Configure
Auto Discover Target
on Enterprise Manager Cloud Control 12c Release 4
on Enterprise Manager Cloud Control 12c Release 4
If we’ll use auto discovery, we need an
active agent to discover targets in network. This agent can scan local services
or network. “Nmap”
is used for scanning network. Nmap requires root privileges to be able to use
raw sockets for “Syn Scanning” (a method to detect open ports through
firewalls). So we need to configure “privilege delegation” in the host of our
agent (which we’ll use for scanning).
Setup privilege delegation parameters
Configuring Auto Discover Target
Click Setup > Add Target > Configure
Auto Discovery
Output Log
[root@oem252 Server]# yum install
-y subversion
Loaded plugins: rhnplugin, security
This system is not registered with ULN.
You can use up2date --register to register.
ULN support will be disabled.
Setting up Install Process
Resolving Dependencies
--> Running transaction check
---> Package subversion.i386 0:1.6.11-11.el5_9
set to be updated
--> Processing Dependency: libapr-1.so.0 for
package: subversion
--> Processing Dependency: libaprutil-1.so.0 for
package: subversion
--> Processing Dependency: libneon.so.25 for
package: subversion
---> Package subversion.x86_64 0:1.6.11-11.el5_9
set to be updated
--> Running transaction check
---> Package apr.i386 0:1.2.7-11.el5_6.5 set to
be updated
---> Package apr-util.i386 0:1.2.7-11.el5_5.2 set
to be updated
--> Processing Dependency: libpq.so.4 for
package: apr-util
---> Package neon.i386 0:0.25.5-10.el5_4.1 set to
be updated
--> Running transaction check
---> Package postgresql-libs.i386
0:8.1.23-6.el5_8 set to be updated
--> Finished Dependency Resolution
Dependencies Resolved
=============================================================================================================================================
Package Arch Version Repository Size
=============================================================================================================================================
Installing:
subversion i386 1.6.11-11.el5_9 MailRepo 3.1 M
subversion x86_64 1.6.11-11.el5_9 MailRepo 3.2 M
Installing for dependencies:
apr i386 1.2.7-11.el5_6.5 MailRepo 124 k
apr-util i386 1.2.7-11.el5_5.2 MailRepo 80 k
neon i386 0.25.5-10.el5_4.1 MailRepo 101 k
postgresql-libs i386 8.1.23-6.el5_8 MailRepo 197 k
Transaction Summary
=============================================================================================================================================
Install
6 Package(s)
Upgrade 0 Package(s)
Total download size: 6.9 M
Downloading Packages:
---------------------------------------------------------------------------------------------------------------------------------------------
Total 2.6
GB/s | 6.9 MB 00:00
Running rpm_check_debug
Running Transaction Test
Finished Transaction Test
Transaction Test Succeeded
Running Transaction
Installing : neon
1/6
Installing : apr
2/6
Installing :
postgresql-libs
3/6
Installing : subversion
4/6
Installing : apr-util
5/6
Installing : subversion 6/6
Installed:
subversion.i386
0:1.6.11-11.el5_9
subversion.x86_64 0:1.6.11-11.el5_9
Dependency Installed:
apr.i386
0:1.2.7-11.el5_6.5 apr-util.i386
0:1.2.7-11.el5_5.2 neon.i386
0:0.25.5-10.el5_4.1
postgresql-libs.i386 0:8.1.23-6.el5_8
Complete!
[root@oem252 Server]# rpm -qa | grep -i subversion
subversion-1.6.11-11.el5_9
subversion-1.6.11-11.el5_9
VERIFY nmap
[oracle@oem252 bin]$ cd /u01/app/oracle/Agent12cR4/agent_inst/discovery/nmap/bin
[oracle@oem252 bin]$
/u01/app/oracle/Agent12cR4/agent_inst/discovery/nmap/bin/nmap
Nmap 6.40 ( http://nmap.org )
Usage: nmap [Scan Type(s)] [Options] {target
specification}
TARGET SPECIFICATION:
Can pass
hostnames, IP addresses, networks, etc.
Ex:
scanme.nmap.org, microsoft.com/24, 192.168.0.1; 10.0.0-255.1-254
-iL
<inputfilename>: Input from list of hosts/networks
-iR <num
hosts>: Choose random targets
--exclude
<host1[,host2][,host3],...>: Exclude hosts/networks
--excludefile <exclude_file>: Exclude list from file
HOST DISCOVERY:
-sL: List
Scan - simply list targets to scan
-sn: Ping
Scan - disable port scan
-Pn: Treat
all hosts as online -- skip host discovery
-PS/PA/PU/PY[portlist]: TCP SYN/ACK, UDP or SCTP discovery to given
ports
-PE/PP/PM:
ICMP echo, timestamp, and netmask request discovery probes
-PO[protocol
list]: IP Protocol Ping
-n/-R: Never
do DNS resolution/Always resolve [default: sometimes]
--dns-servers <serv1[,serv2],...>: Specify custom DNS servers
--system-dns: Use OS's DNS resolver
--traceroute: Trace hop path to each host
SCAN TECHNIQUES:
-sS/sT/sA/sW/sM: TCP SYN/Connect()/ACK/Window/Maimon scans
-sU: UDP
Scan
-sN/sF/sX:
TCP Null, FIN, and Xmas scans
--scanflags
<flags>: Customize TCP scan flags
-sI
<zombie host[:probeport]>: Idle scan
-sY/sZ: SCTP
INIT/COOKIE-ECHO scans
-sO: IP
protocol scan
-b <FTP relay
host>: FTP bounce scan
PORT SPECIFICATION AND SCAN ORDER:
-p <port
ranges>: Only scan specified ports
Ex: -p22;
-p1-65535; -p U:53,111,137,T:21-25,80,139,8080,S:9
-F: Fast
mode - Scan fewer ports than the default scan
-r: Scan
ports consecutively - don't randomize
--top-ports
<number>: Scan <number> most common ports
--port-ratio
<ratio>: Scan ports more common than <ratio>
SERVICE/VERSION DETECTION:
-sV: Probe
open ports to determine service/version info
--version-intensity
<level>: Set from 0 (light) to 9 (try all probes)
--version-light: Limit to most likely probes (intensity 2)
--version-all: Try every single probe (intensity 9)
--version-trace: Show detailed version scan activity (for debugging)
SCRIPT SCAN:
-sC:
equivalent to --script=default
--script=<Lua scripts>: <Lua scripts> is a comma separated
list of
directories, script-files or script-categories
--script-args=<n1=v1,[n2=v2,...]>: provide arguments to scripts
--script-args-file=filename: provide NSE script args in a file
--script-trace: Show all data sent and received
--script-updatedb: Update the script database.
--script-help=<Lua scripts>: Show help about scripts.
<Lua scripts> is a comma separted list of script-files or
script-categories.
OS DETECTION:
-O: Enable
OS detection
--osscan-limit: Limit OS detection to promising targets
--osscan-guess: Guess OS more aggressively
TIMING AND PERFORMANCE:
Options
which take <time> are in seconds, or append 'ms' (milliseconds),
's'
(seconds), 'm' (minutes), or 'h' (hours) to the value (e.g. 30m).
-T<0-5>: Set timing template (higher is faster)
--min-hostgroup/max-hostgroup <size>: Parallel host scan group
sizes
--min-parallelism/max-parallelism <numprobes>: Probe
parallelization
--min-rtt-timeout/max-rtt-timeout/initial-rtt-timeout <time>:
Specifies
probe
round trip time.
--max-retries <tries>: Caps number of port scan probe
retransmissions.
--host-timeout <time>: Give up on target after this long
--scan-delay/--max-scan-delay <time>: Adjust delay between probes
--min-rate
<number>: Send packets no slower than <number> per second
--max-rate
<number>: Send packets no faster than <number> per second
FIREWALL/IDS EVASION AND SPOOFING:
-f; --mtu
<val>: fragment packets (optionally w/given MTU)
-D
<decoy1,decoy2[,ME],...>: Cloak a scan with decoys
-S
<IP_Address>: Spoof source address
-e
<iface>: Use specified interface
-g/--source-port
<portnum>: Use given port number
--data-length <num>: Append random data to sent packets
--ip-options
<options>: Send packets with specified ip options
--ttl
<val>: Set IP time-to-live field
--spoof-mac
<mac address/prefix/vendor name>: Spoof your MAC address
--badsum:
Send packets with a bogus TCP/UDP/SCTP checksum
OUTPUT:
-oN/-oX/-oS/-oG <file>: Output scan in normal, XML, s|<rIpt
kIddi3,
and
Grepable format, respectively, to the given filename.
-oA
<basename>: Output in the three major formats at once
-v: Increase
verbosity level (use -vv or more for greater effect)
-d: Increase
debugging level (use -dd or more for greater effect)
--reason:
Display the reason a port is in a particular state
--open: Only
show open (or possibly open) ports
--packet-trace: Show all packets sent and received
--iflist:
Print host interfaces and routes (for debugging)
--log-errors: Log errors/warnings to the normal-format output file
--append-output: Append to rather than clobber specified output files
--resume
<filename>: Resume an aborted scan
--stylesheet
<path/URL>: XSL stylesheet to transform XML output to HTML
--webxml:
Reference stylesheet from Nmap.Org for more portable XML
--no-stylesheet: Prevent associating of XSL stylesheet w/XML output
MISC:
-6: Enable
IPv6 scanning
-A: Enable
OS detection, version detection, script scanning, and traceroute
--datadir
<dirname>: Specify custom Nmap data file location
--send-eth/--send-ip: Send using raw ethernet frames or IP packets
--privileged: Assume that the user is fully privileged
--unprivileged: Assume the user lacks raw socket privileges
-V: Print
version number
-h: Print
this help summary page.
EXAMPLES:
nmap -v -A
scanme.nmap.org
nmap -v -sn
192.168.0.0/16 10.0.0.0/8
nmap -v -iR
10000 -Pn -p 80
SEE THE MAN PAGE (http://nmap.org/book/man.html) FOR
MORE OPTIONS AND EXAMPLES
Checking again
[root@oem252
Server]# cd /usr/lib64/
[root@oem252 lib64]# ls -l
libsvn_client-1.so.0
lrwxrwxrwx 1
root root 24 Aug 12 12:20 libsvn_client-1.so.0 -> libsvn_client-1.so.0.0.0
Add hostname / IP Address (Range like
1-100) and Save and Submit Jobs. This time job got succeeded.
Verify Auto Discovery Result……..
Now we can promote our discover target and
deployment agent as per our need.
No comments:
Post a Comment