Common: Child Processes on UNIX-Like Platforms

IT Asset Management (Cloud)
The tracker normally runs as root, because elevated privileges are required to complete several aspects of inventory gathering.
Note: If you choose to run the tracker using another account that does not have elevated privileges, you considerably weaken the resulting inventory:
  • Oracle inventory is disabled
  • IBM WebSphere inventory is disabled
  • Inventory from IBM Db2 Database and optional add-ons is disabled
  • All hard disk information for Linux systems is excluded
  • Software inventory from paths not accessible to the executing user is omitted for all systems
  • Several further losses occur, as noted in the table of child processes below.
The implications of running as root include the following:
  • Commands in safe system paths (not writable by other users) are run as root.
  • Commands found within paths listed in the $PATH environment variable for the root user are run as root.
    Note: This makes it important that, as is normal secure practice, you do not allow any unsecured directories to be included in the $PATH environment variable for the root user.
  • Commands and utilities saved in unsecured directories on the file system are not run as root. These must be run with no more trust that you already provide in your environment. To do this, the tracker uses user impersonation, so that it invokes child processes with the same level of trust and security management that you have already established for the existing account being impersonated. On UNIX-like platforms, the method is to impersonate the user account that is running the service related to the executable in question. For example, the executable lsnrctl normally starts the tnslsnr service. Therefore, when the tracker needs to invoke lsnrctl, it impersonates the user account running the tnslsnr service. Since this account is already running the process in question, it is a trusted account for the path on the target device where inventory is being collected.
The table of child processes is organized in alphabetical order of the executables invoked by the tracker. Where the details vary across various UNIX-like platforms, a separate entry exists for each [group of] platform[s] where the command line is distinct.
Tip: The date command is not in the following list because it is not invoked by the tracker. It is invoked in the Zero-footprint case when the remote inventory beacon tests to see whether the account (recovered from its Password Manager) can successfully elevate privileges on the target device, in order to complete the process as described in Zero-Footprint: Normal Operation.
Executable Platform Path Notes
arp

All

The following are searched in this order:
  • $PATH
  • /usr/sbin.
Command line:
/successfulPath/arp IPaddress

Purpose: Reports the MAC address of network interface(s).

Invoked using: The account running the ndtrack executable (default: root).

db2ilist

Linux, Solaris, AIX

Path returned by db2ls

Command line:
/successfulPath/bin/db2ilist

Purpose: Lists all the database instances running in the context where db2ilist is executed (normally, instances from the same database installation that provides the db2ilist command).

Invoked using: The account running the ndtrack executable (which in this case must be root).

db2licm

Linux, Solaris, AIX

Path returned by db2ls

Command line:
/successfulPath/adm/db2licm -l / -g filename

Purpose: Reports inventory of the Db2 product in the successfulPath (including its product identifier) and its optional add-ons, including the available license information. Once the temporary file (filename) has been processed, it is deleted.

Invoked using: The account running the ndtrack executable, which in this case must be root (otherwise inventory collection for IBM Db2 and add-ons is automatically disabled).

db2ls

Linux, Solaris, AIX

/usr/local/bin
Command line:
/usr/local/bin/db2ls -c

Purpose: Identifies the path to the IBM Db2 Database installation.

Invoked using: The account running the ndtrack executable, which for IBM Db2 inventory must be root (otherwise inventory collection for IBM Db2 and add-ons is automatically disabled).

dmidecode

Linux, Solaris (Intel)

The following are searched in this order:
  • /usr/sbin
  • /opt/
    managesoft/
    libexec

  • $PATH.
Command line:
/successfulPath/dmidecode

Purpose: Reports serial number, UUID, manufacturer, model, and chassis type, extracted from the computer's DMI (or SMBIOS) table.

Tip: On older versions of Linux where this utility is unavailable, an equivalent mgsdmidecode supplied with the full FlexNet Inventory Agent may be used instead. (This is also run as root.)

Invoked using: The account running the ndtrack executable, which in this case must be root (otherwise the relevant elements are missed from the uploaded inventory, such as the computer model and manufacturer for Solaris x86).

dpkg-query

Linux

The following are searched in this order:
  • /bin
  • /usr/bin
  • /usr/local/bin.
Command line:
/successfulPath/dpkg-query -W --showformat=formatString
Purpose: Obtain a formatted list of packages identified in the dpkg database.
Tip: While the FlexNet Inventory Agent looks for this command on all Linux platforms (and runs it if present), it is typically only present on Debian/Ubuntu Linux distributions.

Invoked using: The account running the ndtrack executable (default: root).

dspmq

All

Path(s) found in the process listing in which IBM MQ was identified.
Command line:
/successfulPath/dspmq -o all

Purpose: Reports as installation evidence the name (as ProductName) and active/inactive state (as EditionName, blank for active) of the queue managers on the system. Used by the Application Recognition Library to recognize IBM MQ (previously known as WebSphere MQ).

Invoked using: An account determined by the following rules:
  • If the queue is active (so that the queue manager process is running), impersonate the user account that is running the queue manager process, and execute dspmq from the path used by the process.
  • When the queue is inactive, execute dspmq as the owner of that executable. The method of discovering the executable depends on the operating system configuration:
    • If chown is enabled for non-root accounts (for example, on HP-UX), the dspmq path is identified in the /etc/opt/mqm/mqinst.ini configuration file.
    • When chown is not enabled for non-root accounts, the dspmq path is identified by the first of the following methods to be successful:
      1. Examining /opt/mqm
      2. Looking in the /etc/opt/mqm/mqinst.ini file
      3. Checking results of any file system scan (if run).
dspmqver

All

Path(s) found in the process listing in which IBM MQ was identified.
Command line:
/successfulPath/dspmqver

Purpose: Collect the IBM MQ (previously known as WebSphere MQ) version and build information for inclusion in inventory.

Invoked using: An account determined by the same rules as described above for dspmq.

eeprom

Solaris

/usr/sbin
Command line:
/usr/sbin/eeprom nvramrc

Purpose: Examines the contents of NVRAMRC to collect the chassis serial number.

Invoked using: The account running the ndtrack executable (default: root). If you use a non-privileged account to run the tracker, the SPARC model information may be incorrect in inventory (for non-privileged accounts, the data collected is the value for sysinfo SI_PLATFORM, which is sometimes inconsistent).

entstat

AIX

$PATH
Command line:
/successfulPath/entstat adapter

Purpose: Reports the device type and MAC address of the network interface(s).

Invoked using: The account running the ndtrack executable (default: root).

getconf

HP-UX

/usr/bin
Command line:
/usr/bin/getconf CPU_CHIP_TYPE

Purpose: Reports the type of the central processor in the server, for inclusion in hardware inventory.

Invoked using: The account running the ndtrack executable (default: root).

ifconfig

All

/usr/sbin or $PATH
Command lines: On all platforms except HP-UX:
/successfulPath/ifconfig -a
On HP-UX:
/successfulPath/ifconfig adapter

Purpose: Lists all network interfaces; or reports the configuration of the interface identified as adapter.

Invoked using: The account running the ndtrack executable (default: root). If running as an account other than root, information is less complete (for example, no MAC addresses for network adapters).

ioscan

HP-UX

/usr/sbin
Command line:
/usr/sbin/ioscan -k -F -n

Purpose: Scans the kernel for data about installed hardware and I/O options, for inclusion in the hardware inventory data.

Invoked using: The account running the ndtrack executable (default: root).

isainfo

Solaris

/usr/bin
Command line:
/usr/bin/isainfo -kv

Purpose: Determines the system architecture (32-bit or 64-bit) and related kernel information to include in inventory reporting.

Invoked using: The account running the ndtrack executable (default: root).

java All Path(s) found in the file system scan in which java was identified.
Command line:
java -version
java -fullversion
java -XshowSettings -version

Purpose: Determines the Java product name, version information, and publisher.

kctune

HP-UX

/usr/sbin
Command line:
/usr/sbin/kctune lcpu_attr

Purpose: Reports whether hyperthreading is enabled on the system.

Invoked using: The account running the ndtrack executable (default: root).

lanscan

HP-UX

/usr/sbin
Command line:
/usr/sbin/lanscan

Purpose: Collects the name and MAC address of each network adapter. Names are passed to ifconfig (see above).

Invoked using: The account running the ndtrack executable (default: root).

lparstat

Linux/ppc64le

/usr/sbin
Command line:
/usr/sbin/lparstat -i

Purpose: Used to query logical partition data on Linux Power machines that use logical partitions.

Invoked using: The account running the ndtrack executable as root user.

lppchk

All

/usr/bin
Command line:
/usr/bin/lppchk -c packageName

Purpose: Performs a check of an installed AIX lpp package to ensure it is in a healthy state. Used to validate the package for the installed FlexNet Inventory Agent.

Invoked using: The account running the ndtrack executable (default: root).

lsbom

OS X

/usr/bin
Command line:
/usr/bin/lsbom -p f path

Purpose: Obtains a listing of files identified within path by the installer's Bill of Materials (binary bom file).

Invoked using: The account running the ndtrack executable (default: root).

lscfg

AIX

$PATH
Command line:
/successfulPath/lscfg -p

Purpose: Reports details about the video controller information (on AIX) for inclusion in hardware inventory.

Invoked using: The account running the ndtrack executable (default: root).

lscpu Linux/(ppc64le, s390x, aarch64/arm64) /usr/bin
Command line:
/usr/bin/lscpu

Purpose: Used to query CPU core data.

Invoked using: The account running the ndtrack executable as root user.

lsnrctl

All

$ORACLE_HOME/bin
Command line:
$ORACLE_HOME/bin/lsnrctl 

Purpose: Invokes the Oracle Listener Control utility against a running listener to gather its network port address and the services (local and remote database instances) to which it provides access.

Invoked using: Impersonation of the account running the tnslsnr service. (Impersonation requires that the ndtrack executable is running as root, without which Oracle discovery and inventory are disabled.)

lspci

Linux

/sbin
Command line:
/sbin/lspci 

Purpose: Reports details about the video controller information (on Linux) for inclusion in hardware inventory.

Invoked using: The account running the ndtrack executable (default: root).

machinfo

HP-UX

/usr/contrib/bin
Command line:
/usr/contrib/bin/machinfo

Purpose: Reports information about the machine processor.

Invoked using: The account running the ndtrack executable (default: root).

netstat

All

$PATH
Command line:
/successfulPath/netstat -nr

Purpose: Collects the default IP gateway address.

Invoked using: The account running the ndtrack executable (default: root).

osdbagrp

All

$ORACLE_HOME/bin
Command line:
$ORACLE_HOME/bin/osdbagrp 

Purpose: Identify the OS group for which each Oracle database instance has been configured. Used to provide logging information and allow warnings about potential issues running sqlplus.

Invoked using: Impersonation of an account from the process list running either a database instance or a listener service from the same installation path as the osdbagrp executable being invoked.

oslevel

AIX

$PATH
Command line:
/successfulPath/oslevel -r

Purpose: Reports the operating system level, determined by examining a known set of Authorized Program Analysis Reports (APARs) supplied with the operating system.

Invoked using: The account running the ndtrack executable (default: root).

parstatus and vparstatus

HP-UX

/usr/sbin
Command line:
/usr/sbin/parstatus -wM
/usr/sbin/parstatus -CM
/usr/sbin/vparstatus -wM
/usr/sbin/vparstatus -M
/usr/sbin/vparstatus -AM

Purpose: The parstatus command retrieves information about the nPartitions or hardware within a server, for inclusion in the hardware inventory data. The vparstatus version collects information about virtual partitions and their available resources (effectively, reporting on 'virtual machines').

Invoked using: The account running the ndtrack executable (default: root). If a non-root account is used, vparstatus cannot be used, and inventory details including VMType, VMName and vPar capacity are lost.

pkg

Solaris

/usr/bin
Command line:
/usr/bin/pkg contents 
    -H -s pkg.fmri -o pkg.fmri,action.raw 
    -tset -tfile -tlink -thardlink

Purpose: Identify the contents (including actions and attributes) of packages installed on the target device and registered in the Image Packaging System (IPS), specific to Solaris 11. This data is included in software inventory.

Invoked using: The account running the ndtrack executable (default: root).

pkginfo

Solaris

$PATH
Command line:
/successfulPath/pkginfo -l name

Purpose: Gathers information about the named software package.

Invoked using: The account running the ndtrack executable (default: root).

pkgutil

OS X

/usr/sbin
Command line: To collect details of a package:
/usr/sbin/pkgutil --pkg-info-plist packageName
To list the files for a package:
/usr/sbin/pkgutil --files packageName

Purpose: Collects details of packages and the files they contain to include in software inventory.

Invoked using: The account running the ndtrack executable (default: root). If an account other than root is used, some OS X bundles under /Applications or /System/Library that are not accessible by the executing user cannot be reported in inventory.

ps

AIX, Solaris

/bin
Command line:
/bin/ps -e -opid= -oruid= -ocomm=

Purpose: A fail-over step to identify processes that are required in later inventory gathering, when these could not be recovered from the proc file system.

Invoked using: The account running the ndtrack executable (default: root).

ps

HP-UX

/bin
Command line:
/bin/ps -ef -opid= -oruid= -oargs=

Further notes: See initial entry for ps above. Note that the ps command is always required on HP-UX.

ps

Linux

/bin
Command line:
/bin/ps -e -opid= -oruid= -ocommand=

Further notes: See initial entry for ps above.

ps

OS X

/bin
Command line:
/bin/ps -ax -o pid,ruid,command

Further notes: See initial entry for ps above.

rpm

AIX, Linux

The following are searched in this order:
  • /bin
  • /usr/bin
  • /usr/local/bin
  • /opt/freeware/bin
  • /opt/sfw/bin
  • /opt/local/bin.
Command line:
/successfulPath/rpm --query --all --queryformat format

Purpose: Obtain a formatted list of packages from the Red Hat Package Manager. The multiple paths are mostly required for AIX.

Invoked using: The account running the ndtrack executable (default: root).

setboot

HP-UX

/usr/sbin
Command line:
/usr/sbin/setboot
Purpose: Reports whether hyperthreading is available on the system.
Note: For efficiency, setboot is only used when the kctune command returns a positive result. (This second call is not redundant on certain older versions of the OS.)

Invoked using: The account running the ndtrack executable (default: root).

sh All /bin
Command line:
/bin/sh -c script

Purpose: Runs the named script that has been delivered within InventorySettings.xml (these scripts may be updated through the Application Recognition Library). These scripts provide specialized inventory-gathering steps for use with Oracle products. They include the Oracle GLAS scripts required for preparing an Oracle audit report.

Invoked using: The account running the ndtrack executable (default: root).

sqlplus

All

$ORACLE_HOME/bin
Command line: Variations based on preference settings discussed below:
$ORACLE_HOME/bin/sqlplus "/ as sysdba"
$ORACLE_HOME/bin/sqlplus "/ "

Purpose: Perform queries against running Oracle database instances to gather inventory on the Oracle Database product. (For ways that the tracker identifies $ORACLE_HOME, see the topic How Agent-Based Collection of Oracle Inventory Works in the IT Asset Management System Reference PDF.) This Oracle utility is invoked by a script delivered within InventorySettings.xml (described in the entry for sh).

Invoked according to: The following rules:
  • If ndtrack is running as any account other than root, discovery of, and gathering inventory for, Oracle databases are both disabled on the target device.
  • When ndtrack is running as root, settings for the two preferences OracleInventoryAsSysdba and OracleInventoryUser determine the behavior, as follows (or for more detail, see OracleInventoryAsSysdba and OracleInventoryUser).
    1. If OracleInventoryAsSysdba=True (or omitted), the first command line shown above is used (with the parameter "/ as sysdba"). The account used depends on the value of the other preference:
      • If OracleInventoryUser is configured, the command is invoked impersonating that nominated account, with the database connection being made with the SYSDBA privilege (see OracleInventoryUser for requirements).
      • If OracleInventoryUser is not configured (the default), the command is invoked impersonating the account that is running the database instance, with the database connection being made with the SYSDBA privilege.
    2. If OracleInventoryAsSysdba=False, the second command line shown above is used (with the parameter "/ "). The accounts used depend on the value of the other preference:
      • If OracleInventoryUser is configured, the command is invoked impersonating that nominated account, with the database connection being made as the same OracleInventoryUser account (see OracleInventoryUser for requirements).
      • If OracleInventoryUser is not configured, Oracle inventory collection is not supported.
Note: This approach means that the tracker can collect inventory only from running database instances. Instances that are discovered, but are not running at inventory time, are reported in the task status: navigate to the discovered device properties, select the Status tab, and expand the Oracle database inventory heading.
swlist

HP-UX

/usr/sbin
Command line:
/usr/sbin/swlist -v 
    -lproduct -atag -arevision -atitle -ainstall_date 
    -avendor_tag -asize -aarchitecture -ais_patch 
    -lfile -apath -atype

Purpose: Obtains a listing of software products installed on the local host.

Invoked using: The account running the ndtrack executable (default: root). If, instead, you choose to run the tracker using a non-privileged account, installation evidence will be missed where access has been restricted.

vxlicrep

All

/sbin
Command line:
/sbin/vxlicrep

Purpose: Creates installation evidence used by the Application Recognition Library to recognize installations of Symantec.

Invoked using: The account running the ndtrack executable (default: root).

xl

Linux

The following are searched in this order:
  • /sbin
  • /usr/sbin
  • /usr/local/sbin

  • /bin
  • /usr/bin
  • /usr/local/bin.
Command lines:
/successfulPath/xl info -n
/successfulPath/xl vm-list
/successfulPath/xl list-vm

Purpose: This Xen management tool reports any guest domains (virtual machines) present on the server. This information assists in correctly reporting device inventory, including the mapping between host devices and virtual devices.

Invoked using: The account running the ndtrack executable (default: root).

zoneadm

Solaris

/usr/sbin/

Command line:
/usr/sbin/zoneadm list -p

Purpose: Provides the list of zones that are running inside the global zone (and therefore is run only inside the global zone). Inventory includes the name and UUID of each zone.

Invoked using: The account running the ndtrack executable (default: root).

zonecfg

Solaris

/usr/sbin/

Command line:
/usr/sbin/zonecfg 
    -z {zonename} 
    info {dedicated-cpu|capped-cpu|pool}

Purpose: Provides configuration information about the specified zone, and specifically its resource management method (dedicated-cpu, capped-cpu, or resource pool). This command is run only inside the global zone.

Invoked using: The account running the ndtrack executable (default: root).

IT Asset Management (Cloud)

Current