Scanning Unix-based assets

Technology

Computers based on OS X, Linux, FreeBSD, and ESX/ESXi operating systems are scanned by agents. An agent is an executable uploaded via the SSH and SCP/SFTP protocols to a remote computer and gathers information about its hardware and software using the operating system utilities.

The SSH protocol enables exchanging data between two hosts using a secure channel. Currently, there are 2 versions of this protocol: SSH-1 and SSH-2. TNI 3 uses SSH-2 for scanning. Most modern UNIX systems allow use of this protocol.

The SCP and SFTP protocols are used for file transfers through a secure channel between two hosts. They are components of most modern SSH servers. TNI 3 supports both of these protocols.

Remote scanning via the SSH protocol

How it works:

  1. TNI 3 connects to the remote computer via the SSH protocol.
  2. A temporary folder is created in the remote user's home folder. The agent is then uploaded there using either the SFTP or the SCP protocol.
  3. The scanning agent is run and creates a file with gathered information upon completion of its work.
  4. A file containing computer information is then transferred via the SFTP or SCP protocol back to TNI 3 and added to the opened storage.
  5. The temporary folder containing the agent and the created file is deleted.

Before starting a scan one should make sure that:

  • the remote computer runs an SSH-2 server (on TCP port 22) that supports SFTP or SCP, and firewall allows access to it;
  • the remote user is allowed to access the SSH-server (the AllowUsers option). If scanning is done under the root user, the PermitRootLogin option should be set to yes;
  • the remote user must have administrative privileges (for Linux: be in the sudoers list if the user is other than root).

The operating system should provide the agent with a number of utilities so it can collect all needed data from the computer. The list of utilities depends on the operating system configuration. If one of the utilities is not installed on the scanned computer, a message will be displayed in the appropriate category of the Common reports view.

Furthermore, the operating system should be able to provide standard C++ library libstdc++.so.6.

An approximate list of utilities needed to collect the data on a Linux-based computer: arch, cd-info, df, dmidecode, dpkg-query / emerge / pacman / pkgtool / rpm, get-edid, hdparm, head, ifconfig, iptables, iptables-save, ls, lspci (pciconf for FreeBSD), lsusb, ps, pvdisplay, pvscan, route, rpm, swapon, uname.

Manual scanning

How it works:

  1. Executable tniwinagent.exe (an agent) is manually copied to the target computer and launched. When the scanning is complete, the agent creates a file containing the collected information.
  2. The resulting file must be moved to the TNI 3 storage.

See the Manual scan section for details.