This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Community FAQ
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Lansweeper Linux SSH scan doesn't scan all software - Sophos antivirus

ndj
Engaged Sweeper

‎02-06-2025 05:03 PM

I'm scanning Linux computers using SSH credentials. User used for scan has root privileges. Scan works fine just I cannot see all software installed especially software that is not installed as a package. Particularly Sophos antivirus.  

Sophos is installed with installation script (not with package) and it has files located in /opt folder. There is also some "unbundled software" installed in /opt folder. Some are visible in Lansweeper some not. 

If I install LS Agent on a server, then Sophos is shown in list of installed software.

How can I debug scanning of installed software ?

Why some software installed in /opt folder are not visible ?

Thank you in advance, 
NDJ

Labels:
0 Kudos
5 REPLIES 5
ndj
Engaged Sweeper

4 weeks ago

Hi @Gilian ,

thank you for your feedback.

I will update you with more details.

I have installed LSAgent and still there is no Sophos visible in list of installed software. Machine has CentOS Linux 7 installed.

I have also enabled Debug and add mentioned app keys.

ConfigEditorConfigEditor

I'm using admin user with SSH key to login to machine. This user do not require SUDO password. However it seams it cannot read /opt/sophos-spl folder. I'm assuming that there is the issue. Below are peace of log.

[SCAN_192.168.34.60] INFO LOGLINUX DEBUG ls output: ls: cannot access /opt/sophos-spl/*/: No such file or directory
[SCAN_192.168.34.60] INFO LOGLINUX DEBUG Command failed: ls: cannot access /opt/sophos-spl/*/: No such file or directory
[SCAN_192.168.34.60] INFO LOGLINUX DEBUG Executing GetExecutables.
[SCAN_192.168.34.60] INFO LOGLINUX DEBUG find output: find: ‘/opt/sophos-spl’: Permission denied
[SCAN_192.168.34.60] INFO LOGLINUX DEBUG Command failed: find: ‘/opt/sophos-spl’: permission denied

Do you know is this behavior expected? Do I need to open support ticket?

In Log file I also don't see label LogLinuxSoftware. Have I configure ConfigEditor correctly ?

 

 

0 Kudos
Gilian
Product Team
Product Team
In response to ndj

4 weeks ago

It seems the permission on the folder is indeed the issue.
You can verify whether or not the user has access to the folder using either 

ls -ld yourDirectory

or the commands used here: permissions - How to check if a user can access a given file? - Unix & Linux Stack Exchange.

If you need more support on this, you can create a new ticket here: Support Portal - Lansweeper Community

ndj
Engaged Sweeper
In response to Gilian

3 weeks ago

@GilianI cannot create a support ticket. I have done everything is required and populate form an still nobody contact me. Could you please contact someone to check why I cannot open the case ? Thank you in advance.

0 Kudos
ndj
Engaged Sweeper
In response to Gilian

4 weeks ago - last edited 4 weeks ago

User itself (ssh-lsagent) does not have access.

 

[ssh-lsagent@et-web-dev1 ~]$ ls -ld /opt/sophos-spl/
drwx--x--x 9 root sophos-spl-group 99 Nov 26 14:11 /opt/sophos-spl/

 

But it can use SUDO to elevate privilege but somehow it seams SUDO is not used in Lansweeper scanning scripts.

 

[ssh-lsagent@et-web-dev1 ~]$ sudo ls -l /opt/sophos-spl/
total 8
drwx--x--x 11 root sophos-spl-group 4096 Jan 9 18:27 base
drwx------ 2 root root 148 Jan 9 18:27 bin
drwx--x--x 4 root root 36 Nov 26 14:11 logs
drwx--x--x 9 root sophos-spl-group 133 Nov 26 14:12 plugins
drwx--x--x 2 root root 24 Nov 26 14:11 shared
drwxrwx--T 10 root sophos-spl-group 4096 Feb 14 13:20 tmp
drwx--x--x 8 root root 86 Nov 26 14:11 var
[ssh-lsagent@et-web-dev1 ~]$

 

Should Lansweeper use SUDO for the user in scan scripts ? There is an option to specify SUDO password for SSH user in Scanning Credentials section.

0 Kudos
Gilian
Product Team
Product Team

‎02-10-2025 11:44 AM

Hi @ndj ,

If LsAgent can get the Sophos in /opt but remote scanning with SSH credential can't, it means that the user used in in SSH scanning still can't access all contents of /opt it would seem (unless there's a bug of course).

We check out all subfolders in /opt and try to see if there's a /bin or /modules or an executable file included.

You can always open a new support ticket here: Support Portal - Lansweeper Community

When you put your scanning service in debug (see Put the scanning service in debug mode - Lansweeper) and add the following app keys, our support department can help you with the analysis:

LogLinux,
LogLinuxNetwork,
LogLinuxSoftware,
LogLinuxSystemInfo,
LogLinuxDisks

An alternative is that you use custom file discovery to verify whether or not any Linux asset has a specific file present, see Linux file and directory scanning - Lansweeper Community

0 Kudos

General Discussions

Find answers to technical questions about Lansweeper.

New to Lansweeper?

Try Lansweeper For Free

Experience Lansweeper with your own data.
Sign up now for a 14-day free trial.

Try Now