• Loading...
This documentation refers to a previously released version of BMC Atrium Discovery (other versions).

Limitations and Restrictions of this Version

Skip to end of metadata
Go to start of metadata
Space Search

Searching TWF 7.2

Table of Contents

Operational Warning

Under no circumstances should you add, remove, or amend any of the Database files or Database Log files in the following directories, without explicit clearance from the Engineering Department.
The following are examples of database file names:

  • pa55bc128f62ce9c427a1d742_nHost_hidx
  • pa55bc128f62ce9c427a1d742_nHost_hist
  • __db.001
  • DB_CONFIG
  • main

The following are examples of database log file names:

  • log.000002301
  • log.000002302

The location of the database and the database log files may be obtained by reading the /usr/tideway/etc/link.conf file. Under no circumstances should you modify this file once a system has been commissioned.

Warning
Failure to comply with the above instructions will result in database corruption, and in some cases unrecoverable database corruption.

UTF-8 Data (C12329)

Tideway Foundation stores and handles all character data as UTF-8, but does not support direct discovery of data outside the basic ASCII character set. If such data is discovered, Tideway Foundation is unable to map it to UTF-8 and invalid characters are introduced into the discovery data.

Scanning a Real Host Previously Scanned Using Pool Data (6079)

When you upload scanner files to the appliance and run it in playback mode, .no-expiry files are created for each IP address. This means that this pool data will not be deleted at the next scan; subsequent discovery runs will operate by playing back this pool data, that is, not scanning the real IP address, irrespective of whether the appliance is operating in Record or Playback mode.
If you subsequently attempt to scan the real IP address, the pool data will not be updated if the .no-expiry file is present. This may not be obvious.
If you are scanning an IP address and it is not being updated, you should check the pool data for existence of a .no-expiry file and delete it. The pool data structure is:

/var/pool/xx/xx/xx/xx/.no-expiry
/var/pool/xx/xx/xx/xx/<data>

where /xx/xx/xx/xx is the IP address of the host.

Reinitializing the Model (tw_init and tw_model_init)

When reinitializing the model, you must stop all tideway services before running the initialization command, tw_init or tw_model_init. Restart them after you have run the command.
Since Tideway Foundation version 7.1 a TKU that has been installed on the appliance is now activated when the model is initialized (tw_model_init).

WMI Class not Installed by Default on Windows 2003 Server and Later

Discovery performs queries on the Win32_Product class. This is installed by default on Windows versions before Windows 2003 Server as part of the WMI Windows Installer Provider. For Windows 2003 Server and later, this is an optional component.

To install this provider on Windows 2003 Server hosts that you intend to discover:
One. From the Start Menu, select Settings > Control Panel. The Control Panel is displayed.

  1. Double click the Add or Remove Programs icon.
  2. Click the Add/Remove Windows Components button.
  3. Select the Management and Monitoring Tools check box and click Details.
  4. Select the WMI Windows Installer Provider check box, and click OK.

The WMI Windows Installer Provider is installed.

Changes to User Group Memberships

If the privileges of a Tideway Foundation user are extended by changing the user's group memberships, then these changes may not take effect for up to 5 minutes. However if privileges are withdrawn from the user these changes take immediate effect.

Discovery using slaves configured to use local commands only, cannot create host nodes

Local commands cannot run the getInterfaceList method, and hosts cannot be created without interfaces.

ECAError nodes show tracebacks of the error that occurred

This could cause concern during ethical hacking tests but is not actually a problem because the code shown is from patterns, which are already visible to the user, not internal to the product.

Third-Party Applications Depending on Tideway Security Must be Run After the Security Service Has Started

If third-party applications that depend on the Tideway Security Service are run before it has completed initialization, they will fail as you cannot validate permissions and users from the Security Service.
Ensure that the Tideway Security service has completed initialising before running third-party applications.

NDD Discovery Interface Support

NDD discovery does not support trp interfaces.

Record Data Should Not be Processed with Tools that Change Line Endings

Tideway Foundation stores record data in UNIX and DOS formats. UNIX format files have LF line endings, and DOS format file have CR LF line endings. If you process the record data with a tool that changes line endings, you will see exceptions in the Discovery logs.

WMI May Report Incorrect Memory

WMI may report the physical memory available on Windows hosts incorrectly.

Uptime Restrictions

The following access methods are available for Windows systems:

  • wmi - WMI commands.
  • local - commands executed on the slave to determine characteristics of the target remote host.
  • rcmd - commands executed on the target remote host using rcmd.
  • pstools - commands executed on the target remote host using psexec.

Discovery using local and rcmd methods does not retrieve uptime on any Windows systems. The only Discovery methods that can retrieve uptime information are wmi queries and pstools.
For all Windows systems where WMI is installed, WMI queries should successfully retrieve uptime information. Where WMI queries fail, commands executed on the target (pstools) may retrieve uptime information, pstools will not be run if either local or rcmd methods have successfully run.

Home Directory of Discovery User on Target Machine Must not be Read-Only

The home directory of the user that is used for discovery on target hosts must not be read-only. If it is read-only, scripts (such as which on Solaris 9 and 10 hosts) that write to the home directory will fail.

Solaris 10 Truncates Process Information for Non-Privileged Users

In Solaris 10 /usr/ucb/ps will now only output the first 79 characters of commands unless it is run as root. The reason for this change is to prevent the inadvertent leak of private process data. Where process information is truncated, Discovery will be incomplete for that host.
you must add the proc_owner right for the tideway user. To do this and retain all of the default privileges, as root, enter:

usermod -K defaultpriv=file_link_any,proc_info,proc_session,proc_fork,
proc_exec,proc_owner tideway

No spaces are permitted in the defaultpriv argument.

Solaris 8 and 9

Patches are being rolled out to replicate this behavior on Solaris 8 and 9.
To workaround this, you should deploy sudoers privileges for /usr/ucb/ps.

Process Information Truncated in AIX

On AIX the ps command limits output to the horizontal screen size. This can be overridden using the COLUMNS environment variable, though the maximum permissible value for this is 2047.
Piping the output of the ps command through cat removes the columns restriction on AIX hosts with a May 2007 Service Pack.

IP Address Change Requires Appliance Restart

Where the IP address of the appliance is changed, for example, by DHCP or a manual change, the appliance must be restarted.

"<attrib> = None" Construct in WHERE Clause not Supported

The Search Service uses a number of Python constructs. However, the "= None" construct should not be used to recognize undefined values. For example, the following query does not work and returns nothing:

SEARCH SoftwareInstance
   WHERE version = None

You should state explicitly that you are looking for an undefined attribute. For example:

SEARCH SoftwareInstance
   WHERE name HAS SUBWORD "Web"
   AND NOT version IS DEFINED
and
SEARCH SoftwareInstance
   WHERE NOT version IS DEFINED

Processor Type Only Correctly Reported by Non-Srvinfo Access Methods

Processor type is correctly reported when using WMI and non-srvinfo Discovery methods. However if you discover the same host with srvinfo then it is reported incorrectly.
Ensure that the WMI or non-srvinfo access method is enabled.

Disabling "Ping hosts" setting slows Discovery

If you disable the "Ping hosts before scanning" setting in the Discovery Configuration page, Discovery will try a number of methods before determining that there is no device at that IP address. If pinging is enabled, Discovery determines that there is no device immediately.

AIX User Password Must be Changed by User After Creation by Root

On AIX, when a user password is changed by the root user, that password must be changed by the user at the next log in. If the password is not changed and Discovery is attempted using that username and password, it fails when prompted to change the password.
To prevent this from happening, if you are the root user and add a new user, log in as that user and change the password.

Attribute Errors in getProcess List

When calling getProcessList, attribute errors may be seen which cause the slave to traceback.
The following message is logged: AttributeError: 'NoneType' object has no attribute 'Win32_Process'.

SNMP Credential does not Validate IP Address Key

When adding or editing a login or SNMP credential, the IP Address key does not validate the format. You are permitted to enter special characters, alphanumeric, and invalid IP address formats (172.17.1.3.3.4). Only enter valid IP addresses.

Manual cron Changes are Overwritten

If a cron job is manually edited this will not be noticed, and any change will be silently thrown away. This could be an issue where a manual change is made by someone not realising there is a cron management process.
The script should be scheduled using the cron feature (in $TIDEWAY/etc/cron/) as the tideway user.

Do not run service tideway status as root

Running the service tideway status command as root will cause the ownership of the database log files to change to root. Eventually this will cause the system to fail to start.
Always run sudo service tideway status as the tideway user, never as root. That is, sudo /sbin/service tideway status.

Search facility searches hidden attributes

The search facility searches hidden attributes and system fields, even though the users cannot normally see this information.
This was observed when searching for a subnet to add relationship to from a host. The search string 127 was entered and the following two subnets were returned:

  • 192.168.115.0/24
  • 172.16.203.0/24

The search string does not appear in the subnets, but may have been found in hidden attributes associated with the subnets. This behavior can be confusing.

Remcom discovery triggers suspicious activity warnings on some virus detection software

Remcom discovery triggers suspicious activity warnings on some virus detection software. Sophos reports "Suspicious behaviour pattern HIPS/RegMod-013". See the Sophos website for more information.
Labels:
None
Enter labels to add to this page:
Please wait 
Looking for a label? Just start typing.