Zero-Footprint: Non-Root Accounts

IT Asset Management (Cloud)

By default for UNIX-like target devices, the FlexNet Beacon engine collects Zero-footprint inventory by escalating its privileges to act as root on the target device.

It is technically possible to collect inventory as a non-root user (that is, the ndtrack executable will run and produce a .ndi document). However, information that cannot obtained without root or administrative rights includes:

Platform Missing inventory details (non-root users)

Linux

  • BIOS details (dmidecode): serial number, UUID, manufacturer, model, chassis type
  • All hard disk information (from device files).

Solaris

  • MAC addresses of network adapters
  • x86 BIOS details (dmidecode): model, manufacturer
  • SPARC model using OpenPROM interface. It fails over to using the sysinfo SI_PLATFORM value which can be different.

HP-UX

  • SD-UX installation evidence from swlist if access has been locked down with swreg or swacl
  • vPar evidence including VMType, VMName and vPar capacity (vparstatus requires root)
  • Hard disk drive properties including capacity.

Mac OS X

Mac OS X package bundle paths under /Applications or /System/Library that are not accessible by the executing user.

All UNIX-like platforms

  • Collection of inventory for IBM Db2 Database (and optional add-ons) is blocked for non-root accounts
  • Collection of inventory for IBM MQ (previously WebSphere MQ) is blocked for non-root accounts
  • Collection of Oracle inventory is blocked for non-root accounts
  • File evidence from any file system path not accessible by the executing user
  • InstallAnywhere, InstallShield Multiplatform, Oracle Universal Installer evidence under paths not accessible by the executing user.

If this reduced functionality is acceptable for certain inventory targets, you can configure the account for these devices in the Password Manager to prevent elevation of privileges.

IT Asset Management (Cloud)

Current