Create a custom SUDOers file
- Former user (Deleted)
The “iQSonar_ScanEngine_Prerequisites_4.0.pdf” document has a long list of commands which are used during the scan process.
The commands used for various Unix versions and Linux distributions are specified between pages 38..43 for Hillary R3. The exact page numbers will vary depending on your version of the product
A “working minimal” sudoers file taken from a customer estate for Generic Linux is
For AIX hosts in the same customer environment the SUDOers file was as follows
#---------------------------------------------------------------------------------------- # IQUATE - Oracle licensing monitor #---------------------------------------------------------------------------------------- User_Alias IQUATE = iquate # IQUATE ALL = (root) NOPASSWD: /usr/bin/ls IQUATE ALL = (root) NOPASSWD: /usr/bin/cat IQUATE ALL = (root) NOPASSWD: /usr/sbin/lsconf IQUATE ALL = (root) NOPASSWD: /usr/sbin/lsattr IQUATE ALL = (root) NOPASSWD: /usr/bin/lslpp IQUATE ALL = (root) NOPASSWD: /usr/sbin/lscfg IQUATE ALL = (root) NOPASSWD: /usr/sbin/lsof IQUATE ALL = (root) NOPASSWD: /usr/bin/lsof IQUATE ALL = (root) NOPASSWD: /usr/sbin/lslv
The following need to be added in for AIX. – They are not always in the same place! Make sure you point to the correct one.
- find*
- tail*,
- grep*,
- lparstat
Depending on what applications you expect to scan, you may need to add application specific commands to this list as well.
Some commands are specific to certain distributions (for example dpkg-query is on Debian derived version of Linux, and rpm is on RedHat derived versions of Linux)
For all the commands and paths specified, you need to ensure they correspond to what is in use in the environment if any end-user customisations have been applied.