COLLECTOR · LINUX

Deploy the Linux collector.

The collector is the read-only internal agent that runs inside your trust boundary and reaches a Domain Controller over private LDAPS — it never exposes the DC and needs only an unprivileged authenticated domain reader.

TUX Linux collector
Internal host · systemd timer · internal LDAPS reachability to a DC
Signed, reproducible Linux builds are produced on release. Verify the SHA-256 and the minisign signature (docs/RELEASE.md), or reproduce the exact binary yourself with scripts/build-release.sh. Until a build is deployed, use the zero-install PowerShell collector below — it is available now.
PS1 PowerShell collector
Zero-install, human-auditable, same read-only attribute allow-list as the native collector. It is the exact plaintext script — read it before you run it. All parsing, redaction, and encryption stay in the audited Rust core at ingest, so the guarantees never rest on the script.
Download bastion-collect.ps1

Read-only · no-exploit · no-secrets. Paged, throttled, and schedulable so a large collection never stresses the DC. In connected mode it egresses a single outbound 443 to the suite; air-gapped, nothing leaves the boundary — the deliverable is the encrypted snapshot plus a self-contained HTML attack-path report.

Back to home