Linux/UNIX MAP agent 9.0 SP2 - Community - LANDesk

Release notes: 

Linux/UNIX MAP agent 9.0 SP2 

Linux/Unix Support 

The Linux/UNIX MAP agent supports the following OS's: 

 

 

 

 

 

 

 

Red Hat Enterprise Server 5 64-bit 

CentOS Server 5 64-bit 

Solaris 10 Intel 64-bit 

Solaris 10 Sparc 64-bit 

HP-UX Itanium 11.23v2 64-bit 

HP-UX Itanium 11.31v3 64-bit 

HP-UX PA-Risc 11.11v1 64-bit 

General Architecture 

The LANDesk agent has been redesigned to use component architecture. This new architecture 

improves the portability of the agent as well as the testability. 

There are four key components to the agent, and several smaller "sub-components" that provide, or 

add additional functionality and feature support to the agent. 

The first of the key components is the Common Base Agent (cba). This is a daemon which listens 

on a several different network ports for incoming requests from the LANDesk core server and responds 

to specific requests. Requests would be things like starting a vulnerability scan or starting an 

inventory scan. 

The second key component is the Scheduler (map-scheduler). As its name implies, this component 

is responsible for scheduling jobs. Jobs descriptions can vary from high level job descriptions like 

"inventory scan" to launching the individual sub-components responsible for scanning specific data or 

services and reporting data back to the core servers. 

The third key component is the Scraper (map-scraper). Its main task is to assemble data gathered 

from a number of independent scanner modules, and normalize the data in a local "data store" which 

can then be consumed by various other tasks and report generators. 

The fourth of the key components is the Reporter (map-reporter). The job of this component is to 

format data previously stored in the local "data store" and create reports of various formats that can 

be consumed by the LANDesk core server. 

The additional sub-components mentioned above can be broken into 3 categories: 

 

 

 

Scanners - responsible for scanning specific types of hardware or software data which is then 

consumed by the Scraper. Scanners are scheduled at different intervals depending on the 

types of data scanned and the frequency of anticipated change for that data type. 

Shims - responsible for converting requests from the core into job descriptions which can be 

consumed by the Scheduler. Since current implementations of the LANDesk core server only 

know about specific programs on the agents, shims were created to handle these specific 

requests and schedule the appropriate tasks in the Scheduler. 

Helpers - tools and utilities that move or manipulate data in specific ways. Some of the 

more important helpers are: 

Release notes: Linux/UNIX MAP agent 9.0 SP2 19 November 2010 page 1 

Copyright © 2010 LANDesk Software, Inc. and its affiliates. All rights reserved.

Technical notes 

• Proxyhost (proxyhost) - a helper that determines how to communicate with the 

core server and manages the routes and transmission of data. 

• Sender (map-sender) - a tool used to assemble data intended to be sent to the 

LANDesk core server, formats the data appropriately for the destination and invokes 

the proxyhost helper to transmit the data to the core. 

• Fetcher (map-fetcher) - a tool used to request agent specific configuration data 

from the LANDesk core server, and cache the data where it can be consumed by the 

various components and scanners. 

Much of the data passed between the various components and sub-components is passed as XML 

data. This makes it possible to stop one component (scraper for example) and verify that the subcomponents 

(scanners) are producing appropriate data. In the installation, various sub-directories are 

used as temporary repositories for this data. The XML data is also validated by schema files (XML- 

DTD files) which can be found in the schemas directory. 

Major Component details 

CBA 

/opt/landesk/bin/cba 

A daemon that receives communications from the LANDesk core server. CBA will listen on several 

network ports (9593, 9594, 9595). The port used for a specific request depends on the request type, 

and the specific authentication required. Authenticated connections use SSL connections based on 

X509 certificate-based authentication and require a certificate to be installed that was generated by 

the LANDesk core sever. When the core server wants to force the agent to perform an immediate or 

scheduled inventory scan, vulnerability scan, or heartbeat request, it sends the request to this 

component. 

Shims 

/opt/landesk/bin/ldiscan 

This file produces a job XML with all the necessary tasks for the Scheduler to perform a complete or 

partial inventory scan and forward the results in the form of an inventory report to the core server. 

Executing this command will place the XML in the /opt/landesk/jobs directory. Using the ldiscan 

command without options will create a job based on core inventory settings and calls to the reporter 

and sender to deliver an inventory report to the core. The core calls ldiscan through the CBA daemon 

on the client, usually with no command line options. You can see these core inventory settings by 

clicking the Configure > Services menu option, then clicking the Inventory tab and the Advanced 

settings button. There are only two options the new Linux/UNIX agent pays attention to: 

 

 

Off-Core Inventory Server - if specified, this sends the inventory to an off-core inventory 

server other than the core making the request. 

Send Software File info - if this parameter set to a value of 1, ldiscan schedules a job with 

the file and software package scan. 

These core inventory parameters are stored in /opt/landesk/etc/ldconfig.xml. Note that the command 

line options will override the core inventory settings if they are used. 

In order to achieve backward compatibility, this shim supports most of the command line options that 

were available in previous versions of the LANDesk agent ldiscan tool. The -o option will write out to a 

specified file instead of sending the results to the core. The -f- option will create a job with all the 

scanners except the file and software package scanner and call the reporter and sender. The -f option 

will call all the scanners, the reporter, and sender. 



In a typical job ldiscan first determines which scanners to run from the /opt/landesk/etc/ldconfig.xml 

file, based on the command line options or inventory settings. This ldiconfig.xml maps the components 

(scanners, reporters, sender) found in the job.xml to an actual running executable. All the scanners in 

the job.xml will be marked with a sync="yes" parameter. This tells the scheduler to wait for the 

scraper to process the scanner.xml into the local database before marking this job finished and 

moving on to the next task. The scanners may run all at the same time, placing their scan data into 

the /opt/landesk/scan_repository directory where the scraper pulls the XML out, puts it into the 

database, and then places a job completion XML back into the /opt/landesk/jobs directory. This job 

completion XML has a unique job GUID to identify the individual scan job, and a task ID to identify the 

task ID of the scanner in the job.xml. The scheduler will then mark the job finished and then move on 

once all the scanners are complete. Next in the job.xml file is a task for the reporter which is 

dependent on all the scanners completing. If one scanner fails, the reporter will never run and the 

whole job will fail. The reporter creates the scn file from the database, then exits. The next job is the 

sender, it is dependent on the reporter completing. It will send the .scn file through proxy host to the 

core. 

/opt/landesk/bin/vulscan 

This creates a job XML with all the necessary commands to execute a vulnerability scan. It places the 

job.xml in the /opt/landesk/jobs directory. A typical job will contain a task to call the vulnerability 

fetcher (map-fetchvuldefs) binary to download vulnerability definitions for which the vulnerability 

scanner will use (this is downloaded to /opt/landesk/var/vuldefs/vuldefs.xml). The vulnerability 

scanner (map-vulscan) is tasked next to do the actual vulnerability scan with the definitions and 

setting supplied by the fetcher and the scanners. The vulscan scanner is dependent on the 

vulnerability fetcher tasks completing successfully. When the vulnerability scanner processes the 

vulnerability definitions it places the results in the scan_repository directory for the Scraper to be 

process the results in the local database. Once the vulnerability information is placed in the database, 

the Reporter (map-vulreporter) and the Sender (map-sender) are then called to create the XML 

vulnerability report and send it to the core. 

Scanners 

The scanners basically just scan various software and hardware resources and place the results into 

the /opt/landesk/scan_repository. The scanners are as follows: 

/opt/landesk/bin/map-drivescan - Retrieves hard drive information from the client system. 

/opt/landesk/bin/map-filescan - Retrieves file information from the client system. 

/opt/landesk/bin/map-networkconfigscan - Retrieves network address and hardware information from 

the system. 

/opt/landesk/bin/map-packagescan - Retrieves software package information from the client system. 

/opt/landesk/bin/map-versionscan - Retreives LANDesk Management agent versioning information 

from the client system. 

/opt/landesk/bin/map-cpuscan - Retrieves processor information from the client system. 

/opt/landesk/bin/map-envarscan - Retrieves environmental variable information from the client 

system. 

/opt/landesk/bin/map-mountscan - Retrieves mounted file system information from the client system. 

/opt/landesk/bin/map-osscan - Retrieves operating specific information from the client system. 

/opt/landesk/bin/map-systemscan -Retrieves system specific information like make, model, 

motherboard information from the client system. 

/opt/landesk/memoryscan - Retrieves memory information from the client system. 

/op/landesk/map-vulscan - Scans the database looking for vulnerabilities based on the file and 

package scans. 



Scheduler Daemon 

/opt/landesk/bin/map-scheduler 

As discussed previously, the scheduler daemon coordinates all the various processes via job.xml to 

accomplish vulnerability and inventory scans as defined by the vulscan and ldiscan shims. It can 

sequence when executables run, running executables at scheduler times or upon startup of the 

scheduler. Jobs can be scheduled to be dependent on the completion of other jobs, and can be 

configured to run exclusively. Certain jobs, like certain scanners, are configured on a repeating 

schedule. 

Scraper Daemon 

/opt/landesk/bin/map-scraper 

As discussed previously, the scraper daemon manages the validation, normalization and storage of 

data into the local database cache. Currently the agent uses a sqlite database 

(/opt/landesk/ldconfig.db). 

Reporter 

/opt/landesk/bin/map-reporter 

This creates inventory reports to be submitted to the core. 

/opt/landesk/bin/map-vulreporter 

This creates vulnerability reports in XML format to be posted to the core. 

Sender 

/opt/landesk/bin/map-sender 

Formats and sends reports such as inventory and vulnerability scan files to the LANDesk core, 

encrypted through proxyhost. 

Fetchers 

/opt/landesk/bin/map-fetchvuldefs 

Pulls down the vulnerabilities from the core based on the command line options or the core, 

platformid, and language parameters in /opt/landesk/etc/landesk.conf directory. These must be set 

for it to work correctly. 

/opt/landesk/bin/map-fetchinvsettings 

Brings down core inventory settings which the core uses to tell the client how to scan the client, such 

as including the software scan, intermediate file extension, and alternate inventory server. These are 

used when ldiscan is called with no options or from the core. The inventory settings fetcher is called 

by ldiscan before it creates a scheduled task, to bring down the latest core inventory settings. 

Command line options supplied to ldiscan will override the settings fetched by map-fetchinvsettings. 

Other files to be aware of 

/opt/landesk/etc/landesk.conf 

This file should look similar to the /etc/ldiscnux.conf from past Linux/UNIX agents. This file keeps 

track of the Device ID of the client machine, the core it reports to, and various other parameters 

necessary for the client to function. 

/opt/landesk/etc/ldconfig.xml 

This file is used by the ldiscan shim to determine what scanners to include in an inventory scan. It 

tells the scheduler where the executables referenced in the job XML are to be found. It also supplies 

the version scanner with information on which LANDesk Management Agent executables in needs to 

query for versioning information for inventory. 



opt/landesk/schemas/* 

Contains DTD files which define the schema for the database, and also allow the scraper if a 

scanner.xml is valid or not. 

/opt/landesk/var 

This is the location to download vulnerability definitions, a place to store certificates, and intermediate 

files used by the reporters and senders. 

Core Installation 

The installation of the new Linux/UNIX MAP agent requires the installation of three patches: 

1. CRUnix-90 and CR52143-90. Install the CRUnix-90 patch first by executing the setup.exe 

contained in the CRUnix-90 folder. This patch contains the Linux/UNIX tar balls. 

2. Install Patch CR52586-90. This patch contains Linux uninstall scripts for the 32 Bit and 64 bit 

agent. 

3. Then run the setup from the CR52143-90 folder. This patch allows you to install the 32bit 

Linux agent as well as the 64 bit agent. This will require a reboot of the core. 

Client Installation 

Linux Prerequisites 

openssl-0.9.8e.12.el5_4.6 64-bit or any version of open ssl 9.8e or greater 

systat-7.0.0-3.e15 64-bit version of the rpm 

compat-libstdc++-33-3.2.3-61 64-bit version of the rpm 

Client Deployment through Client Push 

Client installation can be performed from the core as an agent push just like you would push the old 

32-bit Linux/UNIX agent. 

1. Create a new UNIX/Linux Agent configuration on the core's console from the Agent 

configuration tool. When making a Linux agent configuration, make sure the 64-bit agent 

check box is selected or else you will install the 32-bit agent. Also note: do not use the Default 

HP-UX or Default Linux configuration unless you want to install the 32-bit agent. 

2. Make sure you have the root passwords defined for the scheduler service. This can be done by 

clicking the Configure > Services menu option, then clicking the Scheduler tab and the 

Change login button. You can then add the root passwords so the scheduler service has 

access to Unix/Linux to install the agent. 

3. Use the Unmanaged device discovery tool to discover the Unix/Linux systems, then drag 

and drop them on the appropriate agent configuration. 

4. Right-click on the scheduled task and select Run now. The agent will be deployed. 

5. If you are deploying the agent on Red Hat 5 Linux Server and have the 32-bit agent installed, 

you must remove the 32-bit agent first. Just copy the ./linuxuninstall.tar.gz tarball to your 

temporary install directory on the client or flash drive. Once on the client machine, untar the 

linuxuninstall.tar.gz with the "tar zxvf linuxunistall.tar.gz" command, then run the install with 

the "./linuxuninstall.sh" command. 



Manual Client Installation 

1. On the core server console, open the agent configuration tool and create a new agent 

configuration for Linux/Solaris/HP-UX. On Linux, make sure the 64-bit agent check box is 

selected. Remember the name of the agent configuration you created, because it is used in 

the name of the master install script in the C:\Program 

Files\LANDesk\ManagementSuite\ldlogon directory with .sh appended to the end of it. (For 

example, if you create an HP agent configuration named "HP64bit" the master install script in 

the ldlogon directory on the core will be named "HP64bit.sh"). 

2. Copy the master install script down to the client in a temporary directory like /tmp/install or to 

a flash drive. 

3. Copy the core certificate from the ldlogon directory on the core to your temp install directory 

on your client or to your flash drive. The core certificate is a 9 digit .0 file (such as 

932123948.0); it is the only .0 file in the ldlogon directory on the core. 

4. From the C:\Program Files\LANDesk\ManagementSuite\ldlogon\unix\ folder (where 

is either linux, solaris, or hpux), copy baseclient64.tar.gz and vulscan64.tar.gz to 

your temporary install directory on your client or to your flash drive. Make sure you copy the 

correct tar balls for the appropriate client. 

5. If you are deploying the agent on Red Hat 5 Linux Server and have the 32-bit agent installed, 

you must remove the 32-bit agent first. Just copy the ./linuxuninstall.tar.gz tarball to your 

temporary install directory on the client or flash drive. Once on the client machine, untar the 

linuxuninstall.tar.gz with the "tar zxvf linuxunistall.tar.gz" command, then run the install with 

the "./linuxuninstall.sh" command. 

6. Once all these files are copied to the client or the flash drive is plugged into the client, from 

the shell, change directory to the your install directory and do the following: 

chmod +x master-install-script.sh 

master install script) 

(where master-install-script.sh is the name of your 

./master-install-script.sh 

This will install your client for you. A few minutes after installation the core will receive an inventory 

and vulnerability scan from the client, if the core is reachable from the client. 

Known Issues 

 

 

 

Do not use the master install scripts or deploy agents from the Default HP-UX Agent or Default 

Linux Agent Configuration if you're intending to install the 64-bit agent. These will install the 

32-bit agent only. 

CR00052389: PXE holding queue node appears in the Solaris Inventory which is not relevant 

to the 64-bit Solaris agent. 

CR00052382: (HPUX) When pushing a latest build HP-UX agent to a HP-UX box with an older 

build, some older components are not removed before the installation. Workaround is to 

completely remove the HP-UX agent before re-installing. This can be accomplished with the 

following commands in the following order: swremove vulscan; swremove ldiscan;, swremove 

cba8; swremove lddeppkg; rm -rf /opt/landesk; rm -rf /usr/LANDesk; rm /var/run/map-*. If 

you have to remove the old 32-bit agent, use the following commands from a shell: swremove 

vulscan; swremove ldiscan;, swremove cba8; swremove pds2; rm -rf /usr/LANDesk; 

CR00052308: (Linux) No failure message is displayed when the user executes "ldiscan -o 

non-existent path". 

 

CR00052460: Agent deployment fails on client but status on core says it succeeds. This 

happens only when deploying the agent from the core where one or more of the involved files 

systems that are used in the agent install are full (such as /, /tmp, /opt). 



CR00052593: Cannot upgrade from a 32-bit Linux agent to the 64-bit MAP agent on Red Hat 

Enterprise Server 5 x86_64. The workaround is to include a copy of the linuxunistall.sh from 

the tar ball which exists on the core c:\Program 

Files\LANDesk\Managementsuite\linuxunistall.tar.gz to the client and remove the 32-bit agent. 

CR00052598 Cannot remove vulscan by deploying a new agent config over itself. You must 

remove the agent manually then re-deploy. 

Legal notices 

Copyright © 2010, LANDesk Software, Inc. and its affiliates. All rights reserved. LANDesk and its logos 

are registered trademarks or trademarks of LANDesk Software, Inc. and its affiliates in the United 

States and/or other countries. Other brands and names may be claimed as the property of others. 

LANDesk does not warrant that this document is error free and retains the right to make changes to 

this document or related product specifications and descriptions at any time without notice. LANDesk 

does not assume any obligation to update the information contained herein. This document is provided 

“AS IS” and without any guaranty, warranty, or license, express or implied, including but not limited 

to: fitness for a particular purpose, merchantability, non infringement of intellectual property, or other 

rights of any third party. Any LANDesk products referenced in this document are not intended for use 

in medical, life saving, or life sustaining applications. Third parties may have intellectual property 

rights relevant to this document and the technologies discussed herein.

Linux/UNIX MAP agent 9.0 SP2 - Community - LANDesk

Create successful ePaper yourself

Delete template?

Save as template?