Preparation for Scanning Storage / Backup Management hosts
StorageGuard also collects OS-level configuration data from hosts installed with storage / backup management software by running OS and vendor read-only CLI commands, and by reading directories and files on the host. For complete analysis of risks, it’s highly recommended to perform an OS-level scan of storage management hosts.
StorageGuard connects to Unix and Linux hosts through an SSH session while Windows hosts are connected using wither WinRM or WMI.
The following table lists the requirements for scanning a management host:
# | Description |
1 | Provide the name or IP address of the storage / backup management host. |
2 | Provide an OS user account (and password) for each storage / backup management host. |
3 | For a Unix/Linux host:
A standard user account should be provided. The user should be granted with NOPASSWD sudo rights to the following commands: /bin/cat *, /bin/ls * Edit sudoers file and add: username ALL= NOPASSWD: /bin/cat *, /bin/ls * If used by your organization, PowerBroker, seSUDO and similar privilege management solutions can be configured instead of native sudo. |
4 | For a Unix/Linux host:
Make sure that IP connectivity through SSH is available between the StorageGuard server and each host. |
5 | For a Windows host:
The user account should be granted with local administrative rights. |
6 | For a Windows host:
Make sure that IP connectivity through WinRM (80, 5985) and CIFS (445) is available between the StorageGuard server and each host. If WinRM is not used by your organization, make sure that IP connectivity is permitted through WMI on all TCP ports and UDP ports 135, 137, 138, and 139. |
Comments
0 comments
Please sign in to leave a comment.