Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?


Enabling Permissions for Linux or UNIX Patch Scans

Non-root user accounts must have the permissions to run the commands that JSA Vulnerability Manager requires to scan for patches on Linux and UNIX computers.

Do the following tasks to verify that the user account that you use for scanning has the relevant permissions for Linux or UNIX patch scanning:

  1. SSH to the asset.
  2. Run the following uname commands:

    uname -m uname -n uname -s uname -r uname -v uname -p uname -a

  3. Depending on your operating system, run the following commands:
    Table 1: Commands to Run on Your Operating System

    Operating System



    The following files contain the relevant content for your distribution:







    For example, on Red Hat Enterprise Linux, use the commands:

    ls /etc/redhat-release cat/etc/redhat-release rpm -qa --qf '%{NAME}--% {VERSION}---%{RELEASE}\|%{EPOCH}--% {ARCH}---%{FILENAMES}--% {SIGPGP}---%{SIGGPG}\n' rpm -qa --qf '%{NAME}-% {VERSION}-%{RELEASE}|% {EPOCH}\n'


    /usr/bin/svcs -a/ usr/bin/pkginfo -x \| awk '{ if ( NR % 2 ) { prev = \$1 } else { print prev\" \"\$0 } }' /usr/bin/showrev -p /usr/sbin/patchadd -p /usr/bin/isainfo -b /usr/bin/isainfo -k /usr/bin/isainfo -n /usr/bin/isainfo -v


    /usr/sbin/swlist -l fileset -a revision /usr/sbin/swlist -l patch


    oslevel -r lslpp -Lc


    vmware -vesxupdate query --all . /etc/profile ; /sbin/esxupdate query –all


    As a best practice, turn off email notifications for the scan user account because email notification might interfere with the processing of scan results. View your operating system documentation for details about turning off email notifications for user accounts.