Common: Child Processes on UNIX-Like Platforms
root
, because elevated privileges are required
to complete several aspects of inventory gathering. - Oracle inventory is disabled
- IBM WebSphere inventory is disabled
- Inventory from IBM Db2 Database and optional add-ons is disabled
- All hard disk information for Linux systems is excluded
- Software inventory from paths not accessible to the executing user is omitted for all systems
- Several further losses occur, as noted in the table of child processes below.
root
include the following:- Commands in safe system paths (not writable by other users) are run as
root
. - Commands found within paths listed in the $PATH environment
variable for the
root
user are run asroot
.Note: This makes it important that, as is normal secure practice, you do not allow any unsecured directories to be included in the $PATH environment variable for theroot
user. - Commands and utilities saved in unsecured directories on the file system are not
run as
root
. These must be run with no more trust that you already provide in your environment. To do this, the tracker uses user impersonation, so that it invokes child processes with the same level of trust and security management that you have already established for the existing account being impersonated. On UNIX-like platforms, the method is to impersonate the user account that is running the service related to the executable in question. For example, the executable lsnrctl normally starts the tnslsnr service. Therefore, when the tracker needs to invoke lsnrctl, it impersonates the user account running the tnslsnr service. Since this account is already running the process in question, it is a trusted account for the path on the target device where inventory is being collected.
date
command is not in the following list because it is not
invoked by the tracker. It is invoked in the Zero-footprint case when the remote
inventory beacon tests to see whether the account (recovered from its Password Manager) can successfully elevate privileges on the target device, in order to
complete the process as described in Zero-Footprint: Normal Operation.Executable | Platform | Path | Notes |
---|---|---|---|
arp |
All |
The following are searched in this order:
|
Command
line:
Purpose: Reports the MAC address of network interface(s). Invoked using: The account running the ndtrack executable
(default: |
db2ilist |
Linux, Solaris, AIX |
Path returned by db2ls |
Command
line:
Purpose: Lists all the database instances running in the context where db2ilist is executed (normally, instances from the same database installation that provides the db2ilist command). Invoked using: The account running the ndtrack executable
(which in this case must be |
db2licm |
Linux, Solaris, AIX |
Path returned by db2ls |
Command
line:
Purpose: Reports inventory of the Db2 product in the successfulPath (including its product identifier) and its optional add-ons, including the available license information. Once the temporary file (filename) has been processed, it is deleted. Invoked using: The account running the ndtrack
executable, which in this case must be |
db2ls |
Linux, Solaris, AIX |
/usr/local/bin |
Command line:
Purpose: Identifies the path to the IBM Db2 Database installation. Invoked using: The account running the ndtrack
executable, which for IBM Db2 inventory must be |
dmidecode |
Linux, Solaris (Intel) |
The following are searched in this order:
|
Command
line:
Purpose: Reports serial number, UUID, manufacturer, model, and chassis type, extracted from the computer's DMI (or SMBIOS) table. Tip: On older versions of Linux where this utility is unavailable, an
equivalent mgsdmidecode supplied with the full FlexNet Inventory Agent may be used instead. (This is also run as
root .)Invoked using: The account running the ndtrack
executable, which in this case must be |
dpkg-query |
Linux |
The following are searched in this order:
|
Command
line:
Purpose: Obtain a formatted list of packages identified in the
dpkg database.
Tip: While the FlexNet Inventory Agent looks for this command on all Linux platforms (and runs it if present), it is
typically only present on Debian/Ubuntu Linux distributions.
Invoked using: The account running the ndtrack executable
(default: |
dspmq |
All |
Path(s) found in the process listing in which IBM MQ was identified. |
Command
line:
Purpose: Reports as installation evidence the name (as
Invoked using: An account determined by the following rules:
|
dspmqver |
All |
Path(s) found in the process listing in which IBM MQ was identified. |
Command
line:
Purpose: Collect the IBM MQ (previously known as WebSphere MQ) version and build information for inclusion in inventory. Invoked using: An account determined by the same rules as described above for dspmq. |
eeprom |
Solaris |
/usr/sbin |
Command line:
Purpose: Examines the contents of NVRAMRC to collect the chassis serial number. Invoked using: The account running the ndtrack executable
(default: |
entstat |
AIX |
$PATH |
Command
line:
Purpose: Reports the device type and MAC address of the network interface(s). Invoked using: The account running the ndtrack executable
(default: |
getconf |
HP-UX |
/usr/bin |
Command line:
Purpose: Reports the type of the central processor in the server, for inclusion in hardware inventory. Invoked using: The account running the ndtrack executable
(default: |
ifconfig |
All |
/usr/sbin or $PATH |
Command lines: On all platforms except
HP-UX:
On
HP-UX:
Purpose: Lists all network interfaces; or reports the configuration of the interface identified as adapter. Invoked using: The account running the ndtrack executable
(default: |
ioscan |
HP-UX |
/usr/sbin |
Command line:
Purpose: Scans the kernel for data about installed hardware and I/O options, for inclusion in the hardware inventory data. Invoked using: The account running the ndtrack executable
(default: |
isainfo |
Solaris |
/usr/bin |
Command line:
Purpose: Determines the system architecture (32-bit or 64-bit) and related kernel information to include in inventory reporting. Invoked using: The account running the ndtrack executable
(default: |
java | All | Path(s) found in the file system scan in which java was identified. |
Command
line:
Purpose: Determines the Java product name, version information, and publisher. |
kctune |
HP-UX |
/usr/sbin |
Command line:
Purpose: Reports whether hyperthreading is enabled on the system. Invoked using: The account running the ndtrack executable
(default: |
lanscan |
HP-UX |
/usr/sbin |
Command line:
Purpose: Collects the name and MAC address of each network adapter. Names are passed to ifconfig (see above). Invoked using: The account running the ndtrack executable
(default: |
lparstat |
Linux/ppc64le |
/usr/sbin |
Command line:
Purpose: Used to query logical partition data on Linux Power machines that use logical partitions. Invoked using: The account running the ndtrack executable
as |
lppchk |
All |
/usr/bin |
Command
line:
Purpose: Performs a check of an installed AIX Invoked using: The account running the ndtrack executable
(default: |
lsbom |
OS X |
/usr/bin |
Command
line:
Purpose: Obtains a listing of files identified within path by the installer's Bill of Materials (binary bom file). Invoked using: The account running the ndtrack executable
(default: |
lscfg |
AIX |
$PATH |
Command
line:
Purpose: Reports details about the video controller information (on AIX) for inclusion in hardware inventory. Invoked using: The account running the ndtrack executable
(default: |
lscpu | Linux/(ppc64le, s390x, aarch64/arm64) | /usr/bin |
Command line:
Purpose: Used to query CPU core data. Invoked using: The account running the ndtrack executable
as |
lsnrctl |
All |
$ORACLE_HOME/bin |
Command line:
Purpose: Invokes the Oracle Listener Control utility against a running listener to gather its network port address and the services (local and remote database instances) to which it provides access. Invoked using: Impersonation of the account running the
tnslsnr service. (Impersonation requires that the
ndtrack executable is running as |
lspci |
Linux |
/sbin |
Command line:
Purpose: Reports details about the video controller information (on Linux) for inclusion in hardware inventory. Invoked using: The account running the ndtrack executable
(default: |
machinfo |
HP-UX |
/usr/contrib/bin |
Command line:
Purpose: Reports information about the machine processor. Invoked using: The account running the ndtrack executable
(default: |
netstat |
All |
$PATH |
Command
line:
Purpose: Collects the default IP gateway address. Invoked using: The account running the ndtrack executable
(default: |
osdbagrp |
All |
$ORACLE_HOME/bin |
Command line:
Purpose: Identify the OS group for which each Oracle database instance has been configured. Used to provide logging information and allow warnings about potential issues running sqlplus. Invoked using: Impersonation of an account from the process list running either a database instance or a listener service from the same installation path as the osdbagrp executable being invoked. |
oslevel |
AIX |
$PATH |
Command
line:
Purpose: Reports the operating system level, determined by examining a known set of Authorized Program Analysis Reports (APARs) supplied with the operating system. Invoked using: The account running the ndtrack executable
(default: |
parstatus and vparstatus |
HP-UX |
/usr/sbin |
Command
line:
Purpose: The parstatus command retrieves information about the nPartitions or hardware within a server, for inclusion in the hardware inventory data. The vparstatus version collects information about virtual partitions and their available resources (effectively, reporting on 'virtual machines'). Invoked using: The account running the ndtrack executable
(default: |
pkg |
Solaris |
/usr/bin |
Command
line:
Purpose: Identify the contents (including actions and attributes) of packages installed on the target device and registered in the Image Packaging System (IPS), specific to Solaris 11. This data is included in software inventory. Invoked using: The account running the ndtrack executable
(default: |
pkginfo |
Solaris |
$PATH |
Command
line:
Purpose: Gathers information about the named software package. Invoked using: The account running the ndtrack executable
(default: |
pkgutil |
OS X |
/usr/sbin |
Command line: To collect details of a package:
To
list the files for a
package:
Purpose: Collects details of packages and the files they contain to include in software inventory. Invoked using: The account running the ndtrack executable
(default: |
ps |
AIX, Solaris |
/bin |
Command line:
Purpose: A fail-over step to identify processes that are required in later
inventory gathering, when these could not be recovered from the Invoked using: The account running the ndtrack executable
(default: |
ps |
HP-UX |
/bin |
Command line:
Further notes: See initial entry for ps above. Note that the ps command is always required on HP-UX. |
ps |
Linux |
/bin |
Command line:
Further notes: See initial entry for ps above. |
ps |
OS X |
/bin |
Command line:
Further notes: See initial entry for ps above. |
rpm |
AIX, Linux |
The following are searched in this order:
|
Command
line:
Purpose: Obtain a formatted list of packages from the Red Hat Package Manager. The multiple paths are mostly required for AIX. Invoked using: The account running the ndtrack executable
(default: |
setboot |
HP-UX |
/usr/sbin |
Command line:
Purpose: Reports whether hyperthreading is available on the system.
Note: For
efficiency, setboot is only used when the
kctune command returns a positive result. (This second call
is not redundant on certain older versions of the OS.)
Invoked using: The account running the ndtrack executable
(default: |
sh | All | /bin |
Command line:
Purpose: Runs the named script that has been delivered within InventorySettings.xml (these scripts may be updated through the Application Recognition Library). These scripts provide specialized inventory-gathering steps for use with Oracle products. They include the Oracle GLAS scripts required for preparing an Oracle audit report. Invoked using: The account running the ndtrack executable
(default: |
sqlplus |
All |
$ORACLE_HOME/bin |
Command line: Variations based on preference settings discussed
below:
Purpose: Perform queries against running Oracle database instances to gather
inventory on the Oracle Database product. (For ways that the tracker identifies
Invoked according to: The following rules:
Note: This approach means that the tracker can collect inventory only
from running database instances. Instances that are discovered, but are not running
at inventory time, are reported in the task status: navigate to the discovered
device properties, select the Status tab, and expand the
Oracle database inventory heading.
|
subscription-manager | Linux | /usr/sbin | Command
line:
Purpose: Get Red Hat subscription information. Invoked using: The account running
the ndtrack executable as |
swlist |
HP-UX |
/usr/sbin |
Command
line:
Purpose: Obtains a listing of software products installed on the local host. Invoked using: The account running the ndtrack executable
(default: |
vxlicrep |
All |
/sbin |
Command line:
Purpose: Creates installation evidence used by the Application Recognition Library to recognize installations of Symantec. Invoked using: The account running the ndtrack executable
(default: |
xl |
Linux |
The following are searched in this order:
|
Command
lines:
Purpose: This Xen management tool reports any guest domains (virtual machines) present on the server. This information assists in correctly reporting device inventory, including the mapping between host devices and virtual devices. Invoked using: The account running the ndtrack executable
(default: |
zoneadm |
Solaris |
/usr/sbin/ |
Command line:
Purpose: Provides the list of zones that are running inside the global zone (and therefore is run only inside the global zone). Inventory includes the name and UUID of each zone. Invoked using: The account running the ndtrack executable
(default: |
zonecfg |
Solaris |
/usr/sbin/ |
Command
line:
Purpose: Provides configuration information about the specified zone, and
specifically its resource management method ( Invoked using: The account running the ndtrack executable
(default: |
IT Asset Management (Cloud)
Current