Enabling Permissions for Linux or UNIX Patch Scans

Non-root user accounts must have the permissions to run the commands that JSA Vulnerability Manager requires to scan for patches on Linux and UNIX computers.

Do the following tasks to verify that the user account that you use for scanning has the relevant permissions for Linux or UNIX patch scanning:

SSH to the asset.
Run the following uname commands:
uname -m uname -n uname -s uname -r uname -v uname -p uname -a

Depending on your operating system, run the following commands:

Table 1: Commands to Run on Your Operating System
Operating System	Commands
Linux	The following files contain the relevant content for your distribution: /etc/redhat-release /etc/SuSE-release /etc/debian-version /etc/slackware-version /etc/mandrake-version /etc/gentoo-version For example, on Red Hat Enterprise Linux, use the commands: ls /etc/redhat-release cat/etc/redhat-release rpm -qa --qf '%{NAME}--% {VERSION}---%{RELEASE}\\|%{EPOCH}--% {ARCH}---%{FILENAMES}--% {SIGPGP}---%{SIGGPG}\n' rpm -qa --qf '%{NAME}-% {VERSION}-%{RELEASE}\|% {EPOCH}\n'
Solaris	/usr/bin/svcs -a/ usr/bin/pkginfo -x \\| awk '{ if ( NR % 2 ) { prev = \$1 } else { print prev\" \"\$0 } }' /usr/bin/showrev -p /usr/sbin/patchadd -p /usr/bin/isainfo -b /usr/bin/isainfo -k /usr/bin/isainfo -n /usr/bin/isainfo -v
HP-UX	/usr/sbin/swlist -l fileset -a revision /usr/sbin/swlist -l patch
AIX	oslevel -r lslpp -Lc
ESX	vmware -vesxupdate query --all . /etc/profile ; /sbin/esxupdate query –all

Tip:

As a best practice, turn off email notifications for the scan user account because email notification might interfere with the processing of scan results. View your operating system documentation for details about turning off email notifications for user accounts.

Enabling Permissions for Linux or UNIX Patch Scans

Related Documentation