Environment
PlateSpin Recon 3.7.4
Situation
This article describes how to gather inventory and monitoring data from Linux machines in a secured environment where root account cannot be used as well as sudo account with access to all commands cannot be used.
Resolution
Make the below entry in the sudoers file with all commands listed.
Cmnd_Alias SCORINV = /sbin/chkconfig *, /bin/df *, /bin/mount *, /sbin/e2label *, /bin/grep *, /sbin/route *, /sbin/ifconfig *, /bin/cat *, /bin/egrep *, /bin/rpm *, /sbin/lspci *, /sbin/iwconfig *, /sbin/iwlist *, /sbin/ethtool *, /bin/dmesg *, /usr/sbin/hwinfo *, /sbin/fdisk *, /sbin/runlevel *, /bin/hostname *, /bin/chmod , /usr/bin/id *, /tmp/*/RunInventory.sh, /home/<nonroot_username>/
Cmnd_Alias SCORMON = /bin/awk *, /usr/bin/mpstat *, /usr/bin/vmstat *, /sbin/ifconfig *, /bin/grep *, /bin/cut *, /bin/sed *, /usr/bin/tail *, /bin/netstat *, /bin/ls *, /usr/bin/iostat *, /usr/bin/expr *,/sbin/sh *,/home/*/getplatform*, /bin/sh *
nonroot_username ALL=(root) SCORINV, SCORMON
Note: Replace "nonroot_username" in the above line with the actual desired sudo username that will be used for inventory of a particular Linux machine.
Additional Information
Note: Recon doesn't support use of sudo account for Solaris and AIX inventory or monitoring.