Service Mapping commands requiring a privileged user

  • Release version: Xanadu
  • Updated August 1, 2024
  • 15 minutes to read
    • Summarize
    Summarized using AI
    This content was generated using new OpenAI-powered functionality. Results are provided on an as is basis and are not guaranteed to be accurate or complete.

    Summary of Service Mapping commands requiring a privileged user

    Service Mapping in ServiceNow requires the use of commands with elevated privileges to discover and map Unix-based hosts within your organization effectively. These commands are integral to processes such as host detection, identification on ports, and discovering configuration items (CIs) using patterns. Although you do not run these commands directly, it is essential to configure servers to allow Service Mapping to execute these privileged commands.

    Show full answer Show less

    Key Details

    The commands requiring privileged access vary depending on the operating system and the specific application or service being discovered. These commands allow Service Mapping to:

    • Access protected directories and files
    • Obtain process and network connection information
    • Extract configuration and environment details from various applications
    • List files, directories, and system attributes necessary for mapping

    Operating System Commands

    Each Unix-based OS (AIX, HP-UX, Solaris, Linux) requires specific elevated commands such as cat, ls, lsof, netstat, and process inspection commands like ps and procwdx. These commands enable Service Mapping to read files, list directory contents, and analyze network ports and process details essential for accurate service discovery.

    Application-Specific Commands

    Service Mapping also uses privileged commands tailored to discover various enterprise applications and services, including but not limited to:

    • Apache Web Server and Tomcat (e.g., grep, netstat, find)
    • IBM products such as WebSphere, MQ, and CICS (e.g., grep, ps, netstat)
    • Oracle suite including Database, WebLogic, and E-Business Suite (e.g., ls, cat, netstat)
    • Microsoft Exchange Server commands for extracting server roles and cluster information via PowerShell
    • TIBCO, JBoss, Citrix Netscaler, and other middleware components

    These commands typically involve file content extraction, listing directories, analyzing open network ports, and reading configuration or log files.

    Why This Matters for ServiceNow Customers

    Correctly configuring privileged access for these commands ensures Service Mapping can comprehensively and securely discover the infrastructure and application services in your environment. This capability is critical for building accurate service maps, which underpin effective IT service management, impact analysis, and operational intelligence.

    Practical Considerations

    • Ensure that the necessary credentials and permissions are configured on target servers to allow Service Mapping to execute these privileged commands.
    • Review the specific commands required for your operating systems and applications to verify appropriate security policies and access controls are in place.
    • Remember that some commands do not require elevated rights unless accessing protected directories.
    • For Windows-based components like Microsoft Exchange, specific PowerShell commands are used to extract detailed role and configuration information.

    Next Steps

    Review your ServiceNow Service Mapping configuration to ensure privileged user access is correctly set up for your Unix-based hosts and relevant applications. Consult the list of commands associated with your environment’s OS and application stack to validate permissions. For details about commands not requiring privileged access, refer to the related Service Mapping documentation on non-privileged commands.

    Service Mapping uses commands requiring elevated rights to discover and map Unix-based hosts in your organization. In addition to configuring necessary credentials, configure servers in your organization to allow Service Mapping to run these commands with elevated rights.

    You do not run these commands directly. Service Mapping uses commands requiring elevated rights as part of the following processes:
    • host detection
    • process identification on port
    • discovering CIs using patterns

    Some of these commands do not require elevated rights, unless directories that Service Mapping must access are protected. For more information, see Service Mapping commands not requiring a privileged user.

    Operating system commands requiring elevated rights

    Table 1. AIX commands requiring elevated rights
    Command Parameter Description
    cat file-name Shows the file content.
    ls

    -F-1

    -1HF

    -w 1

    -1

    		 Lists the directory content.
    procwdx Process_id Gets working directory of a process.
    rmsock Socketname tcpcp Finds process listening on a specific port.
    lsof -Pnl +M -i Shows files or connections associated with the process.
    lstat Various options Fetches information about a link.
    ps eww Fetches environment variables for the process on AIX.
    Table 2. HP-UX commands requiring elevated rights
    Command Parameter Description
    cat file-name Shows the file content.
    ls

    -F-1

    -1HF

    -w 1

    -1

    		 Lists the directory content.
    pfiles Process_id Shows files or connections associated with the process.
    lsof -Pnl +M -i Shows files or connections associated with the process.
    Table 3. Solaris commands requiring elevated rights
    Command Parameter Description
    cat File_name Shows the file content.
    ls

    ls -F-1

    ls -1HF

    ls -w 1

    ls -1

    		 Lists the directory content.

    e-l

    		 Fetches file attributes used for file caching decision.
    pargs -e Gets the executable directory.
    pargs -a Gets the process.
    lsof -Pnl +M -i Shows files and connections associated with the process.
    netstat -anu Lists the open ports. Required for Solaris version 11.2 or later.
    Ifconfig Ifconfig -a Shows interface information (need sudo to get the MAC addresses).
    pwdx Process_id Gets the process information.
    pargs -e process_id Gets the process information.
    ps -eo user, pid, ppid, comm, args Gets the process list.
    inetadm -l or without params Handles the case of application using the inet daemon.
    Table 4. Linux commands requiring elevated rights
    Commands Parameter Description
    cat

    File_name

    scsi

    tr '\\n'

    /proc

    /proc/cpuinfo

    sys

    sys/hypervisor

    sys/hypervisor/compilation

    sys/hypervisor/compilation/compiled by

    		 Shows information about file content.
    cut

    -d

    -f1

    		 Shows the entire output of a file.
    dmidecode

    -t 17

    -s bios-vendor

    -t 1

    -t 2

    -t 3

    		 Shows information about hardware of the Linux server in a readable format.
    lshw Shows information about hardware of the Linux server in a readable format.
    ls

    ls -F-1

    ls -1HF

    ls -w 1

    ls -1

    ls -l

    		 Lists directory content.
    netstat

    -ltnup

    -ltnp

    -ntup

    -an

    		 Shows the open network connections.
    Isof
    Note:
    Used in some cases as an alternative to netstat.
    		 -Pnl +M -i Shows files and connections associated with the process.
    ss

    -ltnup

    -ntup

    -an

    		 Shows the open network connections.
    stat

    --format="%Y"

    -L file_name

    		 Shows the modification time of the file.
    fdisk -l Displays all disk partitions

    Application commands requiring elevated rights

    Service Mapping uses some of these commands in patterns.

    Table 5. Apache Web Server (on UNIX)
    Command Parameter Description
    grep Various options Extracts strings from the output.
    netstat Various options Lists open ports.
    ss Various options Lists open ports.
    ls Various options Lists files and folders in the specified folder.
    Table 6. Apache Tomcat (on UNIX)
    Command Parameter Description
    grep Various options Extracts strings from the output.
    ls Various options Lists files and folders in the specified folder.
    cat - Shows the file content.
    netstat Various options Lists the open ports.
    ss Various options Lists open ports.
    find -name This command is used only for creating the web services connections.

    Finds specific strings in files and folders.
    Table 7. Apache Tomcat WAR (on UNIX)
    Command Parameter Description
    grep Various options Extracts strings from the output.
    ls Various options Lists files and folders in the specified folder.
    cat - Shows the file content.
    version.sh/version.bat - Gets the Tomcat version.
    netstat Various options Lists the open ports.
    ss Various options Lists open ports.
    find -name This command is used in connection sections of the pattern for discovering Apache Tomcat WAR connections.

    Finds specific strings in files and folders.
    Table 8. App TNS Service (on UNIX)
    Command Parameter Description
    ls Various options Lists files and folders in the specified folder.
    netstat Various options Lists open ports.
    ss Various options Lists open ports.
    grep Various options Extracts strings from the output.
    Table 9. BIG-IP Global Traffic Manager (GTM) F5 (on F5 BIG-IP)
    Command Parameter Description
    ping -a -c 1 [url[1].host] Gets the host IP.
    Table 10. BMC CTRL-M Enterprise Manager (on UNIX)
    Command Parameter Description
    grep Various options Extracts strings from the output.
    netstat Various options Lists open ports.
    ss Various options Lists open ports.
    Table 11. BMC CTRL-M Gateway (on UNIX)
    Command Parameter Description
    grep Various options Extracts strings from the output.
    find Various options This command is used only to create connections to Control M Server.

    Finds file and folder paths.
    Table 12. Citrix Netscaler (on Citrix Netscaler)
    Command Parameter Description
    grep Various options Extracts strings from the output.
    show Various options Retrieves Netscaler IP address.
    Table 13. EMC Documentum Broker (on UNIX)
    Command Parameter Description
    find Various options

    Finds connections to Docbase.
    Table 14. FormEngine (on UNIX)
    Command Parameter Description
    grep Various options (On Unix only) Extracts strings from the output.
    ls Various options (On Unix only) Lists files and folders in the specified folder.
    cat - (On Unix only) Shows the file content.
    Table 15. IBM Customer Information Control System (CICS) (on UNIX)
    Command Parameter Description
    netstat Various options Lists open ports.
    ss Various options Lists open ports.
    grep Various options Extracts strings from the output.
    Table 16. IBM CTRL-M Server (on UNIX)
    Command Parameter Description
    grep Various options (For Unix only) Extracts strings from the output.
    find Various options (For Unix only)

    Finds file and folder paths.
    Table 17. IBM CICS Transaction Gateway CTG (on UNIX or Windows)
    Command Parameter Description
    grep Various options (For Unix only) This command is used only to create CICS connections. Extracts strings from the output.
    cat - (For Unix only) This command is used only to create CICS connections. Displays the file content in the output.
    find Various options (For Unix only) This command is used only to create CICS connections. Finds specific strings in files and folders.
    Table 18. IBM DB2 (on Linux)
    Command Parameter Description
    grep Various options Extracts strings from the output.
    cat - Displays the file content in the output.
    Table 19. IBM J2EE EAR (on Linux)
    Command Parameter Description
    grep Various options Extracts strings from the output.
    netstat Various options Lists open ports.
    ss Various options Lists open ports.
    find -name Finds files and folders in the specified folder.
    Table 20. IBM WebSphere Application Server (on UNIX)
    Command Parameter Description
    grep Various options Extracts strings from the output.
    ls Various options Lists files and folders in the specified folder.
    cat - Shows the file content.
    find

    -name

    -type

    		 This command is used only for creating the Web Services connections.

    Finds files and folders for the specific name.
    Table 21. IBM WebSphere Portal (on UNIX)
    Command Parameter Description
    ls Various options Lists files and folders in the specified folder.
    cat - Shows the file content.
    netstat Various options Lists the open ports.
    ss Various options Lists open ports.
    Table 22. IBM WebSphere Message Broker Flow (on UNIX)
    Command Parameter Description
    grep Various options Extracts strings from the output.
    ls Various options Lists files and folders in the specified folder.
    cat - Shows the file content.
    ps -ef Gets the process information.
    netstat Various options Lists the open ports.
    ss Various options Lists open ports.
    Table 23. IBM WebSphere Message Broker (on UNIX)
    Command Parameter Description
    ps -ef Gets the process information.
    netstat Various options Lists the open ports.
    grep Various options Extracts strings from the output.
    ls Various options Lists files and folders in the specified folder.
    cat - Shows the file content.
    Table 24. IBM MQ (on UNIX) — formerly IBM WebSphere MQ
    Command Parameter Description
    grep Various options Extracts strings from the output.
    Table 25. IBM MQ Queue (on UNIX) — formerly IBM WebSphere MQ Queue
    Command Parameter Description
    grep Various options Extracts strings from the output.
    Table 26. Jboss Module (on UNIX)
    Command Parameter Description
    grep Various options Extracts strings from the output.
    netstat Various options Lists open ports.
    ss Various options Lists open ports.
    Table 27. Jboss (on UNIX and Windows)
    Command Parameter Description
    ls Various options (On Unix only) Lists files and folders in the specified folder.
    grep Various options Extracts strings from the output.
    dir Various options (On Windows only) Lists files and folders in the specified folder.
    find Various options (For Windows only) Finds specific strings in files and folders.
    netstat Various options Lists open ports.
    ss Various options Lists open ports.
    Table 28. JRun (on UNIX)
    Command Parameter Description
    dir Various options Lists files and folders in the specified folder.
    Table 29. JRun WAR Inc (on UNIX)
    Command Parameter Description
    ls Various options Lists files and folders in the specified folder.
    grep Various options Extracts strings from the output.
    netstat Various options Lists open ports.
    ss Various options Lists open ports.
    Table 30. Microsoft Exchange Client Access Server (CAS), Microsoft Exchange Hub Transport Server, Microsoft Exchange Mailbox (on Windows)
    Command Parameter Description
    Get-ExchangeServer -status -Identity "+$hostname+"| export-clixml $env:TEMP\exchange_pwrshell_output.xml Extracts the list of Microsoft Exchange hosts and role
    Get-ExchangeServer format-table -autosize -HideTableHeaders Name,Fqdn,IsMailboxServer Extracts the list of Microsoft Exchange hosts and role in table format
    Get-MailboxServer format-list Extracts the list of Microsoft Exchange Mailbox servers.
    Get-ClusteredMailBoxServerStatus format-table -Property OperationalMachines Extracts information about Microsoft Exchange Mailbox clusters.
    Get-ExchangeServer format-table -autosize -HideTableHeaders Name,Fqdn,IsHubTransportServer Extracts information on Microsoft Exchange Hub Transport servers
    Get-StorageGroup -server "+$hname+" | select SystemFolderPath | Export-Csv out.csv -notype;cat out.csv Extracts information about storage and exports it into a file.
    Get-MailboxDatabase | select LogFolderPath | format-table -autosize -hideTableHeaders; Get-MailboxDatabase | select EdbFilePath| format-table -autosize -hideTableHeaders;Get-MailboxDatabase | select TemporaryDataFolderPath| format-table -autosize -hideTableHeaders Extracts information about the Microsoft Exchange Mailbox database.
    Table 31. MySQL Server (on Linux)
    Command Parameter Description
    grep Various options (On Unix only) Extracts strings from the output.
    netstat Various options Lists open ports.
    ss Various options Lists open ports.
    ps --pid=[process.pid] --no-headers -o " %U : %p : %a” Gets the userid parameter value.
    Table 32. MySQL Cluster MGM Node (on Linux)
    Command Parameter Description
    netstat Various options Lists open ports.
    ss Various options Lists open ports.
    ps --pid=[process.pid] --no-headers -o " %U : %p : %a” (On Unix only) Gets the userid parameter value.
    Table 33. Nginx (on UNIX)
    Command Parameter Description
    netstat Various options Lists open ports.
    ss Various options Lists open ports.
    ps --pid=[process.pid] --no-headers -o " %U : %p : %a” Gets the userid parameter value.
    ls [IncludeTabletmp[].files] This command is used if necessary to create HTTP connections.

    Lists files and folders in the specified folder.
    cat [IncludeTabletmp[].files] This command is used if necessary to create HTTP connections.

    Shows the file content.
    Table 34. Oracle E-Business Suite (on UNIX)
    Command Parameter Description
    ls Various options Lists files and folders in the specified folder.
    grep Various options Extracts strings from the output.
    export - Sets variables.
    echo Various options Prints strings in the output.
    sqlplus Various options Creates the connection to the Oracle instance.
    awk Various options Manipulates the output.
    netstat Various options Gets open ports.
    Table 35. Oracle Advanced Queue Queue (on UNIX)
    Command Parameter Description
    netstat Various options Lists open ports.
    ss Various options Lists open ports.
    Table 36. Oracle Concurrent Server (on UNIX)
    Command Parameter Description
    grep Various options (For Unix only) Extracts strings from the output.
    netstat Various options Lists open ports.
    ss Various options Lists open ports.
    awk Various options (For Unix only) Manipulates the output.
    ls Various options (For Unix only) Lists files and folders in the specified folder.
    cat - (For Unix only) Displays the file content in the output.
    find Various options Finds specific strings in files and folders.
    Table 37. Oracle Discoverer Engine (on UNIX)
    Command Parameter Description
    ls Various options Lists files and folders in the specified folder.
    grep Various options Extracts strings from the output.
    cat - Shows the file content.
    Table 38. Oracle Discoverer UI (on UNIX)
    Command Parameter Description
    ls Various options Lists files and folders in the specified folder.
    grep Various options Extracts strings from the output.
    cat - Shows the file content.
    Table 39. Oracle Form UI (on UNIX)
    Command Parameter Description
    grep Various options Extracts strings from the output.
    ls Various options Lists files and folders in the specified folder.
    cat - Shows the file content.
    Table 40. Oracle Fulfillment Server (on UNIX)
    Command Parameter Description
    grep Various options Extracts strings from the output.
    ls Various options Lists files and folders in the specified folder.
    cat - Shows the file content.
    Table 41. Oracle HTTP Server (on UNIX)
    Command Parameter Description
    grep Various options Extracts strings from the output.
    ls Various options Lists files and folders in the specified folder.
    cat - Shows the file content.
    Table 42. Oracle Metric Client (on UNIX)
    Command Parameter Description
    grep Various options Extracts strings from the output.
    ls Various options Lists files and folders in the specified folder.
    cat - Shows the file content.
    Table 43. Oracle OACORE Server (on UNIX)
    Command Parameter Description
    grep Various options Extracts strings from the output.
    ls Various options Lists files and folders in the specified folder.
    cat - Shows the file content.
    Table 44. Oracle OAFM Server (on UNIX)
    Command Parameter Description
    grep Various options Extracts strings from the output.
    ls Various options Lists files and folders in the specified folder.
    cat - Shows the file content.
    Table 45. Oracle Database (on UNIX)
    Command Parameter Description
    grep Various options Extracts strings from the output.
    ls Various options Lists files and folders in the specified folder.
    cat - Shows the file content.
    ps -ef Gets the process information.
    netstat Various options Lists open ports.
    ss Various options Lists open ports.
    Table 46. Oracle iAS Web Module (on UNIX)
    Command Parameter Description
    grep Various options Extracts strings from the output.
    ls Various options (For Unix only) Lists files and folders in the specified folder.
    cat - (For Unix only) Shows the file content.
    netstat Various options Lists open ports.
    ss Various options Lists open ports.
    Table 47. Oracle Process Manager (on UNIX)
    Command Parameter Description
    grep Various options Extracts strings from the output.
    ls Various options Lists files and folders in the specified folder.
    cat - Shows the file content.
    Table 48. Oracle Report Server (on UNIX)
    Command Parameter Description
    grep Various options Extracts strings from the output.
    ls Various options Lists files and folders in the specified folder.
    cat - Shows the file content.
    Table 49. Oracle Tnslsnr Engine (on UNIX)
    Command Parameter Description
    grep Various options Extracts strings from the output.
    ls Various options Lists files and folders in the specified folder.
    cat - Shows the file content.
    Table 50. Oracle WebLogic Module (on UNIX)
    Command Parameter Description
    grep Various options Extracts strings from the output.
    ls Various options Lists files and folders in the specified folder.
    cat - Shows the file content.
    find

    -name

    -type

    		 This command is used only for creating the Web Services connections.

    Finds files and folders for the specific name.
    Table 51. Oracle WebLogic Server (version 10.3) (on UNIX)
    Command Parameter Description
    grep Various options Extracts strings from the output.
    ls Various options Lists files and folders in the specified folder.
    cat - Shows the file content.
    Table 52. Oracle WebLogic On-demand Router Load Balancer (on UNIX)
    Command Parameter Description
    grep Various options Extracts strings from the output.
    ls Various options Lists files and folders in the specified folder.
    cat - Shows the file content.
    Table 53. Oracle Tuxedo (on UNIX)
    Command Parameter Description
    grep Various Extracts strings from the output
    ls Various Lists files and folders on the given folder.
    cat - Displays the file content in the output.
    find -name

    This command is used only to create web service connections.

    Finds files and folders for specific name.
    netstat Various Gets open ports.
    ss Various options Lists open ports.
    ps -ef (For Unix only) Gets process attributes.
    Table 54. Oracle Tuxedo Portal (on UNIX)
    Command Parameter Description
    grep Various Extracts strings from the output
    ls Various Lists files and folders on the given folder.
    cat - Displays the file content in the output.
    Table 55. PostgreSQL Database (on UNIX)
    Command Parameter Description
    ls [IncludeTabletmp[].files] This command is used only to create the HTTP connections.

    Lists files and folders in the specified folder.
    Table 56. Rabbit MQ (on UNIX)
    Command Parameter Description
    ps - ef ps -ef | grep "+$process.parentProcessId+" |egrep -v -e grep -e beam Gets the parent process.
    Table 57. Red Hat Cluster Suite (on Linux)
    Command Parameter Description
    clustat -x Displays the cluster configuration and the status in XML format.
    Table 58. Commands requiring a privileged user for discovering SAP applications: ABAP, SAP Central Services (ASCS), SAP Control Instance, SAP Netweaver Dialog Instance, SAP Evaluated Receipt Settlement (ERS), SAP Java Cluster (SJC), SAP Central Services (SCS) (on UNIX)
    Command Parameter Description
    pargs -e Gets the executable directory.
    ls Various options Lists files and folders in the specified folder.
    ping -c 1 Verifies that the host is answering.
    netstat Various options Lists open ports.
    Isof
    Note:
    Used in some cases as an alternative to netstat.
    		 -Pnl +M -i Shows files and connections associated with the process.
    CVERS - Retrieves the version of installed SAP modules.
    DBCONS - Retrieves the connection strings to SAP DB.
    RFCDES - Retrieves the connection string to systems integrated with SAP.
    sapcontrol -function ABAPGetComponentList Retrieves the sysid for SAP applications and components.
    Table 59. Sun Directory (on Solaris)
    Command Parameter Description
    netstat Various options Lists the open ports.
    Table 60. Sun iPlanet Web Server (on Solaris)
    Command Parameter Description
    ls Various options Lists files and folders in the specified folder.
    netstat Various options Lists the open ports.
    Table 61. Sun JES (on Solaris)
    Command Parameter Description
    ls Various options Lists files and folders in the specified folder.
    grep Various options Extracts strings from the output.
    Table 62. Sybase (on UNIX)
    Command Parameter Description
    ls Various options Lists files and folders in the specified folder.
    Table 63. TIBCO ActiveMatrix Adapter (on UNIX)
    Command Parameter Description
    cat - Shows the file content.
    netstat Various options Lists open ports.
    ss Various options Lists open ports.
    Table 64. TIBCO ActiveMatrix BusinessWorks (on UNIX)
    Command Parameter Description
    hostname - Gets the hostname.
    ls Various options Lists files and folders in the specified folder.
    grep Various options Extracts strings from the output.
    cat - Shows the file content.
    netstat Various options Lists open ports.
    ss Various options Lists open ports.
    Table 65. TIBCO ActiveMatrix BusinessWorks Process (on UNIX)
    Command Parameter Description
    hostname - Gets the hostname.
    ls Various options Lists files and folders in the specified folder.
    grep Various options Extracts strings from the output.
    cat - Shows the file content.
    findstr

    (for Windows)

    		 Various options Extracts strings from the output.
    netstat Various options Lists open ports.
    ss Various options Lists open ports.
    cut Various options Splits the output line.
    Table 66. TIBCO EMS Queue (on UNIX)
    Command Parameter Description
    ls Various options Lists files and folders in the specified folder.
    Table 67. TIBCO Enterprise Message Service (EMS) (on UNIX)
    Command Parameter Description
    ls Various options Lists files and folders in the specified folder.