Skip to end of banner
Go to start of banner

Auditing Linux without root

Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 2 Next »

As a rule, we prefer the root user or a user with sudo (root) access when auditing a Linux device.

This is not essential though. If you cannot provide root or a sudo enabled user, you will still get a result - you simply will not get all the possible attributes. This is because some commands require root level access to run, even in "read only" mode. For example, "dmidecode". We use that command to retrieve various details about the motherboard, etc.

If your environment does not allow sudo, you should set the configuration item (as at 2.0.10) discovery_linux_use_sudo to 'n' (sans quotes). This is set to 'y' by default. This will run the audit script without attempting to use sudo if you are not root.

 

So what info will you not receive? It is detailed below, by the database table, attribute and required command.

TableAttributes not retrievedRequired Command
systemuuid, serial, form factor.dmidecode
biosserial, version, smversion.dmidecode
processorsocket.dmidecode
memoryall.dmidecode
motherboardall.dmidecode
netstatprogram name where process not owned by current user.netstat
  • No labels