Share via

Scan Linux devices

  • Article

This article describes how to scan Linux devices in Movere.

Before you begin

  1. Learn about scanning in Movere.
  2. Check that Linux devices are supported for scanning.
  3. Verify internet access. Devices that upload data payloads directly to the Movere cloud need internet access, and must be able to connect to Movere URLs.
  4. Check the permissions needed for scanning Linux devices.
  5. Check the Movere binaries you need to allow on target Linux devices.
  6. Check the ports used for scanning Linux devices.

Scan from the Console

Scan Linux devices in the Movere Console, as follows:

  1. In the Movere console > Getting Started, select First scan.

  2. To run an inventory scan, select Linux Devices.

  3. In Domains, select the domains you want to scan.

    • By default the Console shows the domain in which the Console machine is located.
    • You can specify a different domain in FQDN format (corp.company.com), by typing into the text box provided.
    • You can scan a single domain, or select multiple domains for a forest-wide scan.
    • For multiple domains, Movere shows all of the domains and trusts that are visible from the domain you specify.

  4. To run an actual resource consumption scan, select Linux ARC. You can only run a resource consumption scan together with an inventory scan.

  5. Click Next.

    Select what you want to scan

  6. If you're running a resource consumption scan, in ARC, specify how often and until when consumption data is collected.

    Note

    B-series VM SKU will be recommended only if atleast 7 days of resource consumption data is collected.Learn More to enable B-series recommendation for all or specific devices.

  7. Optionally select to collect SQL consumption data.

    Schedule actual resource consumption scanning

  8. In Linux Devices, select what you want to scan.

    • For all devices, Movere queries Active Directory. Any devices with the string 'Linux' in the Operating System Name are targeted.
    • For specific devices, enter Linux devices manually with the name or IP address.
    • For specific subnets, every possible IP address in the subnet range is targeted as a Linux device. We recommend using a subnet calculator to ensure that the number of IP addresses is accurate.

    Select Linux devices to scan

  9. In Uploading Scans, select whether you want to automatically upload scans to the Movere portal, and whether you want to upload scans directly from scanned devices. Learn more about data upload options.

    Select an upload method

  10. In Manage Credentials, click Add. In Account type, select Linux.

  11. Select to use a password or SSH private key to access Linux devices for scanning.

    • If you use a password, specify the User Name in the format username@domain.com.
    • If the Linux device is non-domain joined, specify the User Name in the format username.
    • If you use a key, copy the private key into SSH Private Key, and optionally add the passphrase. The account type shows as LinuxKey when you add a key. Movere support Open SSH and RSA SSH private key. Users must inspect the first line of private key and ensure that should be a RSA header private key such as ---BEGIN RSA PRIVATE KEY--- or a OpenSSH header private key such as ---BEGIN OPENSSH PRIVATE KEY---.

    Add scanning credentials

  12. In Credential Mapping, don't make any changes. Movere doesn't map Linux credentials.

    • The Linux account you specified in the previous step is used to scan all Linux devices.
    • If your Linux environment has multiple credentials, run individual scans against Linux devices, using the appropriate credentials.

    Map credentials

  13. In Initiate Scan, click Scan to beginning scanning Linux devices.

  14. Track progress in the progress window.

    • Actions performed during the scan are logged in the Log.service files in the Movere Console/Logs folder.
    • To stop the scan manually, click Stop.
    • When the current scan completes, the Movere console will automatically refresh itself to initiate scan window.

Scan/Rescan from the command line

You can scan Linux devices from the command line. This is useful to:

  • Scan specific Linux devices for the first time.
  • Rescan for specific Linux devices. For example to scan devices missed during a first scan.
  • Rescanning Linux devices from the Console isn't supported.

Run a rescan from the command line as follows:

  1. Create a rescan file that includes the devices you want to scan. Learn more about creating a rescan file. Note that:

    • In the rescan file, Linux targets devices based on the values in the Domain column.
    • Movere uses a single set of credentials to access the Linux devices for scanning.

  2. Add the rescan file (.csv) to the DevicesToRescan folder (in the Movere Console root folder).

  3. In the Movere console > Getting Started, select Rescan.

  4. In What devices would you like to rescan?, select all Linux servers in the specified domain (Linux (All)), or select a custom rescan file.

    • If you select Linux (All), a rescan file is downloaded from your Movere tenant.
    • The rescan file contains Linux devices in an Active state, that haven't been inventoried directly by Movere.

  5. Enable actual resource consumption scanning if required. Then click Next.

  6. In Scanning Method, we recommend you leave the default setting. Learn more.

  7. In Domains, select the domains you want to scan.

  8. If you're running a resource consumption scan, in ARC, specify how often consumption data is collection, and for how long.

  9. Optionally select to collect SQL consumption data.

  10. In Uploading Scans, select how to upload scanned data to Movere.

  11. In Manage Credentials, click Add. In Account type, select Linux.

  12. Select to use a password or SSH private key to access Linux devices for scanning.

    • If you use a password, specify the User Name in the format username@domain.com.
    • If the Linux device is non-domain joined, specify the User Name in the format username.
    • If you use an key, copy the private key into SSH Private Key, and optionally add the passphrase. The account type shows as LinuxKey when you add a key.

  13. In Credential Mapping, don't make any changes. Movere doesn't map Linux credentials.

  14. Close the Movere Console.

  15. Open an elevated command prompt.

  16. Navigate to the Movere Console folder. For example: C:\Movere\Console.

  17. Run a scan. Learn about command line options.

    • To run a Linux inventory scan: Movere.service.exe -linux -rescan:domain.com -upload -startlistener
    • To run a Linux inventory and ARC scan: Movere.service.exe -linux -rescan:domain.com -arc -upload -startlistener
    • To disable automatic uploading, remove the -upload flag from the command line argument.

Next steps

Learn about scanning in Movere.