Linux Client Default Gateway Analysis

We are preparing for network migrations and performing double checks, I was able to quickly find the default gateway of Windows endpoints with ‘gateways of adapters of network’, but I can’t seem to find a similar query to perform the same analysis on Linux endpoints.

Searches on Google, bigfix.me etc have come close but turned up nothing that set me straight in solving this. I must be looking for the wrong property name/string. Can someone please advise how this can be done?

@IanDM

As you have found, Linux doesn’t have an equivalent inspector. If your Linux endpoints have a global default network defined in /etc/sysconfig/network, then you may be able to use the following relevance to define a custom gateway property:

if name of operating system contains “Linux” then following texts of firsts “=” of (lines of file “/etc/sysconfig/network”) whose (it starts with “GATEWAY”) else if name of operating system contains “Win” then gateways of adapters of network as string else “”

If the endpoint is running on Linux, the property will return the gateway value defined in the /etc/sysconfig/network. If the endpoint is running on Windows, the property will return the usual list of gateways, otherwise, it will show an empty string for the other operating systems.

If this doesn’t work, it may be because the gateways are defined individually on each interface. Let me know, as this will require a different approach.

Thank you for the reply. Unfortunately, the results were not 100% and researching the clients that returned “none” shows this is a bit more disjointed than I expected…

For VMs, we have some machines where the gateway is defined in /etc/sysconfig/network, some have it defined in /etc/sysconfig/network-scripts/ifcfg-eth0. A handful are configured with an eth1 and no eth0.

There are a few physical servers in the mix as well, using teamed NICs with bond0 interfaces, but I think they are all using a gateway defined in /etc/sysconfig/network. (At least I’ve not found any bond1 named interfaces)

I can see how the example you sent handles each OS, but I need to include a few “if” within the Linux OS part of that analysis to account for the varied setups I need to handle. I’ll do some experimentation on my own, but is that even possible? Confirming a successful “grep” of a string or looking for the string in another file if the result is still “none”?

My relevance-fu is not that strong…:smirk:

@IanDM

I suggest you create an analysis to handle the data collection. You can then select the results and copy the them into the paste buffer for post-processing in Excel. One possible challenge is that a machine might have multiple gateways defined. It will be easy to identify any other outliers.

As a side note, a cloned Linux VM will get an eth1 interface, when the source VM had an eth0 interface. This may be why you’re seeing a handful of eth1 interfaces in your environment.

Analysis Name
Gateways

Property1
Windows Gateway
if name of operating system contains “Win” then gateways of adapters of network as string else “not Windows”

Property2
Linux Global Gateway
if name of operating system contains “Linux” then (if (exists file “/etc/sysconfig/network” whose (exists (lines of it) whose (it starts with “GATEWAY=”))) then (following texts of firsts “=” of (lines of file “/etc/sysconfig/network”) whose (it starts with “GATEWAY”)) else “no global gateway”) else “not Linux”

Property3
Linux eth0 Gateway
if name of operating system contains “Linux” then (if (exists file “/etc/sysconfig/network-scripts/ifcfg-eth0” whose (exists (lines of it) whose (it starts with “GATEWAY=”))) then (following texts of firsts “=” of (lines of file “/etc/sysconfig/network-scripts/ifcfg-eth0”) whose (it starts with “GATEWAY”)) else “no gateway at eth0”) else “not Linux”

Property4
Linux eth1 Gateway
if name of operating system contains “Linux” then (if (exists file “/etc/sysconfig/network-scripts/ifcfg-eth1” whose (exists (lines of it) whose (it starts with “GATEWAY=”))) then (following texts of firsts “=” of (lines of file “/etc/sysconfig/network-scripts/ifcfg-eth1”) whose (it starts with “GATEWAY”)) else “no gateway at eth1”) else “not Linux”

Property5
Linux bond0 Gateway
if name of operating system contains “Linux” then (if (exists file “/etc/sysconfig/network-scripts/ifcfg-bond0” whose (exists (lines of it) whose (it starts with “GATEWAY=”))) then (following texts of firsts “=” of (lines of file “/etc/sysconfig/network-scripts/ifcfg-bond0”) whose (it starts with “GATEWAY”)) else “no gateway at bond0”) else “not Linux”

The exists operator is great for validating the presence or absence of any object. In this case we’re using it to confirm that the various system configuration files are present before trying to locate the gateway information.

1 Like

Almost forgot to come back and say thanks for your help.
I managed to collect the information we were hoping to get and learned a bit more along the way.
I was so focused on a single column in an analysis/table I needed someone who knew better to suggest cleaning up the results in Excel after the fact.

I’m glad I was able to help.