Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 14 Current »


The following query will list all targets that iQSonar was unable to log in to, which we suspect are running Linux or a Unix-type OS


List Unix hosts with Access Denied error
SELECT p.Name as Project
     , TargetName
     , HostnameOrIP
     , SuspectedOrScannedOS
     , Status
     , Reason
FROM [history].[v_DiagnosticsDeviceList] vDDL
  INNER JOIN config.t_Project p ON vDDL.ProjectID = p.ProjectID
WHERE Reason = 'Access Denied'
  -- ==== Change This ==== --
  AND vDDL.ProjectID = 1
  -- --------------------- --
  AND SuspectedOrScannedOS in ( 
		'Unix', 'CentOS', 'Linux', 
		'Debian', 'Fedora', 'RedHat Linux 9', 
		'RedHat Enterprise Linux', 'Oracle Linux Server',
		'SunOS','SUSE Linux Enterprise','Ubuntu'
		)

Not all Unix/Linux hosts are detected on the first pass. To find

List targets and the attempted credentials

The following queries will list the targets and the credentials which failed. These queries work on older versions of iQSonar.


This query works with iQSonar releases up to and including Fu R3.
It will NOT work with iQSonar Gwynn R1 or later due to changes to the history.t_ConnectionHistory table.

The ScanEngine typically logs into Unix/Linux hosts using the SSH protocol (which is usually on port 22).

Login failures using the SSH protocol are indicative of credential problems (wrong login id, wrong password, account without permission to login from given IP Address, and so forth). To find hosts that can not be scanned for non-credential reasons, this query might help instead.

SSH Failures for unscanned hosts
WITH unscanned AS (
	SELECT DISTINCT [HostnameOrIP]
	FROM [history].[v_DiagnosticsDeviceList]
	WHERE Status = 'Unscanned'
  -- === Change this line ==== --
	  AND ProjectID = 1
  -- ========================= --
    AND SuspectedOrScannedOS NOT LIKE '%Window%'  -- explicitly exclude targets we think are running Windows
)
SELECT jobProj.ProjectID
      , p.Name AS Protocol
	  , o.Name AS Outcome
	  , ch.AttemptDate
	  , ch.IPAddress
	  , ch.Port
	  , c.label as Credential
	  , ch.Message
FROM history.t_connectionhistory ch
  INNER JOIN jobs.t_JobLocationProjectIPRange AS jobProj ON jobProj.JobID = ch.JobID
  INNER JOIN config.t_Protocol p ON ch.ProtocolID = p.ProtocolID
  INNER JOIN config.t_Outcome o ON o.OutcomeID = ch.OutcomeID
  INNER JOIN config.t_Credential c ON c.CredentialID = CH.CredentialID
WHERE ch.ProtocolID =2
  AND ch.OutcomeID = 3 
  AND ch.IPAddress IN (SELECT HostnameOrIP FROM unscanned)
-- === Change this line ==== --
   AND jobProj.ProjectID = 1
-- ========================= --
ORDER BY AttemptDate DESC
  • No labels