Linux – Inventory or Audit Installed Linux Software

linuxreportingunix

I am working on a project where we need to be able to tell and report periodically on what software is installed on our various Linux/Unix servers. I have looked at this, How to inventory what software/roles a Linux server is "serving up" to clients?, posting and this, Open-source inventory agent, posting and was not able to locate information that would suggest an answer to my issue. I am not sure that the OCS Agent would report on Linux/Unix servers like it does in Windows. Are there any scripts, open source software, software agents, etc. that can be used to run against a large number of Linux/Unix servers to report on what software is installed and what versions are installed?

=========================

Updates for clarity:

I am looking for a reliable way in which to determine if particular software exists on a Linux/Unix machine. Ideally, this would be a remote solution where I can point it towards the servers in question and have it return the results indicating if the software in question exists on that box or not. Also, should I be concerned about the following issues relating to installed software on a Linux/Unix host?

  1. Software installed from packages
  2. Software installed from source
  3. Software that is installed to an unknown or unexpected location

How would I go about handling these conditions along with finding out if the software exists?

Best Answer

  1. Check package management database
  2. Not perfectly reliable, but scan the entire filesystem for the expected executable or library file names.
  3. Same as #2, but don't count on it if somebody wants to rename netcat to purrmeow, statically compile it, and run it by calling libc instead of a direct execution.

You could try to identify any files using the content of the first few bytes to check for executable magic numbers and then note any that don't have a home. This will take care of accidental or innocent violation installations. You'll be hard-pressed, however, if somebody wanted to put something in place and keep it hidden from you.

To be really sneaky, one could embed an executable in some junk section of file, mmap it, and then memory jump into it. Where there's a will, there's a hacker... so beware of the limitations of whatever method you choose if this is an audit function.

Related Topic