Linux Discovery
Transcript of Linux Discovery
-
7/25/2019 Linux Discovery
1/5
Linux/Unix/AIX Discovery in iServe
UNIX and Linux Credentials
Discovery and Orchestration explore UNIX and Linux devices by using commands executed over
Secure Shell (SSH! so they need SSH credentials" #he user can be any user" $oth applications
must run commands on UNIX and Linux systems %ith root privileges" #here are t%o general
approaches to accomplishing this&
'ive rootcredentials" #hese are obviously the most po%erul credentials! but
may not be desirable rom a security perspective" I Discovery or Orchestration have
the root credentials to any UNIX or Linux system! no urther coniguration is
re)uired"
'ive other credentials or Discovery or Orchestration! but grant the user in those
credentials the right to execute certain commands %ith root privileges! using sudo"
#his is a secure %ay to grant limited privileges" Discovery or Orchestration use sudo
on any probe that has the must_sudoparameter set to true(it deaults to false"
Ho%ever! each system must be conigured to allo% sudo to %or*" #his is done by
editing the/etc/sudoersile using the visudocommand"
Access Requirements for NonRoot Credentials
I you do not provide Discovery %ith root access credentials! you must provide credentials %ith the
ollo%ing access re)uirements"
A!!lication "ile or Directory Access Required
+pache httpd"con ,ead
H$ase hbase-site"xml ,ead
.$oss /boss-service"xml ,ead
.$oss home directory ,ead
%eb"xml ,ead
-
7/25/2019 Linux Discovery
2/5
-
7/25/2019 Linux Discovery
3/5
server"xml ,ead
serverindex"xml ,ead
Confi#urin# SudoCommands to $rant Root %rivile#es
2ach command or %hich Discovery or Orchestration re)uires root privileges is described belo%!
along %ith ho% to conigure the/etc/sudoersile to allo% them" #hese examples assume that the
user name in the credentials is Disco" Substitute the actual user name and ensure that the paths or
the commands match the path on the systems"
Note&Sudo commands do not work with private key credentials, because there is no password tosupply to the sudo command. A solution is to add the NOPASSW option to the sudo confi!uration."or e#ample, you mi!ht enter$ disco A%%&'root(
NOPASSW$/usr/sbin/dmidecode,/usr/sbin/lsof,/sbin/ifconfi! .
UNIX/Linux Commands Requirin# root %rivile#es for Discovery and 'rc(estration
Command %latform)s* %ur!ose /etc/sudoers line exam!le Used +y
dmidecode +ll Linux 'athers several
pieces o inormation
about the hard%are!
including the serial
number embedded
%ithin the
motherboard"
Disco +LL7(root
3sbin3dmidecode
Discovery
lso +ll Linux and
0ac
versions
Determines the
relationship bet%een
processes and the
connections beingmade to the system"
Disco +LL7(root 3sbin3lsoDiscovery
vm%are-
cmd
2SX 'athers vm%are
instances inormation"Disco +LL7(root
3usr3bin3vm%are-cmd
Discovery
-
7/25/2019 Linux Discovery
4/5
adb H5-UX 'athers 85U speed
and memory"Disco +LL7(root 3usr3bin3adb
Discovery
chpass%d +ll Linux and
UNIX
versions
8hanges user
pass%ords"Disco +LL7(root
3etc3chpass%d
Orchestratio
n
chage +ll Linux and
UNIX
versions
8hanges the number
o days bet%een
pass%ord changes
and the date o the
last pass%ord
change"
Disco +LL7(root 3etc3chageOrchestratio
n
oratab +ll Unix
versions
'rants read access to
the oratab ile or
locating the OracleHome and pile"
N3+ Discovery
3usr3bin3ps Solaris Lists running process"
+s an alternative to
running %ith root
access! add a
proc9o%ner role"
Disco +LL7(root 3usr3bin3psDiscovery
3usr3ucb3ps Solaris :;
and belo%
Lists running process"
+s an alternative to
running %ith root
access! add aproc9o%ner role"
Note&)he use of
/usr/ucb has been
deprecated as of
Solaris **.
Disco +LL7(root 3usr3ucb3psDiscovery
dis* +ll Linux 'athers the dis*s and
si
-
7/25/2019 Linux Discovery
5/5
prtvtoc Solaris ,eports inormation
about dis* partitionsDisco +LL7(root
3usr3bin3prtvtoc
Discovery