USER GUIDE

Product Snow Inventory Client for Unix

Version 2.0

Release date 2016-01-22

Document date 2016-01-25

Page 2 of 22

CONTENT ABOUT THIS DOCUMENT ......................................................................................................................................... 3

OVERVIEW ............................................................................................................................................................... 3

OPERATING SYSTEMS SUPPORTED ............................................................................................................................... 3 PREREQUISITES ........................................................................................................................................................ 3

Dependency on other Snow products ............................................................................................................. 3 Privileges ........................................................................................................................................................ 4

EXECUTABLE FILES .................................................................................................................................................... 5 HARDWARE AND SOFTWARE INVENTORY ...................................................................................................................... 6

Running processes repository ......................................................................................................................... 6 File scan .......................................................................................................................................................... 7

ORACLE DATABASE PRODUCTS .................................................................................................................................. 10

INSTALLATION ........................................................................................................................................................ 11

INSTALLATION ON UNIX........................................................................................................................................... 11 JAVA ................................................................................................................................................................... 11 DEFAULT LOCATION OF FILES .................................................................................................................................... 11

CONFIGURATION.................................................................................................................................................... 12

COMMAND LINE PARAMETERS .................................................................................................................................. 12 CONFIGURATION XML FILE ...................................................................................................................................... 13 ENCRYPTION OF PASSWORDS.................................................................................................................................... 15 OUTPUT ............................................................................................................................................................... 15 TRANSPORT OF OUTPUT DATA .................................................................................................................................. 15 USING HTTPS FOR DATA TRANSPORT TO INVENTORY DATA RECEIVER (IDR) ..................................................................... 16 CONFIGURATION IN SEGMENTED NETWORKS ............................................................................................................... 17

RUNNING THE SNOW INVENTORY CLIENT FOR UNIX .............................................................................................. 18

SCHEDULING ......................................................................................................................................................... 19

KNOWN ISSUES ...................................................................................................................................................... 19

APPENDIX A............................................................................................................................................................ 20

CONFIGURATION EXAMPLES ..................................................................................................................................... 20 Example 1: Hardware and software inventory ............................................................................................. 20 Example 2: Hardware, software and Oracle inventory ................................................................................. 20 Example 3: Advanced software configuration .............................................................................................. 21 Example 4: Send result file to IDR ................................................................................................................. 22

Page 3 of 22

ABOUT THIS DOCUMENT This document describes how to configure, install, and run the Snow Inventory Client for Unix.

OVERVIEW The Snow Inventory Client for Unix is a Java program that is locally installed on the computers that are to be inventoried. The benefit of having a locally installed client on each computer is that inventory can be scheduled to occur on a regular basis always giving up-to-date information on hardware and software changes.

The inventory client gathers information about computer hardware and installed software packages from the built-in package manager in Solaris and AIX. Also, the client can scan for software on disks available to the computer. Inventory of Oracle database products using the Snow Inventory Oracle Scanner can be enabled as an option.

Once the agent is installed on the computer it is recommended to schedule it to run at a given interval. This can be achieved by using the built-in scheduling service in Unix or similar.

The Snow Inventory Client for Unix generates an XML file containing the inventory information gathered by the client. The inventory file can be sent to a Snow Inventory Data Receiver (IDR) using http or https. The inventory file needs to be processed by the Snow Integration Manager (formerly known as the Snow External Data Provider) and then imported into the Snow Database using the Snow Inventory Data Processor (IDP).

OPERATING SYSTEMS SUPPORTED For information on supported operating systems, see the document System Requirements for all Snow products, which is available for download at www.snowsoftware.com/int/download.

PREREQUISITES To run the Snow Inventory Client for Unix, the target computer is required to have Java Runtime Environment (JRE) 6.0 (1.6) or later installed. For file scan it is recommended to use JRE 8 (1.8) which significantly will improve scan performance.

NOTE: Due to an internal defect in Java, Java Runtime Environment 1.7.0_7 must not be used. See section Known issues for more information.

DEPENDENCY ON OTHER SNOW PRODUCTS This version of Snow Inventory Client for Unix requires Snow Integration Manager 4.6.01 and Snow

Inventory Data Processor 4.6.05 to be installed on the Snow system platform.

Page 4 of 22

PRIVILEGES There are two privilege options for running the client, and each option is described in the sections below.

Commands like pkginfo, pkgchk must be reachable from the configured path variable in the system.

FULL PRIVILEGES

A user with root privileges or privileges to run the Java runtime with the sudo program is required.

PRINCIPLE OF LEAST PRIVILEGES

A user that has sudo rights to specific operating system commands depending on operating system, see table below. The sudoers file also need to have the NOPASSWD option set.

Example from sudoers file:

User snow has the rights to execute the commands with sudo and no password:

## ## User privilege specification ## root ALL=(ALL) ALL snow ALL=NOPASSWD: /usr/bin/ls -l /proc/* snow ALL=NOPASSWD: /usr/bin/file

Operating system command

Description

file sudo rights needed to get additional file information when performing software inventory

ls Solaris needs this command to read the /proc file system when performing inventory on running processes.

If Oracle scan is activated additional permissions need to be granted.

An Oracle database user is required for each database that is to be inventoried. The user can be the same for all databases and then configured in the configuration file with the <DefaultInstanceCredentials>. The user can also be unique and configured with the <InstancesWithConfiguration>.

Example from sudoers file for Solaris.

User snow has the rights to execute the commands with sudo and no password:

## ## User privilege specification ## root ALL=(ALL) ALL snow ALL=NOPASSWD: /usr/bin/pwdx

Page 5 of 22

Following commands are used for determining OracleHome. If OracleHome is set in the

configuration file, the user doesn’t need sudoers rights to this command.

Operating system Command

Solaris pwdx

AIX and Linux ls

HP-UX pfiles

For more information on Oracle scan, see the User guide for Snow Inventory Oracle Scanner.

EXECUTABLE FILES

Executable Description

unixclient.jar This is the only required file for the Snow Inventory Client for Unix. It is an executable Java archive that performs inventory of hardware, software, and Oracle database products on the current server, on which it is executed.

NOTE: The name of the file must not be changed.

<config>.xml Configuration file used for advanced configuration of the Snow Inventory Client for Unix (optional).

unixclient.log Log file generated when executing unixclient.jar.

sios.properties Properties file containing information about installation date, last run date, Java version, output filename, and version of the Oracle scanner module.

unixclient.properties Properties file containing information about installation date, last run date, Java version, output filename, and version of the Unix client.

<resultfile>.xml The result file from the Snow Inventory Client for Unix.

Page 6 of 22

HARDWARE AND SOFTWARE INVENTORY The Snow Inventory Client for Unix will scan the computer for both hardware and software information relevant to software licensing.

The client performs software inventory by using information in the built-in package manager in AIX and Solaris. From each package the client gathers information on included binary files and related Meta information. Software inventory of package managers is done by default.

There is also a possibility to perform software inventory using scanning of running processes and file scan of specified directories. This can be used as a complement since the package managers don’t always have information on all installed software. Information returned from this scan is less descriptive than the information from the package managers. Software inventory using running processes is performed by default.

NOTE: Unlike previous versions, the Snow Inventory Client for Unix 2.0 does not include any file types in the scanning by default. All file types to be sought for in the running processes scan and the file scan must be defined using the IncludeCriteria element.

RUNNING PROCESSES REPOSITORY When software inventory is performed and includes running processes, information about these processes and the full path to the files will be stored in a running processes repository.

Each time a software scan is initiated a lookup of previously identified running processes is performed to determine if the software is still installed on the server. This will be done even if the process is not currently running at the time of the scan. The result is stored in an encrypted file named tempdata.ser which is placed in the storage path directory.

Information on new software will be added to the repository as they are discovered. When a software is removed from the client it will be removed from the repository as well.

Page 7 of 22

FILE SCAN To scan for files that are not included in the package manager, or that are currently not running when the scan of the computer is performed (i.e. no running processes), it is possible to specify directories and file patterns to be scanned, see principles below. All Include and Exclude rules use wildcard matches, so use * for unknown characters.

DEFINE ONE OR MORE DIRECTORIES TO SCAN

1. Add a directory by specifying it from the root.

2. Use the attribute recursive=”true” to scan subdirectories of the specified directory.

3. Use the attribute unconditionally=”true” to include all files. This attribute will override any values defined in <IncludeCriteria> and <Exclude>.

4. It is possible to combine the attributes in bullet 2 and 3.

5. At the end of the path, specify what file name pattern to use.

Example 1: Include all files in all directories under the directory /opt:

<Software>

<Include>

<path recursive=”true”>/opt/*</path>

</Include>

Example 2: Include all files that begins with “log” (log.1, log.2, etc.) in all directories under the directory /var/log/snow* (i.e. /var/log/snowlog/, var/log/snowtest/, etc):

<Software>

<Include>

<path recursive=”true”>/var/log/snow*/log*</path>

</Include>

Page 8 of 22

DEFINE WHAT FILE SYSTEMS TO INCLUDE IN THE SCAN

The Snow Inventory Client for Unix has built-in detection to avoid scenarios of unintentional scanning of remote mounts, such as CMB/SIFS mounts, as part of the file scanning process. When the file scanner finds a directory it will check if it has the same mount point as its parent. For differing mount points, the scanner will look at the file system of the found directory’s mount point. If the file system is defined in the configuration file as a file system to include, the scanner will continue to scan the directory.

To scan a mount point with a different file system, select one of the following two alternatives:

1. Add the file system to the configuration file.

2. Add the path of the mount point to the configuration file. The scanner always starts at the specified directory and only looks at what type of file system the mount point has, when different from the one of the parent.

Example: Include a file system of type jfs2 (AIX).

<IncludeCriteria>

<FileSystem>jfs2</FileSystem>

<FileSystem>zfs</FileSystem>

</IncludeCriteria>

DEFINE WHAT FILE TYPES TO INCLUDE IN THE SCAN

To include one or more file types in the scan, use the Include rules. Use one FileType row for each file type.

Example 1: Include all files of type ELF executable. The file type description must be ELF[anything]executable[anything].

<IncludeCriteria>

<FileType>ELF*executable*</FileType>

</IncludeCriteria>

Example 2: <IncludeCriteria>

<FileType>java*</FileType> (.jar files)

<FileType>PKZIP (.zip)*</FileType> (.jar files on AIX)

<FileType>ELF*executable*</FileType>

<FileType>64-bit XCOFF executable*</FileType>

<FileType>executable (RISC System/6000)*</FileType>

</IncludeCriteria>

Page 9 of 22

DEFINE WHAT TO EXCLUDE FROM THE SCAN

To exclude a directory or a file pattern from the scan, use the Exclude rules.

Example 1: Exclude a directory under opt.

<Exclude>

<Path>/opt/excluded/</path>

</Exclude>

Example 2: Exclude all files or directories that begins with ~tmp.

<Exclude>

<Path>~tmp*</path>

</Exclude>

Example 3: <Exclude>

<Path>/tmp*</Path>

<Path>*.png</Path>

<Path>*.gif</Path>

<Path>*.jpg</Path>

<Path>*.conf</Path>

<Path>*.txt</Path>

<Path>*.css</Path>

<Path>*.htm*</Path>

<Path>*.sql</Path>

<Path>*.so</Path>

<Path>*.xml</Path>

<Path>*.properties</Path>

<Path>*/oracle/*/audit/*</Path>

</Exclude>

Page 10 of 22

ORACLE DATABASE PRODUCTS The Snow Inventory Client for Unix can also perform inventory of Oracle database products. Automatic discovery and inventory of all Oracle instances on the computer is easily achieved by the Snow Inventory Oracle Scanner (SIOS), which is integrated in Snow Inventory Client for Unix.

To enable Snow Inventory Oracle Scanner, the following configuration option needs to be added to the configuration file of the Snow Inventory Client for Unix:

<OracleScan>true</OracleScan>

There is also an equivalent for the command line:

sudo java –jar unixclient.jar sitename=<A SiteName> oraclescan

This will trigger the client to run SIOS as part of the inventory process, and automatically perform an inventory of all Oracle database instances found. For information on advanced configuration options for the Oracle database inventory, refer to the User guide for Snow Inventory Oracle Scanner.

Page 11 of 22

INSTALLATION

INSTALLATION ON UNIX The Java archive can be placed in any directory on the server, but the suggested path is /opt/snow/.

The first step of the installation is to create the directory where the .jar file will be placed:

$ cd /opt $ mkdir snow

Put the file unixclient.jar in the created directory.

JAVA If the server has the Java runtime in its path, the client can be run as in the examples in the sections that follow. Otherwise the Java runtime needs to be added to the path, alternatively the Java runtime can be started with the path to the Java installation.

Use the commands below to show help and version of the client:

$ sudo java -jar unixclient.jar help

$ sudo java -jar unixclient.jar version

DEFAULT LOCATION OF FILES The table below presents the default locations where the application will put its files if nothing else is configured. The user that started the client must have access to these directories, or the ones specified by configuration.

Location Description

/etc/opt/snow Path where property files will be placed

/var/opt/snow Path where output will be placed (XML and log files)

Page 12 of 22

CONFIGURATION The Snow Inventory Client for Unix can be configured using either command line parameters or a configuration XML file (suitable for more complex configurations).

COMMAND LINE PARAMETERS The only mandatory parameter is the sitename parameter. All other parameters are optional.

Configuration parameters Description

config=<filename> Path and name of configuration file. It overrides all options to the left on the command line.

outputpath=<path> Path to where output and log files will be placed.

sitename=<name> Snow site name i.e MyCorp

storagepath=<path> Path to where properties files will be placed.

oraclescan Oracle scan will be performed.

oracleuser=username Default user name. Will be used on all logins.

oraclepassword=encrypted_password Default user password, encrypted with snowcrypt.

nosoftware Software scan will not be performed.

nohardware Hardware scan will not be performed.

version Shows version of program.

generateconfig Generates an example configuration file. The example file will be generated in the directory from where the command is run.

unixshell=<path> Path to the shell that should be used by the agent. If not defined the sh shell will be used.

posttoidr=<URL> URL to IDR where the output file shall be sent. Example: http://idrhost/TransferXmlFile.ashx

runningprocesses Scans the processes currently running.

help Shows help information.

Page 13 of 22

CONFIGURATION XML FILE Use the following command to generate an example configuration file called ExampleConfig.xml to be saved in the working directory. With this configuration file, a scan of hardware and software can be performed (no Oracle scan).

$ sudo java -jar unixclient.jar generateconfig

The recommendation is to place the configuration file under /etc/opt/snow.

The configuration file is XML based and can contain the following tags:

Parameter Description

<SiteName> Snow Site Name. i.e. MyCorp

<OutputPath> Path to where output and log files will be placed.

<StoragePath> Path to where properties files will be placed.

<HardwareScan> true/false Optional. If left out, true.

<PostResultsToIDR> true/false Optional. If left out, false. If set to true, the XML file will not be saved locally under OutputPath, even if such tag is specified.

<IDRAddress> http://idrhostadress/TransferXmlFile.ashx. https can be used and also port numbers. If https is used, a valid certificate will be needed. Example: https://idrhostadress:9981/TransferXmlFile.ashx

<IgnoreUnknownCA> true/false

<SoftwareConfig> Optional. If left out both package manager and running processes will be scanned.

<RunningProcesses> true/false Scan all currently running processes. Optional. If left out, true.

<PackageManager> true/false Scan the package manager. Optional. If left out, true.

<Software> Main tag for scanning of software in specified directories See section Scanning of specified directories.

<Include>

<Path> Path to directories using wildcard matching.

<Path unconditionally=“VALUE”> VALUE = true/false Optional. If set, the values in IncludeCriteria and Exclude will be omitted.

<Path recursive=“VALUE”> VALUE = true/false Optional. If set to true, subdirectories will be scanned as well.

<IncludeCriteria>

<FileSystem> Define file systems to be included in the file scan. One tag needs to be defined for each file system that is to be included.

<FileType> Define file types to be included in the file scan. One tag needs to be defined for each file type that is to be included.

Page 14 of 22

Parameter Description

<Exclude>

<Path> Path to directories using wildcard matching.

Oracle Specific configuration settings

Parameter Description

<OracleScan> true/false Default = false

<OracleConfig> Main tag of all Oracle specific options. Can be left out, for automatic inventory, if left out none of the configuration below applies.

<DiscoverAllInstances> true/false Must be present if OracleConfig is used.

<IncludeInstances> Only scan specified instances instead of all instances (DiscoverAllInstances must then be set to false). Can be left out.

<SID> Database instance SID. Can be repeated.

<ExcludeInstances> Exclude database instances from being scanned. Can be left out.

<SID> Database instance SID. Can be repeated.

<DefaultInstanceCredentials> Default credentials to use when log into a database instance if no specific credentials is specified for the specific instance. Can be left out.

<User> Tag for specifying Oracle credentials

<Username> Oracle Username

<Password> Oracle password, encrypted with snowcrypt.

<InstancesWithConfiguration> Credentials for specific database instances. Can be left out.

<Instance> Database instance. Can be repeated.

<SID> Database instance SID

<User> Oracle user

<Username> User name

<Password> User password

<OracleHome> Path to the Oracle home for the instance. This value will be used instead of the path found by the automatic discovery.

Page 15 of 22

ENCRYPTION OF PASSWORDS Encryption of passwords used in the configuration file and on the command line can be achieved by using a support program called snowcrypt which is available from Snow Support. It is a Windows only program which is run from a command prompt.

The program is used in the following way, and the result is displayed on the next line of the command prompt:

C:\Snowutils> snowcrypt encryptpass2 MyPassword 145f737f4f357d0ef01ffcc6ee8bd8576ebafcf8e36dfc5ed3c109bae2b24e6f5

OUTPUT Output from Snow Inventory Client for Unix is an XML file containing all inventory information gathered. A log file and a properties file will be created as well.

The output files will be placed in /etc/opt/snow if no output path has been specified (either using command line or a configuration file).

The result file is generated with a new dynamic filename each time the scanner is run.

Example: d424bdfd-0da0-428e-83f7-9b1f0fad6551.xml

TRANSPORT OF OUTPUT DATA The XML files generated by the Snow Inventory Client for Unix needs to be processed by Snow Integration Manager (SIM) before import to the Snow Database using the Snow Inventory Data Processor (IDP).

The XML result file needs to be transferred to the server running SIM and needs to be placed in the directory defined in the SIM for processing using the Snow Inventory Oracle Scanner plug-in.

The built-in functionality of the Snow Inventory Client for Unix can be used to transfer the XML files directly to a Snow Inventory Data Receiver (IDR) installed on the same server running the SIM. Note that the Snow IDR needs to be configured to allow XML file transfers.

The recommended method to transfer the XML result file from a Unix server to a Windows server is via the built-in XML transfer to IDR. If this is not possible FTP or SCP can be used to send the file to an FTP/SCP server, configured on the Windows server running the SIM.

An alternative would be to use CIFS/SMB to transfer the file to a file share on the Windows server running the SIM, and configure SIM to process Snow Inventory Client for Unix result files from that directory.

Page 16 of 22

USING HTTPS FOR DATA TRANSPORT TO INVENTORY DATA RECEIVER (IDR) To use secure data transfer via https, a server certificate needs to be placed in the installation directory of the Snow Inventory Client for Unix. The server certificate needs to be an X.509 public key certificate and have the name *.cer. A Certificate Authority (CA) public key certificate can be used as well. Use the same naming convention as for server.

After installation of the certificate, secure data transfer is enabled by changing the IDR address to start with https. See section above on IDR address.

An alternative to using server certificates is to tell the Snow Inventory Client for Unix to trust all servers. This is done with the following configuration option:

Parameter Description

<IgnoreUnknownCA> true/false If set to true, all server certificates will be trusted.

If the IDR server needs to validate the client as a known user, client certificates can be used. In that case a key store containing the clients’ public and private keys is needed. The key store needs to be in the Personal Information Exchange (PFX) format and have the name client.pfx.

A blank password must be set for the key store. However, for Java versions older than 7u4 (Java version 7 update 4) the password must be set to “Snow123” (without the exclamation marks).

The keys contained in the key store need to be without a password.

NOTE: There is a limitation in file size when sending files to IIS via https and using Client key certificate. It can be fixed by changing the UploadReadAheadSize on the IIS server. If software scanning is used the files will be rather large and we then recommend not to use client certificates. For more information, see this note about the problem:

http://www.microsoft.com/technet/prodtechnol/WindowsServer2003/Library/IIS/7e0d74d3-ca01-4d36-8ac7-6b2ca03fd383.mspx?mfr=true

Page 17 of 22

CONFIGURATION IN SEGMENTED NETWORKS For complex environments with segmented networks and network connectivity limited by firewalls between network segments, multiple Snow Integration Managers (SIMs) could be setup. Configure one or more SIMs for each network segment to receive and transport the output files from the servers running within the network segment.

The SIM servers are then configured to submit their data to the Snow Inventory Data Receiver (IDR) over a permitted port that is configured in the firewall to allow traffic from the SIM Servers to the IDR server.

Illustration of segmented network configuration with multiple SIMs:

Page 18 of 22

RUNNING THE SNOW INVENTORY CLIENT FOR UNIX Below are some examples of how an inventory can be run. The examples assume that the server has the Java runtime in its path.

NOTE: Ideally an inventory agent should be configured not to disturb or consume system resources that are needed for business critical applications running on the server. To achieve this in a Unix environment one would typically use the nice program to set the process priority to low. In the examples that follow niceness is set to 10, but can of course be set to any suitable value.

Use the following command line to perform an inventory of hardware and software on the server. The result and log file will be placed in the directory /var/opt/snow.

$ sudo java -jar unixclient.jar sitename=MyTestSite

Use the following command line to perform an inventory of hardware and software on the server. The client will also automatically detect all Oracle instances running on the server and perform inventory of these databases using the user account running the Oracle Instance. The result and log file will be placed in the directory /var/opt/snow.

$ sudo java -jar unixclient.jar sitename=MyTestSite oraclescan

Use the following command line to perform an inventory of hardware and software on the server using a configuration file. The result and log file will be placed in the directory specified by the OutputPath parameter (or in /var/opt/snow if the parameter is not specified).

$ sudo java -jar unixclient.jar config=/etc/opt/snow/SnowConfig.xml

The latter example using nice:

$ sudo nice –n 10 java -jar unixclient.jar config=/etc/opt/snow/SnowConfig.xml

Page 19 of 22

SCHEDULING In Unix it is recommended to configure the Snow Inventory Client for Unix to run at a given interval using the scheduler, i.e. CronTab (or similar), to perform inventory, and transfer the XML result file to the Snow Integration Manager (SIM) for processing.

In the following example from root Crontab file, the client will run every day at 1:15 in the morning:

15 1 * * * nice -n 10 java -jar /opt/snow/unixclient.jar config=/ opt/snow/configuration.xml

For business critical environments Snow Inventory Client for Unix could be scheduled to run within the regular service maintenance windows for the servers.

KNOWN ISSUES There is a limitation in file size when sending files to IIS via https and using Client key certificates, see section Using HTTPS for data transport to Inventory Data Receiver (IDR).

The Java Runtime Environment (JRE) 1.7.0_07 contains a defect with the consequence that the Oracle inventory does not work. Any server running JRE 1.7.0_07 must upgrade to a later version for the Snow Inventory Oracle Scanner to work properly.

There is a validation on the configuration XML file. This means that some items must be in a specific order in the XML file. In case that a failure occurs related to the configuration file, please check the order of the XML tags.

Page 20 of 22

APPENDIX A

CONFIGURATION EXAMPLES

EXAMPLE 1: HARDWARE AND SOFTWARE INVENTORY Hardware and software inventory information will be gathered from the computer, and the result file and log file will be placed in /var/opt/snow.

<?xml version="1.0" encoding="UTF-8"?> <SnowConfig> <SiteName>MyCorp</SiteName> </SnowConfig>

Command line equivalent:

sudo java -jar unixclient.jar sitename=MyCorp

EXAMPLE 2: HARDWARE, SOFTWARE AND ORACLE INVENTORY Hardware and software inventory information will be gathered from the computer. All Oracle instances on the server will be discovered and inventoried. The result file and log file will be placed in /var/opt/snow.

<?xml version="1.0" encoding="UTF-8"?> <SnowConfig> <SiteName>MyCorp</SiteName> <OracleScan>true</OracleScan> </SnowConfig>

Command line equivalent:

sudo java -jar unixclient.jar sitename=MyCorp oraclescan

Page 21 of 22

EXAMPLE 3: ADVANCED SOFTWARE CONFIGURATION The package manager is scanned as well as all running processes.

Files in directories under /opt/ containing the text snow will be scanned, if IncludeCriteria are met and if Exclude rules do not filter out files. No symbolic links will be followed.

Files in directory /system/ with all sub directories will be scanned, if IncludeCriteria are met and if Exclude rules do not filter out files. No symbolic links will be followed.

File systems to scan if a new mount point is found:

o jfs2

File types to include in the scan:

o File type descriptions containing the words ELF and executable in that particular order

o File type descriptions starting with java archive

o File type descriptions containing the words executable and script in that particular order

Files to exclude from the scan:

o Any file in /opt/snow_old

o Any file name or directory containing the word something

For example, see next page.

Page 22 of 22

The result file and log file will be placed in the sub directory /opt/snow/files.

<?xml version="1.0" encoding="UTF-8"?> <SnowConfig> <SiteName>MyCorp</SiteName> <OutputPath>/opt/snow/files</OutputPath> <Software> <Include> <Path recursive="true" unconditionally="false">/opt/*snow*/*</Path> <Path recursive="true">/system/*</Path> </Include> <IncludeCriteria> <FileSystem>jfs2</FileSystem> <FileType>*ELF*executable*</FileType> <FileType>java archive*</FileType> <FileType>*executable*script*</FileType> </IncludeCriteria> <Exclude> <Path>/opt/snow_old/*</Path> <Path>*something*</Path> </Exclude> </Software> </SnowConfig>

Command line equivalent:

N/A

EXAMPLE 4: SEND RESULT FILE TO IDR The result file will be transferred to the IDR.

<?xml version="1.0" encoding="UTF-8"?>

<SnowConfig>

<SiteName>MyCorp</SiteName>

<PostResultsToIDR>true</PostResultsToIDR>

<IDRAddress>https://idrhostadress:8080/TransferXmlFile.ashx</IDRAddress>

</SnowConfig>

Command line equivalent:

sudo java -jar unixclient.jar sitename=MyCorp oraclescan posttoidr=https://idrhostadress:8080/TransferXmlFile.ashx