Discovery with restricted root access.

Costeam — Fri, 01 Jun 2012 11:57:03 GMT

Hello

We are trying to discover a linux host in an environment where, for security reasons, the "powers that be" have forbidden and therefore disabled remote root login by ssh. I guess this may be a common issue.

The server does have the Proliant Support Pack installed and the firewall ports have been opened to allow access to the SMH.

The discovery as one would expect is somewhat incomplete. It does see the SMH and SNMP (although it fails to find a matching SNMP System Type Manager rule for sysObjID). It completes with the following major error: -

Major:    The system cannot be identified properly for HP SIM to manage;
          unable to get one or more of the following: model, serial number or
          unique identifier (UUID). For management processors, verify the
          system is running the latest firmware. For Linux based operating
          systems, you must have dmidecode installed, enable the
          PermitRootLogin and PasswordAuthentication in sshd, and use root
          sign-in credential. For HP-UX, verify the sign-in credential. For
          Windows, check if WMIMapper is configured correctly on the CMS and
          verify the sign-in credential.

The powers that be are willing to type in the root password for the pupose of importing the management server certificate so that a trust relationship can be built between it and the SMH. I had hoped that this would allow the manager to gather all the extra information it needed to make a fuller discovery of the system. Sadly this was not the case, a subsequent discovery of the server did not gleen any further information depite the existence of a trust relationship between the SMH and the Manager.

We can trick the discovery by manualy entering the serial number of the server using "Edit System Properties" and then discovering the iLO. Information gleened from the iLO is then used to further populate the information held about the server. At this point the picture looks good but I suspect that the communication between host and manager is not working correctly, for instance the status of the SMH (currently major) is not being relected in the manager.

Most recently we have looked at "privilege elevation" using sudo, sadly we suspect that discovery is not coded to be able to use the "priviledge escalation" settings.

So, has anyone got any suggestions? Is there something we have overlooked? or are we destined never to be able to get this to work properly without using direct root credentials?

Any help or suggestions most welcome.

Thanks

Re: Discovery with restricted root access.

Brad6266 — Mon, 23 Jul 2012 01:05:00 GMT

- Most recently we have looked at "privilege elevation" using sudo, sadly

- we suspect that discovery is not coded to be able to use the "priviledge

- escalation" settings.

Sadly I suspect you're correct. :-(

I wanted to discover Llinux systems using a non-root user account with Privilege Elevation (sudo) but, while I could see SIM 7.0 login to the clients using the non-root account, there was never a sign of sudo (or other logging stubs I put in its place in my debugging) being invoked.

Root user or nothing, I believe.

Re: Discovery with restricted root access.

Costeam — Thu, 30 Aug 2012 09:57:55 GMT

Only just seen this response, thanks.

topic Discovery with restricted root access. in Server Management - Systems Insight Manager

Discovery with restricted root access.

Re: Discovery with restricted root access.

Re: Discovery with restricted root access.