Scanning Unix-based assets

Technology

Computers based on macOS, Linux, FreeBSD, and ESX/ESXi operating systems are scanned using agents. An agent is an executable uploaded via the SSH and SCP/SFTP protocols to a remote computer and gathers information about its hardware and software using the operating system utilities.

The program supports scanning of 64-bit macOS systems.

The SSH protocol enables exchanging data between two hosts using a secure channel. Currently, there are 2 versions of this protocol: SSH-1 and SSH-2. TNI uses SSH-2 for scanning. Most modern UNIX systems allow use of this protocol.

The SCP and SFTP protocols are used for file transfers through a secure channel between two hosts. They are components of most modern SSH servers. TNI supports both of these protocols.

Scanning of the ESX/ESXi systems can also be performed via the HTTP protocol (by accessing their web interface). To use this scanning method you need to specify the credentials in the VMware column on the Scanner tab.

Attention!

To scan macOS and Unix-like systems that were entered into a domain, you need to specify the domain account which you have previously used to log in on the scanned node.
In this case, you can also use a local account with administrator privileges for scanning.

Remote scanning via the SSH protocol

How it works:

  1. TNI connects to the remote computer via the SSH protocol.
  2. A temporary folder is created in the remote user’s home folder. The agent is then uploaded there using either the SFTP or the SCP protocol.
  3. The scanning agent is run and creates a file with gathered information upon completion of its work.
  4. A file containing computer information is then transferred via the SFTP or SCP protocol back to TNI and added to the opened storage.
  5. The temporary folder containing the agent and the created file is deleted.

Before starting a scan one should make sure that:

  • the remote computer runs an SSH-2 server (on TCP port 22, or you can specify a “Custom port” in Options) that supports SFTP or SCP, and firewall allows access to it;
  • the remote user is allowed to access the SSH-server (the AllowUsers option). If scanning is done under the root user, the PermitRootLogin option should be set to yes;
  • the remote user must have administrative privileges (for Linux: be in the sudoers list if the user is other than root).

The operating system should provide the agent with a number of utilities so it can collect all needed data from the computer. The list of utilities depends on the operating system configuration. If one of the utilities is not installed on the scanned computer, a message will be displayed in the appropriate category of the Common reports view.

Furthermore, the operating system should be able to provide standard C++ library libstdc++.so.6.

An approximate list of utilities needed to collect the data on a Linux-based computer: arch, cd-info, df, dmidecode, dpkg-query / emerge / pacman / pkgtool / rpm, get-edid, hdparm, head, ifconfig, iptables, iptables-save, ls, lspci (pciconf for FreeBSD), lsusb, ps, pvdisplay, pvscan, route, rpm, swapon, uname.

Manual scanning

How it works:

  1. The agent executable that is appropriate for the target system is manually copied to the target computer and launched. When the scanning is complete, the agent creates a file containing the collected information.
  2. The resulting file must be moved to the TNI storage.
  3. See the Manual scan section for details.
Contents