Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Background

iQSonar v3 used a “Shell on Shell” approach to SSH scanning. This introduced complications when it came to the complexities and variances introduced by different versions of shells and terminals on different distributions of linux and unix operating systems. The approach effectively emulated what an end user would do on a target machine. The problems came when messages like “You’ve got mail” were printed to the terminal. While a human could simply ignore the text, it introduced many difficulties for iQSonar and often contaminated the results or caused scans to fail.

In iQSonar v4 the decision was made to use ssh channels as opposed to a shell on shell approach. This removed any complications introduced by shells and terminals and allowed the execution and interpretation of commands and raw results independently. While this approach is faster and more accurate, it does however bypass the loading of any shell so any shell profile setup (such as aliases) will be bypassed. This meant that the v3 approach to sudo (creating Aliases) was no longer effective as the alias information was only loaded once the shell was loaded.

In v4, iQSonar has taken control of sudo execution. As opposed to relying on complex target environment configuration to dictate where and when sudo is run, iQSonar v4 allows for central control of sudo execution. Once SUDO is enabled in iQSonar, when scanning a target, iQSonar first checks to see if the command is available to be run with sudo, if the answer is yes, it then executes the command with sudo, if not it executes it directly. There are specific configurations that need to be enabled on the target device with regard to sudo, but provided these configurations are met, iQSonar will scan any target environment using sudo where required

Note

In order for this to work the iQSonar scanning user must be added to the sudoers file and REQUIRETTY directive must be disabled either at a user or system level more details available in the scanning pre-requisites document

 

Step-by-step guide

  1. From the UI navigate to Locations > Connections > SHH
  2. Change commandprefixcode to SUDO
  3. Change usecommandprefix to True

 

The command is:

{set the path};if sudo -l {command}>/dev/null; then sudo {command}; else {command};fi

The precise behaviour might be dependent on the user’s standard shell. ‘if’ is a shell command that can have slightly different behaviors on different shells.

 

 

 

 

 

Info

Filter by label (Content by label)
showLabelsfalse
max5
spacesCSKB
showSpacefalse
sortmodified
reversetrue
typepage
cqllabel = "kb-how-to-article" and type = "page" and space = "CSKB"
labelskb-how-to-article

Page Properties
hiddentrue


Related issues
Jira Legacy
serverJIRA (iquate.atlassian.net)
serverId2df96907-46e3-3301-b062-728a2d6c89be
keyCS-527