Non-root user accounts must have the permissions to run the commands that QRadar® Vulnerability Manager requires to scan for patches on
Linux® and UNIX
computers.
About this task
Do the following tasks to verify that the user account that you use for scanning has the
relevant permissions for Linux or UNIX patch scanning,
Procedure
-
SSH to the asset.
-
Run the following
uname commands:
uname -m
uname -n
uname -s
uname -r
uname -v
uname -p
uname -a
-
Depending on your operating system, run the following commands:
Table 1. Commands to run on your Operating System
| Operating System |
Commands |
| Linux |
The following files contain the relevant content for your distribution:
/etc/redhat-release
/etc/SuSE-release
/etc/debian-version
/etc/slackware-version
/etc/mandrake-version
/etc/gentoo-version
For example, on Red Hat Enterprise Linux, use the
commands:
ls /etc/redhat-release
cat/etc/redhat-release
rpm -qa --qf '%{NAME}--%
{VERSION}---%{RELEASE}\|%{EPOCH}--%
{ARCH}---%{FILENAMES}--%
{SIGPGP}---%{SIGGPG}\n'
rpm -qa --qf '%{NAME}-%
{VERSION}-%{RELEASE}|%
{EPOCH}\n'
|
| Solaris |
/usr/bin/svcs -a/
usr/bin/pkginfo -x \| awk '{
if ( NR % 2 ) { prev = \$1 }
else { print prev\" \"\$0 } }'
/usr/bin/showrev -p
/usr/sbin/patchadd -p
/usr/bin/isainfo -b
/usr/bin/isainfo -k
/usr/bin/isainfo -n
/usr/bin/isainfo -v
|
| HP-UX |
/usr/sbin/swlist -l fileset -a revision
/usr/sbin/swlist -l patch
|
| AIX® |
oslevel -r
lslpp -Lc
|
| ESX |
vmware -vesxupdate query --all
. /etc/profile ; /sbin/esxupdate query –all
|
Tip:
As a best practice, turn off email notifications for the scan user account because email
notification might interfere with the processing of scan results. View your operating system
documentation for details about turning off email notifications for user accounts.