Quick Start¶
First, Install margaritashotgun.
Capture A Single Machine¶
A single machine can be captured using only the command line arguments for margaritashotgun.
First specify the server and user with the -s
and -u
flags respectively.
Next provide a path to an ssh key with -k
(or use a password with the -p
flag).
Finally provide a lime kernel module with -m
and specify an output file with -f
margaritashotgun -s 172.16.20.10 -u root -k root_access.pem -m lime-3.13.0-74-generic.ko -f 172.16.20.10-mem.lime
Save Memory In S3¶
To save a file to s3 simply replace the -f
or filename
flags with -b
or --bucket
. Ensure that you have aws credentials configured prior to executing the following command.
margaritashotgun -s 172.16.20.10 -u root -k root_access.pem -m lime-3.13.0-74-generic.ko -b memory_capture_bucket
Capture Multiple Machines¶
Run margaritashotgun with a configuration file like parallel_config.yml.example
aws:
bucket: memory_dump_example
hosts:
- addr: 52.36.191.XXX
port: 22
username: ec2-user
key: access.pem
module: lime-4.1.19-24.31.amzn1.x86_64.ko
- addr: 52.36.170.XXX
port: 22
username: ec2-user
key: access.pem
module: lime-4.1.19-24.31.amzn1.x86_64.ko
- addr: 52.36.210.XXX
port: 22
username: ubuntu
key: dev.pem
module: lime-3.13.0-74-generic.ko
- addr: 52.36.90.XXX
port: 22
username: ubuntu
key: dev.pem
module: lime-3.13.0-74-generic.ko
workers: 2
Here parallelism is limited to 2 workers.
Run the capture with:
margaritashotgun -c your_custom_config.yml.