Configuring Linux and UNIX device agents

You can use LANDesk Management Suite to manage supported Linux/UNIX distributions.

Read this chapter to learn about:

Supported Linux/UNIX distributions

Supported Linux and UNIX distributions:

SUSE Linux and Red Hat Enterprise Linux support these Management Suite features: 

Ubuntu Linux supports these Management Suite features:

Linux runs on a variety of architectures, but the Linux inventory scanner will only run on Intel architecture.

Installing Linux agents

You can remotely deploy and install Linux agents on Linux servers. Your Linux server must be configured correctly for this to work. To install an agent on a Linux server, you must have root privileges.

The default Red Hat Enterprise Linux AS and ES install includes the RPMs that the Linux standard agent requires. For the complete list of RPMs that the product requires, see the list later in this chapter.

For an initial Linux agent configuration, the core server uses an SSH connection to target Linux servers. You must have a working SSH connection with username/password authentication. This product doesn't support public key/private key authentication. Any firewalls between the core and Linux servers need to allow the SSH port. Consider testing your SSH connection from the core server with a third-party SSH application.

The Linux agent installation package consists of a shell script, agent tarballs, .ini agent configuration, and agent authentication certificates. These files are stored in the core server's LDLogon share. The shell script extracts files from the tarballs, installs the RPMs, and configures the server to load the agents and run the inventory scanner periodically at the interval you specified in the agent configuration. Files are placed under /usr/LANDesk.

Use Configure Services (Tools > Configure Services) to enter the SSH credentials you want the scheduler service to use as alternate credentials. The scheduler service uses these credentials to install the agents on your servers. You should be prompted to restart the scheduler service. If you aren't, click Stop and then Start on the Scheduler tab to restart the service. This activates your changes.

Deploying the Linux agents

After you've configured your Linux servers and added Linux credentials to the core server, you must create a Linux agent configuration, and then use unmanaged device discovery to discover your Linux servers. You can then add the discovered servers to the My devices list so you can deploy the Linux agents. Before you can deploy to a server, you must add it to the My devices list. Do this by discovering your Linux server with unmanaged device discovery.

To create a Linux agent configuration
  1. In Tools > Configuration > Agent configuration, click the New Linux button.
  2. Enter a Configuration name.
  3. On the Start page, the Standard LANDesk agent, remote control, and software distribution agents are installed by default. If you want to install the LANDesk vulnerability scanner, select that check box.
  4. On the Standard LANDesk agent page, select the Trusted certificates for agent authentication that you want installed. For more information, see Agent security and trusted certificates.
  5. Click Save.
To discover your Linux servers and deploy a configuration to them
  1. In Tools > Configuration > Unmanaged Device discovery, create a discovery job for each Linux server. Use a standard network scan and enter the Linux server's IP address for the starting and ending IP ranges. If you have many Linux servers, enter a range of IP addresses. Click Scan now once you've added your discovery IP ranges.
  2. When the task finishes, verify that unmanaged device discovery found the Linux servers you want to manage.
  3. In the Unmanaged device discovery window, drag the Linux servers onto the Linux configuration that you want in the Agent configuration window.
  4. Finish scheduling the task in the Scheduled tasks window.
To manually pull a Linux agent configuration
  1. Create a new Linux configuration using the console, or use the Default Linux configuration.
  2. Create a directory on your Linux device (for example, /mnt/core) .
  3. Mount the ldlogon share. You can use the following command to do this:

    mount –t smbfs –o username=administrator,workgroup=<yourworkgroup> //<corename>/ldlogon /mnt/core

  4. Change the directory to /mnt/core.
  5. Enter ./linuxpull.sh <configuration name.ini> (where this is the name of the configuration you created).
To uninstall a Linux agent configuration
  1. On the Linux device you want to uninstall the agent from, mount <corename>\ldmain.
  2. From the ldmain share, copy linuxuninstall.tar.gz to the Linux device.
  3. Extract linuxuninstall.tar.gz.
  4. In the extracted folder, run the following command: ./linuxuninstall.sh -f ALL

Required RPMs for Red Hat and SUSE

The Management Suite agents require the following RPMs and minimum versions. It is recommended that you store all RPMs in the ...\ManagementSuite\ldlogon\RPMS directory. You can browse to this folder through http://core name/RPMS.

Red Hat Enterprise

python

RPM Version:2.2.3-5 (RH3), 2.3.4-14 (RH4)
Binary Version:2.2.3

pygtk2

RPM Version:1.99.16-8 (RH3), 2.4.0-1 (RH4)
Binary Version:

sudo

RPM Version:1.6.7p5-1, Binary Version:1.6.7.p5

bash

RPM Version:2.05b-29 (RH3), 3.0-19.2 (RH4)
Binary Version:2.05b.0(1)-release

xinetd

RPM Version:2.3.12-2.3E, (RH3) 2.3.13-4 (RH4)
Binary Version:2.3.12

openssl

RPM Version:0.9.7a-22.1 (RH3), 0.9.7a-43.1 (RH4)
Binary Version:0.9.7a

sysstat

RPM Version:4.0.7-4, Binary Version:4.0.7

lm_sensors

RPM Version: 2.6 (this version may not be sufficient to display sensors on newer ASIC machines. Please see the lm_sensors documentation or the web site ( http://www2.lm-sensors.nu/~lm78) for more detailed information.

SUSE Linux (SUSE 64)

bash

RPM Version: 2.05b-305.6

net-snmp

RPM Version: 5.1-80.9

openssl

RPM Version: 0.9.7d-15.13

python-gtk

RPM Version: 2.0.0-215.1 [note: package name change]

python

RPM Version: 2.3.3-88.1

sudo

RPM Version: 1.6.7p5-117.1

sysstat

RPM Version: 5.0.1-35.1

xinetd

RPM Version: 2.3.13-39.3

lm_sensors

RPM Version: NA (note: this has been incorporated into the kernel for the 2.6 version)

Installing UNIX agents

You have to manually install UNIX agents. Follow the steps below for your UNIX distribution.

To install agents on HP-UX devices

You must be logged in as root on the HP-UX device to perform the installation.

  1. From the LDLogon share on the core server, (c:\Program Files\LANDesk\ManagementSuite\ldlogon), copy the following files to a temporary directory on the HP-UX device:
  2. Change the file access permissions by running the following command:

    chmod +x install.sh

  3. Open install.ini and look for the ServerFQDN line. Take note of the name and exit. Ping the ServerFQDN from the command line to make sure the core server is visible to the client device with the following command:

    ping ServerFQDN

    If you can’t ping the machine, an entry for the core server may have to be added to the /etc/hosts file.
  4. Run the install using the following command:

    ./install.sh install.ini

  5. Modify the PlatformID line in the /etc/vulscan.conf file to match your OS and device type. This will be necessary for vulnerability scans to properly identify the device type when scanning. For example:

    platformid=HP-UX11.31:S800

  6. If the device is a NIS server, a new NIS services map needs to be generated. This can be done by running the following command:

    ypmake services.byname

    If the device is a NIS client, the master server and slave servers will need to be updated to include pds and cba service entries inserted into the /etc/services file on the client device.
To install agents on Solaris devices (Intel architecture)
  1. From LDLogon\unix\common, copy ldiscnux.conf and ldappl.conf to /etc. Copy ldiscnux.8 to /usr/man/man8. Give ldiscnux.conf read/write access for users. Give ldappl.conf read access for users. Use the UNIX chmod command to assign rights to the files.
  2. Edit ldappl.conf to customize the software scanning if desired. See the sample entries in ldappl.conf for more information.
  3. From LDLogon\unix\common\solia, copy ldiscnux to a directory that is accessible by the individuals who will be running the application. Usually this is /usr/sbin.
  4. If needed, make ldiscnux executable using the chmod command.
To install agents on Solaris 8 and 9 devices (SPARC architecture)

Required HP-UX libraries

Depot packages required beyond the standard OS installation include:

Required software dependencies for cba:

Required software dependencies for pds2d:

Required software dependencies for ldiscan:

Required software dependencies for vulscan:

Required Solaris libraries

Solaris 8 libraries:

Solaris 9 libraries:

Using the inventory scanner with Linux and UNIX

Inventory scanner command-line parameters 

The inventory scanner, ldiscan for Linux or ldiscnux for UNIX, has several command-line parameters that specify how it should run. See "ldiscnux -h" or "man ldiscnux" for a detailed description of each. Each option can be preceded by either '-' or '/'.

Parameter Description

-d=Dir

Starts the software scan in the Dir directory instead of the root. By default, the scan starts in the root directory.

-f

Forces a software scan. If you don't specify -f, the scanner does software scans on the day interval (every day by default) specified in the console under Configure > Services > Inventory > Scanner Settings.

-f-

Disables the software scan.

-i=ConfName

Specifies the configuration filename. Default is /etc/ldappl.conf.

-ntt=address:port

Host name or IP address of core server. Port is optional.

-o=File

Writes inventory information to the specified output file.

-s=Server

Specifies the core server. This command is optional, and only exists for backward compatibility.

-stdout

Writes inventory information to the standard output.

-v

Enables verbose status messages during the scan.

-h or -?

Displays the help screen.
Examples

To output data to a text file, type:

ldiscnux -o=data.out -v

To send data to the core server, type:

ldiscnux -ntt=ServerIPName -v

UNIX inventory scanner files

File Description

ldiscnux

The executable that is run with command-line parameters to indicate the action to take. All users that will run the scanner need sufficient rights to execute the file.

There is a different version of this file for each platform supported above.

/etc/ldiscnux.conf

This file always resides in /etc and contains the following information:

  • Inventory assigned unique ID
  • Last hardware scan
  • Last software scan

All users who run the scanner need read and write attributes for this file. The unique ID in /etc/ldiscnux.conf is a unique number assigned to a computer the first time the inventory scanner runs. This number is used to identify the computer. If it ever changes, the core server will treat it as a different computer, which could result in a duplicate entry in the database.

Warning: Do not change the unique ID number or remove the ldiscnux.conf file after it has been created.

/etc/ldappl.conf

This file is where you customize the list of executables that the inventory scanner will report when running a software scan. The file includes some examples, and you'll need to add entries for software packages that you use. The search criteria are based on filename and file size. Though this file will typically reside in /etc, the scanner can use an alternative file by using the -i= command-line parameter.

ldiscnux.8

Man page for ldiscnux.

Console integration

Once a Linux or UNIX computer is scanned into the core database, you can:

NOTE: Queries on "System Uptime" sort alphabetically, returning unexpected results
If you want to do a query to find out how many computers have been running longer than a certain number of days (for example, 10 days), query on "System Start" rather than "System Uptime." Queries on System Uptime may return unexpected results, because the system uptime is simply a string formatted as "x days, y hours, z minutes, and j seconds." Sorting is done alphabetically and not on time intervals.

NOTE: Path to config files referenced in ldappl.conf doesn't appear in the console
ConfFile entries in the ldappl.conf file need to include a path.