Server Management - Systems Insight Manager
1748011 Members
4804 Online
108757 Solutions
New Discussion

Re: Discovery with restricted root access.

 
Costeam
Occasional Contributor

Discovery with restricted root access.

Hello

 

We are trying to discover a linux host in an environment where, for security reasons, the "powers that be" have forbidden and therefore disabled remote root login by ssh. I guess this may be a common issue.

 

The server does have the Proliant Support Pack installed and the firewall ports have been opened to allow access to the SMH.

 

The discovery as one would expect is somewhat incomplete. It does see the SMH and SNMP (although it fails to find a matching SNMP System Type Manager rule for sysObjID). It completes with the following major error: -

 

Major:    The system cannot be identified properly for HP SIM to manage;
          unable to get one or more of the following: model, serial number or
          unique identifier (UUID). For management processors, verify the
          system is running the latest firmware. For Linux based operating
          systems, you must have dmidecode installed, enable the
          PermitRootLogin and PasswordAuthentication in sshd, and use root
          sign-in credential. For HP-UX, verify the sign-in credential. For
          Windows, check if WMIMapper is configured correctly on the CMS and
          verify the sign-in credential.

 

The powers that be are willing to type in the root password for the pupose of importing the management server certificate so that a trust relationship can be built between it and the SMH. I had hoped that this would allow the manager to gather all the extra information it needed to make a fuller discovery of the system. Sadly this was not the case, a subsequent discovery of the  server did not gleen any further information depite the existence of a trust relationship between the SMH and the Manager.

 

We can trick the discovery by manualy entering the serial number of the server using "Edit System Properties" and then discovering the iLO. Information gleened from the iLO is then used to further populate the information held about the server. At this point the picture looks good but I suspect that the communication between host and manager is not working correctly, for instance the status of the SMH (currently major) is not being relected in the manager.

 

Most recently we have looked at "privilege elevation" using sudo, sadly we suspect that discovery is not coded to be able to use the "priviledge escalation" settings.

 

So, has anyone got any suggestions? Is there something we have overlooked? or are we destined never to be able to get this to work properly without using direct root credentials?

 

Any help or suggestions most welcome.

 

Thanks

2 REPLIES 2
Brad6266
Occasional Contributor

Re: Discovery with restricted root access.

-  Most recently we have looked at "privilege elevation" using sudo, sadly

-  we suspect that discovery is not coded to be able to use the "priviledge

-  escalation" settings.

 

Sadly I suspect you're correct.  :-(

 

I wanted to discover Llinux systems using a non-root user account with Privilege Elevation (sudo) but, while I could see SIM 7.0 login to the clients using the non-root account, there was never a sign of sudo (or other logging stubs I put in its place in my debugging) being invoked.

 

Root user or nothing, I believe.

Costeam
Occasional Contributor

Re: Discovery with restricted root access.

Only just seen this response, thanks.