Generic Server Sensor (lsof)

lsof Requirements

On the target operating systems (computer systems) that you want TADDM to discover, the LiSt Open Files (lsof) program must be installed. This paper lists and describes various lsof requirements, including lsof version requirements. This information is applicable to TADDM 7.2.1, and later.

Download here.

Tweaking lsof setting to leverage sudo only when needed

Occasionally there are environments where it is not clear if lsof or sudo lsof must be used. TADDM by default only tries one option that is defined in collation.properties file:

com.collation.discover.agent.command.lsof.<uname>=lsof

Due to security requirements user might need to change it to run "sudo lsof" on AIX Operating System. The property would look like following:

com.collation.discover.agent.command.lsof.AIX=sudo lsof

The problem comes if we have mixed environment and we want TADDM to run first lsof and if it fails with Permission denied then use sudo lsof.

Above issue can be achieved by setting following property:

com.collation.discover.agent.command.lsof.AIX=\`(lsof -nP -i 2>&1 |  awk '{if (match(\$0,/.*Permission denied.*/)) {print \"permissiondenied \";exit;}}' | awk 'END {if (NR < 1) {print \"lsof\";exit;}} {if (match(\$0,/.*permissiondenied.*/)) {print \"sudo lsof\";exit;} else { print \"lsof\"; exit;}}')\`

Please note that TADDM takes above setting and enhances command with additional text transformation (awk , sort , uniq) before running the command.

Using lsof when sudo is not allowed

It should be stated up front that the best and most effective solution is to configure sudo for use with lsof. The following is a workaround for when sudo configuration is just flat out not allowed. It's a little trick that you can use. There are some negative consequences of using this trick though. It takes more effort to configure and may not scale well as it requires a root cron job configured and a file pushed to all targets. Additionally, it can lead to sensor errors for level 3 sensors where the target of the level 3 sensor may have been shutdown just before the discovery is run.

Create a root cron job on all targets to run lsof

You need to create a root cron job that will run the lsof command as root. The command needs to be run before discovery is scheduled at an interval. For instance, if your discovery runs on Sunday nights you would need to schedule this command to run every Sunday afternoon. It's preferable to run the lsof command every hour or every half hour so that you can run ad-hoc discoveries and still get accurate results.

Make sure that you run the lsof command with the proper parameters. To determine the parameters run a test discovery with DEBUG enabled and find the lsof command in the log for your particular platform. You should NOT include any piped commands after lsof in your root cron job (e.g. | awk...).

Ensure that the output for lsof is redirected to a file that the TADDM service account has read access to. The service account will be reading this file rather than running the command.

For example, use the following to create a cron job as root that will generate lsof output every 30 minutes. This assumes Linux as the target and the service account user for TADDM is taddmsvc.

Log on as root.

Edit cron table using crontab -e.

30 * * * * PATH=$PATH:/usr/local/bin:/bin:/usr/bin:/usr/sbin:/sbin:/usr/X11R6/bin;LC_ALL=en_US.UTF-8;LANG=en_US.UTF-8;export LANG LC_ALL;lsof -nP -i > /tmp/lsof.out; chown taddmsvc:taddmsvc /tmp/lsof.out; mv /tmp/lsof.out ~taddmsvc

Configure TADDM to read the lsof output file

You need to configure TADDM to run something other than the default lsof command. Open collation.properties on your discovery or domain server and set the following property (for Linux):

com.collation.discover.agent.command.lsof.Linux=echo -e '#!/bin/sh\ncat lsof.out' > lsof.sh;chmod u+x lsof.sh;./lsof.sh

This will generate a small script on the target and run it to capture the lsof output file.