Linux and Mac Audit Credentials

Understanding Linux and Mac Audit Credentials

Linux and Mac audit credentials provide authentication information for computers running either Linux or Mac OS.

NOTE: Alloy Discovery establishes connection to networked Linux and Mac computers using the Secure Shell protocol (SSH) over a TCP port. Therefore, it is required that SSH server runs on each client computer and listens on a dedicated TCP port.

For connecting to Linux and Mac computers via SSH, Alloy Discovery utilizes Plink — a command-line network tool which is a part of the PuTTY product, distributed under the free MIT license. Plink is included in the Alloy Discovery installation package; the executable file name is plink.exe. For more information on PuTTY and Plink, see the following web site:
http://www.chiark.greenend.org.uk/~sgtatham/putty/.

When specifying Linux and Mac audit credentials, you can use one of the following methods:

  • A combination of a user name and password This method is easy in use and troubleshooting. However, it has its downside. Although the password is stored in the database in an encrypted format, it is passed to the Plink utility non-encrypted and so can be sniffed on the machine hosting the Inventory Server.
  • A combination of a user name and private key This method relies on a private key instead of a password and is more secure. Your private key is loaded to the database and is stored in an encrypted format. This method uses SSH public key authentication to access Linux and Mac computers without a password. It requires that the SSH public/private key pair is properly set up and the public key is uploaded to all Linux and Mac computers you want to audit. For more information on SSH public key authentication, see http://the.earth.li/~sgtatham/putty/0.58/htmldoc/Chapter8.html.

Using custom configuration of the command line, you can also manually specify Plink command line parameters, either as values or as placeholders.

You can store multiple credentials and then use them as needed for the Direct Network Scan of various network segments. On the first run of the Quick Start Wizard you can provide Linux and Mac credentials, which will be saved as the first option.

INFO: For details on the first audit with the Quick Start Wizard, see Configuring Audit Settings.

Adding Linux and Mac Audit Credentials

To add a new record for Linux and Mac audit credentials, follow the steps:

  1. Select Audit > Audit Settings from the main menu. The Audit Settings dialog box opens.
  2. Navigate to Audit Credentials using the navigation bar.
  3. Click New > Linux and MAC. The [Credentials Name] dialog box opens.

  4. By default, Alloy Discovery accesses client Linux and Mac computers using the Secure Shell protocol (SSH) on the standard TCP port 22. If SSH server on client computers listens on a different port, specify it in the Port field.
  5. Type in a username in the User Name field.
  6. Depending on the authentication method you want to use proceed as follows:
    • To use a combination of a user name and password:

      Choose the Password option and type in your password.

    • To use a combination of a user name and private key:

      Choose the Private Key option. Then click Browse and select a .ppk file containing your private key.

  7. You can use a custom command line as follows:

    Select the Use custom command line parameters check box. The Parameters field becomes available and displays default parameters of the Plink command line. They may look like this:

    -P "$PORT" -l "$USER_NAME" -pw "$PASSWORD" "$HOST"

    In this example, "$PORT", "$USER_NAME", "$PASSWORD", and "$HOST" are placeholders for command line parameter values, specified in audit credentials. For more information on placeholders, see the paragraphs .

    The default command line parameters may include port (-p), user name (-l), password (-pw) or private key (-i). For a complete list of Plink parameters, please refer to http://the.earth.li/~sgtatham/putty/0.58/htmldoc/Chapter7.html.

    You can customize parameters in two ways:

    • You can specify parameter values directly in the command line (e.g. -p "22"). In this case, you are not required to fill out dialog box fields. However, some parameters, such as private key and host, cannot be specified in this way.
    • You can use placeholders instead of specific values (e.g. -p "$PORT"). Actual values for placeholders are taken from the credentials record. Note that the values for the private key and host must always be passed as placeholders. The value for the $HOST placeholder is determined automatically for each client computer, hence there is no corresponding dialog box field.

      NOTE: In order to collect SMBIOS information on Linux computers, Alloy Discovery needs root rights. You can either use the root account for audit or configure the dmidecode command to run with elevated (root) privileges under a non-root account. For details on the latter approach, see Linux and Mac Direct Network Scan.

      NOTE: Collecting the list of services (daemons) on Mac computers also requires root rights. If you need this information, you should also use the root account or configure the launchctl command to run with elevated (root) privileges under a non-root account.

      IMPORTANT: Currently, Alloy Discovery does not support SSH authentication via the Pageant authentication agent. As a possible solution, you can specify your private key file directly in the audit credentials.

  8. Specify a meaningful name for this credential record. By default, the Name field is initialized with the login name. It may be reasonable to name the credential record according to computers you intend to audit, for example: “Samba Server” or “Linux workstations in devs department.” This will help you identify the credentials, when needed.
  9. Click OK.

You have the flexibility to use Linux and Mac audit credentials for an entire network segment or to override this setting with different credentials for individual Linux or Mac computers.