Quick Start¶
First, Install margaritashotgun.
Capture A Single Machine¶
A single machine can be captured using only the command line arguments for margaritashotgun.
First specify the server and user with the --server
and --username
flags.
Next provide a path to an ssh key with --key
(or use a password with the --password
flag).
Finally provide a lime kernel module with --module
and specify an output file with --filename
margaritashotgun --server 172.16.20.10 --username root --key root_access.pem --module lime-3.13.0-74-generic.ko --filename 172.16.20.10-mem.lime
Save Memory In S3¶
To save a file to s3 replace the filename
flag with --bucket
. Ensure that you have aws credentials configured prior to executing the following command.
margaritashotgun --server 172.16.20.10 --username root --key root_access.pem --module lime-3.13.0-74-generic.ko --bucket memory_capture_bucket
Capture Multiple Machines¶
Run margaritashotgun with a configuration file like parallel_config.yml.example
aws:
bucket: memory_dump_example
hosts:
- addr: 52.36.191.XXX
port: 22
username: ec2-user
key: access.pem
module: lime-4.1.19-24.31.amzn1.x86_64.ko
- addr: 52.36.170.XXX
port: 22
username: ec2-user
key: access.pem
module: lime-4.1.19-24.31.amzn1.x86_64.ko
- addr: 52.36.210.XXX
port: 22
username: ubuntu
key: dev.pem
module: lime-3.13.0-74-generic.ko
- addr: 52.36.90.XXX
port: 22
username: ubuntu
key: dev.pem
module: lime-3.13.0-74-generic.ko
workers: 2
Note
In this example parallelism is limited to 2 workers.
Run the capture with:
margaritashotgun -c your_custom_config.yml.