Common: Child Processes on UNIX-Like Platforms

IT Asset Management (Cloud)
The tracker normally runs as root, because elevated privileges are required to complete several aspects of inventory gathering.
Note: If you choose to run the tracker using another account that does not have elevated privileges, you considerably weaken the resulting inventory:
  • Oracle inventory is disabled
  • IBM WebSphere inventory is disabled
  • Inventory from IBM Db2 Database and optional add-ons is disabled
  • All hard disk information for Linux systems is excluded
  • Software inventory from paths not accessible to the executing user is omitted for all systems
  • Several further losses occur, as noted in the table of child processes below.
The implications of running as root include the following:
  • Commands in safe system paths (not writable by other users) are run as root.
  • Commands found within paths listed in the $PATH environment variable for the root user are run as root.
    Note: This makes it important that, as is normal secure practice, you do not allow any unsecured directories to be included in the $PATH environment variable for the root user.
  • Commands and utilities saved in unsecured directories on the file system are not run as root. These must be run with no more trust that you already provide in your environment. To do this, the tracker uses user impersonation, so that it invokes child processes with the same level of trust and security management that you have already established for the existing account being impersonated. On UNIX-like platforms, the method is to impersonate the user account that is running the service related to the executable in question. For example, the executable lsnrctl normally starts the tnslsnr service. Therefore, when the tracker needs to invoke lsnrctl, it impersonates the user account running the tnslsnr service. Since this account is already running the process in question, it is a trusted account for the path on the target device where inventory is being collected.
The table of child processes is organized in alphabetical order of the executables invoked by the tracker. Where the details vary across various UNIX-like platforms, a separate entry exists for each [group of] platform[s] where the command line is distinct.
Tip: The date command is not in the following list because it is not invoked by the tracker. It is invoked in the Zero-footprint case when the remote inventory beacon tests to see whether the account (recovered from its Password Manager) can successfully elevate privileges on the target device, in order to complete the process as described in Zero-Footprint: Normal Operation.
Executable Platform Path Notes
arp

All
The following are searched in this order:
  • $PATH
  • /usr/sbin.
Command line:
/successfulPath/arp IPaddress

Purpose: Reports the MAC address of network interface(s).

Invoked using: The account running the ndtrack executable (default: root).
date All /usr/bin/

or

/bin/
Command line:
date +%Z

Purpose: Reports the alphabetic time zone abbreviation of the device.

Invoked using: The account running the ndtrack executable (default: root).
db2ilist

Linux, Solaris, AIX

Path returned by db2ls
Command line:
/successfulPath/bin/db2ilist

Purpose: Lists all the database instances running in the context where db2ilist is executed (normally, instances from the same database installation that provides the db2ilist command).

Invoked using: The account running the ndtrack executable (which in this case must be root).
db2licm

Linux, Solaris, AIX

Path returned by db2ls
Command line:
/successfulPath/adm/db2licm -l / -g filename

Purpose: Reports inventory of the Db2 product in the successfulPath (including its product identifier) and its optional add-ons, including the available license information. Once the temporary file (filename) has been processed, it is deleted.

Invoked using: The account running the ndtrack executable, which in this case must be root (otherwise inventory collection for IBM Db2 and add-ons is automatically disabled).
db2ls

Linux, Solaris, AIX

 /usr/local/bin
Command line:
/usr/local/bin/db2ls -c

Purpose: Identifies the path to the IBM Db2 Database installation.

Invoked using: The account running the ndtrack executable, which for IBM Db2 inventory must be root (otherwise inventory collection for IBM Db2 and add-ons is automatically disabled).
dladm Solaris /usr/sbin/dladm
Command line:
/usr/sbin/dladm show-link

Purpose: Reports the speed and duplex values for a network interface.

Invoked using: The account running the ndtrack executable (default: root).
dmidecode

Linux, Solaris (Intel)
The following are searched in this order:
  • /usr/sbin

  • /opt/
    managesoft/
    libexec

  • $PATH.
Command line:
/successfulPath/dmidecode

Purpose: Reports serial number, UUID, manufacturer, model, and chassis type, extracted from the computer's DMI (or SMBIOS) table.

Tip: On older versions of Linux where this utility is unavailable, an equivalent mgsdmidecode supplied with the full FlexNet Inventory Agent may be used instead. (This is also run as root.)

Invoked using: The account running the ndtrack executable, which in this case must be root (otherwise the relevant elements are missed from the uploaded inventory, such as the computer model and manufacturer for Solaris x86).
dpkg-query

Linux
The following are searched in this order:
  • /bin
  • /usr/bin
  • /usr/local/bin.
Command line:
/successfulPath/dpkg-query -W --showformat=formatString
Purpose: Obtain a formatted list of packages identified in the dpkg database.
Tip: While the FlexNet Inventory Agent looks for this command on all Linux platforms (and runs it if present), it is typically only present on Debian/Ubuntu Linux distributions.

Invoked using: The account running the ndtrack executable (default: root).
dspmq

All

Path(s) found in the process listing in which IBM MQ was identified.
Command line:
/successfulPath/dspmq -o all

Purpose: Reports as installation evidence the name (as ProductName) and active/inactive state (as EditionName, blank for active) of the queue managers on the system. Used by the Application Recognition Library to recognize IBM MQ (previously known as WebSphere MQ).

Invoked using: An account determined by the following rules:
  • If the queue is active (so that the queue manager process is running), impersonate the user account that is running the queue manager process, and execute dspmq from the path used by the process.
  • When the queue is inactive, execute dspmq as the owner of that executable. The method of discovering the executable depends on the operating system configuration:
    • If chown is enabled for non-root accounts, the dspmq path is identified in the /etc/opt/mqm/mqinst.ini configuration file.
    • When chown is not enabled for non-root accounts, the dspmq path is identified by the first of the following methods to be successful:
      1. Examining /opt/mqm
      2. Looking in the /etc/opt/mqm/mqinst.ini file
      3. Checking results of any file system scan (if run).
dspmqver

All

Path(s) found in the process listing in which IBM MQ was identified.
Command line:
/successfulPath/dspmqver

Purpose: Collect the IBM MQ (previously known as WebSphere MQ) version and build information for inclusion in inventory.

Invoked using: An account determined by the same rules as described above for dspmq.
eeprom

Solaris

 /usr/sbin
Command line:
/usr/sbin/eeprom nvramrc

Purpose: Examines the contents of NVRAMRC to collect the chassis serial number.

Invoked using: The account running the ndtrack executable (default: root). If you use a non-privileged account to run the tracker, the SPARC model information may be incorrect in inventory (for non-privileged accounts, the data collected is the value for sysinfo SI_PLATFORM, which is sometimes inconsistent).
entstat

AIX

$PATH
  • Command line:
    /successfulPath/entstat adapter

    Purpose: Reports the device type and MAC address of the network interface(s).

    Invoked using: The account running the ndtrack executable (default: root).

  • Command line:
    /successfulPath/entstat -d adapter

    Purpose: Reports speed and duplex values for a network interface.

    Invoked using: The account running the ndtrack executable (default: root).
flxecmc Unix /opt/managesoft/libexec/

This is an internal tool that should not be manually run; it should only be executed by the agent.

Purpose: Performs hardware detection used to determine the agent ID.

Invoked using: The account running the ndtrack executable. By default, this account is root; however, if the agent is configured to run in the least privilege operation mode, the account used is flxrasvc.
flxfsscan Unix /opt/managesoft/libexec/

This is an internal tool that should not be manually run; it should only be executed by the agent.

Purpose: Performs file system scanning and file system related operations.

Invoked using: The account running the ndtrack executable. By default, this account is root; however, if the agent is configured to run in the least privilege operation mode, the account used is flxrasvc.
flxoracleinv Unix /opt/managesoft/libexec/

This is an internal tool that should not be manually run; it should only be executed by the agent.

Purpose: Performs Oracle DB querying.

Invoked using: The account running the ndtrack executable. By default, this account is root; however, if the agent is configured to run in the least privilege operation mode, the account used is flxrasvc.
flxping Unix /opt/managesoft/libexec/

This is an internal tool that should not be manually run; it should only be executed by the agent.

Purpose: Performs a ping operation.

Invoked using: The account running the ndtrack executable. By default, this account is root; however, if the agent is configured to run in the least privilege operation mode, the account used is flxrasvc.
flxps Unix /opt/managesoft/libexec/

This is an internal tool that should not be manually run; it should only be executed by the agent.

Purpose: Performs process listing.

Invoked using: The account running the ndtrack executable. By default, this account is root; however, if the agent is configured to run in the least privilege operation mode, the account used is flxrasvc.
flxsysinfo Unix /opt/managesoft/libexec/

This is an internal tool that should not be manually run; it should only be executed by the agent.

Purpose: Performs inventory collection on some system properties.

Invoked using: The account running the ndtrack executable. By default, this account is root; however, if the agent is configured to run in the least privilege operation mode, the account used is flxrasvc.
flxupgrade Unix /opt/managesoft/libexec/

This is an internal tool that should not be manually run; it should only be executed by the agent.

Purpose: Performs the agent upgrade operation.

Invoked using: The account running the ndtrack executable. By default, this account is root; however, if the agent is configured to run in the least privilege operation mode, the account used is flxrasvc.
ifconfig

All

 /usr/sbin or $PATH
Command lines:
/successfulPath/ifconfig -a

Purpose: Lists all network interfaces; or reports the configuration of the interface identified as adapter.

Invoked using: The account running the ndtrack executable (default: root). If running as an account other than root, information is less complete (for example, no MAC addresses for network adapters).
ifconfig macOS /usr/sbin or $PATH
  • Command lines:
    /successfulPath/ifconfig -l

    Purpose: Lists all network interfaces.

    Invoked using: The account running the ndtrack executable (default: root).

  • Command lines:
    /successfulPath/ifconfig adapter

    Purpose: Reports speed and duplex values for a network interface.

    Invoked using: The account running the ndtrack executable (default: root).

isainfo

Solaris

 /usr/bin
Command line:
/usr/bin/isainfo -kv

Purpose: Determines the system architecture (32-bit or 64-bit) and related kernel information to include in inventory reporting.

Invoked using: The account running the ndtrack executable (default: root).
java All Path(s) found in the file system scan in which java was identified.
Command line:
java -version
java -fullversion
java -XshowSettings -version

Purpose: Determines the Java product name, version information, and publisher.

lparstat

Linux/ppc64le

 /usr/sbin
Command line:
/usr/sbin/lparstat -i

Purpose: Used to query logical partition data on Linux Power machines that use logical partitions.

Invoked using: The account running the ndtrack executable as root user.
lppchk

All

/usr/bin
Command line:
/usr/bin/lppchk -c packageName

Purpose: Performs a check of an installed AIX lpp package to ensure it is in a healthy state. Used to validate the package for the installed FlexNet Inventory Agent.

Invoked using: The account running the ndtrack executable (default: root).
lsbom

OS X

/usr/bin
Command line:
/usr/bin/lsbom -p f path

Purpose: Obtains a listing of files identified within path by the installer's Bill of Materials (binary bom file).

Invoked using: The account running the ndtrack executable (default: root).
lscfg

AIX

$PATH
Command line:
/successfulPath/lscfg -p

Purpose: Reports details about the video controller information (on AIX) for inclusion in hardware inventory.

Invoked using: The account running the ndtrack executable (default: root).
lscpu Linux/(ppc64le, s390x, aarch64/arm64) /usr/bin
Command line:
/usr/bin/lscpu

Purpose: Used to query CPU core data.

Invoked using: The account running the ndtrack executable as root user.
lsnrctl

All

$ORACLE_HOME/bin
Command line:
$ORACLE_HOME/bin/lsnrctl

Purpose: Invokes the Oracle Listener Control utility against a running listener to gather its network port address and the services (local and remote database instances) to which it provides access.

Invoked using: Impersonation of the account running the tnslsnr service. (Impersonation requires that the ndtrack executable is running as root, without which Oracle discovery and inventory are disabled.)
lspci

Linux
  • /sbin
  • /usr/sbin/
  • /usr/local/sbin
  • /usr/bin
  • /bin
  • /usr/local/bin
Command line:
/sbin/lspci

Purpose: Reports details about the video controller information and the PCI bus (on Linux) for inclusion in hardware inventory.

Invoked using: The account running the ndtrack executable (default: root).
netstat

All

 $PATH
Command line:
/successfulPath/netstat -nr

Purpose: Collects the default IP gateway address.

Invoked using: The account running the ndtrack executable (default: root).
osdbagrp

All

$ORACLE_HOME/bin
Command line:
$ORACLE_HOME/bin/osdbagrp

Purpose: Identify the OS group for which each Oracle database instance has been configured. Used to provide logging information and allow warnings about potential issues running sqlplus.

Invoked using: Impersonation of an account from the process list running either a database instance or a listener service from the same installation path as the osdbagrp executable being invoked.
oslevel

AIX

$PATH
Command line:
/successfulPath/oslevel -r

Purpose: Reports the operating system level, determined by examining a known set of Authorized Program Analysis Reports (APARs) supplied with the operating system.

Invoked using: The account running the ndtrack executable (default: root).
pkg

Solaris

/usr/bin
Command line:
/usr/bin/pkg contents 
    -H -s pkg.fmri -o pkg.fmri,action.raw 
    -tset -tfile -tlink -thardlink

Purpose: Identify the contents (including actions and attributes) of packages installed on the target device and registered in the Image Packaging System (IPS), specific to Solaris 11. This data is included in software inventory.

Invoked using: The account running the ndtrack executable (default: root).
pkginfo

Solaris

$PATH
Command line:
/successfulPath/pkginfo -l name

Purpose: Gathers information about the named software package.

Invoked using: The account running the ndtrack executable (default: root).
pkgutil

OS X

 /usr/sbin
Command line: To collect details of a package: 
/usr/sbin/pkgutil --pkg-info-plist packageName
To list the files for a package:
/usr/sbin/pkgutil --files packageName

Purpose: Collects details of packages and the files they contain to include in software inventory.

Invoked using: The account running the ndtrack executable (default: root). If an account other than root is used, some OS X bundles under /Applications or /System/Library that are not accessible by the executing user cannot be reported in inventory.
ps

AIX, Solaris

 /bin
Command line:
/bin/ps -e -opid= -oruid= -ocomm=

Purpose: A fail-over step to identify processes that are required in later inventory gathering, when these could not be recovered from the proc file system.

Invoked using: The account running the ndtrack executable (default: root).
ps

Linux

 /bin
Command line:
/bin/ps -e -opid= -oruid= -ocommand=

Further notes: See initial entry for ps above.
ps

OS X

 /bin
Command line:
/bin/ps -ax -o pid,ruid,command

Further notes: See initial entry for ps above.
rpm

AIX, Linux
The following are searched in this order:
  • /bin
  • /usr/bin
  • /usr/local/bin
  • /opt/freeware/bin
  • /opt/sfw/bin
  • /opt/local/bin.
Command line:
/successfulPath/rpm --query --all --queryformat format

Purpose: Obtain a formatted list of packages from the Red Hat Package Manager. The multiple paths are mostly required for AIX.

Invoked using: The account running the ndtrack executable (default: root).
sh All /bin
Command line:
/bin/sh -c script

Purpose: Runs the named script that has been delivered within InventorySettings.xml (these scripts may be updated through the Application Recognition Library). These scripts provide specialized inventory-gathering steps for use with Oracle products. They include the Oracle GLAS scripts required for preparing an Oracle audit report.

Invoked using: The account running the ndtrack executable (default: root).
softwareupdate macOS /sbin or /usr/sbin
Command line:
/successfulPath/softwareupdate --list

Purpose: Reports the list of available security updates.

Invoked using: The account running the ndtrack executable (default: root).
sqlplus

All

 $ORACLE_HOME/bin
Command line: Variations based on preference settings discussed below:
$ORACLE_HOME/bin/sqlplus "/ as sysdba"
$ORACLE_HOME/bin/sqlplus "/ "

Purpose: Perform queries against running Oracle database instances to gather inventory on the Oracle Database product. (For ways that the tracker identifies $ORACLE_HOME, see the topic How Agent-Based Collection of Oracle Inventory Works in the IT Asset Management System Reference PDF.) This Oracle utility is invoked by a script delivered within InventorySettings.xml (described in the entry for sh).

Invoked according to: The following rules:
  • If ndtrack is running as any account other than root, discovery of, and gathering inventory for, Oracle databases are both disabled on the target device.
  • When ndtrack is running as root, settings for the two preferences OracleInventoryAsSysdba and OracleInventoryUser determine the behavior, as follows (or for more detail, see OracleInventoryAsSysdba and OracleInventoryUser).
    1. If OracleInventoryAsSysdba=True (or omitted), the first command line shown above is used (with the parameter "/ as sysdba"). The account used depends on the value of the other preference:
      • If OracleInventoryUser is configured, the command is invoked impersonating that nominated account, with the database connection being made with the SYSDBA privilege (see OracleInventoryUser for requirements).
      • If OracleInventoryUser is not configured (the default), the command is invoked impersonating the account that is running the database instance, with the database connection being made with the SYSDBA privilege.
    2. If OracleInventoryAsSysdba=False, the second command line shown above is used (with the parameter "/ "). The accounts used depend on the value of the other preference:
      • If OracleInventoryUser is configured, the command is invoked impersonating that nominated account, with the database connection being made as the same OracleInventoryUser account (see OracleInventoryUser for requirements).
      • If OracleInventoryUser is not configured, Oracle inventory collection is not supported.
Note: This approach means that the tracker can collect inventory only from running database instances. Instances that are discovered, but are not running at inventory time, are reported in the task status: navigate to the discovered device properties, select the Status tab, and expand the Oracle database inventory heading.
subscription-manager Linux /usr/sbin Command line:
/usr/sbin/subscription-manager list --installed
/usr/sbin/subscription-manager list --consumed
/usr/sbin/subscription-manager list --available

Purpose: Get Red Hat subscription information.

Invoked using: The account running the ndtrack executable as root user.
sysctl macOS /usr/sbin/sysctl
Command line:
/usr/sbin/sysctl net.inet.tcp

Purpose: Reports the system tcpkeepalive value.

Invoked using: The account running the ndtrack executable (default: root).
system_profiler macOS /usr/sbin
Command line:
/usr/sbin/system_profiler SPPCIDataType -json

Purpose: Reports details about the PCI bus for inclusion in hardware inventory.

Invoked using: The account running the ndtrack executable (default: root).
usb-devices Linux /usr/bin
Command line:
/usr/bin/usb-devices

Purpose: Reports details about USB devices for inclusion in hardware inventory.

Invoked using: The account running the ndtrack executable (default: root).
vxlicrep

All

/sbin
Command line:
/sbin/vxlicrep

Purpose: Creates installation evidence used by the Application Recognition Library to recognize installations of Symantec.

Invoked using: The account running the ndtrack executable (default: root).
xl

Linux
The following are searched in this order:
  • /sbin
  • /usr/sbin

  • /usr/local/sbin

  • /bin
  • /usr/bin
  • /usr/local/bin.
Command lines:
/successfulPath/xl info -n
/successfulPath/xl vm-list
/successfulPath/xl list-vm

Purpose: This Xen management tool reports any guest domains (virtual machines) present on the server. This information assists in correctly reporting device inventory, including the mapping between host devices and virtual devices.

Invoked using: The account running the ndtrack executable (default: root).
yum Linux (RHEL) /sbin or /usr/sbin
Command line: 
/successfulPath/yum list-sec --disableexcludes all

Purpose: Reports the list of available security updates.

Invoked using: The account running the ndtrack executable (default: root).
zoneadm

Solaris

/usr/sbin/
Command line:
/usr/sbin/zoneadm list -p

Purpose: Provides the list of zones that are running inside the global zone (and therefore is run only inside the global zone). Inventory includes the name and UUID of each zone.

Invoked using: The account running the ndtrack executable (default: root).
zonecfg

Solaris

/usr/sbin/
Command line:
/usr/sbin/zonecfg 
    -z {zonename} 
    info {dedicated-cpu|capped-cpu|pool}

Purpose: Provides configuration information about the specified zone, and specifically its resource management method (dedicated-cpu, capped-cpu, or resource pool). This command is run only inside the global zone.

Invoked using: The account running the ndtrack executable (default: root).

IT Asset Management (Cloud)

Current