On Linux dmidecode fails from ServiceNow, but runs successfully for Discovery account when logged into server

codycotulla · ‎09-30-2019

I am getting dmidecode discovery failures when I run Discovery but running the same command is successful when I run it locally.

The command I am running is

sudo /usr/sbin/dmidecode -t 1 | cat

If I SSH to the server and log in using the discovery account, I can run the command successfully.

In ServiceNow I get the following output

<result warn="User xx_account has no right to run /usr/sbin/dmidecode -t 1 under sudo; ">
<output>
/sys/firmware/dmi/tables/smbios_entry_point: Permission denied /dev/mem: Permission denied # dmidecode 3.2 Scanning /dev/mem for entry point.
</output>

I have the following entries in sudoers file:

Cmnd_Alias      CMDB_CMND = /sbin/fdisk -l, /usr/sbin/dmidecode -t ??, /usr/sbin/dmidecode -t ?
xx_account         ALL = (root) NOPASSWD:CMDB_CMND

Has anyone encountered this problem where the sudo dmidecode command works when you SSHt to the server, but fails from ServiceNow?

Any help is appreciated; let me know if you have any questions.

Thanks,

Cody

tim_broberg · ‎09-30-2019

I don't think SSHCommand is smart enough to follow the alias, Cody.

Try defining it directly, or disabling the privilege command check with mid param mid.ssh.disable_privilege_check so that it just blindly runs sudo instead of checking whether we have permission first.
- Tim.

View solution in original post

tim_broberg · ‎09-30-2019

I don't think SSHCommand is smart enough to follow the alias, Cody.

Try defining it directly, or disabling the privilege command check with mid param mid.ssh.disable_privilege_check so that it just blindly runs sudo instead of checking whether we have permission first.
- Tim.

codycotulla · ‎10-01-2019

Tim,

Big help. We went ahead and added the mid.ssh.diable_privilege_check parameter as a MID Server Property, and now the dmidecode commands are working.

I also found this KB article that talks about the problem:
https://hi.service-now.com/kb_view.do?sysparm_article=KB0712620

Again, really appreciate your help with this.

Cody

tim_broberg · ‎10-01-2019

Sweet! Thanks for the feedback.
- Tim.

RajeshGummadoju · ‎05-21-2020

We do have same issue for some Linux Servers

Error - sudo: dmidecode: command not found

we have tried runing sudo /usr/sbin/dmidecode -t 1 | cat and getting results.

However the same command(sudo dmidecode -t 1 | cat) is working fine for other Linux Servers.

We have tried using mid property mid.ssh.diable_privilege_check parameter but still facing the same issue.

Please let me know your thoughts, thanks in advance.

Best Regards,

RajeSh