- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
05-04-2020 08:10 AM
Hi All,
We have a requirement where we need to do a Linux discovery through Powerbroker, where the credentials are installed for the servers, now when we try to use the pbrun as a privileged command and iniiate a discovery on one of the linux servers, the Mid server logs shows the SSHSessionPoolKey still has sudo as Privileged command.
However going deeper in the logs we can see pbrun being executed. Attaching Logs file for reference.
We need to know if anyone has actually implemented Discovery with Powerbroker.
Also we need to understand that is it possible to use Jump server and install Mid Server on that Jump server and then doing a Linux Discovery through Powerbroker
Regards,
Shub
Solved! Go to Solution.
- Labels:
-
Discovery
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
07-02-2020 02:33 AM
If anyone faces this issue in Future, this is what we need to do, somehow the patterns intrinsically choose the Privileged commands once selected on Mid Server, however the logs are deceiving, but better rely on the debug Mode of Patterns and check if PBRUN is being executed on target server.
Powerbroker Master has to relay the permissions to target daemons, so it is necessary the linux team configures the Powerbroker master correctly such that the commands which require privileged access such as lsof and dmidecode are being executed on daemons with pbrun.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
05-05-2020 03:14 PM
SSHSessionPoolKey defines which SSH requests are able to share the same sessions. For example, you can't run traffic with debug on and with debug off in the same session because the SSH client only has debug granularity on a session by session basis, and the session has to be debug = true or debug = false. If we let two probes with conflicting debug settings run on the same session, the first one would get what it needs and the second one would not.
If you have accurately determined that the pool is seeing sudo but the actual usage is pbrun, it sounds like something wacky is going on where the config is set one way when getting a session but another way when using it.
I'm not terribly familiar with the pattern code, so I can't speak with much authority here. For all I know, they have a separate session they're using to gather information where they don't bother poking at the privileged command config.
I have run discovery with pbrun. It worked fine for me in a pilot test discovering just a few hosts.
I have not done it with a jump server.
- Tim.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
05-06-2020 02:10 AM
Thanks
Any pointers would be really helpful.
Regards,
Shub
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
05-06-2020 09:14 AM
I really am an expert on SSHCommand probes. There, the "sudo command" or "${sudo:command}" syntax predates support of other privileged command utilities like pbrun. It used to mean means escalate command with sudo, but later came to mean escalate command with something.
I'm afraid I'm barely an amateur with patterns.
In many (most?) cases, the pattern calls through to SSHCommand, and I would certainly expect it to treat sudo the same way, and I would certainly expect that to include Linux discovery.
If you add a parameter to the problematic prove, debug = true, do you then see piles and piles of debug messages from the ssh client? That would show exactly what is happening on the wire.
- Tim.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
05-08-2020 04:03 AM
Hi
Secondly i am more curious to know the credentials that are used do the credentials used for Linux Discovery neccesarily have to be in sudoers file, or can it not be in sudoers? If in sudoers, will it not allow PBRUN to execute at all, just a thought, don't know if it's in the right direction or not?
Any pointers will help.
Regards,
Shub