Linux
Description
The Linux connector connects to a server via SSH and reads local user accounts, group memberships, sudo privileges, running services, and scheduled tasks. It supports any Linux distribution that provides standard POSIX interfaces and OpenSSH.
System Type Classification
| Field | Value |
|---|---|
| System Type | Server |
| Default Scan Priority | 200 |
Version Support
| OrbisID Edition | Supported |
|---|---|
| Community | Yes |
| Pro | Yes |
| Enterprise | Yes |
Linux scanning is available in all editions.
Supported Protocols
| Protocol | Port | Notes |
|---|---|---|
| SSH | 22 TCP | Configurable; must be accessible from OrbisID or the On-Premise Agent |
What OrbisID Discovers
| Data | Source |
|---|---|
| Local user accounts | /etc/passwd |
| Group memberships | /etc/group |
| Sudo privileges | /etc/sudoers, /etc/sudoers.d/* |
| Running systemd services | systemctl list-units --type=service |
| Cron jobs | /etc/cron*, /var/spool/cron/ |
| Account status (locked/unlocked) | /etc/shadow password field |
Connection Requirements
Credential Requirements
The credential must be a local or domain account that can authenticate via SSH.
Minimum permissions required:
| Resource | Permission |
|---|---|
/etc/passwd | Read |
/etc/group | Read |
/etc/shadow | Read (for account status) |
/etc/sudoers and /etc/sudoers.d/ | Read |
systemctl output | Execute (non-root users can read service status) |
/var/spool/cron/ | Read (for per-user cron jobs) |
Recommended approach: Create a dedicated service account with read-only access to the above files. Adding the account to the sudo group is not required if the files are readable by the account directly.
For sudo file parsing, the account needs read access to /etc/sudoers (typically root-readable only). Use one of:
- Run the scanner as
root(not recommended) - Grant the service account
sudoaccess tocat /etc/sudoersonly - Use an Access Control List (ACL):
setfacl -m u:orbisid-scanner:r /etc/sudoers
Network Requirements
| Requirement | Detail |
|---|---|
| SSH port accessible | Port 22 (or custom port) must be reachable from OrbisID or the On-Premise Agent |
| SSH key or password | Both authentication methods are supported |
Configuration Steps
- Navigate to Systems in the sidebar
- Click Add System
- Fill in the fields:
| Field | Value |
|---|---|
| Name | Descriptive name (e.g., web-server-01) |
| Hostname / IP | SSH-accessible hostname or IP |
| Port | 22 (or custom SSH port) |
| OS Type | Linux |
| System Type | Server |
| Credential | SSH credential (username + password or SSH key) |
- Click Test Connection to verify SSH access
- Click Save
SSH key authentication is more secure than password-based authentication. Store the private key as an OrbisID credential and use the matching public key on the target server's ~/.ssh/authorized_keys.
Troubleshooting
| Symptom | Likely Cause | Resolution |
|---|---|---|
Connection test fails with Connection refused | SSH not running or port blocked | Verify sshd is running and the port is accessible |
Connection test fails with Authentication failed | Wrong credentials | Verify username, password, or SSH key |
| No sudo entries discovered | Scanner cannot read /etc/sudoers | Grant read permission via ACL or adjust scanner account permissions |
| No service data | systemctl not available | Confirm the system uses systemd; older init-based systems return empty service data |
| Scan succeeds but accounts seem incomplete | Non-standard /etc/passwd or LDAP-integrated users | LDAP/SSSD users are not currently discovered via the Linux scanner |