Asset discovery: prerequisites to get remote inventories from linux/mac os/solaris clients

Version 2
    Share This:

    At the moment the documentation does not clearly list what should be enabled on a linux/mac os/solaris client to allow you to get hardware and software inventories from it. I have requested this to be enhanced asap, until then this document should help.

     

    1- SSHD must be running and accessible onto the target:

    - enable sshd to run onto the target

    - make sure that the port 22 on the target is accessible from the asset discovery scanner

    - make sure that the account you'll have set onto Asset Discovery > Configuration > Scan Configuration > _YOUR_SCAN_CONFIGURATION_ > Active Protocols > "Linux/Unix (SSH)" con connect to the target using ssh.

     

     

    2- Set the user so he can run the following commands:

    The following commands are used to gather Hardware and Software inventory on Linux / Max / Solaris (courtesy of James). This implies that the user you'll set in the active protocol tab for Linux/Unix (SSH)" must have access to the following commands, at least. These run AFTER the scanner successfully logins into the target using SSH :

     

    - Hardware Inventory from Linux/Mac/Solaris OS's:

     

    /bin/cat

    /sbin/ifconfig -a

    /bin/df -TP -B 1000

    /bin/df -TP -B 1000

    ifconfig -a

    lsdev -Cc processor -F name

    /usr/sbin/system_profiler SPUSBDataType

    /usr/sbin/diskutil list -plist

    /usr/sbin/diskutil info -plist

    /usr/sbin/diskutil list -plist

    /usr/sbin/diskutil info -plist

    /usr/sbin/system_profiler SPNetworkDataType -xml

    /usr/sbin/system_profiler SPDisplaysDataType -xml

    /usr/sbin/system_profiler SPUSBDataType

    /usr/sbin/system_profiler SPMemoryDataType -xml

    /usr/sbin/sysctl -n hw.machine

    /usr/sbin/sysctl -n hw.cpufrequency

    /usr/sbin/sysctl -n machdep.cpu.vendor

    /usr/sbin/sysctl -n machdep.cpu.brand_string

    /bin/kbd -t

    /sbin/ifconfig -a

    uname -X

    uname -m

    /usr/platform/`uname -m`/sbin/prtdiag

    /usr/sbin/psrinfo -v

     

    - Software Inventory for Linux/Max/Solaris OS's:

     

    /bin/rpm -qa --qf

    system_profiler SPApplicationsDataType -detailLevel full -xml

    pkginfo -x

    /usr/bin/pkginfo -x

    dpkg -l

    /usr/bin/dpkg -l

    pkg_info

    /usr/sbin/pkg_info

    pkg_info -A

    /usr/sbin/pkg_info

     

    Note that this list here mixes commands for all three OS, and that some of these will only run on one of these three OS's or even on a specific distro only.

     

     

    If you want the most accurate list of commands ran by the module on linux/unix devices, you can check the following scripts:

    - hardware_ssh.chl (hardware inventory for linux/unix devices)

    - software_ssh.chl (software inventory for linux/unix devices)

     

    Note:

    Typically the security team can allow an AUTHORITATIVE SOURCE (Scanner IP Address via ACL) the ability to do a port scan of devices.  This can be done at the switch level and/or the End Point level for Anti-Virus solutions/local firewall.