Inventory or Audit Installed Linux Software

Question

I am working on a project where we need to be able to tell and report periodically on what software is installed on our various Linux/Unix servers. I have looked at this, How to inventory what software/roles a Linux server is "serving up" to clients?, posting and this, Open-source inventory agent, posting and was not able to locate information that would suggest an answer to my issue. I am not sure that the OCS Agent would report on Linux/Unix servers like it does in Windows. Are there any scripts, open source software, software agents, etc. that can be used to run against a large number of Linux/Unix servers to report on what software is installed and what versions are installed?

=========================

Updates for clarity:

I am looking for a reliable way in which to determine if particular software exists on a Linux/Unix machine. Ideally, this would be a remote solution where I can point it towards the servers in question and have it return the results indicating if the software in question exists on that box or not. Also, should I be concerned about the following issues relating to installed software on a Linux/Unix host?

Software installed from packages
Software installed from source
Software that is installed to an unknown or unexpected location

How would I go about handling these conditions along with finding out if the software exists?

I use Ansible and Ansible-CMDB to create my HTML inventory portal. Also to add more feature, I showed some ways how to tweak ansible-cmdb. Its agentless and very easy to use. Some days back I [blogged about it on tunnelix.com](https://tunnelix.com/an-agentless-servers-inventory-with-ansible-ansible-cmdb/) — Nitin J Mutkawoa, Apr 30 '19 at 14:09

score 4 · Answer 1 · answered May 09 '12 at 15:22

Check package management database
Not perfectly reliable, but scan the entire filesystem for the expected executable or library file names.
Same as #2, but don't count on it if somebody wants to rename netcat to purrmeow, statically compile it, and run it by calling libc instead of a direct execution.

You could try to identify any files using the content of the first few bytes to check for executable magic numbers and then note any that don't have a home. This will take care of accidental or innocent violation installations. You'll be hard-pressed, however, if somebody wanted to put something in place and keep it hidden from you.

To be really sneaky, one could embed an executable in some junk section of file, mmap it, and then memory jump into it. Where there's a will, there's a hacker... so beware of the limitations of whatever method you choose if this is an audit function.

score 2 · Answer 2 · answered May 08 '12 at 15:01

2

This wouldn't actually be all that difficult to script up manually via ssh.

That said, I think you're going about this the wrong way. You ought to start deploying via a configuration management system which will ensure your servers are in a specific, reproducible, version-controlled state.

answered May 08 '12 at 15:01

EEAA

108,414
18
172
242

I would agree that configuration management is the way to go. That is in the works for new server builds. However, we have a lot of server builds that do not match such a standard. Could you share some more ideas that you had about such a script? – John May 08 '12 at 15:03
Well, I don't have time to write up a real script at the moment, but I just envision something that would ssh into each server, run `dpkg -l` or `rpm -qa`, then dump the results into a database or flat files for summarizing/aggregation. – EEAA May 08 '12 at 15:05
Even with configuration management, you need to reverse engineer what is on existing servers unless literally all software is guaranteed to have been produced by the configuration management configuration. This is no longer the case as soon as you have users who can write shell scripts and create cron tabs to run them, or database accounts with the freedom to create stored procedures, or the freedom to create ssh connections to automatically run software remotely, or whatever other scenario you can think of. – reinierpost Apr 20 '16 at 08:27

score 2 · Answer 3 · answered May 08 '12 at 15:04

2

ErikA is giving you sound advice. Instead of guessing what you have running, you should specify what you want running.

But maybe blueprint can help you get from your current state to the one you should be in.

answered May 08 '12 at 15:04

ptman

27,124
2
26
45

+1 for using Blueprint to do this. – ewwhite May 08 '12 at 15:08
Blueprint appears to be abandonware. Is anyone picking it up or at least still using it? – reinierpost Apr 20 '16 at 14:32

score 2 · Answer 4 · answered May 08 '12 at 15:08

2

What OS are you running? You can pull this information from your system's package manager (rpm -qa), SNMP (using something like snmpwalk -v2c -c communityname hostname 1.3.6.1.2.1.25.6.3.1.2), or a configuration management solution of your choice... The earlier Blueprint recommendation is very good, too.

answered May 08 '12 at 15:08

ewwhite

194,921
91
434
799

This answer is too brief. The OP specifically states not to list packages software only. – reinierpost Apr 20 '16 at 14:34

score 1 · Answer 5 · answered May 09 '12 at 00:43

1

You could take a look at the stand alone linux (Ubuntu, Fedora, etc) audit script for Open-AudIT. It's a bit dated, but should provide what you are after.

http://www.open-audit.org/downloads.php

Disclaimer - I am the developer.

answered May 09 '12 at 00:43

Mark Unwin

255
1
6

score 0 · Answer 6 · answered Apr 30 '19 at 15:12

0

We've used OCS Inventory with reasonable success. https://www.ocsinventory-ng.org/en/

answered Apr 30 '19 at 15:12

darrend

156
1
3

Inventory or Audit Installed Linux Software

6 Answers6