SSH Scanner Commands Reference
This document provides a comprehensive reference of all commands used by the NopeSight v3 SSH scanner for Linux/Unix/AIX system discovery and data collection.
Overview
The SSH scanner (ssh_scanner.py) performs comprehensive system discovery on Linux/Unix/AIX systems via SSH connections. It collects system information, hardware details, network configurations, installed software, and active connections to build a complete infrastructure inventory.
Supported Operating Systems
- Linux: Ubuntu, Debian, RHEL, CentOS, Fedora, Oracle Linux, SUSE
- Unix: Various Unix variants
- IBM AIX: Power systems (POWER7, POWER8, POWER9, POWER10)
Permission Requirements Overview
The scanner operates in two modes based on available privileges:
| Mode | User Type | Access Level | Data Collected |
|---|---|---|---|
| Basic Mode | Regular user | Non-privileged | System info, network config, processes, user accounts, installed packages |
| Enhanced Mode | Root or sudo user | Privileged | All basic data + hardware details, BIOS info, disk health, virtualization |
Minimum Required Permissions
For Basic Discovery (Non-Root):
- SSH access with password or key-based authentication
- Read access to
/etc/passwd,/proc/*,/sys/*(Linux) or/etc/*(AIX) - Execute access to standard system commands (
ps,df,netstat/ss,hostname)
For Complete Discovery (Root/Sudo):
- All basic permissions
- Root access via
sudoor direct root login - Execute access to hardware inspection tools (
dmidecode,smartctl,lspcion Linux;lscfg,prtconfon AIX) - Access to virtualization tools (
docker,virsh) if applicable
LINUX COMMANDS
Basic Commands (Non-Root Access)
These commands can be executed with regular user privileges and provide fundamental system information.
Required Permissions: Regular user account with SSH access
Required Roles: No special roles required
File Access: Read access to /proc/*, /sys/*, /etc/*
System Identification
| Command | Purpose | Permissions | Data Collected |
|---|---|---|---|
hostname | Get system hostname | Any user | System hostname |
uname -a | Get kernel and system information | Any user | OS name, kernel version, architecture, build date |
uname -r | Get kernel release version | Any user | Kernel version string |
cat /etc/os-release | Get OS distribution details | Read /etc/os-release | Distribution name, version, codename, ID |
cat /etc/issue | Get OS issue string (fallback) | Read /etc/issue | OS identification string |
Example Output:
hostname
# → server01.example.com
uname -a
# → Linux server01 5.4.0-99-generic #112-Ubuntu SMP x86_64 GNU/Linux
cat /etc/os-release
# → NAME="Ubuntu"
# → VERSION="20.04.3 LTS (Focal Fossa)"
# → ID=ubuntu
Hardware Information
| Command | Purpose | Permissions | Data Collected |
|---|---|---|---|
cat /proc/cpuinfo | Get CPU information | Read /proc/cpuinfo | CPU model, cores, speed, cache, flags |
lscpu | Get detailed CPU architecture | Any user | Architecture, CPU op-modes, byte order, cores |
cat /proc/cpuinfo | grep "model name" | head -1 | Get CPU model name | Read /proc/cpuinfo | CPU model string |
free -h | Get memory usage (human-readable) | Any user | Total, used, free, available memory |
cat /proc/meminfo | Get detailed memory information | Read /proc/meminfo | MemTotal, MemFree, Buffers, Cached, SwapTotal |
df -h | Get disk space (human-readable) | Any user | Filesystem, size, used, available, mount points |
df -k / | tail -1 | awk '{print $2}' | Get root disk size in KB | Any user | Total disk size in kilobytes |
Example Output:
free -h
# → total used free shared buff/cache available
# → Mem: 62Gi 8.2Gi 40Gi 1.2Gi 13Gi 51Gi
df -h
# → Filesystem Size Used Avail Use% Mounted on
# → /dev/sda1 1.0T 450G 550G 45% /
Purpose: Collects hardware specifications including CPU model, core count, total memory, and disk capacity.
System Model Information
| Command | Purpose | Permissions | Data Collected |
|---|---|---|---|
cat /sys/devices/virtual/dmi/id/product_name | Get system product name | Read /sys/devices/virtual/dmi/id/* | Hardware model (e.g., "PowerEdge R740") |
cat /sys/devices/virtual/dmi/id/sys_vendor | Get system manufacturer | Read /sys/devices/virtual/dmi/id/* | Manufacturer (e.g., "Dell Inc.") |
cat /sys/devices/virtual/dmi/id/product_serial | Get system serial number | Read /sys/devices/virtual/dmi/id/* | Serial number |
dmidecode -s system-serial-number | Get serial (fallback) | Root/sudo or read /dev/mem | Serial number |
Example Output:
cat /sys/devices/virtual/dmi/id/product_name
# → PowerEdge R740
cat /sys/devices/virtual/dmi/id/sys_vendor
# → Dell Inc.
Network Configuration
| Command | Purpose | Permissions | Data Collected |
|---|---|---|---|
ip addr show | Get network interface information | Any user | Interface names, IPs, MACs, states |
hostname -I | Get local IP addresses | Any user | All assigned IP addresses |
ip route show default | Get default gateway (modern) | Any user | Default route, gateway IP |
route -n | Get default gateway (legacy) | Any user | Routing table, gateway IP |
ss -tuan | Get network connections (modern) | Any user | TCP/UDP connections, states, ports |
netstat -tuan | Get network connections (legacy) | Any user | TCP/UDP connections, states, ports |
Example Output:
ip addr show
# → 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500
# → inet 192.168.1.100/24 brd 192.168.1.255 scope global eth0
# → inet6 fe80::a00:27ff:fe4e:66a1/64 scope link
ip route show default
# → default via 192.168.1.1 dev eth0 proto static metric 100
route -n
# → Kernel IP routing table
# → Destination Gateway Genmask Flags Metric Ref Use Iface
# → 0.0.0.0 192.168.1.1 0.0.0.0 UG 100 0 0 eth0
ss -tuan
# → Netid State Recv-Q Send-Q Local Address:Port Peer Address:Port
# → tcp ESTAB 0 0 192.168.1.100:22 192.168.1.10:54321
Purpose: Collects network interface configurations, IP addresses, and active network connections.
User Accounts
| Command | Purpose | Permissions | Data Collected |
|---|---|---|---|
cat /etc/passwd | Get user account information | Read /etc/passwd | Usernames, UIDs, GIDs, home directories, shells |
last -5 | Get recent login history | Read /var/log/wtmp | Last 5 user logins with timestamps |
Example Output:
cat /etc/passwd
# → root:x:0:0:root:/root:/bin/bash
# → user1:x:1000:1000:User One:/home/user1:/bin/bash
last -5
# → user1 pts/0 192.168.1.10 Mon Jan 8 14:23 still logged in
Purpose: Lists user accounts and recent login activity for security and compliance analysis.
Process Information
| Command | Purpose | Permissions | Data Collected |
|---|---|---|---|
ps -eo pid,ppid,user,start_time,cmd | Get running processes with details | Any user | PIDs, parent PIDs, users, start times, commands |
readlink -f /proc/$pid/exe | Get process executable path | Read /proc/$pid/exe | Full path to process executable |
Example Output:
ps -eo pid,ppid,user,start_time,cmd
# → PID PPID USER START COMMAND
# → 1 0 root Jan08 /sbin/init
# → 1234 1 www-data 14:23 /usr/sbin/apache2 -k start
readlink -f /proc/1234/exe
# → /usr/sbin/apache2
Purpose: Lists all running processes with their paths, enabling connection-to-process mapping and application inventory.
Software Inventory
| Command | Purpose | Permissions | Data Collected |
|---|---|---|---|
dpkg -l | Get installed packages (Debian/Ubuntu) | Any user | Package names, versions, descriptions |
rpm -qa | Get installed packages (RHEL/CentOS) | Any user | Package names with versions |
Example Output:
dpkg -l
# → ii apache2 2.4.41-4ubuntu3.8 amd64 Apache HTTP Server
rpm -qa
# → httpd-2.4.6-97.el7.centos.x86_64
Purpose: Inventories installed software packages for security, compliance, and license management.
Root-Level Commands (Requires Root/Sudo)
These commands require elevated privileges and provide deeper system information.
Required Permissions: Root access or sudo privileges
Required Roles: root or user in sudo/wheel group
File Access: Full system access including /dev/*, /sys/*, hardware devices
Hardware Details
| Command | Purpose | Permissions | Data Collected |
|---|---|---|---|
dmidecode -t system | Get system hardware information | Root/sudo | Product name, manufacturer, serial, UUID |
dmidecode -t bios | Get BIOS information | Root/sudo | BIOS vendor, version, release date |
dmidecode -t processor | Get processor details | Root/sudo | Processor family, voltage, max speed |
dmidecode -t memory | Get memory module information | Root/sudo | Memory type, speed, size, manufacturer |
Example Output:
sudo dmidecode -t system
# → System Information
# → Manufacturer: Dell Inc.
# → Product Name: PowerEdge R740
# → Serial Number: ABC123XYZ
# → UUID: 4c4c4544-0042-4a10-8043-b7c04f313233
Purpose: Provides detailed hardware specifications including BIOS version, processor details, and physical memory configuration.
Storage Details
| Command | Purpose | Permissions | Data Collected |
|---|---|---|---|
fdisk -l | Get disk partition information | Root/sudo | Disk devices, partitions, sizes, types |
lsblk -d -o name -n | List block devices | Any user | Block device names |
smartctl -a /dev/$device | Get disk SMART health data | Root/sudo | Disk health, temperature, errors, hours |
Example Output:
sudo fdisk -l
# → Disk /dev/sda: 1000 GB
# → /dev/sda1 * 2048 2099199 2097152 1G 83 Linux
sudo smartctl -a /dev/sda
# → Model Family: Seagate Barracuda
# → Device Model: ST1000DM003-1SB102
# → SMART Health Status: PASSED
Purpose: Shows disk partitions, SMART health data, and storage device details for capacity planning and failure prediction.
Advanced Network and System Information
| Command | Purpose | Permissions | Data Collected |
|---|---|---|---|
lspci -v | Get PCI device information | Any user (root for full details) | PCI devices, drivers, capabilities |
lsof -i -n -P | Get detailed network connections | Root/sudo | Connections with file descriptors, full process info |
ss -tupan | Get connections with process IDs | Root/sudo | Connections with PIDs and program names |
ip -o -4 addr show | awk '{print $2, $4}' | Get interface IPs | Any user | Interface names with IP/netmask |
Example Output:
sudo lsof -i -n -P
# → COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME
# → sshd 1234 root 3u IPv4 12345 0t0 TCP 192.168.1.100:22->192.168.1.10:54321 (ESTABLISHED)
Virtualization Detection
| Command | Purpose | Permissions | Data Collected |
|---|---|---|---|
docker info | Get Docker information | Root/sudo or docker group | Docker version, containers, images, storage |
virsh list --all | Get virtualization information | Root/sudo | Virtual machines, states, IDs |
Example Output:
sudo docker info
# → Server Version: 20.10.12
# → Containers: 5
# → Images: 12
sudo virsh list --all
# → Id Name State
# → 1 vm-web01 running
Purpose: Detects containerization and virtualization platforms for infrastructure mapping.
Special Detection Commands
Oracle Database Detection
| Command | Purpose | Permissions | Data Collected |
|---|---|---|---|
which sqlplus | Check if Oracle client installed | Any user | Path to sqlplus binary |
$ORACLE_HOME/bin/sqlplus -V | Get Oracle version | Oracle user or environment | Oracle version string |
cat /etc/oratab | Get Oracle database instances | Read /etc/oratab | Oracle SIDs, homes, startup flags |
Example Output:
which sqlplus
# → /u01/app/oracle/product/19.3.0/dbhome_1/bin/sqlplus
cat /etc/oratab
# → ORCL:/u01/app/oracle/product/19.3.0/dbhome_1:Y
Purpose: Detects Oracle database installations and configurations for database inventory and license management.
AIX COMMANDS
Basic Commands (Non-Root Access)
These commands can be executed with regular user privileges on IBM AIX systems.
Required Permissions: Regular user account with SSH access
Required Roles: No special roles required
File Access: Read access to /etc/*, /proc/* (if available)
System Identification
| Command | Purpose | Permissions | Data Collected |
|---|---|---|---|
hostname | Get system hostname | Any user | System hostname |
uname -a | Get kernel and system information | Any user | AIX version, node name, machine ID |
oslevel -s | Get AIX service pack level | Any user | Exact AIX version (e.g., 7200-05-03-2148) |
oslevel | Get base AIX version | Any user | Base OS level (e.g., 7.2.5.0) |
uname -M | Get hardware model | Any user | System model (e.g., IBM,9119-MHE) |
uname -u | Get system serial number | Any user | System unique ID/serial |
Example Output:
hostname
# → aix-prod01
uname -a
# → AIX aix-prod01 3 7 00F9C1354C00
oslevel -s
# → 7200-05-03-2148
uname -M
# → IBM,9119-MHE
Purpose: Identifies AIX system name, version, service pack level, and hardware platform.
Hardware Information
| Command | Purpose | Permissions | Data Collected |
|---|---|---|---|
lsdev -Cc processor | List processors | Any user | Processor device names, states |
lsattr -El proc0 -a type -a smt_threads | Get CPU details | Any user | Processor type (POWER9, etc.), SMT threads |
svmon -G | Get memory usage summary | Any user | Memory in pages, used, free |
lsattr -El sys0 -a realmem | Get total physical memory | Any user | Real memory in KB |
df -g | Get disk space in GB | Any user | Filesystems, sizes in GB |
df -k / | tail -1 | awk '{print $2}' | Get root disk size in KB | Any user | Total root filesystem size |
Example Output:
lsdev -Cc processor
# → proc0 Available 00-00 Processor
# → proc1 Available 00-01 Processor
# → proc2 Available 00-02 Processor
# → proc3 Available 00-03 Processor
lsattr -El proc0 -a type
# → type PowerPC_POWER9 Processor type False
lsattr -El sys0 -a realmem
# → realmem 16777216 Amount of usable physical memory in Kbytes False
df -g
# → Filesystem GB blocks Free %Used Iused %Iused Mounted on
# → /dev/hd4 2.00 1.56 22% 1234 5% /
Purpose: Collects AIX hardware specifications including Power processor details, memory, and disk capacity.
Network Configuration
| Command | Purpose | Permissions | Data Collected |
|---|---|---|---|
ifconfig -a | Get network interface information | Any user | Interface names, IPs, netmasks, states |
ifconfig -a | grep "inet " | awk '{print $2}' | Get local IP addresses | Any user | All IPv4 addresses |
netstat -rn | Get routing table / default gateway | Any user | Routes, gateway IPs, flags |
netstat -an | Get network connections | Any user | TCP/UDP connections, states, addresses |
Example Output:
ifconfig -a
# → en0: flags=1e080863,480<UP,BROADCAST,NOTRAILERS,RUNNING,SIMPLEX,MULTICAST>
# → inet 192.168.1.100 netmask 0xffffff00 broadcast 192.168.1.255
netstat -rn
# → Routing tables
# → Destination Gateway Flags Refs Use If Exp Groups
# → default 192.168.1.1 UGSc 0 0 en0 - -
# → 192.168.1.0/24 link#2 UCSc 1 0 en0 - -
netstat -an
# → Active Internet connections (including servers)
# → Proto Recv-Q Send-Q Local Address Foreign Address (state)
# → tcp4 0 0 192.168.1.100.22 192.168.1.10.54321 ESTABLISHED
Purpose: Collects AIX network interface configurations, IP addresses, and active connections.
User Accounts
| Command | Purpose | Permissions | Data Collected |
|---|---|---|---|
cat /etc/passwd | Get user account information | Read /etc/passwd | Usernames, UIDs, home directories |
last | head -5 | Get recent login history | Read /var/adm/wtmp | Last 5 user logins |
Purpose: Lists AIX user accounts and recent login activity.
Process Information
| Command | Purpose | Permissions | Data Collected |
|---|---|---|---|
ps -ef | Get running processes | Any user | PIDs, PPIDs, users, start times, commands |
procfiles -n $pid | Get process files (if available) | Any user | Open files for process |
readlink -f /proc/$pid/object/a.out | Get process executable path | Read /proc/$pid/* | Full path to executable |
Example Output:
ps -ef
# → UID PID PPID C STIME TTY TIME CMD
# → root 1 0 0 Jan 08 - 0:45 /etc/init
# → oracle 1234 1 0 14:23 - 1:23 ora_pmon_ORCL
Purpose: Lists running processes on AIX for application inventory and monitoring.
Software Inventory
| Command | Purpose | Permissions | Data Collected |
|---|---|---|---|
lslpp -Lc | Get installed software filesets | Any user | Fileset names, levels, states, descriptions |
Example Output:
lslpp -Lc
# → #Package Name:Fileset:Level:State:PTF Id:Fix State:Type:Description:Destination Dir
# → bos:bos.rte:7.2.5.0:COMMITTED::COMMITTED:0:Base Operating System Runtime:/
# → xlC:xlC.rte:16.1.0.0:COMMITTED::COMMITTED:0:IBM XL C/C++ Runtime:/usr/lib
Purpose: Inventories installed AIX software packages (filesets) for license and patch management.
Root-Level Commands (Requires Root/Sudo) - AIX
These commands require elevated privileges on AIX systems.
Required Permissions: Root access or sudo privileges
Required Roles: root or authorized sudo user
File Access: Full system access including hardware devices
Hardware Details
| Command | Purpose | Permissions | Data Collected |
|---|---|---|---|
prtconf | Get complete system configuration | Root/sudo | All hardware: CPU, memory, adapters, devices |
lsattr -El proc0 | Get detailed CPU attributes | Root/sudo | CPU type, frequency, cache sizes |
lsdev -Cc memory | List memory devices | Root/sudo | Memory module information |
lspv | List physical volumes | Root/sudo | Disk volumes, VG assignments, sizes |
lsdev -Cc disk | List disk devices | Root/sudo | Disk device names, locations, descriptions |
lsdev -Cc adapter | List adapters (PCI devices) | Root/sudo | Network, storage, and other adapters |
lscfg -vp | Get VPD (Vital Product Data) | Root/sudo | Hardware serial numbers, part numbers, FRUs |
lparstat -i | Get LPAR configuration | Root/sudo (LPAR only) | Partition name, ID, type, entitled capacity |
Example Output:
sudo prtconf
# → System Model: IBM,9119-MHE
# → Machine Serial Number: 12345AB
# → Processor Type: PowerPC_POWER9
# → Processor Implementation Mode: POWER 9
# → Number Of Processors: 4
# → Processor Clock Speed: 3800 MHz
# → CPU Type: 64-bit
# → Kernel Type: 64-bit
# → Memory Size: 16384 MB
sudo lparstat -i
# → Node Name : aix-prod01
# → Partition Name : prod_lpar1
# → Partition Number : 5
# → Type : Shared-SMT-4
# → Mode : Uncapped
# → Entitled Capacity : 2.00
# → Partition Group-ID : 32769
# → Online Virtual CPUs : 4
# → Maximum Virtual CPUs : 8
Purpose: Provides complete AIX hardware configuration including LPAR settings for Power systems.
Storage Details
| Command | Purpose | Permissions | Data Collected |
|---|---|---|---|
lspv | List physical volumes | Root/sudo | PV names, VG names, states |
lsdev -Cc disk | List all disk devices | Root/sudo | Disk names, locations, descriptions |
Example Output:
sudo lspv
# → hdisk0 00f9c13500000000 rootvg active
# → hdisk1 00f9c13500000001 datavg active
Purpose: Shows AIX disk configuration, volume groups, and physical volume assignments.
Advanced Network Information
| Command | Purpose | Permissions | Data Collected |
|---|---|---|---|
lsdev -Cc if | List network interfaces | Root/sudo | Interface device names, descriptions |
netstat -anp | Get connections with PIDs | Root/sudo | Connections with process IDs |
Example Output:
sudo lsdev -Cc if
# → en0 Available 03-00 Standard Ethernet Network Interface
# → lo0 Available Loopback Network Interface
Oracle Database Detection (AIX)
| Command | Purpose | Permissions | Data Collected |
|---|---|---|---|
which sqlplus | Check if Oracle client installed | Any user | Path to sqlplus |
$ORACLE_HOME/bin/sqlplus -V | Get Oracle version | Oracle user | Oracle version |
cat /etc/oratab | Get Oracle instances | Read /etc/oratab | Oracle SIDs and homes |
Purpose: Same as Linux - detects Oracle installations on AIX Power systems.
Data Processing and Formatting
Network Connection Analysis
The scanner processes network connection data from ss, netstat (Linux), or netstat -an (AIX) output:
-
Protocol Detection: Identifies TCP/UDP protocols
-
State Mapping: Maps connection states to Windows-compatible numeric values:
LISTEN→ 2 (LISTENING)ESTAB/ESTABLISHED→ 5 (ESTABLISHED)TIME-WAIT/TIME_WAIT→ 11 (TIME_WAIT)FIN-WAIT-1/FIN_WAIT1→ 8 (FIN_WAIT_1)FIN-WAIT-2/FIN_WAIT2→ 9 (FIN_WAIT_2)CLOSE-WAIT/CLOSE_WAIT→ 7 (CLOSE_WAIT)SYN-SENT/SYN_SENT→ 3 (SYN_SENT)SYN-RECV/SYN_RECV→ 4 (SYN_RECEIVED)CLOSING→ 10 (CLOSING)LAST-ACK/LAST_ACK→ 11 (LAST_ACK)
-
Process Mapping: Links connections to processes using PID information
-
Address Resolution: Handles IPv4 and IPv6 addresses, converts wildcards
Data Collected:
- Local IP address and port
- Remote IP address and port
- Connection state (numeric code)
- Protocol (TCP/UDP)
- Process ID, name, and full executable path
- Is local IP (boolean flag)
Software Inventory Processing
The scanner processes package manager output:
- Linux Debian/Ubuntu: Parses
dpkg -loutput- Package name, version, architecture, description
- Linux Red Hat/CentOS: Parses
rpm -qaoutput- Package name with version string
- AIX: Parses
lslpp -Lccolon-delimited output- Fileset name, level, state, description
Standardization: All converted to consistent format:
{
"name": "package-name",
"version": "1.2.3",
"vendor": "IBM|RedHat|Canonical",
"install_date": "2024-01-01",
"install_location": "/usr/bin",
"description": "Package description"
}
Memory Information Extraction
Linux:
- Primary: Parses
/proc/meminfoforMemTotalin KB - Fallback: Uses
free -houtput with unit conversion (G/M/K to GB) - Calculation: Converts KB → GB (divide by 1024²)
AIX:
- Primary: Uses
lsattr -El sys0 -a realmemfor total memory in KB - Fallback: Parses
svmon -Goutput - Calculation: Same as Linux (KB → GB)
Output: Consistent memory_gb field (floating point number)
CPU Information Processing
Linux:
- Model Name: Extracts from
/proc/cpuinfo"model name" field - Core Count: Counts unique physical processor IDs
- Details: Additional info from
lscpucommand
AIX:
- Model Name: Extracts from
lsattr -El proc0 -a type(e.g., PowerPC_POWER9) - Core Count: Counts processor devices from
lsdev -Cc processor - Fallback: Uses
prtconf"Number Of Processors"
Output: Consistent cpu_model string and processor_count integer
Disk Information Extraction
Both Linux and AIX:
- Parses
df -h(Linux) ordf -g(AIX) output - Sums total disk space across all filesystems
- Handles units: T (terabytes), G (gigabytes), M (megabytes)
- Fallback: Uses
df -k /for root filesystem size
Output: Consistent disk_gb field (floating point number)
Security and Privacy Considerations
Information Sensitivity
The scanner collects potentially sensitive information that should be protected:
Highly Sensitive Data
- User Accounts: Complete list of system users with UIDs and home directories
- Login History: User login times and source IPs
- Network Connections: Active connections revealing application communication patterns
- Process Information: Running applications with full command-line arguments (may contain credentials)
- System Serial Numbers: Hardware identifiers for asset tracking
Moderately Sensitive Data
- Hardware Configuration: System model, CPU, memory specifications
- Installed Software: Complete software inventory (license implications)
- Network Configuration: IP addresses, network topology
- Oracle Configurations: Database homes and SIDs
Low Sensitivity Data
- OS Version: Operating system and kernel versions
- Hostname: System name
- Disk Space: Filesystem usage statistics
Data Protection Requirements
In Transit:
- All data transmitted via encrypted SSH protocol (minimum SSHv2)
- No credentials transmitted in clear text
- Secure key-based authentication recommended
At Rest:
- Credentials stored using Windows DPAPI encryption (agent side)
- Scan results stored in MongoDB with encryption at rest (backend)
- Access controlled via JWT authentication
Access Controls:
- Backend API requires authentication tokens
- Multi-tenant data isolation by department/organization
- Role-based access control (RBAC) for viewing scan results
Compliance Considerations
GDPR/Privacy:
- User account data may constitute personal information
- Login history contains personally identifiable information (PII)
- Ensure proper consent and data processing agreements
SOX/Financial Compliance:
- System inventory required for IT general controls
- Software licensing compliance tracking
- Change management audit trails
HIPAA/Healthcare:
- Healthcare systems require additional data protection
- Audit logging of all access to scan data
- Encryption requirements for data at rest and in transit
PCI-DSS:
- Network segmentation verification
- Security configuration validation
- Regular system inventory for cardholder data environment
Recommended Security Practices
-
Principle of Least Privilege:
- Use non-root accounts when possible
- Only use root/sudo for enhanced discovery when necessary
- Create dedicated service accounts for scanning
-
Credential Management:
- Use SSH key-based authentication instead of passwords
- Rotate credentials regularly (90 days recommended)
- Never store credentials in plain text
-
Access Auditing:
- Log all SSH access attempts
- Monitor for unauthorized scan activities
- Review scan logs regularly
-
Data Retention:
- Define retention policies for scan data (e.g., 90 days)
- Securely delete old scan results
- Archive historical data if required for compliance
-
Network Security:
- Use jump hosts/bastion servers for production systems
- Implement network segmentation
- Restrict SSH access to scanner IP addresses via firewall rules
Output Format
All collected data from both Linux and AIX is formatted into a standardized structure compatible with Windows WMI format for unified backend processing:
{
"status": "success",
"timestamp": "2025-01-10T14:30:00.000Z",
"ip_address": "192.168.1.100",
"hostname": "server01.example.com",
"is_root": false,
"auth_method": "password",
"data": {
"hostname": "server01.example.com",
"operating_system": "Ubuntu 20.04.3 LTS",
"model": "Dell PowerEdge R740",
"manufacturer": "Dell Inc.",
"serial_number": "ABC123XYZ",
"memory_gb": 64.0,
"disk_gb": 1024.0,
"cpu_model": "Intel(R) Xeon(R) Gold 6248 CPU @ 2.50GHz",
"processor_count": 2,
"domain": "",
"users": ["user1", "user2", "admin"],
"network_interfaces": [
{
"name": "eth0",
"interface_name": "eth0",
"interface_description": "",
"interface_type": "physical",
"mac_address": "00:0a:95:9d:68:16",
"connection_name": "eth0",
"speed": 1000,
"ip_addresses": [
{
"ip_address": "192.168.1.100",
"subnet_mask": "24",
"address_family": "IPv4"
}
],
"default_gateway": ["192.168.1.1"],
"dhcp_enabled": false,
"dhcp_server": "",
"dns_servers": []
}
],
"network_connections": [
{
"protocol": "TCP",
"local_address": "192.168.1.100",
"local_port": 22,
"remote_address": "192.168.1.10",
"remote_port": 54321,
"state": 5,
"process_id": 1234,
"process_name": "sshd",
"process_path": "/usr/sbin/sshd",
"is_local_ip": true
}
],
"installed_applications": [
{
"name": "apache2",
"vendor": "Canonical",
"version": "2.4.41-4ubuntu3.8",
"install_date": "",
"install_location": "/usr/sbin",
"description": "Apache HTTP Server"
}
]
}
}
AIX Example Output:
{
"status": "success",
"hostname": "aix-prod01",
"operating_system": "IBM AIX 7200-05-03-2148",
"model": "IBM,9119-MHE",
"manufacturer": "IBM",
"serial_number": "12345AB",
"memory_gb": 16.0,
"disk_gb": 500.0,
"cpu_model": "IBM POWER9",
"processor_count": 4
}
This ensures consistent data structure across Windows (WMI), Linux (SSH), and AIX (SSH) discovery methods for unified CMDB processing.
Command Execution Flow
- Connection Establishment: SSH client connects using stored credentials (password or key-based)
- OS Detection: Executes
uname -sto determine Linux vs AIX - Privilege Detection: Checks if user has root access via
id -u(returns "0" for root) - Basic Collection: Executes non-privileged commands based on OS type
- Enhanced Collection: Executes root commands if privileges available
- Special Detection: Runs Oracle and other service-specific detection
- Data Formatting: Converts raw command output to WMI-compatible JSON structure
- Result Return: Provides structured data to backend for CMDB processing
Timeout Protection: All commands have execution timeouts (default 30 seconds, configurable):
- Standard commands: 30 seconds
- Package inventory: 60 seconds
- Disk health checks: 120 seconds
- Hardware inspection: 30-60 seconds
Error Handling:
- Individual command failures don't stop the scan
- Partial data collection on errors
- Fallback methods for critical information
- Detailed error logging for troubleshooting
Performance Optimization
Performance Mode
Set SSH_PERFORMANCE_MODE=1 to reduce data collection for faster scans:
| Command Category | Standard Mode | Performance Mode |
|---|---|---|
| CPU info | Full /proc/cpuinfo | First 50 lines |
| Process list | All processes | 200 processes max |
| Process paths | 200 top processes | 50 top processes |
| Package inventory | All packages | 500 packages max |
| SMART disk checks | 4 disks | 2 disks |
| lsof connections | 2000 connections | 500 connections |
Environment Variables:
# Enable performance mode
export SSH_PERFORMANCE_MODE=1
# Adjust timeouts
export SSH_COMMAND_TIMEOUT=30
export SSH_MAX_OUTPUT_SIZE=10485760
# Disable expensive operations
export SSH_DISABLE_SMART_INFO=1
export SSH_DISABLE_LSOF=1
export SSH_DISABLE_PROCESS_PATHS=1
Troubleshooting Common Issues
Permission Denied Errors
Symptom: Permission denied when accessing /sys/devices/virtual/dmi/id/*
Solution:
- These files require root access on some systems
- Scanner will fall back to
dmidecodecommands - Ensure root/sudo access for complete hardware inventory
Timeout Errors
Symptom: Commands exceed timeout limits
Solution:
- Enable performance mode:
SSH_PERFORMANCE_MODE=1 - Increase timeout:
SSH_COMMAND_TIMEOUT=60 - Disable slow collectors:
SSH_DISABLE_LSOF=1,SSH_DISABLE_SMART_INFO=1
Missing Commands
Symptom: command not found errors for lsof, smartctl, etc.
Solution:
- Install missing packages (
lsof,smartmontools) - Scanner has fallback methods for most commands
- Root-level commands are optional; basic scan will still succeed
AIX-Specific Issues
Symptom: Process paths not collected on AIX
Solution:
- AIX
/procfilesystem may not be mounted - Ensure
procfsis mounted:mount | grep proc - Mount if needed:
mount -v procfs /proc
Related Documentation
- Network Scanning - Overview of network discovery methods
- Agent Deployment - Installing and configuring discovery agents
- Credential Management - Managing SSH credentials securely
- CMDB Data Model - How scan data populates the CMDB
- Compliance Reporting - Using scan data for compliance
- Troubleshooting - Common issues and solutions