SSH commands requiring a privileged user during probe-based discovery
- UpdatedJan 30, 2025
- 3 minutes to read
- Xanadu
- Discovery
These tables display the SSH commands run by Discovery probes during horizontal discovery. These SSH commands require elevated privileges to run.
Operating system commands requiring elevated rights
disco ALL=(root)
NOPASSWD:/usr/sbin/dmidecode,/usr/sbin/lsof,/sbin/ifconfig.For information on commands that don’t require elevated rights, see SSH commands not requiring a privileged user during probe-based discovery.
For information on commands used by Service Mapping during the top-down discovery, see Service Mapping commands requiring a privileged user and Service Mapping commands not requiring a privileged user.
SSH key not validated
When the MID Server connects to a system, the MID Server doesn’t perform host key validation against that system and so treats it as untrusted. If an attacker performs a man-in-the-middle attack and redirects the traffic to a malicious SSH service, the attacker can intercept or modify any data sent over the connection.
Therefore, limit any sensitive information exchanged between the MID Server and the target SSH server. Only use keys or certificates for SSH authentication, and avoid sending system credentials. Configure NOPASSWD in the sudoers file for the required privileged commands.
| Command | Purpose |
|---|---|
| adb | Gathers CPU speed and memory. /etc/sudoers line example: |
| Command | Purpose |
|---|---|
| dmidecode | Gathers several pieces of information about the hardware, including the serial number embedded within the motherboard. /etc/sudoers line example: |
| fdisk | Gathers the disks and size information on the system. /etc/sudoers line example: |
| multipath | Gathers device mappings for MultiPath Input Output (MPIO). /etc/sudoers line example: |
| Command | Purpose |
|---|---|
| dmsetup | Examines a low-level volume. /etc/sudoers line example
|
| Command | Purpose |
|---|---|
| lsof | Determines the relationship between processes and the connections being made to the system. /etc/sudoers line example: |
| oratab | Grants read access to the oratab file for locating the Oracle Home and pfile. |
| netstat | Determines the relationship between processes and the connections being made to the system. /etc/sudoers line example: |
| ss | Determines the relationship between processes and the connections being made to the system. /etc/sudoers line example: |
| Command | Purpose |
|---|---|
| iscsiadm | Gets iSCSI qualified names (IQNs). /etc/sudoers line example: |
| fcinfo | Gets World Wide Port Names (WWPNs) for ports. /etc/sudoers line example: |
| prtvtoc | Reports information about disk partitions. /etc/sudoers line example: |
| /usr/bin/ps | Lists running process. As an alternative to running with root access, add a proc_owner role.sola. /etc/sudoers line example: |
| /usr/ucb/ps | Lists running process. As an alternative to running with root access, add a proc_owner role. The use of the /etc/sudoers line example: |
| pgrep | Gets list of process IDs (PIDs) with socket information. /etc/sudoers line example: |
| pfiles | For each PID, gets and processes the output for S_IFSOCK. /etc/sudoers line example: |
Related Content
- Discovery commands for probes and patterns
Discovery commands are used for both probe and pattern-based discovery to access configuration items (CIs) in your environment.