Table: exec_command - Query Exec Commands using SQL
The Exec Command is a feature that enables the execution of arbitrary commands in the context of the current session. It is a powerful tool that can be used to run scripts, utilities, and other command-line tasks. With Exec Command, you can execute commands and scripts in a secure, controlled environment, and capture the output for further processing or analysis.
Table Usage Guide
The exec_command table provides insights into the execution of arbitrary commands within the current session context. As a Systems Administrator, explore command-specific details through this table, including command outputs, exit codes, and associated metadata. Utilize it to uncover information about command execution, such as error messages, the duration of command execution, and the verification of command outputs.
Examples
Query JSON files on Linux host
Explore the configuration of your Linux host to identify the URL of your Jenkins WAR file. This could be useful for troubleshooting or for confirming the source of your Jenkins installation.
select _ctx ->> 'connection_name' as host, stdout_output :: jsonb -> 'core' ->> 'url' as jekins_war_urlfrom exec_commandwhere command = 'cat jenkins-default.json';select json_extract(_ctx, '$.connection_name') as host, json_extract(json(stdout_output), '$.core.url') as jekins_war_urlfrom exec_commandwhere command = 'cat jenkins-default.json';Query package.json dependencies on Linux host
Explore the dependencies and their versions in your package.json file on a Linux host. This is useful to understand the versions of libraries your project is using, which can help in debugging or updating your project.
select _ctx ->> 'connection_name' as host, dep.key as dependency, dep.value as versionfrom exec_command, json_each_text(stdout_output :: json -> 'dependencies') as dep(key, value)where command = 'cat package.json';select json_extract(_ctx, '$.connection_name') as host, dep.key as dependency, dep.value as versionfrom exec_command, json_each(json_extract(stdout_output, '$.dependencies')) as depwhere command = 'cat package.json';List files on Linux host
Explore the contents of a Linux host by listing all files within it. This can be useful for assessing the current file structure or identifying any unexpected or suspicious files.
select _ctx ->> 'connection_name' as host, stdout_outputfrom exec_commandwhere command = 'ls -la';select json_extract(_ctx, '$.connection_name') as host, stdout_outputfrom exec_commandwhere command = 'ls -la';List devices on Linux host
Explore the connected devices on a Linux host system. This query is useful for system administrators who need to monitor the devices linked to their Linux servers.
select _ctx ->> 'connection_name' as host, stdout_outputfrom exec_commandwhere command = 'lsblk';select json_extract(_ctx, '$.connection_name') as host, stdout_outputfrom exec_commandwhere command = 'lsblk';List disks on Linux host
Explore the disk usage on a Linux host to manage storage efficiently by identifying areas with high usage. This allows for proactive cleanup and allocation of resources, enhancing system performance.
select _ctx ->> 'connection_name' as host, stdout_outputfrom exec_commandwhere command = 'df -h';select json_extract(_ctx, '$.connection_name') as host, stdout_outputfrom exec_commandwhere command = 'df -h';List user accounts on Linux host
Explore which user accounts exist on a Linux host to better manage system access and security. This can be particularly useful in maintaining control over who has access to your system and ensuring unauthorized users are not present.
select _ctx ->> 'connection_name' as host, stdout_outputfrom exec_commandwhere command = 'cat /etc/passwd';select json_extract(_ctx, '$.connection_name') as host, stdout_outputfrom exec_commandwhere command = 'cat /etc/passwd';Query host file on Linux host
Explore the host file details on a Linux host to understand the mappings between domain names and IP addresses. This can help in troubleshooting network connectivity issues or verifying the correct setup of network services.
select stdout_output, _ctx ->> 'connection_name' as hostfrom exec_commandwhere command = 'cat /etc/hosts';select stdout_output, json_extract(_ctx, '$.connection_name') as hostfrom exec_commandwhere command = 'cat /etc/hosts';List processes on Linux host
Explore the active processes on a Linux host to understand the system's performance and resource allocation. This can help in identifying potential bottlenecks or issues that might be affecting the system's efficiency.
select _ctx ->> 'connection_name' as host, stdout_outputfrom exec_commandwhere command = 'ps -ef';select json_extract(_ctx, '$.connection_name') as host, stdout_outputfrom exec_commandwhere command = 'ps -ef';Show hardware information on Linux host
Analyze the hardware configuration of a Linux host to understand its components and specifications. This can be useful for system administrators who need to assess the current hardware setup or plan for upgrades.
select _ctx ->> 'connection_name' as host, stdout_outputfrom exec_commandwhere command = 'lshw';select json_extract(_ctx, '$.connection_name') as host, stdout_outputfrom exec_commandwhere command = 'lshw';Query configuration file for rsyslog on Linux host
Gain insights into the configuration of the rsyslog service on a Linux host. This is useful for understanding the current logging settings and identifying any potential issues or misconfigurations.
select _ctx ->> 'connection_name' as host, stdout_outputfrom exec_commandwhere command = 'cat /etc/rsyslog.conf';select json_extract(_ctx, '$.connection_name') as host, stdout_outputfrom exec_commandwhere command = 'cat /etc/rsyslog.conf';Query host IP addresses on Linux host
Explore which Linux hosts have specific IP addresses. This query is useful for network management and troubleshooting, allowing you to quickly identify which hosts are using which IP addresses.
select _ctx ->> 'connection_name' as host, stdout_outputfrom exec_commandwhere command = 'ip addr'order by host;select json_extract(_ctx, '$.connection_name') as host, stdout_outputfrom exec_commandwhere command = 'ip addr'order by host;List files on Windows host
Explore the contents of a Windows host by listing all files present. This can be useful for auditing file contents or tracking down specific files.
select _ctx ->> 'connection_name' as host, stdout_outputfrom windows.exec_commandwhere command = 'dir';select json_extract(_ctx, '$.connection_name') as host, stdout_outputfrom windows_exec_commandwhere command = 'dir';List network info on Windows host
Explore the network information on a Windows host to gain insights into the status and details of all active network connections. This can be useful for troubleshooting network issues or for routine network monitoring.
select _ctx ->> 'connection_name' as host, stdout_outputfrom windows.exec_commandwhere command = 'ipconfig /all';select json_extract(_ctx, '$.connection_name') as host, stdout_outputfrom windows_exec_commandwhere command = 'ipconfig /all';List disks on a local Mac OSX
Explore the disk configuration of a local Mac OSX to gain insight into the system's storage setup. This is particularly useful for system administrators seeking to understand the disk utilization of their machines.
select _ctx ->> 'connection_name' as host, stdout_outputfrom exec_commandwhere command = 'diskutil list';select json_extract(_ctx, '$.connection_name') as host, stdout_outputfrom exec_commandwhere command = 'diskutil list';Handle failing commands
Determine the areas in which commands are failing by analyzing the output of those commands. This can be especially useful for diagnosing and troubleshooting issues in your system.
select _ctx ->> 'connection_name' as host, case when exit_code = 0 then stdout_output else stderr_output end as outputfrom exec_commandwhere command = 'ls non_existing_file';select json_extract(_ctx, '$.connection_name') as host, case when exit_code = 0 then stdout_output else stderr_output end as outputfrom exec_commandwhere command = 'ls non_existing_file';Query network interfaces through Python interpreter on local machine
This query allows you to pinpoint the specific network interfaces on your local machine using a Python interpreter. In a practical setting, this can be useful for identifying potential network issues or for understanding the configuration of your local machine's network interfaces.
This example requires Python3 interpreter to be set on exec.spc file. Please refer this on how to set it up.
select index, namefrom exec_command, json_to_recordset(stdout_output :: json) as x(index int, name text)where command = 'import json, socket; print(json.dumps([{"index": interface[0], "name": interface[1]} for interface in socket.if_nameindex()]))';Error: SQLite does not support json_to_recordset function.Query hostname through Perl interpreter on local machine
Explore the system's hostname using the Perl interpreter on your local machine. This is useful for identifying the specific machine you're working on, especially in a networked environment with multiple machines.
This example requires Perl interpreter to be set on exec.spc file. Please refer this on how to set it up.
select stdout_output as hostnamefrom exec_commandwhere command = 'use Sys::Hostname; my $hostname = hostname; print "$hostname\n";';select stdout_output as hostnamefrom exec_commandwhere command = 'use Sys::Hostname; my $hostname = hostname; print "$hostname\n";';Control examples
- CIS v1.6.0 > 1 Host Configuration > 1.1 Linux Hosts Specific Configuration > 1.1.1 Ensure a separate partition for containers has been created
- CIS v1.6.0 > 1 Host Configuration > 1.1 Linux Hosts Specific Configuration > 1.1.10 Ensure auditing is configured for Docker files and directories - /etc/default/docker
- CIS v1.6.0 > 1 Host Configuration > 1.1 Linux Hosts Specific Configuration > 1.1.11 Ensure auditing is configured for Docker files and directories - /etc/docker/daemon.json
- CIS v1.6.0 > 1 Host Configuration > 1.1 Linux Hosts Specific Configuration > 1.1.12 Ensure auditing is configured for Docker files and directories - /etc/containerd/config.toml
- CIS v1.6.0 > 1 Host Configuration > 1.1 Linux Hosts Specific Configuration > 1.1.13 Ensure auditing is configured for Docker files and directories - /etc/sysconfig/docker
- CIS v1.6.0 > 1 Host Configuration > 1.1 Linux Hosts Specific Configuration > 1.1.14 Ensure auditing is configured for Docker files and directories - /usr/bin/containerd
- CIS v1.6.0 > 1 Host Configuration > 1.1 Linux Hosts Specific Configuration > 1.1.15 Ensure auditing is configured for Docker files and directories - /usr/bin/containerd-shim
- CIS v1.6.0 > 1 Host Configuration > 1.1 Linux Hosts Specific Configuration > 1.1.16 Ensure auditing is configured for Docker files and directories - /usr/bin/containerd-shim-runc-v1
- CIS v1.6.0 > 1 Host Configuration > 1.1 Linux Hosts Specific Configuration > 1.1.17 Ensure auditing is configured for Docker files and directories - /usr/bin/containerd-shim-runc-v2
- CIS v1.6.0 > 1 Host Configuration > 1.1 Linux Hosts Specific Configuration > 1.1.18 Ensure auditing is configured for Docker files and directories - /usr/bin/runc
- CIS v1.6.0 > 1 Host Configuration > 1.1 Linux Hosts Specific Configuration > 1.1.3 Ensure auditing is configured for the Docker daemon
- CIS v1.6.0 > 1 Host Configuration > 1.1 Linux Hosts Specific Configuration > 1.1.4 Ensure auditing is configured for Docker files and directories - /run/containerd
- CIS v1.6.0 > 1 Host Configuration > 1.1 Linux Hosts Specific Configuration > 1.1.5 Ensure auditing is configured for Docker files and directories - /var/lib/docker
- CIS v1.6.0 > 1 Host Configuration > 1.1 Linux Hosts Specific Configuration > 1.1.6 Ensure auditing is configured for Docker files and directories - /etc/docker
- CIS v1.6.0 > 1 Host Configuration > 1.1 Linux Hosts Specific Configuration > 1.1.7 Ensure auditing is configured for Docker files and directories - docker.service
- CIS v1.6.0 > 1 Host Configuration > 1.1 Linux Hosts Specific Configuration > 1.1.8 Ensure auditing is configured for Docker files and directories - containerd.sock
- CIS v1.6.0 > 1 Host Configuration > 1.1 Linux Hosts Specific Configuration > 1.1.9 Ensure auditing is configured for Docker files and directories - docker.socket
- CIS v1.6.0 > 2 Docker daemon configuration > 2.1 Run the Docker daemon as a non-root user, if possible
- CIS v1.6.0 > 2 Docker daemon configuration > 2.11 Ensure base device size is not changed until needed
- CIS v1.6.0 > 2 Docker daemon configuration > 2.12 Ensure that authorization for Docker client commands is enabled
- CIS v1.6.0 > 2 Docker daemon configuration > 2.14 Ensure containers are restricted from acquiring new privileges
- CIS v1.6.0 > 2 Docker daemon configuration > 2.16 Ensure Userland Proxy is Disabled
- CIS v1.6.0 > 2 Docker daemon configuration > 2.3 Ensure the logging level is set to 'info'
- CIS v1.6.0 > 2 Docker daemon configuration > 2.4 Ensure Docker is allowed to make changes to iptables'
- CIS v1.6.0 > 2 Docker daemon configuration > 2.7 Ensure TLS authentication for Docker daemon is configured
- CIS v1.6.0 > 2 Docker daemon configuration > 2.8 Ensure the default ulimit is configured appropriately
- CIS v1.6.0 > 3 Docker daemon configuration files > 3.1 Ensure that the docker.service file ownership is set to root:root
- CIS v1.6.0 > 3 Docker daemon configuration files > 3.10 Ensure that TLS CA certificate file permissions are set to 444 or more restrictively
- CIS v1.6.0 > 3 Docker daemon configuration files > 3.11 Ensure that Docker server certificate file ownership is set to root:root
- CIS v1.6.0 > 3 Docker daemon configuration files > 3.12 Ensure that the Docker server certificate file permissions are set to 444 or more restrictively
- CIS v1.6.0 > 3 Docker daemon configuration files > 3.13 Ensure that the Docker server certificate key file ownership is set to root:root
- CIS v1.6.0 > 3 Docker daemon configuration files > 3.14 Ensure that the Docker server certificate key file permissions are set to 400
- CIS v1.6.0 > 3 Docker daemon configuration files > 3.15 Ensure that the Docker socket file ownership is set to root:docker
- CIS v1.6.0 > 3 Docker daemon configuration files > 3.16 Ensure that the Docker sock file permissions are set to 660 or more restrictively
- CIS v1.6.0 > 3 Docker daemon configuration files > 3.17 Ensure that the daemon.json file ownership is set to root:root
- CIS v1.6.0 > 3 Docker daemon configuration files > 3.18 Ensure that daemon.json file permissions are set to 644 or more restrictive
- CIS v1.6.0 > 3 Docker daemon configuration files > 3.19 Ensure that the /etc/default/docker file ownership is set to root:root
- CIS v1.6.0 > 3 Docker daemon configuration files > 3.2 Ensure that docker.service file permissions are appropriately set
- CIS v1.6.0 > 3 Docker daemon configuration files > 3.20 Ensure that the /etc/default/docker file permissions are set to 644 or more restrictively
- CIS v1.6.0 > 3 Docker daemon configuration files > 3.21 Ensure that the /etc/sysconfig/docker file permissions are set to 644 or more restrictively
- CIS v1.6.0 > 3 Docker daemon configuration files > 3.22 Ensure that the /etc/sysconfig/docker file ownership is set to root:root
- CIS v1.6.0 > 3 Docker daemon configuration files > 3.23 Ensure that the Containerd socket file ownership is set to root:root
- CIS v1.6.0 > 3 Docker daemon configuration files > 3.24 Ensure that the Containerd socket file permissions are set to 660 or more restrictively
- CIS v1.6.0 > 3 Docker daemon configuration files > 3.3 Ensure that docker.socket file ownership is set to root:root
- CIS v1.6.0 > 3 Docker daemon configuration files > 3.4 Ensure that docker.socket file permissions are set to 644 or more restrictive
- CIS v1.6.0 > 3 Docker daemon configuration files > 3.5 Ensure that the /etc/docker directory ownership is set to root:root
- CIS v1.6.0 > 3 Docker daemon configuration files > 3.6 Ensure that /etc/docker directory permissions are set to 755 or more restrictively
- CIS v1.6.0 > 3 Docker daemon configuration files > 3.7 Ensure that registry certificate file ownership is set to root:root
- CIS v1.6.0 > 3 Docker daemon configuration files > 3.8 Ensure that registry certificate file permissions are set to 444 or more restrictively
- CIS v1.6.0 > 3 Docker daemon configuration files > 3.9 Ensure that TLS CA certificate file ownership is set to root:root
- CIS v1.6.0 > 4 Container Images and Build File Configuration > 4.1 Ensure that a user for the container has been created
- CIS v1.6.0 > 4 Container Images and Build File Configuration > 4.5 Ensure Content trust for Docker is Enabled
- CIS v1.6.0 > 5 Container Runtime Configuration > 5.23 Ensure that docker exec commands are not used with the privileged option
- CIS v1.6.0 > 5 Container Runtime Configuration > 5.24 Ensure that docker exec commands are not used with the user=root option
- CIS v1.6.0 > 5 Container Runtime Configuration > 5.32 Ensure that the Docker socket is not mounted inside any containers
- CIS v1.6.0 > 7 Docker Swarm Configuration > 7.2 Ensure that swarm services are bound to a specific host interface
Schema for exec_command
| Name | Type | Operators | Description |
|---|---|---|---|
| _ctx | jsonb | Steampipe context in JSON form. | |
| command | text | Command to be run. | |
| exit_code | bigint | Exit code of the command. | |
| sp_connection_name | text | Steampipe connection name. | |
| sp_ctx | jsonb | Steampipe context in JSON form. | |
| stderr_output | text | Standard error output from the command. | |
| stdout_output | text | Standard output from the command. |
Export
This table is available as a standalone Exporter CLI. Steampipe exporters are stand-alone binaries that allow you to extract data using Steampipe plugins without a database.
You can download the tarball for your platform from the Releases page, but it is simplest to install them with the steampipe_export_installer.sh script:
/bin/sh -c "$(curl -fsSL https://steampipe.io/install/export.sh)" -- execYou can pass the configuration to the command with the --config argument:
steampipe_export_exec --config '<your_config>' exec_command