Merge pull request #407 from ritza-co/19.04.05

Docs 19.04.05 release (Week 3, 2025)
device42 · Feb 3, 2025 · 1bd99bf · 1bd99bf
2 parents 372e03c + 8c6bcc3
commit 1bd99bf
Show file tree

Hide file tree

Showing 65 changed files with 635 additions and 283 deletions.
diff --git a/docs/auto-discovery/agent-based-discovery.mdx b/docs/auto-discovery/agent-based-discovery.mdx
@@ -180,6 +180,114 @@ The agent can be run from the command line or can be scheduled using the relevan
 
 For best results, we recommend running the command with `sudo`. Make sure that `/home/system\_dev42/bin/d42agent` is owned by `root` with `\-rwx—— (0700)` permissions. This prevents the non-root user `system\_dev42` from overwriting the agent or adding it to `root`’s _crontab_ (or `cron.daily/hourly`) while allowing root to execute it.
 
+### Using a Limited Account
+
+The Linux agent runs as `root` by default. However, it is possible to configure the agent to run with a limited, non-root account. Here's how you can create one:
+
+1. **Create a limited account**:
+   - Create a new Linux account (for example, `d42_limited`) without root access.
+   - Disable login access to ensure the account cannot be used for remote shell access. Use the following command:
+
+     ```bash
+     sudo useradd -r -s /usr/sbin/nologin d42_limited
+     ```
+
+2. **Grant sudo permissions for required commands**:
+   - Assign the account permission to run the commands required by the discovery agent. Edit the `/etc/sudoers` file using `visudo`:
+
+     ```bash
+     sudo visudo
+     ```
+
+   - Add the following entry to grant `d42_limited` access to specific commands:
+
+     ```
+     d42_limited ALL=(ALL) NOPASSWD: /usr/sbin/arp, /bin/cat, /sbin/ifconfig, /usr/bin/curl, /usr/bin/wget, /bin/ls, /usr/sbin/dmidecode, /usr/bin/lsof, /usr/bin/ps, /usr/bin/python3, /bin/uname, /usr/bin/systemctl, /sbin/ip, /usr/bin/df, /usr/bin/free, /usr/bin/mount, /usr/sbin/iptables
+     ```
+
+     Read the [Commands Required by the Discovery Agent](#commands-required-by-the-discovery-agent) section to see the full list of commands required by the agent.
+
+3. **Configure the file ownership and permissions**:
+   - Make sure that the `d42agent` binary is still owned by `root` and has restricted permissions:
+
+     ```bash
+     sudo chown root:root /home/system_dev42/bin/d42agent
+     sudo chmod 0700 /home/system_dev42/bin/d42agent
+     ```
+
+4. **Run the agent with the limited account**:
+   - Use `sudo` to execute the agent with the limited account:
+
+     ```bash
+     sudo -u d42_limited /home/system_dev42/bin/d42agent
+     ```
+
+### Commands Required by the Discovery Agent
+
+The limited account must have access to the following commands to ensure proper functionality:
+
+```bash
+arp
+cat
+chkconfig
+crontab
+curl
+df
+dmesg
+dmidecode
+docker
+dpkg
+fdisk
+find
+format
+getconf
+grep
+hdparm
+hostname
+ifconfig
+ip
+iptables
+lsof
+lsblk
+lspci
+mount
+netstat
+ps
+python3
+rpm
+service
+systemctl
+uname
+wget
+```
+
+We need to ensure the limited account can execute all these commands through `sudo` without requiring a password.
+
+Here's a shell script that can be used to check whether the limited account has access to the commands:
+
+```bash 
+#!/bin/bash
+
+# List of commands required by the discovery agent
+commands=(
+    arp
+    cat
+    chkconfig
+    ...
+    # Add the rest of the commands from the list above
+)
+
+# Check if the limited account has access to all the required commands
+for command in "${commands[@]}"; do
+    sudo -u d42_limited command -v $command > /dev/null 2>&1
+    if [ $? -ne 0 ]; then
+        echo "Command $command not found or not executable by d42_limited"
+    fi
+done
+```
+
+You can run this script to verify that the limited account has access to all the required commands.
+
 ## Linux and Mac Note
 
 After downloading the agent, make it executable by running the command `chmod +x <agentname>` and use `sudo` for best results. Use the command `--sudo-password="password"` to pass in the password.

diff --git a/docs/how-to-videos/device42-object-query-language-doql.md b/docs/how-to-videos/device42-object-query-language-doql.md
@@ -9,7 +9,7 @@ sidebar_position: 13
 
 * * *
 
-**See The [Device42 DOQL DOCUMENTATION PAGE](docs/reports/device42-doql/index.md) for DOQL documentation.**
+**See The [Device42 DOQL DOCUMENTATION PAGE](docs/reports/device42-doql/index.mdx) for DOQL documentation.**
 
 * * *
 

diff --git a/docs/integration/external-integrations/freshservice-integration.mdx b/docs/integration/external-integrations/freshservice-integration.mdx
diff --git a/...ion/external-integrations/jira-integrations/device42-jira-cloud-integration.mdx b/...ion/external-integrations/jira-integrations/device42-jira-cloud-integration.mdx
@@ -166,7 +166,7 @@ The new issue is now attached to the CI.
 
 ### Customizing Which Assets Sync
 
-By default, syncs run daily at 2 AM and only sync "Devices". You can customize the data synced from Device42 by adding new Sync [DOQL queries](reports/device42-doql/index.md), customizing existing queries, or writing your own.
+By default, syncs run daily at 2 AM and only sync "Devices". You can customize the data synced from Device42 by adding new Sync [DOQL queries](reports/device42-doql/index.mdx), customizing existing queries, or writing your own.
 
 Edit the DOQL selection for sync by going to  **Tools > Integrations > External Integrations** and selecting the JSM external integration.
 

diff --git a/docs/reports/device42-doql/db-viewer-schema.md b/docs/reports/device42-doql/db-viewer-schema.md
diff --git a/docs/reports/device42-doql/db-viewer-schema.mdx b/docs/reports/device42-doql/db-viewer-schema.mdx
@@ -0,0 +1,90 @@
+---
+title: "Database Viewer Schema"
+sidebar_position: 2
+---
+
+import ThemedImage from '@theme/ThemedImage'
+import useBaseUrl from '@docusaurus/useBaseUrl'
+
+The database Viewer Schema tools are a resource for consulting on the structure of the Device42 database. 
+
+This page walks you through how to access and use the two database viewer tools, the Entity Relationship Diagram (ERD) and the Data Dictionary.
+
+## Locate the Viewer Tools
+
+The database viewer tools are found under the help menu. Hover your cursor over the **question mark icon** to reveal the **Viewer Schema** options: **Entity Relationship Diagram** and **Data Dictionary**.
+
+<ThemedImage
+  alt="Viewer Schema menu location"
+  sources={{
+    light: useBaseUrl('/assets/images/db-viewer-schema/menu-viewer-schema-light.png'),
+    dark: useBaseUrl('/assets/images/db-viewer-schema/menu-viewer-schema-dark.png'),
+  }}
+/>
+
+## Entity Relationship Diagram
+
+The ERD is a handy way to navigate the Device42 database schema, visualize relationships, and use the information to assemble DOQL queries. 
+
+- The ERD is searchable using the **Find** field, below the **Device42 - Viewer Entity Relationship Diagram** header. By searching for `device`, database views that contain "device" are highlighted (for example, `view_device_v1` and other related fields), while others fade into the background:
+
+    <ThemedImage
+    alt="EDR Viewer example"
+    sources={{
+        light: useBaseUrl('/assets/images/db-viewer-schema/edr-device-example-light.png'),
+        dark: useBaseUrl('/assets/images/db-viewer-schema/edr-device-example-dark.png'),
+    }}
+    />
+
+- Click the **tiny triangle symbol** on a table to expand it or use the **Expand All** button to expand all the database entities:
+
+    <ThemedImage
+    alt="EDR expand buttons"
+    sources={{
+        light: useBaseUrl('/assets/images/db-viewer-schema/tiny-triangle-closed-light.png'),
+        dark: useBaseUrl('/assets/images/db-viewer-schema/tiny-triangle-closed-dark.png'),
+    }}
+    />
+
+    <ThemedImage
+    alt="Expanded entity"
+    sources={{
+        light: useBaseUrl('/assets/images/db-viewer-schema/tiny-triangle-open-light.png'),
+        dark: useBaseUrl('/assets/images/db-viewer-schema/tiny-triangle-open-dark.png'),
+    }}
+    />
+
+## Data Dictionary
+
+The Data Dictionary is a text-based viewer used to explore the details of the Device42 database. Each view lists the **Column** names in the database table, the **Data Type** for those columns, and a short **Description** of each of those fields.
+
+You can filter by Data Building Blocks (**DBB**), Device42 Object Query Language (**DOQL**), or both (**All**) views.
+
+- **DBB**: Structured database views require little-to-no extra view-joining, and are composed to let you quickly create reports. These views are refreshed on a nightly basis. 
+
+    <ThemedImage
+    alt="Data Dictionary DBB view"
+    sources={{
+        light: useBaseUrl('/assets/images/db-viewer-schema/data-dictionary-dbb-light.png'),
+        dark: useBaseUrl('/assets/images/db-viewer-schema/data-dictionary-dbb-dark.png'),
+    }}
+    />
+
+- **DOQL**: These raw, less-structured views provide full access to all the information discovered and stored in Device42. Use them to create custom queries and reports for any use case, whether building queries from scratch or just adding one or two more fields to a DBB-based report.
+
+    <ThemedImage
+    alt="Data Dictionary DOQL view"
+    sources={{
+        light: useBaseUrl('/assets/images/db-viewer-schema/data-dictionary-doql-light.png'),
+        dark: useBaseUrl('/assets/images/db-viewer-schema/data-dictionary-doql-dark.png'),
+    }}
+    />
+
+### Data Dictionary API
+
+If you prefer using our API, you can also get the Data Dictionary from this endpoint: 
+
+```
+/services/data/v1.0/dd/
+```
+Find the parameter explanations and more details about running DOQL queries via the API on the [DOQL - Device42 Object Query Language page](index.mdx).
-Original file line number
+Diff line change
@@ Expand Up / @@ -9,7 +9,7 @@ sidebar_position: 13 @@
     * * *
-    **See The [Device42 DOQL DOCUMENTATION PAGE](docs/reports/device42-doql/index.md) for DOQL documentation.**
+    **See The [Device42 DOQL DOCUMENTATION PAGE](docs/reports/device42-doql/index.mdx) for DOQL documentation.**
     * * *
@@ Expand Down @@