Which rights should I grant to the account i'll set as a credential for linux devices into my asset discovery scan configuration? I am not getting a lot of results when I scan linux devices, what are the prerequisites to get the most of them? |
The asset discovery module can gather hardware and software inventories from linux, Mac OS X and solaris:
1- sshd must be running and accessible onto the targets:
- make sure sshd is enabled onto the target
- make sure that the port 22 is accessible from the asset discovery scanner itself - make sure that the account that is set onto Asset Discovery > Configuration > Scan Configuration > _YOUR_SCAN_CONFIGURATION_ > Active Protocols > "Linux/Unix (SSH)" is allowed to ssh into the target 2- User rights: The following commands are used to gather Hardware and Software inventories on linux and Mac OS X. This implies that the user that is set in the tab "Active protocols" for Linux/Unix (SSH)". These run AFTER the scanner successfully log in the target using SSH : - Hardware Inventory from Linux/Mac/Solaris: /bin/cat
/sbin/ifconfig -a /bin/df -TP -B 1000 /bin/df -TP -B 1000 ifconfig -a lsdev -Cc processor -F name /usr/sbin/system_profiler SPUSBDataType /usr/sbin/diskutil list -plist /usr/sbin/diskutil info -plist /usr/sbin/diskutil list -plist /usr/sbin/diskutil info -plist /usr/sbin/system_profiler SPNetworkDataType -xml /usr/sbin/system_profiler SPDisplaysDataType -xml /usr/sbin/system_profiler SPUSBDataType /usr/sbin/system_profiler SPMemoryDataType -xml /usr/sbin/sysctl -n hw.machine /usr/sbin/sysctl -n hw.cpufrequency /usr/sbin/sysctl -n machdep.cpu.vendor /usr/sbin/sysctl -n machdep.cpu.brand_string /bin/kbd -t /sbin/ifconfig -a uname -X uname -m /usr/platform/`uname -m`/sbin/prtdiag /usr/sbin/psrinfo -v - Software Inventory for Linux/Max/Solaris: /bin/rpm -qa --qf
system_profiler SPApplicationsDataType -detailLevel full -xml pkginfo -x /usr/bin/pkginfo -x dpkg -l /usr/bin/dpkg -l pkg_info /usr/sbin/pkg_info pkg_info -A /usr/sbin/pkg_info This list here mixes commands for all three OS, and that some of these will only run on one of these three OS or even on a specific distro only. These commands can change from one release to another. To have the most accurate list of commands ran by the module on unix devices, check the following scripts in the folder ../data/RemoteInventory of the scanners: - hardware_ssh.chl (hardware inventory for unix devices)
- software_ssh.chl (software inventory for unix devices) Note: Typically the security team can allow an AUTHORITATIVE SOURCE (Scanner IP Address via ACL) the ability to do a port scan of devices. This can be done at the switch level and/or the End Point level for Anti-Virus solutions/local firewall. |