UCMDB and UD Practitioners Forum (Previously CMS)
Showing results for 
Search instead for 
Do you mean 

HP Discovery and Dependency Mapping

HP Discovery and Dependency Mapping

Hi,

 

Logging in to Unix/Linux from a probe which user shall I use in Unix/Linux to assure proper operation of discovery patterns?

 

Regards

/Bernt Jernberg

5 REPLIES

Re: HP Discovery and Dependency Mapping

Hi,

 

I am pretty sure that the answer to my question is root.

Looking into the patterns for Solaris, AIX and Linux confirms this.

 

The latest pattern that the uCMDB team, at the site where I'm at, asked me if they could run is zlogin!!!!!!

 

# grep zlogin /etc/security/exec_attr
Zone Management:solaris:cmd:::/usr/sbin/zlogin:uid=0

 

A command used to login to a local zone from a global one. This is not good design as of the twenty first century. If you care about security the slitest you don't do remote login as root. To allow a normal user the right to run a root-command via sudo or rbac without restrictions is not taking security seriously either

 

Will HP continue on this path?

 

Regards

Bernt Jernberg

 

 

 

Trusted Contributor

Re: HP Discovery and Dependency Mapping

Hi, you answered your own question with "root". This is not per design however, a discovery account should have certain permissions, see Permissions.pdf for an overview. An operator account such as the one my client is using is enough for most discovery purposes.

Re: HP Discovery and Dependency Mapping

Hi,

 

Could you please show me a link to the "Permissions.pdf"

Regards
Bernt Jernberg

 

 

Trusted Contributor

Re: HP Discovery and Dependency Mapping

Re: HP Discovery and Dependency Mapping

Thanks,

 

I will check it out.

 

Regards

Bernt Jernberg

//Add this to "OnDomLoad" event