What's the Unix Permission Required?

Version 5
    Share:|

    We get this question a lot our client tends to want information right away instead of reading thru BMC documentation we sent.  They get overwhelmed with lots of section of BMC documentation. We wanted a place to point for clip notes version and point to actual docs. We will break down in 10,000 feet view and if the client wants details of the 10.000 feet view. They have the choice to read the BMC documentation.

     

    For Unix Admin and Security they would like to understand the workflow of the scanner.  Here is the basic work flow will be, scanner server ------> client (ssh passwordless)------>run the local cmd and return the necessary results to the scanner server.  BMC document is vague on the Yellow Items to Unix permission needed. Red Items will be point of contention with most SME or Administrators.

     

    Linux Permission Overview:

     

    Method

    Script

    Privileges required

    initialise

    init

    Provided Link to Adminstration | Discovery Platform | Favor Unix

    getDeviceInfo *

    device_info

    Provided Link to Adminstration | Discovery Platform | Favor Unix

    getDirectoryListing

    ls

    Privileges

    getFileContent

    file_content

    Privileges

    getFileInfo

    Handled by the getFileMetadata and getFileContent calls.

     

    getFileMetadata

    file_metadata

    Privileges

    getFileSystems

    df

     

    getHBAList

    hba_sysfs

    Provided Link to Adminstration | Discovery Platform | Favor Unix

     

    hba_procfs

    Provided Link to Adminstration | Discovery Platform | Favor Unix

     

    hba_hbacmd

    Privileges

     

    hba_lputil

    Privileges

    getHostInfo *

    host_info

    Privileges

    getIPAddresses

    ip_addr_ip
    ifconfig_ip

     

    getMACAddresses *

    ip_link_mac
    ifconfig_mac

     

    getNetworkConnectionList

    netstat

    Privileges

    getNetworkInterfaces

    ip_link_if
    ifconfig_if

    Privileges
    Privileges

    getPackageList

    rpmx

     

     

    rpm

     

     

    dpkg

     

    getProcessList

    ps

     

    getProcessToConnectionMapping

    lsof-i

    Privileges

     

    Detail Unix Requirements Docs

    Script Scanning (Standalone Unix Scan)

     

    If the Unix Admin doesn't want to provide root level permission.  You do the following steps:

    To Be Continue

     

    Here are steps to send non-unix admin to get access remote system.

     

    Please follow these steps to provide service account %accountname% access.  Can we test on %IPAddress%?

     

              On host you want to provide access.

        1. Create the user account
        2. On terminal type "adduser %accountname%"
        3. On terminal type "passwd %accountname%"
        4. On terminal type "gpasswd -a %accountname% wheel" (CentOS)

              Copy the public key Provided by BMC Discovery Admin into .ssh/authorized_keys

        1. Check to see if you have .ssh/authorized_keys file
          1. If the file is not found.  Create a the file by doing the following steps:
          2. .ssh/authorized_keys
          3. Copy and paste the contain of the public key file into the file
          4. Save the file by type ESC.  Type “:wq” Enter
          5. Type chmod 600 ./ssh/authorized_keys