Your SlideShare is downloading. ×
0
Addmi 15-discovery scripts
Addmi 15-discovery scripts
Addmi 15-discovery scripts
Addmi 15-discovery scripts
Addmi 15-discovery scripts
Addmi 15-discovery scripts
Addmi 15-discovery scripts
Addmi 15-discovery scripts
Addmi 15-discovery scripts
Addmi 15-discovery scripts
Addmi 15-discovery scripts
Addmi 15-discovery scripts
Addmi 15-discovery scripts
Addmi 15-discovery scripts
Addmi 15-discovery scripts
Addmi 15-discovery scripts
Addmi 15-discovery scripts
Addmi 15-discovery scripts
Addmi 15-discovery scripts
Addmi 15-discovery scripts
Addmi 15-discovery scripts
Addmi 15-discovery scripts
Addmi 15-discovery scripts
Addmi 15-discovery scripts
Addmi 15-discovery scripts
Addmi 15-discovery scripts
Addmi 15-discovery scripts
Addmi 15-discovery scripts
Addmi 15-discovery scripts
Addmi 15-discovery scripts
Addmi 15-discovery scripts
Addmi 15-discovery scripts
Addmi 15-discovery scripts
Addmi 15-discovery scripts
Addmi 15-discovery scripts
Upcoming SlideShare
Loading in...5
×

Thanks for flagging this SlideShare!

Oops! An error has occurred.

×
Saving this for later? Get the SlideShare app to save on your phone or tablet. Read anywhere, anytime – even offline.
Text the download link to your phone
Standard text messaging rates apply

Addmi 15-discovery scripts

462

Published on

0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total Views
462
On Slideshare
0
From Embeds
0
Number of Embeds
0
Actions
Shares
0
Downloads
31
Comments
0
Likes
0
Embeds 0
No embeds

Report content
Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
No notes for slide
  • Note that Discovery treats all the linux distributions as one Platform.
  • For instance the same Script can run on SSH as Telnet as it makes no difference. But a completely different Script needs to run on WMI compared to SNMP as the commands are very different.
  • For all the Linux distributions there is a SINGLE set of scripts (under the Linux platform) and for the minor differences between distributions the script itself can run alternative commands as there is a rich control set in shell scripting. For SNMP access there is a fixed set of SNMP queries against standard MIBs that will get a basic set of infrastructure information. SNMP will be used against any device that appears to have an SNMP port open, but it will be used last as it is the most limited. There are some platforms where the only supported access is via SNMP. Of these some will form Host nodes and have full discovery and some will simply be identified. This area of out of the box discovery is fixed and is not end user editable.
  • For SNMP access there is a fixed set of SNMP queries against standard MIBs that will get a basic set of infrastructure information. SNMP will be used against any device that appears to have an SNMP port open, but it will be used last as it is the most limited. There are some platforms where the only supported access is via SNMP. Of these some will form Host nodes and have full discovery and some will simply be identified. This area of out of the box discovery is fixed and is not end user editable.
  • The Windows Slave is a Discovery Proxy Service that runs on a Windows host external to Tideway Foundation. This is for 2 core reasons High quality Windows Access is via proprietary protocols (mostly WMI) and needs to be done from a Windows system For Windows protocols to authenticate successfully they need to be connected to a To install and manage Windows Slaves see the separate module.
  • Neither approach is better or worse; this is not some which Platform is better flamewar! But the discovery scripts have evolved in different ways on the two major collections of platforms and so while they have similarities there are differences.
  • This is why the UNIX Scripts are required to be editable whereas the Windows Scripts are fixed.
  • Important: getDeviceinfo, getHostinfo, and getInterfaceList must all success in order to infer a host
  • Some, but not all, scripts have notes attached. Usually where elevated privilege is required in the script there will be short notes explaining this. Elevated privilege will be discussed shortly but note that commands that require it are highlighted in red and prefixed with a PRIV_<NAME> function. To edit the script click on the edit button. A useful tip is that if you want to review *all* the scripts from a platform, maybe you have to send them around for authorisation review, then you can click on the “Download host script” link at the top of the page. This will merge all the scripts into one. This is also useful if you want to try how the scripts behave on Hosts that you are not yt allowed to scan directly.
  • The out of the box scripts are designed to degrade gracefully if root privilege is not available and will still return as much data as they can.
  • Remember that this script will be run *every* time a session is established for this platform. It has to work on *every* machine in your environment. You should have a sound knowlegde of your local UNIX environment or enlist the support of those that do.
  • As the same script is used for every host on this platform you may find that you need to test a number of paths, and maybe even different tools, to find which one is installed on a praticular host and it’s path. It’s best to do this by writing a small search before the PRIV_ commands and setting the command and path to a shell variable. This means this is done just once rather than in every function which is more efficient and easier to maintain.
  • For ease of display the WMI queries are summarised on their own page – “WMI Support” “ Shell Scripts” are used by discovery in the rare case that the Windows host supports unix shell sessions and is rarely used.
  • Some important differences to the UNIX Scripts getDeviceInfo AND getHostInfo will both be handled by scripts in the getHostInfo Method and will only be run once Many more Scripts per Method than UNIX to the create variety of Access types and the lack of a common scripting shell between them The Scripts are fixed – you cannot edit them or disable them. This is because the configuration is held local to the slave and this area of the UI is simply a summary of the standard slave configuration. WMI Query Scripts are attempted first for most Methods but not some important Methods, notably getNetworkConnectionList, have no information in WMI and have to use other Scripts
  • Note that it is not possible to reorder the Scripts used by a Method, in Windows or UNIX platforms. They are in a fixed order ranked according to the quality of data provided.
  • Wikipedia says: Windows Management Instrumentation ( WMI ) is a set of extensions to the Windows Driver Model that provides an operating system interface through which instrumented components provide information and notification. WMI is Microsoft's implementation of the Web-Based Enterprise Management (WBEM) and Common Information Model (CIM) standards from the Distributed Management Task Force (DMTF).
  • The important detail here is that the first query in the getHostInfo WMI Script must succeed. If it does not then the slave executing the query will take this as an indication that it does not have access to WMI and will use other Scripts and Access types for the rest of the session. In general any query that fails will cause the method to fail for WMI and the slave will use other scripts, the only exception being queries marked as “Option, This query may fail” which are used for additional information or potentially will only work on newer versions of Windows.
  • Optionally you may wish to complete the labs that have been prepared to accompany this module. Please download the lab zip file that should be available where you accessed this module. Make sure you have access to a running appliance before attempting the labs. It is best to use the training demo VA provided as it is set up to work with the labs. You may need to review tutorial material in order to work out the solutions.
  • RemCom is used as the PsTools toolset is no longer maintained reliably, in particular v1.94 of psexec must never be installed as it will consistently cause the slave to fail. Additionally our license agreement to distribute PsTools was made with Sysinternals prior to the merger with Microsoft; Microsoft have honoured the original agreement to distribute to XP/2003 hosts but have declined to extend this to Vista/2008 hosts. RemCom, as an open source tool, does not suffer from these restrictions. RCMD is included for discovery of older systems and relies on the RCMDSRV.EXE to be running. Frequently it is not in most environments. RCMD is no longer distributed with the slave so customers will need to download and install the appropriate Windows Resource Kit for the OS that the slave is running on, and copy the files into the slave installation directory. Other tools that are no longer distributed are srvinfo, pulist and tlist. These tools are also in the Windows Resource Kit and can be downloaded if needed. From Sourceforge: RemCom is RAT [Remote Administration Tool] that lets you execute processes on remote windows systems, copy files, process there output and stream it back. It allows execution of remote shell commands directly with full interactive console.
  • Transcript

    • 1. Discovery Scripts What Atrium Discovery Will Ask A Host
    • 2. Discovery Scripts: Outline
      • Platforms
        • Methods and scripts
        • Commands
      • The difference between access types
      • Unix discovery scripts
      • Windows discovery scripts
        • Slave scripts
        • WMI scripts
    • 3. Discovery Scripts: Platform
      • Discovery subdivides IP Devices into categories called Platforms that behave in similar ways
        • Generally a Platform is equivalent to the Operating System
    • 4. Discovery Scripts: Methods
      • Discovery has a number standard Methods , each of which will try and determine one set of related information from the device
      getDeviceInfo Get basic device properties: os, name, device type, … getHostInfo Get Host properties: kernel, serial, cpu, ram, … getInterfaceList Get list of interfaces getProcessList Get list of processes
    • 5.
      • For each Platform and each Method Discovery has at least one Script
        • The Script contains the knowledge of how to gather the information needed by that Method on that Platform
      Discovery Scripts: Scripts getHostInfo echo 'model:' `uname -i 2>/dev/null` /usr/sbin/prtconf 2>/dev/null | nawk '/^Memory size:/ {print "ram: " $3 "MB"}' SELECT Name, Manufacturer, Model, Domain FROM Win32_ComputerSystem getHostInfo
    • 6. Discovery Scripts: Access
      • For each Platform there may be a number of different Access types that can be used
        • Sometimes a Script needs to use a particular Access type
      SNMP SSH TELNET WMI RCMD SNMP
    • 7. Discovery Scripts: Multiple Scripts
      • A Method can have more than one Script if there are ways of getting the information from different commands
        • Each script is run in the order defined until one returns data
      SELECT Name, Manufacturer, Model, Domain FROM Win32_ComputerSystem getHostInfo SYSTEMINFO /fo csv /nh WMI RCMD
    • 8. Platforms in the Atrium Discovery UI
      • Administration > Discovery Platforms
    • 9. Platforms in the Atrium Discovery UI
    • 10. Discovery Methods in the UI
      • Red * indicates methods that MUST succeed in order to infer a Host
    • 11. Differences between UNIX, Windows and SNMP
    • 12. SNMP Discovery
      • SNMP has a fixed set of scripts against standard MIBs
    • 13. Windows vs UNIX Access
      • Atrium Discovery is a Linux based appliance
      • Unix Platforms can be accessed directly by the appliance
      • Windows Platforms access must be proxied by the Windows Slave
      ADDM Appliance ADDM Appliance Target Host Target Host Slave Host
    • 14. Why the Windows Slave Is Needed
      • This is for 2 core reasons
        • High quality Windows Access is via native protocols (mostly WMI) and needs to be done from a Windows system
        • For Windows protocols to authenticate successfully they need to be connected to a domain or workgroup
      • By running on a customer provided Windows Host software updates, anti-virus software, credentials management can all be managed by customer
        • High level credentials like Domain and Enterprise Admin do not need to be entered into the credential vault
    • 15. Windows and UNIX Differences (1)
      • UNIX has shell scripting that allows scripts to test and adapt
      • Windows has a published fine grain management interface, but not all information is available
      • UNIX Discovery Methods tend to be served by a large single script and a single access type
      • Windows Discovery Methods tend to be served by several scripts and different access types
    • 16. Windows and UNIX Differences (2)
      • UNIX credentials tend to have authorities set local to the host via sudo, suexec, etc
      • Windows credentials tend to have authorities set centrally by the domain
      • UNIX Discovery scripts can need additional commissioning to get the best quality data
      • Windows Discovery scripts work out of the box so long as domain admin credentials used
    • 17. Unix Discovery Scripts
    • 18. UNIX Discovery Scripts in the UI (1)
      • Click on the Platform link to see the Scripts
    • 19. UNIX Discovery Scripts in the UI (2)
      • Red * indicates methods that MUST succeed in order to infer a host
      • Red bar indicates methods that have been modified
      • Yellow star indicates scripts that need elevated privileges in order to succeed
    • 20. Viewing the UNIX Discovery Scripts
      • Click on the script name to expand inline
      Script Notes Elevated privilege required
    • 21.
      • Use the UI to edit
        • Or download edit, test and upload
      • Disable a Script entirely
      • Reset to the default
      • Differences shown in red
      UNIX Discovery Scripts Actions
    • 22. Why You Need Privilege Elevation
      • Primarily because most commands on UNIX that can read configuration can also alter the configuration so are restricted to root
      • You could enter the root credential into Atrium Discovery
        • General reluctance to do this
      • You can configure the existing privilege elevation system to run certain commands with root privilege
        • This is usually sudo
        • This configuration will need rolling out
    • 23. Unix Discovery Scripts Privileged Commands
      • There are a number of privilege elevation systems and a number of ways of configuring them so the scripts need commissioning
        • There is an additional Initialise Method and Script on the UNIX platforms
        • This is run at the start of every session so functions and shell variables set in this Script are available in others
    • 24. Editing the Init Script
      • Only consider editing the init script if
        • You are advised by Support
        • You have knowledge of the particular OS commands
        • You have shell scripting experience
        • You test carefully: mistakes can have greatly impact on data quality and discovery times
      • Do not alter the script above the PRIV_ functions
       
    • 25. PRIV_ functions
      • You will need to add the path to the command
        • Always make sure you have the “$@”
    • 26. Windows Discovery Scripts
    • 27. Windows Discovery Scripts in the UI (1)
      • Click on the Slave Scripts link to see the Scripts
    • 28. Windows Discovery Scripts in the UI (2)
      • Red * indicates methods that MUST succeed in order to infer a host
    • 29. Windows Discovery Scripts Ordering
        • Discovery Scripts are run in the order shown in the UI
        • If the first Script in the Method (here WMI) fails to return valid data then the second Script in the list is used
        • The primary Windows Discovery Method is WMI Queries, click through for details:
      Order
    • 30. Windows Management Instrumentation
      • WMI is the primary and preferred access
      • Microsoft standard for accessing management information over the network
        • Can be used to retrieve configuration details about most aspects of a Windows system
      • Classes with attributes are defined, with an SQL-like query language
        • Example query:
          • Select Name, Manufacturer, Domain, Model, Workgroup from Win32_ComputerSystem
    • 31. Windows WMI Discovery Scripts
      • Administration > Discovery Platforms > Windows Discovery > WMI Support
    • 32. Discovery Scripts Exercises
    • 33. Other Windows Access Types (1)
      • RemCom
        • Preferred method after WMI
        • Installed on slave with the Slave software
      • PsTools
        • Microsoft owned remote admin tools, originally Sysinternals
        • Includes pslist, psinfo, psexec, etc
      • RCMD (Older Windows Resource Kit Utility)
        • No longer distributed with the slave
          • Customers will need to download and install the appropriate Windows Resource Kit for the OS that the slave is running on, and copy the files into the slave installation directory
      • All these access types run commands native to the remote Windows Host
        • hostname, systeminfo, ipconfig, netstat, …
    • 34. Other Windows Access Types (2)
      • Some commands are capable of remote access as part of their design
      • These are a “local command” access type
        • Will be run on the slave host to access the target host
      • Microsoft – usually natively available
        • SYSTEMINFO
        • TASKLIST
      • PsTools – only if installed on the slave host
        • PSINFO
        • PSLIST
    • 35.
      • Online Documentation:
        • http://www.tideway.com/confluence/display/81/Discovery
      Further Resources Tideway Foundation Version 7.2 Documentation Title

    ×