Scroll

Cloud Discovery Configuration for Linux

Follow

Cloud Discovery Tool can be installed on a Linux machine. Though it has a UI and CLImode for Linux, usually its CLI version is used, and its UI version is currently not available.

To install and configure Cloud Discovery on a Linux machine, follow the below steps.

Step 1: Installation

  1. Copy the installation file (e.g. CloudDiscovery-3.5.1.96-linux-installer_jre.run) to your Linux machine. Please note that only Redhat and CentOS linux versions are supported.  Recent kernel versions (as of 05/2015) are supported.  Ubuntu is not supported.
  2. Change the file's permission using the chmod command:

    chmod +x /Path/ToFile
  3. Execute the installer:
     

Step 2: License Configuration

Obtain a valid license from Skyfence and save the file locally to your linux machine as license.xml.

Go to the installation directory and follow the example:

  1. Open the tool's installation directory (default folder is /opt/CloudDiscovery). 
  2. Add a license by executing this command: 

    ./cloudDiscoveryConfig.sh --install.license /licensefolder/license.xml

Step 3: Connecting to Management

Connecting the tool to a Management server will allow automatic upload of scans to Management's Discovery Analytics section. Keep in mind that your license must support this feature. For more information, see License XXX.

  1. Input the Management username with this command: (You must create a new username only discovery needs or another existing user with administrative privileges can be used).  Please make sure that user can login through GUI of management console as a validation.

    ./cloudDiscoveryConfig.sh --set.username [username]
  2. Input the Management password with this command:

    ./cloudDiscoveryConfig.sh --set.password [password]

  3. Verify the connection is successful with this command: 

    ./cloudDiscoveryConfig.sh --test.connection

Step 4: Configuring the scan

A .scan configuration file (XML) is used to configure parameters required for the scan. Though this file can be created manually, an existing version of it can be used, since the UI Discovery Tool creates it when executing a scan. By default it would reside under <User>/Documents (for eg. /root/Documents) on a Linux machine with a Cloud Discovery tool that ran at least one scan.

The .scan file looks like this: 

<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
    <scan>
        <lastOutputPathname> </lastOutputPathname>
        <name>MyPaloAltoScanResult</name>
        <task>
            <logFormatName>Palo Alto Networks</logFormatName>
            <pathname> /var/tmp/paloaltologfile1.csv </pathname>
        </task>
    </scan>

Notice the elements in this XML file:

  1. lastOutputPathname: Specifies the path of the tool’s last run. Should remain empty when using the CLI.

  2. name: Specify the name of your scan.

  3. logFormatName: Specify the type of log to be scanned. Note: The name should correspond with one of the available log types as they appear in the Cloud Discovery Tool UI.

  4. pathname: Specify the path to the file or directory in which the log files reside.

Step 5: Run

  1. Run the tool with a specified .scan file, using this command:

    ./cloudDiscoveryCLI.sh -s /location/ToScanFile/ -d /location/ToResultZIPFile/

 

Have more questions? Submit a request

Comments

Powered by Zendesk