Linux Host Data Source
The Linux Host data source collector discovers user accounts, groups, SSH keys, and logon events on Linux systems and servers. This enables organizations to identify all local and service accounts on Linux infrastructure, track SSH key usage, detect unauthorized access patterns, and support privileged access management for Linux servers.
Permissions
In order to collect identity data from Linux Host, a user or service account with sudo access must be created.
NOTE
The account itself must be able to connect over SSH and read contents of /etc/passwd. SSH public keys require that the account is able to login and execute sudo without a password prompt.
Using Shell Wrappers
The following commands must be enabled in sudo for the target user or service account, if the Elevate with Sudo configuration on the data source is not going to be enabled. Shell wrappers reduce the number of commands executed.
| Wrap Sudo Command in Shell | Commands |
|---|---|
| True | /bin/sh -c * |
| False | /usr/bin/lastlog |
/usr/bin/chage * | |
/usr/bin/getent shadow | |
/usr/sbin/sshd * | |
/usr/bin/cat * | |
/usr/bin/stat * | |
/usr/bin/ssh-keygen * | |
/usr/bin/test * | |
/usr/bin/gzip * | |
/usr/bin/ls * | |
/usr/bin/grep * | |
/usr/bin/find * | |
/usr/bin/file * |
Setting up the Linux Host Data Source
The following guides you through the necessary steps.
Login to your Hydden tenant.
To access the data sources page, navigate to Configuration > Discover and select Data Sources or use the data source URL:
https://portal.hydden.com/configuration/datasource.To add the Linux Host data source, click + Add Data Source.
From the configuration wizard, select the Linux Host logo tile.
For Name enter an easy-to-identify name, especially if several data sources for the same service are to be created.
You may ignore the optional Preset field. When pre-configured data source presets are available for selection from the drop-down, but they can also be added manually via the +. Create a data source preset to bulk import a list of servers.
For Hostname, enter your Linux Host connection URL, for example an IP Address.
If you already created your credential, select that credential from the Credential drop-down. If you have not yet created a credential, click the + to add an Account Credential for your Linux Host instance.
You may ignore the optional Schedule field. To specify a Schedule either select from the list of pre-configured collection schedules or manually enter a new schedule via +.
Under Site, which is an optional field, specify the site that your client is installed, it can also be “default” if there is only one client for your organization.
Check the Elevate with Sudo checkbox, to always run the data collection with sudo privileges.
If not enabled, refer to the Using Shell Wrappers information under Permissions above.
Custom Properties is an optional field, if needed for your organization, enter specific
key=valuepairs, for example, environment=production.Click Add to save the data source. You have an option to manually run the data collection via the Run Now button.
NOTE
If custom mapping rules are required, refer to the Advanced Configuration section in the Data Source Overview topic.
At this point, you can run a collection from the Data Sources page and shortly after, you will see your Linux Host users listed on the Identity Posture dashboard, in Global Search and the Search Library.