Axonius - Run Linux SSH Scan
  • 28 Jan 2024
  • 3 Minutes to read
  • Dark
    Light
  • PDF

Axonius - Run Linux SSH Scan

  • Dark
    Light
  • PDF

Article summary

Axonius - Run Linux SSH Scan runs an SSH scan on each of the query results, which are endpoint Linux machines.
The scan retrieves important information about the device, including:

  • Hostname
  • Network Interfaces - including MAC addresses, IP addresses and subnets
  • Operating system, kernel version and distribution
  • A list of installed software
  • Users and admin users
  • Hard drives and file systems
  • Services
  • Listening ports
  • CPUs and RAM
  • Hardware details, including serials
  • and more...

Most of the Linux SSH scan information is also displayed under the various asset aggregated data tables.
For more details, see Device Profile page.

Refer to Connecting Linux SSH Adapter for full information about Linux commands used.

NOTE
The Linux SSH adapter is a 'read only' adapter. The adapter only gathers information about the endpoint Linux machine and does not change it.

It is safe to use the adapter to fetch information from production environments.

For details on the list of used commands and read files, see Connecting Linux SSH Adapter.

See Creating Enforcement Sets to learn more about adding Enforcement Actions to Enforcement Sets.

Note:

General Settings

  • Action name - The name of this Enforcement Action. The system sets a default name. You can change the name.
  • Configure Dynamic Values - Toggle on to enter a Dynamic Value statement. See Creating Enforcement Action Dynamic Value Statements to learn more about Dynamic Value statement syntax.

Required Fields

These fields must be configured to run the Enforcement Set.

  1. User Name (required) - The SSH user name to connect with.
  2. Compute Node - The Axonius node to use when connecting to the specified host. For more details, see Connecting Additional Axonius Nodes.

Additional Fields

These fields are optional.
Refer to Connecting Linux SSH Adapter for further details about these configuration options

  1. Password - A password for the SSH user.
Note:

For authentication, you must specify at least password or private key, but you can also specify both.

  1. Private Key (optional) - A private key for the SSH user.

  2. Private Key Passphrase (optional, default: empty) - Specify a private key passphrase if the private key is protected by a passphrase.

  3. SSH Port (optional, default: 22) - The SSH port.

  4. Sudoer (required, default: True) - Select this if the user is listed as a sudoer and can execute privileged commands (by using the sudo command).

    Hardware information such as serials, CPUs and bios versions are fetched only when the specified user can run dmidecode command.

    • If enabled, this adapter connection will try to run sudo dmidecode command. The user password will be used, if required.
    • If disabled, this adapter connection will usually fail to run that command (unless the specified user is the superuser). Therefore, the hardware information will not be fetched.
  5. Sudo Path - Specify an absolute path (/path/to/sudo) of a binary to use for sudo'ing to the root user.

    • If supplied, when the command line is executed it will be prefixed with the value supplied
    • If not supplied, when the command line is executed it will be prefixed with "sudo".
  6. Verify Fingerprint - Enter a fingerprint. If entered then ssh connections verify that this fingerprint matches the fingerprint of the host's public key. The value can be usually found in ~/.ssh/known_hosts. If missing then no confirmation is done upon connection attempts.

  7. If you are using multi-nodes, choose the Axonius node to use to interact with the adapter when executing the enforcement action.

  8. Gateway Name - Select the Gateway through which to connect to perform the action.


For more details about other Enforcement Actions available, see Action Library.


Was this article helpful?