When using the CA Network Discovery Gateway (CA NDG) Softagent to discover UNIX and Linux servers, CA NDG attempts to establish an SSH connection to the UNIX and Linux hosts using the set of credentials provided in the credential vault. Depending how your UNIX/Linux security is configured, it is possible that some commands issued by the CA NDG Softagent cannot be authorized for the non-root user, resulting in less data being discovered for the server.
1. Use the sudo command to allow a non-root user to issue discovery-related commands under the root authority without having to supply root user credentials.
2. Define a path for the userid that is associated with the sudo user that includes all the locations for the commands that NDG needs to run and utilities that NDG discovery uses
1. Configure /etc/sudoers file to use sudo to authorize non-root users
Create the following content for the sudo user to issue all CA NDG Softagent commands using sudo without prompting for root credentials:
Cmnd_Alias SHELL = /usr/bin/zsh, /usr/bin/bash, /bin/sh
Cmnd_Alias USERCMD1 = /bin/uname, /bin/echo, /bin/cat, /bin/rm
Cmnd_Alias USERCMD2 = /bin/domainname, /bin/chmod, /bin/hostname, /tmp/ToUTF8
Cmnd_Alias USERCMD3 = /bin/netstat, /bin/df, /bin/ps, /bin/rpm
Cmnd_Alias USERCMD4 = /bin/ls, /sbin/ifconfig -a, /sbin/ip
Cmnd_Alias USERCMD5 = /sbin/mii-tool, /sbin/chkconfig, /sbin/sfdisk, /usr/sbin/dmidecode
Cmnd_Alias USERCMD6 = /usr/bin/cdrecord, /opt/xensource/bin/xe, /bin/lshmc
Cmnd_Alias USERCMD7 = /sbin/fdisk, /dev/null, /bin/grep, /usr/bin/cut, /usr/bin/awk
Cmnd_Alias USERCMD8 = /dev/mem, /bin/bash, /usr/bin/sudo
ndguser ALL=NOPASSWD: SHELL, PKGMAN, FIREWALL, USERCMD1, USERCMD2, USERCMD3, USERCMD4, USERCMD5, USERCMD6, USERCMD7, USERCMD8
2. Comment the line 'Defaults Requiretty' in SUDOERS file
3. Define the path for the sudo user
Edit the shell configuration file for your UNIX or Linux system's shell (typically, .bashrc in the user's $HOME directory), and add the following lines to the user's PATH definition:
All SUDO user accounts should have the .bashrc file configured as below.