Linux Control Center Discover
Last updated
Last updated
Linux Control Center = 2.10.X or higher
Client Requirements =
This document aims to explain how the LCC Discover works, providing step-by-step instructions, use cases, and solutions to common issues.
LCC Discover is the first task that should be executed after installing the Linux Control Center. Running Discover allows automated importing of network hosts. Discover does not require installing any agents on the hosts, only SSH access is needed.
To ensure optimal functionality, Discover is divided into 5 steps, each executed independently. See the description of each step below.
Host Ping
This is the first step to find active hosts on the network. It sends pings to all addresses within the configured CIDR. When LCC receives a ping response, it reads the TTL (Time to Live) value to identify the operating system associated with the IP address.
All IPs that respond to the ping are recorded in the IPs Alive list during execution to be processed in the next steps. If a host blocks ping requests, it may still be found in the next steps.
Search SSH Port
This step helps when the administrator does not know the SSH port of the target hosts. Discover scans all 65,535 TCP ports to detect which one is running SSH. Enabling this option will significantly increase execution time. Adjust Time Out settings in Config Execution, as explained in section 13 of this guide.
Test Credentials
Correct credential input is crucial. These credentials are tested in the Test Credentials step. If credentials are incorrect, LCC will not be able to import the hosts.
If multiple credentials are provided, Discover will use the first one that succeeds in privilege escalation on a host, and then return to the first credential for the next host.
Import Hosts
In this step, the host has already been identified and credentials validated. LCC connects to the host and enumerates information such as installed packages, package versions, and more for management in the LCC web console.
For Discover to succeed, the user provided must have permission to create a local account (lcc.local) on the remote server.
PAM
This step integrates with BeyondTrust Password Safe to authenticate hosts using credentials stored in the vault integrated with LCC.
Understanding privilege escalation is essential for configuring credentials correctly. Below is a summary of each privilege escalation method.
sudo without password
The user in the Username field must have permission to escalate directly to root without a password. Only the Password for the username is required.
sudo with password
The Username must have sudo privileges, but both the user password and the Privilege Escalation Password (typically root's password) are needed.
None
This option is used when the SSH user has sufficient permissions for account creation and SSH key configuration (typically the root user).
su -
Logs in with the Username, then switches to the privileged user set in Privilege Escalation Username using the Privilege Escalation Password.
Click Discover on the left sidebar.
Click ADD.
Enter a name in the Name field.
Click + in the Credentials section.
Fill in the credential fields:
Name: Identifier for the credential.
Auth Type: SSH authentication method (Password or Key).
Username: SSH user.
Password: SSH user password.
Privilege Escalation: Select the escalation method.
Privilege Escalation Username: (If required) Privileged user with permission to create accounts and modify sudoers.
Privilege Escalation Password: (If required) Password for the privileged user.
Click Save.
Click + in the CIDRs section.
Enter a Name for the CIDR range.
Enter the IP range in CIDR format.
Click Save.
Click + in the Ports section.
Enter the SSH port number in the Port field and click Save.
This is the SSH port Discover will use to connect.
Verify all fields and click Save.
Click Actions > Run Discover.
Confirm by clicking YES.
Monitor progress by clicking Actions Working. Wait until the status shows Processed, indicating completion.
Follow this guide to run Discover using credentials from BeyondTrust Password Safe:
Logs in directly as root. The PermitRootLogin option must be enabled on the hosts' SSH server.
Username: root Password: root password Privilege Escalation: none
Example:
Logs in with a regular user and escalates to root using su -.
Username: non-privileged user Password: user password Privilege Escalation: su - Privilege Escalation Username: root Privilege Escalation Password: root password
Example:
Uses a sudo user configured with NOPASSWD.
Username: sudo user Password: user password Privilege Escalation: sudo without password
Example:
Uses a sudo user requiring the root password for privilege escalation.
Username: sudo user Password: user password Privilege Escalation: sudo with password Privilege Escalation Password: root password
Example:
Uses SSH keys instead of passwords.
⚠️ Warning: SSH key-based authentication must be configured on all target hosts prior to running Discover. This does not interfere with privilege escalation methods.
Username: SSH key user Auth Type: Key Privilege Escalation: Select as needed Private Key: SSH private key
Example:
Define target networks using CIDR objects.
Multiple CIDRs can be used simultaneously.
/16
255.255.0.0
65,536
/17
255.255.128.0
32,768
/18
255.255.192.0
16,384
/19
255.255.224.0
8,192
/20
255.255.240.0
4,096
/21
255.255.248.0
2,048
/22
255.255.252.0
1,024
/23
255.255.254.0
512
/24
255.255.255.0
256
/25
255.255.255.128
128
/26
255.255.255.192
64
/27
255.255.255.224
32
/28
255.255.255.240
16
/29
255.255.255.248
8
/30
255.255.255.252
4
/31
255.255.255.254
2
/32
255.255.255.255
1
Upload a CSV file with the structure:
name,target CIDR Name,IP/CIDR
Click Upload.
Click Select File.
Upload the file and click Confirm.
Discover will scan all 65,535 TCP ports to detect which one is running SSH.
Adjust the Discover Time Out as follows:
Click Config on the left sidebar.
Click Parameters.
Click Discover.
Adjust timeouts as needed.
The LCC has a Discover Execution Report feature, which includes a summary of Hosts that were found, imported, and those that encountered failures during the process. It also provides a summary of the error to help identify the failure.
To get a Discover report, click Discover in the LCC left sidebar menu.
Click on the desired Discover.
Click the Reports tab and then click on the name of the desired Log.
Click Success or Failed to get the summary of imported Hosts and those that failed during any step of the Discover.
Here is an example of a Discover with a Host having a Failed status.
You can also download the full Log by clicking Download on the desired report. A .zip file will be downloaded containing the report in pdf, csv, html, and xlsx formats.
In some situations, a Host may not be imported into the LCC even with the correct configurations and credentials. This error usually occurs when a Timeout is exceeded in one of the five Discover steps.
To identify if the host is not being imported due to a Timeout, the "Message" field in the Discover report will be empty, as shown in the image below.
Click Logs in the LCC left sidebar menu.
Click Queue.
All tasks executed on the Hosts within the LCC will be displayed.
Click LOG for the desired Discover LCC.
Search for the phrase invalid credentials to display all hosts that failed the test credentials step.
Here are some settings that may cause an invalid credentials log:
Root user with a command interpreter (shell) set to /sbin/nologin, /bin/false, or interpreters with similar behavior.
Incorrect SSH login or privilege escalation credentials.
Root user without a password configured on the Host, especially if using the privilege escalation method "su -".
Searching for the IP address of a desired Host will display all Discover steps related to that address. You can view details of each step by clicking Expand.
For more details on which credential is incorrect, open the Discover Report following the steps in <#how-to-get-a-discover-report>. This example uses the privilege escalation method "su -".
Example of incorrect SSH Login credentials: "invalid/incorrect password".
Example of incorrect Root password: "incorrect su password".
The LCC offers an intuitive log screen with features that make reading and analysis easier, such as keyword search capability.
Click Logs in the LCC left sidebar menu.
Click Queue.
All actions executed on the Hosts within the LCC will be displayed.
Click Log for the desired action.
In the log window, you can get details by clicking Expand and download it by clicking Download.
Each of the five Discover execution steps is also logged and can be reviewed during or after the Discover run.
Search for the word progress in the Log search field.
Several logs will be displayed, each representing part of the execution of one Discover step.
Click Expand to read more details about the logs for the steps at the moment Discover was running.
Interpret the Discover steps:
Phase 1 - Ping: Sends a Ping to all hosts based on the CIDR mask defined in the Discover.
Phase 2 - Search SSH Port: Checks if the port defined in Discover is open or performs a port scan on all 65,535 TCP ports of all CIDR hosts to find the SSH port if the Search SSH Port option is enabled.
Phase 3 - Test Credentials: Tests the credentials on all hosts.
Phase 4 - Import: Imports the host into the LCC after passing all previous steps.
Phase 5 - PAM: This step imports hosts without going through the Ping and Search SSH Port steps because the host is imported using a BeyondTrust Password Safe credential.
Check Search SSH Port if the SSH port is unknown. If enabled, do not fill the Port field and adjust TimeOut settings as explained in .
The first troubleshooting step is to increase the Timeout values for the Discover steps and run it again. See how to adjust the timeout settings in the topic .
