SCC

System Configuration Collector (SCC) is written in Perl and collects configuration data of systems in snapshots. The latest version http://www.qnh.eu/scc/files/scc-1.17.23-1.noarch.rpm.

The structure of the snapshot allows SCC to compare a snapshot with the previous one and to detect changes in the configuration. Upon detecting changes, SCC adds the differences to a logbook. The snapshot and the logbook are converted to HTML for local inspection. Optionally, the SCC-files can be send to a system running the SCC server software. On the server, summaries of the SCC-data are generated and search/compare operations on the snapshots and logbooks are available via a web-interface.

The logbook is a starting point in case a system "suddenly" does not work correctly and the administrator is wondering what he/she has changed in the last weeks or months. As most of us know by experience, configuration changes can have accidental side-effects on (other) systems. By examining the entries in the logbooks and considering the consequences, the cause of an actual problem might be found more easily than by just trying to remember the changes that were performed.

The snapshots can be used to compare the configuration of two systems. Imagine systems, that are supposed to be identical, but behave differently. Comparing parts of the snapshots of the two systems can indicate the cause of the difference in behavior. All collected snapshots of a site can be analyzed when conducting a due diligence investigation.

The client and server software of SCC is available in the native system install-formats for HP-UX, Solaris, Linux (rpm), FreeBSD, NetBSD, OpenBSD and in source tar-balls. The client part of SCC is also available for Windows systems. SCC (client and server) is free software under the terms of the GNU General Public License.

Refer to LinuxSecurity.com for a feature story covering SCC.

The user-interface of the SCC server consists of a CGI-script. As we cannot run this script on our website, we captured some HTML-output to be used as an example. Furthermore, several snapshots and logbooks can be inspected. The examples are presented here.

Client

The technology used by the clients to collect configuration data, differs between Unix/Linux/*BSD and Windows. On Unix/Linux/*BSD-systems configuration-files and the output of system-commands are incorporated in the snapshots. On Windows systems data is retrieved throught the Windows Management Interface. The scriptomatic tool from Microsoft is used to generate perl code that is used to collect data.

Several GNU tools and ActivePerl are used to process the collected data. Running it as domain administrator makes it possible to collect data from other systems in your domain. The client for Unix/Linux/*BSD system is quite mature. The Windows client does not yet collect as much data. Therefore it is likely that certain changes on your Windows-systems are missing in the logbook. The remainder of the functionality of the SCC client on Windows and Unix/Linux/*BSD is similar.

Basically, the SCC client extends each line of collected data with a hierarchical classification based on the nature of the data and with an indicator that states whether that data is supposed to be static or dynamic. Consecutive collections of configuration data (snapshots) are compared and the resulting differences in static data are added to the logbook. For example: the size of a file system is static data and the current usage is dynamic data. The usage a file system will not be reported in the logbook, but the extension of the file system will.

The reach of the clients can be extended by adding user-modules. The client software contains a prototype program (scc-plugin) that can be altered to capture any configuration data. Rename this program and activate it on a regular basis through the -e option of scc. The configuration data captured by this module becomes part of the regular snapshot. Changes in this configuration data are recorded in the logbook of the system. Refer to scc-plugin, scc-plugin (Windows), and scc-collect for more details.

On several occasions the system programs called by the collection program scc-collect produce unexpected output. This output is captured under the classification "fix:messages::". After installing the SCC client, check your snapshot and search for messages. Up to now, most of these messages indicate either a hard- or configuration error on the system. During the collection process, many programs are called. The absence of messages can be interpreted as an indication of the health of the system.

Program scc-collect and its modules use sensible defaults to avoid that many systems require a configuration file. When the defaults are insufficient, copy /etc/opt/scc/newconfig/scc-localize to /etc/opt/scc/conf/scc-localize and uncomment the required variables. Be sure to preserve the execution permission of the file.

Feel free to contact us when you want to contribute your extensions. We will distribute them on this website.

For more information, refer to the manual pages of the Unix/Linux/*BSD client and Windows client.

Server

On the server, summaries of the SCC-data are generated and search/compare operations are available via a web-interface. The complete functionality of the server part of SCC consists of:

• receive files sent by scc from client systems
• transfer of these files to the directory used by the web server
• summarize data in the received files
• allow search and compare functionality through a web server

The SCC data can be sent from clients to the server by email, scp, rcp or cp (local/NFS). The manual page of scc-srv describes the setup of the server to enable this functionality.

The snapshots contain much sensitive data. Use .htaccess files to restrict access to the snapshots. Refer to scc-realm for a description of the proper setup of permissions.

For more information, refer to the manual pages of the Unix/Linux/*BSD server.

Security

Several of the configuration files and programs that are used to collect a snapshot by the SCC client, can only be accessed by root. Therefore the SCC client has to run as root. To be safe, the software uses separate directory trees that are created with specific permissions and ownership to avoid tampering. Programs, manuals and documentation reside under /opt/scc and datafiles under /var/opt/scc. Both directory trees are owned by root:sys and have no permissions for group and other. Refer to the instructions in the relocate script in the source tarball to install the software in other directories.

Each program of SCC starts with the following code:

• set the PATH variable to a specific list of directories
• umask 077 avoid group and other permissions for new and temporary files
• cd /var/opt/scc/tmp a safe place for temporary files that might be created when the software runs
• set TEMPDIR and TMP to /var/opt/scc/tmp a safe place for temporary files
• set SHELL to the shell to be used (either ksh or POSIX-shell)

The resulting snapshots and log files should be transferred to another system to be available after a fatal crash of the system on which the software runs. The software does not provide any mechanism to achieve this. Use whatever software you are already using: scp, gpg, ftp, encrypted email or rcp.

SCC server consists of three different parts. The first is (optionally) used to receive SCC data through email. It is a minimal program run through an alias and by the user running the mail-server. The second part is used to transfer SCC data from the transfer-area to the web server and generate summaries. This part has to set the ownerships of files to the user running the web server and the groups owning the realms. Therefore this part of the software is run by root. It should be activated on a regular basis by cron. The last part of the software is the CGI-script running under the user of the web server.

Refer to scc-srv(5) and scc-realm(1) for detailed descriptions of restricting access to SCC data.

The server receives SCC-data from clients by email, scp, ftp or rcp. A Denial Of Service is possible by frequently sending large snapshots of fake hosts to the SCC server. Furthermore, anyone can (re)send SCC-data from any system to the SCC server. Therefore, the SCC server should only be deployed in a trusted network.

To promote SCC, we can use testimonials! Can you state what you think of SCC and in what way it helps you in your work and on how many systems you deploy SCC. A list of references of SCC can be found here.

Several people and companies contributed to SCC. Usage of these contributions to SCC is on your own risk. They give no warranty and are not responsible for problems caused by the modifications/extentions. Please test new releases of scc and scc-srv before deploying the software on your production systems.

As the download of scc-win contains software from putty, we copy the following warning:
"LEGAL WARNING: Use of PuTTY, PSCP, PSFTP and Plink is illegal in countries where encryption is outlawed. If in doubt, you should seek legal advice before downloading it. You may find this site useful (it's a survey of cryptography laws in many countries), but I can't vouch for its correctness."

MD5 sums of the downloads are available here. All packages/depots/rpms use the same code base. The following releases and downloads are available:

Note that the pre-packaged software of scc and scc-srv install in directories under /opt/scc and /opt/scc-srv, use data directory /var/opt/scc and /var/opt/scc-srv and scc uses config directory /etc/opt/scc. To change the install, data and config directories, unpack the source tarball, edit and use the relocate script. Do not mix default and relocated installs on the same system, as you end up with more than one install.

Note that the upgrade of scc-srv on a server with many snapshots and realms can take quite some time as all summaries of all realms are updated by the new version of the software.

Note that SCC crashes on systems with multibyte locales and gawk 3.1.5. Pablo Costa reported this for SuSe 10.1. To avoid this, set LC_ALL="C" before running SCC.

SD-UX depots on HP-UX

The software has been tested on HP-UX 10.20, 11.00 and 11.11. Install release 1.7.38 of scc and release 1.5.14 of scc-srv with the following commands:

	swinstall -s $(pwd)/scc-1.7.38.hpux.depot scc
	swinstall -s $(pwd)/scc-srv-1.5.14.hpux.depot scc-srv

To register both depots, use the commands:

	swreg -l depot $(pwd)/scc-1.7.38.hpux.depot
	swreg -l depot $(pwd)/scc-srv-1.5.14.hpux.depot

To copy both products to an existing depot, use the commands:

	swcopy -s $(pwd)/scc-1.7.38.hpux.depot scc @ /your/depot
	swcopy -s $(pwd)/scc-srv-1.5.14.hpux.depot scc-srv @ /your/depot

Packages on Solaris

Both scc and scc-srv require the XPG4 software (SUNWxcu4) on the system to work correctly. The packages can be installed on sparc and intel architectures. The software has been tested on Solaris 6, 8, 9 and 10. Install release 1.7.38 of scc and release 1.5.14 of scc-srv with the following commands:

	pkgadd -d ./scc-1.7.38.sunos.pkg -a none scc
	pkgadd -d ./scc-srv-1.5.14.sunos.pkg -a none scc-srv

During the installation, you will be asked whether the installation-scripts should run. Use the following admin-file and the -n option for pkgadd to fully automate the installation process.

	basedir=default
	mail=
	runlevel=nocheck
	conflict=nocheck
	setuid=quit
	action=nocheck
	partial=nocheck
	instance=overwrite
	idepend=nocheck
	rdepend=nocheck
	space=nocheck

Note that installs in a zone will fail for release prior to S10_73. Use pkgtrans to transfer the contents of the pkg-file to a directory structure and then install from the directory.

Packages on Debian

The software has been tested on Debian 3.1. Install release 1.7-38 of scc and release 1.5-14 of scc-srv with the following commands:

	dpkg -i ./scc_1.7-38_all.deb
	dpkg -i ./scc-srv_1.5-14_all.deb

RPM

The software has been tested on RedHat, SuSe, Debian, Slackware and Mandrake SNF and MNF. Install release 1.7-38 of scc and release 1.5-14 of scc-srv with the following commands:

	rpm -U ./scc-1.7-38.noarch.rpm
	rpm -U ./scc-srv-1.5-14.noarch.rpm

When rpm complains that the package "is for a different operating system", you have to add the --ignoreos option to the commandline.

Note that scc is run during the postinstall phase. In that phase, rpm cannot produce any data. This means that the snapshot does not contain any rom data after a fresh install. This data is collected during the next (manual or scheduled) run of scc.

Packages on Slackware

Note: the package software of Slackware does not provide a preinstall script. Therefore you have to run scc manually before installing a new release. Otherwise the changes, made after the last run of scc and before the install of the new release, are not recorded in the logbook.

The software has been tested on Slackware 10.2. Install release 1.7.38 of scc and release 1.5.14 of scc-srv with the following commands:

	installpkg scc-1.7.38-noarch-1.tgz
	installpkg scc-srv-1.5.14-noarch-1.tgz

To upgrade existing installations of scc and scc-srv, use the following commands:

	/opt/scc/bin/scc		# catch last changes 
	upgradepkg scc-1.7.38-noarch-1.tgz
	upgradepkg scc-srv-1.5.14-noarch-1.tgz

After removing scc or scc-srv, the data directories remain on the system and have to be removed manually.

Packages on FreeBSD

The software has been tested on FreeBSD 5.3. Install release 1.7.38 of scc and release 1.5.14 of scc-srv with the following commands:

	pkg_add ./scc-1.7.38.FreeBSD.tgz
	pkg_add ./scc-srv-1.5.14.FreeBSD.tgz

Remove the previously installed version of the software when upgrading. To upgrade scc from 1.5.37 to 1.7.38, use the following command:

	pkg_delete scc-1.5.37
	pkg_add ./scc-1.7.38.FreeBSD.tgz

Note that scc is run during the postinstall phase. In that phase, pkg_info cannot produce any data. This means that the snapshot does not contain any pkg_info data after a fresh install. This data is collected during the next (manual or scheduled) run of scc.

Packages on NetBSD

The software has been tested on NetBSD3.1. Install release 1.7.38 of scc and release 1.5.14 of scc-srv with the following commands:

	pkg_add ./scc-1.7.38.NetBSD.tgz
	pkg_add ./scc-srv-1.5.14.NetBSD.tgz

Use the -u option to upgrade an already installed version of the software. When you remove the scc-client, it runs one more time to collect data. This has to be done as the removal is also part of a regular upgrade. After the deinstall, the installation directory is removed. The data and config directories are still present.

Note that scc is run during the postinstall phase. In that phase, pkg_info cannot produce any data. This means that the snapshot does not contain any pkg_info data after a fresh install. This data is collected during the next (manual or scheduled) run of scc.

Do not leave any additional files in the /opt/scc and /opt/scc-srv hierarchies during an upgrade or pkg_add will complain that it could not remove the directory.

The software has been build for NetBSD 3.1. Installing it on other versions of NetBSD will succeed, but pkg_add will complain about the different OS version. To avoid this, you can download the source and generate the NetBSD packages with the scripts: netbsd-gen-scc and netbsd-gen-scc-srv.

Packages on OpenBSD

Install release 1.7.38 of scc and release 1.5.14 of scc-srv with the following commands:

	pkg_add -B / ./scc-1.7.38-OpenBSD.tgz
	pkg_add -B / ./scc-srv-1.5.14-OpenBSD.tgz

Remove the previously installed version of the software when upgrading. To upgrade scc from 1.5.37 to 1.7.38, use the following command:

	pkg_delete -B / scc-1.5.37-OpenBSD
	pkg_add -B / ./scc-1.7.38.OpenBSD.tgz

Note that scc is run during the postinstall phase. In that phase, pkg_info cannot produce any data. This means that the snapshot does not contain any pkg_info data after a fresh install. This data is collected during the next (manual or scheduled) run of scc.

PET packages on PuppyLinux

Install release 1.7.38 of scc and release 1.5.14 of scc-srv with the following commands:

	petget $(pwd)/scc-1.7.38.pet
	petget $(pwd)/scc-srv-1.5.14.pet

Note that this installation method does not provide a pre-install. This means that you have to run scc manually before upgrading to catch the changes up to the moment of the upgrade.

Source

Use this method of installation when the native install format for your OS is not available. The software has been tested on TRU64V5.1 and AIX 5.3. To install scc from source, use the following commands:

	tar xf scc-1.7.38.src.tar
	cd scc-1.7.38
	./scc-install

To install scc-srv from source, use the following commands:

	tar xf scc-srv-1.5.14.src.tar
	cd scc-srv-1.5.14
	./scc-srv-install

The tarball contains scripts to generate all depots, rpms and packages after modifying the source-files. Refer to the relocate script when you want to install the software in non-default directories. Be sure to edit this script before using it.

Windows executable

The download is a selfextracting executable that was built by Ghost Installer from Ethalone.

The server-part of scc is not available for Windows, only the client-part. The client software has been tested on W2K, W2K3 and WXP. Note that you need additional software on your Windows systems. The software requires perl. We tested the software with ActivePerl from Active State.

Note: the executable does not provide a preinstall. Therefore you have to run scc manually before installing a new release. Otherwise the changes, made after the last run of scc and before the install of the new release, are not recorded in the logbook(s). At the end of the installation, scc can be run. It only collects data from the system it is installed on, not from other systems.

Note that after installing the client-software, the scheduling of scc has to be configured. You need to run scc with sufficient priviliges. Running the software as domain administrator, even enables you to install the software on a single system and retrieve data from all other sytems in your domain. Refer to the documentation of scc-collect for an overview of all options you can use to indicate what systems to collect data from.

Windows source

Unpack the archive to retrieve the build environment of the Windows client of SCC. You can adjust the source for example to adjust the location of the install. Use Ghost Installer from Ethalone to build the executable.

MD5 sums

Here are the MD5 sums of all the downloads:

     scc_1.7-38_all.deb                  b6b4576bea4c33d31b9d13d8e981541d
     scc-1.7.38.FreeBSD.tgz              ae6e5e545417f064eae27d7aaf42a09a
     scc-1.7.38.hpux.depot               9d50eb93f23bbc23796508874b181939
     scc-1.7.38.NetBSD.tgz               e427ec56912f1fc9e2338e59df80a930
     scc-1.7.38-noarch-1.tgz             3d50a6d7c8a78189fa098b26991c5d07
     scc-1.7-38.noarch.rpm               0e9475d93107be5dbcabab22a1f8687f
     scc-1.7.38-OpenBSD.tgz              66ded41203f125544948965abb1a6632
     scc-1.7.38.pet                      8fa4ab79e0319985cf34d1c814ffb9b9
     scc-1.7.38.src.tar                  5d51da89962b31280839a32e053455f8
     scc-1.7.38.sunos.pkg                a5716341e9acf6f3a2abe0a98e58289b
     scc-srv_1.5-14_all.deb              81a7d3a2dcb951b94280246dc140bfc9
     scc-srv-1.5.14.FreeBSD.tgz          9b1dafa35e19e943f92087bb2b8ba8ba
     scc-srv-1.5.14.hpux.depot           fe2dd2a98acb917c492f9a987b61895e
     scc-srv-1.5.14.NetBSD.tgz           d5605554e6f0e6e8b3003e3391aed745
     scc-srv-1.5.14-noarch-1.tgz         c4bf8e34e8023d160e471a8d507222cb
     scc-srv-1.5-14.noarch.rpm           3f60b072e6381f3248aaa3e2bdf2fcd7
     scc-srv-1.5.14-OpenBSD.tgz          adb8f4515936ee854468bc2a8bf75e0b
     scc-srv-1.5.14.pet                  66ae63e7ff687b03b9138deaeddc5920
     scc-srv-1.5.14.src.tar              dbaebc9f2d86663a3386b9141b3f05fe
     scc-srv-1.5.14.sunos.pkg            dbc58af84df8d2f6c38d280fe63a7274
     scc-win-1.0.11.exe                  7db5e97120e66491bc824b9737f5840d
     scc-win-1.0.11.src.tar.gz           e35317bec80cfdf9665a7e8e1b3b1e2b

Etc

Society

Groupthink : Two Party System as Polyarchy : Corruption of Regulators : Bureaucracies : Understanding Micromanagers and Control Freaks : Toxic Managers :   Harvard Mafia : Diplomatic Communication : Surviving a Bad Performance Review : Insufficient Retirement Funds as Immanent Problem of Neoliberal Regime : PseudoScience : Who Rules America : Neoliberalism  : The Iron Law of Oligarchy : Libertarian Philosophy

Quotes

War and Peace : Skeptical Finance : John Kenneth Galbraith :Talleyrand : Oscar Wilde : Otto Von Bismarck : Keynes : George Carlin : Skeptics : Propaganda  : SE quotes : Language Design and Programming Quotes : Random IT-related quotes :  Somerset Maugham : Marcus Aurelius : Kurt Vonnegut : Eric Hoffer : Winston Churchill : Napoleon Bonaparte : Ambrose Bierce :  Bernard Shaw : Mark Twain Quotes

Bulletin:

Vol 25, No.12 (December, 2013) Rational Fools vs. Efficient Crooks The efficient markets hypothesis : Political Skeptic Bulletin, 2013 : Unemployment Bulletin, 2010 :  Vol 23, No.10 (October, 2011) An observation about corporate security departments : Slightly Skeptical Euromaydan Chronicles, June 2014 : Greenspan legacy bulletin, 2008 : Vol 25, No.10 (October, 2013) Cryptolocker Trojan (Win32/Crilock.A) : Vol 25, No.08 (August, 2013) Cloud providers as intelligence collection hubs : Financial Humor Bulletin, 2010 : Inequality Bulletin, 2009 : Financial Humor Bulletin, 2008 : Copyleft Problems Bulletin, 2004 : Financial Humor Bulletin, 2011 : Energy Bulletin, 2010 : Malware Protection Bulletin, 2010 : Vol 26, No.1 (January, 2013) Object-Oriented Cult : Political Skeptic Bulletin, 2011 : Vol 23, No.11 (November, 2011) Softpanorama classification of sysadmin horror stories : Vol 25, No.05 (May, 2013) Corporate bullshit as a communication method  : Vol 25, No.06 (June, 2013) A Note on the Relationship of Brooks Law and Conway Law

History:

Fifty glorious years (1950-2000): the triumph of the US computer engineering : Donald Knuth : TAoCP and its Influence of Computer Science : Richard Stallman : Linus Torvalds  : Larry Wall  : John K. Ousterhout : CTSS : Multix OS Unix History : Unix shell history : VI editor : History of pipes concept : Solaris : MS DOS :  Programming Languages History : PL/1 : Simula 67 : C : History of GCC development :  Scripting Languages : Perl history   : OS History : Mail : DNS : SSH : CPU Instruction Sets : SPARC systems 1987-2006 : Norton Commander : Norton Utilities : Norton Ghost : Frontpage history : Malware Defense History : GNU Screen : OSS early history

Classic books:

The Peter Principle : Parkinson Law : 1984 : The Mythical Man-Month :  How to Solve It by George Polya : The Art of Computer Programming : The Elements of Programming Style : The Unix Hater’s Handbook : The Jargon file : The True Believer : Programming Pearls : The Good Soldier Svejk : The Power Elite

Most popular humor pages:

Manifest of the Softpanorama IT Slacker Society : Ten Commandments of the IT Slackers Society : Computer Humor Collection : BSD Logo Story : The Cuckoo's Egg : IT Slang : C++ Humor : ARE YOU A BBS ADDICT? : The Perl Purity Test : Object oriented programmers of all nations : Financial Humor : Financial Humor Bulletin, 2008 : Financial Humor Bulletin, 2010 : The Most Comprehensive Collection of Editor-related Humor : Programming Language Humor : Goldman Sachs related humor : Greenspan humor : C Humor : Scripting Humor : Real Programmers Humor : Web Humor : GPL-related Humor : OFM Humor : Politically Incorrect Humor : IDS Humor : "Linux Sucks" Humor : Russian Musical Humor : Best Russian Programmer Humor : Microsoft plans to buy Catholic Church : Richard Stallman Related Humor : Admin Humor : Perl-related Humor : Linus Torvalds Related humor : PseudoScience Related Humor : Networking Humor : Shell Humor : Financial Humor Bulletin, 2011 : Financial Humor Bulletin, 2012 : Financial Humor Bulletin, 2013 : Java Humor : Software Engineering Humor : Sun Solaris Related Humor : Education Humor : IBM Humor : Assembler-related Humor : VIM Humor : Computer Viruses Humor : Bright tomorrow is rescheduled to a day after tomorrow : Classic Computer Humor

The Last but not Least Technology is dominated by two types of people: those who understand what they do not manage and those who manage what they do not understand ~Archibald Putt. Ph.D

The statements, views and opinions presented on this web page are those of the author (or referenced source) and are not endorsed by, nor do they necessarily reflect, the opinions of the Softpanorama society. We do not warrant the correctness of the information provided or its fitness for any purpose. The site uses AdSense so you need to be aware of Google privacy policy. You you do not want to be tracked by Google please disable Javascript for this site. This site is perfectly usable without Javascript.

Last modified: March 12, 2019