UNIX and Linux credentials

Discovery and Orchestration explore UNIX and Linux devices by using commands executed over Secure Shell (SSH), so they need SSH credentials.

The user can be any user. Both applications must run commands on UNIX and Linux systems with root privileges. There are two general approaches to accomplishing this:
  • Give root credentials. These are obviously the most powerful credentials, but may not be desirable from a security perspective. If Discovery or Orchestration have the root credentials to any UNIX or Linux system, no further configuration is required.
  • Give other credentials for Discovery or Orchestration, but grant the user in those credentials the right to execute certain commands with root privileges, using sudo. This is a secure way to grant limited privileges. Discovery or Orchestration use sudo on any probe that has the must_sudo parameter set to true (it defaults to false). However, each system must be configured to allow sudo to work. This is done by editing the /etc/sudoers file using the visudo command.

Access Requirements for Non-Root Credentials

If you do not provide Discoverywith root access credentials, you must provide credentials with the following access requirements.
Application File or Directory Access Required
Apache httpd.conf Read
Hbase hbase-site.xml Read
JBoss jboss-service.xml Read
JBoss home directory Read
web.xml Read
MySQL my.cnf Read
NGINX nginx.conf Read
Oracle oratab Read
Associated (s) pfiles Read
Oracle Listener lsnrctl Execute
listener.ora Read
Tomcat catalina.jar Read
server.xml Read
web.xml Read
Unix /etc/*release Read
/etc/bashrc Read
/etc/profile Read
/proc/cpuinfo Read
/proc/vmware/sched/ncpus Read
/var/log/dmesg Read
APD directory Read
WebSphere cell.xml Read
server.xml Read
serverindex.xml Read