An internal security scan returns any services or processes not installed as a native Linux package managed by the Operating System as vulnerabilities.
It triggered on the Data Collector (DC), Data Aggregator (DA), Performance Center (PC) web UI server, Consul Proxy Host server, and the Fault Tolerant (FT) Data Aggregator Consul Proxy services.
It was triggered as none of the services used by the application have a related RPM installed for them.
The scan calls out:
"Some daemon processes on the remote host are associated with programs that have been installed manually. System administration best practice dictates that an operating system's native package management tools be used to manage software installation, updates, and removal whenever possible."
InstallAnywhere is used to install each component of NetOps.
All supported Performance Management releases
These processes/services are installed and managed by the Performance Management Data Collector application and related tools.
InstallAnywhere is used to install each component of NetOps. It lays down the application files and creates systemd service files to manage the start/stop of the application services.
We do not use RPM for installing the product or registering services.
We do use a Vertica RPM to install Vertica files. We also call an install_vertica script to complete installation of Vertica which registers verticad with the system.
Any changes to this would require an Enhancement Request.