Linux Control Center Discover

This document will show you how to create a Discover task in Linux Control Center

The Linux Control Center Discover module is functionality designed to automate the discovery, information collection, and management of Linux hosts on a network. This module receives parameters such as CIDR (Network Scope), Port, and Credentials.

Only one discovery task can be executed per Worker node. To correctly authenticate within the destination machine the Worker configures the SSH key that should be used to access the host. This task is done asynchronously, if were allowed to execute multiple discovery tasks on the same target host, for example, it’s possible that the key stored in the console might not have been the latest one set for the user, leading to access issues with the host.

Discover Process

Host Discovery: Based on the parameters provided, the Discover task scans the network for available Linux hosts. It performs port scans and tries to identify active hosts.
Access to Hosts: After identifying the hosts, the Discover task attempts to access them with the provided credentials. It verifies connectivity to hosts and authenticates successfully if was possible.
Information Gathering: Once authenticated, the discover collects information about hosts such as operating system, mac address and other relevant details.
lcc.local User Creation: During this process, the Discover task creates a special user called 'lcc.local' with the permission chosen by the user during credential registration. This user is associated with a unique SSH key.

After completing these steps, the 'lcc.local' user is created and ready to be used to run commands and manage the Linux hosts detected during the Discover task. This allows us an efficient and centralized system administration and maintenance actions.

Discovery Configuration

On the left menu, go to Discover and click ADD.
Complete the Add Discover page with this following fields:
- Name: Identification Name.
- Credentials: Credentials with a couple privileges is necessary. To perform Discover, it is possible to use two types of Credentials, such as Auth Type Password and SSH Key.
  - Password:
    Name: Credential Name.
    Username and Password: Credentials Access.
    Privilege Escalation: Privilege Escalation method, such as su -, sudo without password or sudo with password based on the privileges of the account.
    Privilege Escalation username e password: If was necessary, the password used for privilege escalation.
  - SSH Key:
    Name: Credential Name.
    Username: Username Access.
    Privilege Escalation: Privilege Escalation method, such as su -, sudo without password or sudo with password based on the privileges of the account.
    Privilege Escalation username e password: If was necessary, the password used for privilege escalation.
    Private Key: The private key was generated and which corresponds to the public key stored on the user's .ssh directory.
- CIDRs (click on +): IP Address range in CIDR formart to perform searches.
  - Name: Identification Name.
  - CIDR: CIDR Notation(ex: 192.168.15.0/24).
  - Description (optinal): Additional details.
- Ports: Alterative or default SSH Ports for bind connections.
- Connection Type: IPv4 or IPv6.
- Description (optional): Additional details.
- Verification options:
  - Test Ping: ICMP ping on each host to ensure availability.
  - Search SSH Port: Search actives SSH Ports with Banner Grabbing.
  - BeyondTrust Password Safe: Use a BeyondTrust Password Safe Configuration.

To perform a BeyondTrust Password Safe Discover it is necessary to configure this Integration.

Click on Save.
To start a Discover, select the Actions button and click on Run Discover.
After run, it will be possible to follow this job on left menu Logs > Queue.

The worker captures the queues sequentially as they were created. When selecting the queue to be executed, the Worker's UUID will be related to the queue.
Also it is possible to follow the execution of subsequent processes through the Dashboard screen in the home menu on Host Actions tab.

After the process of discover hosts on the network is complete, the Linux Control Center initiates a "Photography" action, in which Discover will search for users, services, packages and then import the host into the Linux Control Center Hosts. Go to Hosts tab to verify these asset import with the BeyondTrust authentication method.

The discovered hosts can be viewed through the Hosts option in the side menu.

PreviousDiscover NextBeyondTrust Password Safe

Last updated 10 months ago

Discover Process

Host Discovery: Based on the parameters provided, the Discover task scans the network for available Linux hosts. It performs port scans and tries to identify active hosts.

Access to Hosts: After identifying the hosts, the Discover task attempts to access them with the provided credentials. It verifies connectivity to hosts and authenticates successfully if was possible.

Information Gathering: Once authenticated, the discover collects information about hosts such as operating system, mac address and other relevant details.

lcc.local User Creation: During this process, the Discover task creates a special user called 'lcc.local' with the permission chosen by the user during credential registration. This user is associated with a unique SSH key.

Discovery Configuration

On the left menu, go to Discover and click ADD.

Complete the Add Discover page with this following fields:

Name: Identification Name.
Credentials: Credentials with a couple privileges is necessary. To perform Discover, it is possible to use two types of Credentials, such as Auth Type Password and SSH Key.
- Password:
  - Name: Credential Name.
  - Username and Password: Credentials Access.
  - Privilege Escalation: Privilege Escalation method, such as su -, sudo without password or sudo with password based on the privileges of the account.
  - Privilege Escalation username e password: If was necessary, the password used for privilege escalation.
- SSH Key:
  - Name: Credential Name.
  - Username: Username Access.
  - Privilege Escalation: Privilege Escalation method, such as su -, sudo without password or sudo with password based on the privileges of the account.
  - Privilege Escalation username e password: If was necessary, the password used for privilege escalation.
  - Private Key: The private key was generated and which corresponds to the public key stored on the user's .ssh directory.
CIDRs (click on +): IP Address range in CIDR formart to perform searches.
- Name: Identification Name.
- CIDR: CIDR Notation(ex: 192.168.15.0/24).
- Description (optinal): Additional details.
Ports: Alterative or default SSH Ports for bind connections.
Connection Type: IPv4 or IPv6.
Description (optional): Additional details.
Verification options:
- Test Ping: ICMP ping on each host to ensure availability.
- Search SSH Port: Search actives SSH Ports with Banner Grabbing.
- BeyondTrust Password Safe: Use a BeyondTrust Password Safe Configuration.

To perform a BeyondTrust Password Safe Discover it is necessary to configure this Integration.

Click on Save.

To start a Discover, select the Actions button and click on Run Discover.

After run, it will be possible to follow this job on left menu Logs > Queue.

The worker captures the queues sequentially as they were created. When selecting the queue to be executed, the Worker's UUID will be related to the queue.

Also it is possible to follow the execution of subsequent processes through the Dashboard screen in the home menu on Host Actions tab.

After the process of discover hosts on the network is complete, the Linux Control Center initiates a "Photography" action, in which Discover will search for users, services, packages and then import the host into the Linux Control Center Hosts. Go to Hosts tab to verify these asset import with the BeyondTrust authentication method.

The discovered hosts can be viewed through the Hosts option in the side menu.