RVY200356: Required permission to run a local Oracle inventory scan via a remote execution task against Linux/UNIX devices

General Information

This article describes the required permission on Linux/UNIX machines in order to run remote execution Oracle database inventory tasks against them. 

Installation Specifications

Implement the required login method as per the following article:   

 RVY200499: Linux/UNIX remote execution login methods

Used Services from remote

Remote Execution need rights to the following services from remote machines:

  • SSH (Login)
  • SCP (Login / use)

The OracleDB inventory method "remote execution" and "Oracle Auto Discovery and Inventory" connects the target system via SSH, followed by copying OraTrack Java files to the users directory via SCP. All files required and created by Remote Execution will be stored temporarily and removed afterwards.

Access to the system

  • Read access on the whole filesystem*
  • Read/Write/Execute on home directory; e.g.  /home/<UserName>

* Permission to the whole filesystem is required in case that the user is not allowed to execute java via sudo. This is also required in case that the user is not allowed to execute 'find' via sudo and Java is not available to the scanning user (e. g. java is not in the PATH).

Read access to all configuration files

  • /etc/oratab
  • */listener.ora
  • */tnsnames.ora

The listener.ora and tnsnames.ora can be found in the installation directory of the Oracle database. We need read access to these files in case the user is not allowed to read the Oracle DB installation path.

SUDO rights for Oracle Inventory

OracleDB Inventory need to execute Java which then starts ORATRACK. OraTrack then searches for Oracle configuration files. This requires appropriate permissions (via sudo) without restrictions to the command line arguments and no password prompt:

  • sudo chmod 755 ./oratrack*.jar
  • sudo /<path/to/jre/bin/>java -jar oratrack*.jar

The installation paths for java may vary from system to system.

The execution of java is not limited to a single version. If several versions of Java are isntalled, all Java versions will be verified and executed to gain the required information.

Execute 'find' (to search for the available Java Runtime Environments) via sudo, without restrictions to the command line arguments and no password prompt:

  • sudo find

Notes

  • Please replace <UserName> with the user for RayVentory

Changelog 

  • 20.08.2020; Raynet SupportTeam

 

 

 

Comments

Powered by Zendesk