SSH commands requiring a privileged user during probe-based discovery

  • Release version: Australia
  • Updated March 12, 2026
  • 2 minutes to read
    • Summarize
    Summarized using AI
    This content was generated using new OpenAI-powered functionality. Results are provided on an as is basis and are not guaranteed to be accurate or complete.

    Summary of SSH Commands Requiring a Privileged User During Probe-Based Discovery

    This document outlines the SSH commands executed by Discovery probes that necessitate elevated privileges for successful execution during horizontal discovery. It is essential for ServiceNow customers to configure user permissions correctly to ensure smooth operation and data retrieval from target systems.

    Show full answer Show less

    Key Features

    • User Configuration: Set up a privileged user (e.g., 'Disco') with appropriate sudo rights, including the NOPASSWD option to bypass password prompts for specific commands.
    • Command Lists: Tables categorize essential commands by operating system, detailing their purpose and corresponding sudoers configuration lines.
    • Security Considerations: Emphasizes the importance of using SSH keys for authentication and limiting sensitive data exchange to mitigate man-in-the-middle attack risks.

    Key Outcomes

    By following these guidelines, ServiceNow customers can:

    • Ensure successful execution of critical commands during discovery, enhancing data accuracy and system insights.
    • Maintain system security by configuring user permissions properly and using secure authentication methods.
    • Access comprehensive details about system hardware and processes, which are vital for effective IT operations and management.

    These tables display the SSH commands run by Discovery probes during horizontal discovery. These SSH commands require elevated privileges to run.

    Operating system commands requiring elevated rights

    These examples assume that the user name is Disco. Substitute the actual user name and verify that the paths for the commands match the paths on the system.
    Note:
    Sudo commands don’t work with private key credentials, because there’s no password to supply to the sudo command. A solution is to add the NOPASSWD option to the sudo configuration. For example, you might enter: disco ALL=(root) NOPASSWD:/usr/sbin/dmidecode,/usr/sbin/lsof,/sbin/ifconfig.

    For information on commands that don’t require elevated rights, see SSH commands not requiring a privileged user during probe-based discovery.

    For information on commands used by Service Mapping during the top-down discovery, see Service Mapping commands requiring a privileged user and Service Mapping commands not requiring a privileged user.

    SSH key not validated

    When the MID Server connects to a system, the MID Server doesn’t perform host key validation against that system and so treats it as untrusted. If an attacker performs a man-in-the-middle attack and redirects the traffic to a malicious SSH service, the attacker can intercept or modify any data sent over the connection.

    Therefore, limit any sensitive information exchanged between the MID Server and the target SSH server. Only use keys or certificates for SSH authentication, and avoid sending system credentials. Configure NOPASSWD in the sudoers file for the required privileged commands.

    Table 1. HP-UX
    Command Purpose
    adb Gathers CPU speed and memory.

    /etc/sudoers line example: Disco ALL=(root) /usr/bin/adb
    Table 2. All Linux
    Command Purpose
    dmidecode Gathers several pieces of information about the hardware, including the serial number embedded within the motherboard.

    /etc/sudoers line example: Disco ALL=(root) /sbin/dmidecode
    fdisk Gathers the disks and size information on the system.

    /etc/sudoers line example: Disco ALL=(root) /usr/bin/fdisk -l
    multipath Gathers device mappings for MultiPath Input Output (MPIO).

    /etc/sudoers line example: Disco ALL=(root) /usr/bin/multipath -ll
    Table 3. Linux and Solaris
    Command Purpose
    dmsetup Examines a low-level volume.

    /etc/sudoers line example

    • Disco ALL=(root) /usr/bin/dmsetup table *
    • Disco ALL=(root) /usr/bin/dmsetup ls
    Table 4. All UNIX versions
    Command Purpose
    lsof Determines the relationship between processes and the connections being made to the system.

    /etc/sudoers line example: Disco ALL=(root) /sbin/lsof
    oratab Grants read access to the oratab file for locating the Oracle Home and pfile.
    netstat Determines the relationship between processes and the connections being made to the system.

    /etc/sudoers line example: Disco ALL=(root) /bin/netstat
    ss Determines the relationship between processes and the connections being made to the system.

    /etc/sudoers line example: Disco ALL=(root) /sbin/ss
    Table 5. Solaris
    Command Purpose
    iscsiadm Gets iSCSI qualified names (IQNs).

    /etc/sudoers line example: ${sudo:iscsiadm list target -S}
    fcinfo Gets World Wide Port Names (WWPNs) for ports.

    /etc/sudoers line example: ${sudo:fcinfo remote-port -sl -p $port}
    prtvtoc Reports information about disk partitions.

    /etc/sudoers line example: Disco ALL=(root) /usr/bin/prtvtoc
    /usr/bin/ps Lists running process. As an alternative to running with root access, add a proc_owner role.sola.

    /etc/sudoers line example: Disco ALL=(root) /usr/bin/ps
    /usr/ucb/ps Lists running process. As an alternative to running with root access, add a proc_owner role.

    The use of the /usr/ucb/ps command is deprecated as of Solaris 11. Because Discovery requires the use of this command for all Solaris versions, you must install the ucb utility manually on Solaris 11 systems. For instructions, see KB0564262.

    /etc/sudoers line example: Disco ALL=(root) /usr/ucb/ps
    pgrep Gets list of process IDs (PIDs) with socket information.

    /etc/sudoers line example: Disco ALL=(root) /usr/bin/pgrep
    pfiles For each PID, gets and processes the output for S_IFSOCK.

    /etc/sudoers line example: Disco ALL=(root) /usr/bin/pfiles