120
   }
}

libimcv {
  swid_gen {
    command = /usr/local/bin/swid_generator
    tag_creator {
      name = strongSwan Project
      regid = strongswan.org
    }
  }
}

Files

/usr/share/strongswan/templates/database/sw-collector/sw_collector_tables.sql