Hi, Has anyone here got any experience with running SCOM (Microsoft's System Center Operations Manager) agent on (RHEL) Linux?
Our admins are used to monitoring Windows servers with SCOM. In particular, they monitor CPU usage, memory usage, disk usage, and all sorts of other stuff. We also have Linux servers, and SCOM has a linux agent. I can understand the admins' desire to use the same - and familiar - tool across the board, even if it is from Microsoft. Let's not discuss this particular issue, OK? However, it looks like the thing requires root permissions not just to install (that would be OK) but also for operation. All I've seen (I admit I have not done a really deep research into the subject) is a bunch of excuses that look rather dodgy (need to access privileged kernel data structures - what's not exposed via /proc or similar?) or downright suspicious (need to spawn processes as other users - what?!?). At the same time, there are enough websites, blogs, whatever by 3rd parties that describe how to run SCOM without root, while our official support say root is mandatory. My only problem is security. It just does not seem reasonable that one needs root privileges to monitor a dedicated server running software that does not itself require root privileges to run. It may not even be acceptable (in cases when the SW is deployed at a customer's data center - this is why we took special care not to require root access for operation of our own system). Can anyone shed the light on the following questions: 1) Is the "official" deployment mode of SCOM (with root, etc.) a security problem (e.g., for a bank where I keep my money and am a very unimportant customer)? I mean, beyond "M$ know zilch about security" statements? 2) If it is deployed without root privileges (can you confirm that this is possible?), what functionality will not work? 3) My understanding is that what it does not like about sudo is passwords - can anyone assess the effect of putting it into sudoers with NOPASSWD for what it needs? Thanks a lot, -- Oleg Goldshmidt | [email protected] _______________________________________________ Linux-il mailing list [email protected] http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il
