.png?sv=2019-07-07&sig=dmLk08zXfFLqOSQWjADFx5NCtNt1N%2BPUODm30IVnx4I%3D&spr=https%2Chttp&st=2023-10-05T01%3A42%3A08Z&se=2023-10-05T01%3A52%3A08Z&srt=o&ss=b&sp=r){kind=logo}
Axonius - Run Linux SSH Scan
- 29 May 2023
- 3 Minutes to read
- Print
- DarkLight
- PDF
Axonius - Run Linux SSH Scan
- Updated on 29 May 2023
- 3 Minutes to read
- Print
- DarkLight
- PDF
Article Summary
Share feedback
Thanks for sharing your feedback!
Axonius - Run Linux SSH Scan runs an SSH scan on each of the query results, which are endpoint Linux machines.
The scan retrieves important information about the device, including:
- Hostname
- Network Interfaces - including MAC addresses, IP addresses and subnets
- Operating system, kernel version and distribution
- A list of installed software
- Users and admin users
- Hard drives and file systems
- Services
- Listening ports
- CPUs and RAM
- Hardware details, including serials
- and more...
Most of the Linux SSH scan information is also displayed under the various asset aggregated data tables.
For more details, see Device Profile page.
Refer to Refer to Connecting Linux SSH Adapter for full information about Linux commands used.
NOTE
The Linux SSH adapter is a 'read only' adapter. The adapter only gathers information about the endpoint Linux machine and does not change it.
It is safe to use the adapter to fetch information from production environments.
For details on the list of used commands and read files, see Connecting Linux SSH Adapter.
It is safe to use the adapter to fetch information from production environments.
For details on the list of used commands and read files, see Connecting Linux SSH Adapter.
See Creating Enforcement Sets to learn more about adding Enforcement Actions to Enforcement Sets.
General Settings
- Enforcement Set name (required) - The name of the Enforcement Set. A default value is added by Axonius. You can change the name according to your needs.
- Add description - Click to add a description of the Enforcement Set. It is recommended to describe what the Enforcement Set does.
- Run action on assets matching following query (required) - Select an asset category and a query. The Enforcement Action will be run on the assets that match the query parameters.
- A query only returns results for the asset type it was created for.
- Not all asset categories are supported for all Enforcement Actions.
- See Actions supported for Activity Logs, Adapter Fetch History and Asset Investigation Modules
- See Actions supported for Vulnerabilities.
- See Actions supported for Software.
- Action name (required) - The name of the Main action. A default value is added by Axonius. You can change the name according to your needs.
- Configure Dynamic Values - Toggle on to enter a Dynamic Value statement. See Creating Enforcement Action Dynamic Value Statements to learn more about Dynamic Value statement syntax.
Required Fields
These fields must be configured to run the Enforcement Set.
- User Name (required) - The SSH user name to connect with.
- Instance Name - The Axonius node to use when connecting to the specified host. For more details, see Connecting Additional Axonius Nodes.
Additional Fields
These fields are optional.
Refer to Connecting Linux SSH Adapter for further details about these configuration options
- Password - A password for the SSH user.
Note:
For authentication, you must specify at least password or private key, but you can also specify both.
Private Key (optional) - A private key for the SSH user.
Private Key Passphrase (optional, default: empty) - Specify a private key passphrase if the private key is protected by a passphrase.
SSH Port (optional, default: 22) - The SSH port.
Sudoer (required, default: True) - Select this if the user is listed as a sudoer and can execute privileged commands (by using the sudo command).
Hardware information such as serials, CPUs and bios versions are fetched only when the specified user can run dmidecode command.
- If enabled, this adapter connection will try to run sudo dmidecode command. The user password will be used, if required.
- If disabled, this adapter connection will usually fail to run that command (unless the specified user is the superuser). Therefore, the hardware information will not be fetched.
Sudo Path - Specify an absolute path (/path/to/sudo) of a binary to use for sudo'ing to the root user.
- If supplied, when the command line is executed it will be prefixed with the value supplied
- If not supplied, when the command line is executed it will be prefixed with "sudo".
Verify Fingerprint - Enter a fingerprint. If entered then ssh connections verify that this fingerprint matches the fingerprint of the host's public key. The value can be usually found in ~/.ssh/known_hosts. If missing then no confirmation is done upon connection attempts.
If you are using multi-nodes, choose the Axonius node to use to interact with the adapter when executing the enforcement action.
Tunnel Name - For Axonius-hosted (SaaS) deployments. Select the tunnel through which to connect to perform the action.
For more details about other Enforcement Actions available, see Action Library.