This document provides the appliance prerequisites as a single summary document.
General Requirements |
|
Supported (Appliance Deployment) Platforms VMware ESX server platform, AWS cloud, Azure cloud, Google Cloud Platform |
Installation: The CloudSphere virtual Appliance download and installation instructions are found in the accompanying Virtual Appliance and Install Guide. The Install Guide includes separate instructions for the following platforms: VMware ESX server platform, AWS cloud, and Azure cloud. Whitelisting:
|
Hardware & Resources The following VM configuration is required: RAM: 4GB, vCPU: 2, Storage in HDD: 30GB Private IP address: 1 |
|
Console Access Access to the required console to deploy the VM image (vCenter, AWS console, Azure console, etc.) |
|
Firewall Rules opened to grant access from the new appliance to the CloudSphere platform |
Appliance, Network and Discovery Scanning Requirements |
||
---|---|---|
Appliance / Virtual Infrastructure(VMware Example)
Appliance is also available for Hyper-V, AWS and Azure.
|
Appliance Network Settings
|
Discovery and Scan Privileges For credentials used by the appliance to scan target devices
|
Scanning configuration Requirements |
||
Discovery Scope An initial list of IP addresses or Subnet Ranges that need to be scanned |
Credentials An initial set of credentials associated with remote access to the IP Addresses (using supported appliance protocols). The credential types are specified in the table below. |
Commands & Privilege Escalation Scanning of Windows targets uses a specific set of Windows protocols and commands. Scanning of windows does not provide for privilege escalation. The credential provided for Windows must have sufficient privileges to execute windows based commands. Scanning of Unix targets uses a specific set of Unix protocols and commands. The list of commands is identified in the table below and can be used within a sudoers file (for example). The presence in the suoders file provides a means to allow privilege escalation for the Unix user. |
Endpoint Scanning Credentials
Credential Type |
Access Level |
---|---|
Windows |
|
UNIX |
|
VMWare vSphere |
|
AWS SSM |
AWS IAM user account with the following permissions (Policy Actions)Policy Actions (Privileges)
|
Protocol and Ports
Appliance to Discovered Devices
Protocol |
Ports |
Description |
---|---|---|
ICMP | N/A | Ping |
WMI, SMB, Windows Remote Registry, Windows Remote Process | 135, 137, 138, 139, 445, 1024 -65535 | Windows Server Discovery |
VCenter/vSphere | 443, 9443 | vSphere Client access |
SSH | 22 | Unix Discovery |
Appliance and Users to CloudSphere Platform
Protocol |
Ports |
Description |
---|---|---|
HTTPS | 443 | https://*.cloudsphere.com https://*.iquate.net (legacy appliance installs only) |
Users to Appliance
Protocol |
Ports |
Description |
---|---|---|
HTTP | 80 | Local (customer) login into appliance for configuration of appliancehttp: //[Appliance_IP]:80/ddm/index.html |
Discovered Devices to Appliance
Protocol |
Ports |
Description |
---|---|---|
HTTP | 8080 | HTTP post to send metrics from scanned target to the appliance |
AWS SSM |
Policy Actions (Privileges) |
AWS IAM user credentials (Access key ID, Secret access key) |
|
Commands
Windows EndPoints
WMI Requests |
Other Commands |
---|---|
*Admin Privilege Required Win32_ComputerSystem Win32_ComputerSystemProduct Win32_SystemEnclosure Win32_Process Win32_DiskDrive Win32_PhysicalMemory Win32_Processor Win32_OperatingSystem Win32_BIOS Win32_NetworkAdapter MSCluster_Cluster MSCluster_Resource MSCluster_ClusterToNode MSCluster_ClusterToResource Msvm_ComputerSystem Msvm_VirtualSystemSettingData |
*Admin Privilege Required type, netstat |
Windows VB Scripts |
|
*Admin Privilege Required VBS Functions used to collect instance performance metrics using:
|
UNIX EndPoints
Cmnd_Alias UNIX_STANDARD = /bin/grep, /bin/ls, /bin/ps, /bin/df, \ bin/uname, /bin/netstat, /bin/hostname “”, \ /bin/hostname -I, /bin/echo, /bin/date +*, \ /bin/cat, /bin/dmesg “”, /usr/bin/whereis, \ /sbin/ifconfig -a, /sbin/fdisk -l, \ /usr/sbin/dmidecode, /usr/bin/find , /usr/bin/getconf, \ /usr/bin/groups , /usr/bin/hostid, /usr/bin/last, \ /usr/bin/lsattr, /usr/bin/lscpu, /usr/bin/lscfg, \ /usr/bin/lsmod, /usr/bin/lsof, /usr/bin/lspci, \ /usr/bin/lsusb, /usr/sbin/arp -a, /usr/sbin/arp -an, \ /usr/sbin/ip a, /usr/sbin/prtconf, /bin/true |
Cmnd_Alias UNIX_NON_STANDARD = /usr/bin/dmidecode #dmidecode may be present in other directories |
Cmnd_Alias OS_SPECIFIC = /usr/sbin/sneep, \ /usr/bin/entstat, /usr/bin/kstat, /usr/bin/lparstat, \ /usr/bin/pfiles, /usr/bin/pargs, \ /usr/bin/model |
Cmnd_Alias TASK_SPECIFIC = /usr/sbin/ip netns exec ‘*’ netstat -natup, \ /usr/bin/nsenter --net=/proc/*/ns/net -F -- hostname -I , \ /usr/bin/nsenter --net=/proc/*/ns/net -F -- netstat -natpu , \ /usr/bin/nsenter --net=/proc/*/ns/net -F -- ifconfig -a , \ /usr/bin/perl -e ‘print int(time)’ , \ /usr/sbin/ifconfig lan0 |
Cmnd_Alias PROPRIETARY = /usr/contrib/bin/machinfo , \ /usr/sbin/mysqld * -V, \ /usr/sbin/nginx -V, \ /usr/bin/docker inspect *, \ /usr/bin/docker version, \ /usr/bin/docker ps -a, \ /usr/bin/docker network ls |
Cmnd_Alias MODIFYING = /bin/ln -sfT /proc/*/ns/net /var/run/netns/.*, \ /bin/mkdir /var/run/netns, \ /bin/rm -f /var/run/netns/.* |
Cmnd_Alias DANGEROUS = /*/catalina.sh version |
user ALL = UNIX_STANDARD, UNIX_NON_STANDARD, OS_SPECIFIC, TASK_SPECIFIC, PROPRIETARY, MODIFYING, DANGEROUS |