Enabling Permissions for Linux or UNIX Patch Scans
Non-root user accounts must have the permissions to run the commands that JSA Vulnerability Manager requires to scan for patches on Linux and UNIX computers.
Do the following tasks to verify that the user account that you use for scanning has the relevant permissions for Linux or UNIX patch scanning:
- SSH to the asset.
- Run the following
unamecommands:uname -m uname -n uname -s uname -r uname -v uname -p uname -a
- Depending on your operating system, run the following
commands:
Table 1: Commands to Run on Your Operating System
Operating System
Commands
Linux
The following files contain the relevant content for your distribution:
/etc/redhat-release
/etc/SuSE-release
/etc/debian-version
/etc/slackware-version
/etc/mandrake-version
/etc/gentoo-version
For example, on Red Hat Enterprise Linux, use the commands:
ls /etc/redhat-release cat/etc/redhat-release rpm -qa --qf '%{NAME}--% {VERSION}---%{RELEASE}\|%{EPOCH}--% {ARCH}---%{FILENAMES}--% {SIGPGP}---%{SIGGPG}\n' rpm -qa --qf '%{NAME}-% {VERSION}-%{RELEASE}|% {EPOCH}\n'
Solaris
/usr/bin/svcs -a/ usr/bin/pkginfo -x \| awk '{ if ( NR % 2 ) { prev = \$1 } else { print prev\" \"\$0 } }' /usr/bin/showrev -p /usr/sbin/patchadd -p /usr/bin/isainfo -b /usr/bin/isainfo -k /usr/bin/isainfo -n /usr/bin/isainfo -v
HP-UX
/usr/sbin/swlist -l fileset -a revision /usr/sbin/swlist -l patch
AIX
oslevel -r lslpp -Lc
ESX
vmware -vesxupdate query --all . /etc/profile ; /sbin/esxupdate query –all
Tip As a best practice, turn off email notifications for the scan user account because email notification might interfere with the processing of scan results. View your operating system documentation for details about turning off email notifications for user accounts.