Different file system scans supported in StealthAUDIT and RSA Identity Governance & Lifecycle
Originally Published: 2017-11-27
Article Number
Applies To
RSA Version/Condition: 7.x
StealthAUDIT Version: 7.1, 8.0
Issue
- What are the different scans of file system possible on Windows and Unix file systems using StealthAudit 7.x?
- Is it possible to collect the local user accounts in Unix system by using the file system scanning from StealthAUDIT 7.x and 8.0?
Resolution
1. What are the different scans of file system possible on Windows and Unix file systems using StealthAUDIT 7.x and 8.0?
StealthAUDIT for File System is compatible with scanning the following Unix operating systems as targets for Access Auditing (FSAA) only:- AIX® 4+
- Solaris™ 8+
- Red Hat® Enterprise Linux® 4+
- Red Hat® Linux® 5.2+
- HP-UX® 11+
- CentOS® 5+
- SUSE® 10+
2. Is it possible to collect the local user accounts from a Unix or Windows system by using the StealthAUDIT 7.x and 8.0 File System Scanning?
Unix File System Permissions
You can also collect information on local Unix users and groups as it pertains to Unix file system permissions. But please note that you will not be able to report on anything about those groups other than what pertains to the file system permissions.
Windows File System Permissions
File system scans gather all shares on each server scanned, including the local path of the directory that is being shared. The local path is required to gather information about inherited permissions and nested shares. It then gathers the security descriptor for the share to understand who has access.
In order to get this information, the file system scans use the following functions and flags, which require membership in local Administrators, Power Users, Print Operators, or Server Operators groups:
In order to get this information, the file system scans use the following functions and flags, which require membership in local Administrators, Power Users, Print Operators, or Server Operators groups:
- NetShareEnum – See the Microsoft NetShareEnum function article for additional information
- Level 2 – In order to gather the local path of the share, the function needs to be executed at level 2
- NetShareGetInfo – See the Microsoft NetShareGetInfo function article for additional information
- Level 2 – In order to gather the permissions of the share, the function needs to be executed at level 2
If the credential used to execute the file system scans is not a member of any of the above local groups (Administrators, Power Users, Print Operators, or Server Operators) on the target Windows host, StealthAUDIT will be unable to gather any information about shares on the target server. The only information StealthAUDIT can gather as an unprivileged user is information about local users and groups, which is generally accessible to any authenticated user.
Related Articles
How to check local file system disk space usage for RSA Identity Governance & Lifecycle Number of Views Artifacts to gather in RSA Identity Governance & Lifecycle Number of Views Replacing the server certificate used for the RSA Identity Governance & Lifecycle appliance web administration interface Number of Views How to download and install the AFX Server Archive in RSA Identity Governance & Lifecycle Number of Views How to recover the AveksaAdmin account password in RSA Identity Governance & Lifecycle 7.0.2 P02 and above Number of Views
Trending Articles
Passwordless Authentication in Windows MFA Agent for Active Directory – Quick Setup Guide RSA Authentication Manager Upgrade Process RSA Authentication Manager 8.9 Release Notes (January 2026) An example of SSO using SAML and ADFS with RSA Identity Management and Governance 6.9.x RSA MFA Agent 2.3.6 for Microsoft Windows Installation and Administration Guide
Don't see what you're looking for?
