Prerequisites

The prerequisites and requirements for installing and running the Snow Inventory Agent for Linux are described below.

Dependency on other Snow products

The Linux agent can only be used with Snow Inventory Server 5 or 6.

Supported operating systems

For information on supported operating systems, see Snow System Requirements.

Oracle database inventory

The Linux agent is able to run the Snow Inventory Oracle Scanner. For additional prerequisites and configuration settings, see Snow Inventory Oracle Scanner (SIOS).

Hardware inventory requirements

To gather hardware information, the Linux agent uses the dmidecode command which must be installed on the target computers.

Required commands

The user running the agent must have access to the following commands:

  • awk

  • dmesg

  • dmidecode

  • dnsdomainname

  • findmnt

  • grep

  • ip or ifconfig

  • last

  • ldconfig

  • lsb_release

  • lscpu

  • lspci

  • mount

  • rpm

  • sed

  • sudo

  • systemd_detect_virt

  • uname

The agent searches for commands in  /usr/bin , /bin , /usr/sbin , /sbin, and /usr/local/bin.

Running the agent according to the principle of least privileges

When running the Linux agent as a user with limited privileges, the following must be taken into consideration:

  • The user must have read access to the file areas that it scans.

  • Detection of running processes may be limited due to reduced access as defined by the implemented security policies.

File permission requirements

The following permissions are required to run the agent:

  • Read permissions on all contents of the agent folder.

  • Read and execute permissions on the Linux agent.

  • Read and write permissions on the agent's /data folder.

  • The user must have read and write access to the snowagent.log, snowagent.lock, and .hst.lg files.

    As the files are created with every scan, a preceding scan with an elevated user could stop the agent from working.

  • Read and write permissions for the /var/run/SnowSoftware/Inventory/Agent/script-output folder if dynamic inventory is used.

Read and execute permissions are required for the folders that should be scanned, and read permissions on the contained files.

Read and execute permissions are required on /proc, /sys, /etc, /dev, /var, /lib and all of its subfolders, and read permissions on the contained files.

You can control the access rights on a very granular level by using Access Control Lists, for example by using the following command, where "snow" is replaced with the actual user used for the scan and "var" is replaced with the actual paths to be included in the scan:

sudo setfacl -Rm u:snow:r-X,d:u:snow:r-X /var

Note

Snow recommends the setup described in Scanning the file systems.

Sudo requirements

The following commands require sudo privileges for the agent to be able to collect all data:

Command

Data lost when not run as sudo or root

dmesg

Hypervisor detection, specifically XEN

dmidecode

  • Hypervisor detection

  • Chassis and manufacturer identification, like BIOS serial number

ldconfig -p

Information about shared libraries

Note

The Linux agent requires sudo version 1.7.8 or later. If sudo version 1.7.8 or later is not available for the agent, the recommendation is to run as root instead of using an earlier sudo version.

Additional requirements for Oracle scanners

If you are running any of the Oracle scanners with the agent, additional requirements will apply, see the documentation for each Oracle scanner:

Sudoers configuration

When editing the sudoers file, the following must be taken into consideration:

  • If a command is configured to be run without providing a password, that path will be used before the search path of the agent.

  • If the keyword ALL is used to allow the snow user sudo rights to any command, it must be placed as the last keyword on the line.