Skip to main content

Configure the scanner

To configure the filesystem search for Snow Inventory Java Scanner, use the include and exclude paths defined in the agent configuration file, snowagent.config, as described in The scanning process.

Schedule the scan in a Linux or Unix environment

In Linux and Unix environments, the scanner is triggered by the Cron configuration script. The script must be included in the agent installation package. For more information, see Agent Module Shell Scripts in the Snow Inventory section of the Release Notes page.

Command

Description

version

Print current version to stdout

-v

Verbose logging

Schedule the scan in a Windows environment

In a Windows environment, the scanner is triggered by the Snow Inventory Java Scanner Launcher PowerShell script. The script must be included in the agent installation package.

To execute the scanner, run the following command:

$java -jar sijs.jar

Schedule the scan in a macOS environment

In a macOS environment, the scan schedule must be created by the user.

To execute the scanner, run the following command:

$java -jar sijs.jar

Snow Inventory Java Scanner configuration file

You can make additional configurations to the scanner by using the Snow Inventory Java Scanner configuration file, sijs.config, which can be included in the agent installation package. You only have to include the file in the installation package if you want to customize any of the parameters in the configuration file. If the file is not included, the scanner will execute the scan with the default values.

Configure the security level of the scanner

Use the configuration file to configure the security level of the scanner if it is executed with elevated permissions, that is, as Administrator (Windows) or root (Linux, Unix, and macOS). The configuration file contains the following elements and default values:

<Configuration>
    <SecurityLevel>HIGH</SecurityLevel>
    <ImpersonationUser>javascan</ImpersonationUser>
</Configuration>

Choose one of the following three security levels:

  • LOW: Every Java executable found during the file system search will be treated as a secure (admin) path and the commands required to properly identify the installation will be executed in the same security context as the user executing the scan.

  • MEDIUM: The Java executables found that are part of the administrator/root’s PATH environment variable will be treated as secure (admin) paths, and the commands required to properly identify the installation will be executed in the same security context as the user executing the scan. All the other Java executables will be treated as non-secure (non-admin) paths and the commands will be executed in a lower security context:

    • For Windows, the runas /trustlevel:0x20000 command will be used, which lowers the permissions to basic user.

    • For Unix, Linux, and macOS, the commands will be executed with the dedicated user defined in the ImpersonationUser element.

  • HIGH: The Java executables found that are part of the administrator/root’s PATH environment variable will be treated as secure (admin) paths, and the commands required to properly identify the installation will be executed in the same security context as the user executing the scan. All the other Java executables will be treated as non-secure (non-admin) paths and will not be identified at this security level. The scanner's raw data will contain information that these installations are not identified due to the HIGH security level setting.