Linux Host Data Source
The Linux Host data source collector discovers user accounts, groups, SSH keys, and logon events on Linux systems and servers. This enables organizations to identify all local and service accounts on Linux infrastructure, track SSH key usage, detect unauthorized access patterns, and support privileged access management for Linux servers.
Permissions
In order to collect identity data from Linux Host, a user or service account with sudo access must be created.
NOTE
The account itself must be able to connect over SSH and read contents of /etc/passwd. SSH public keys require that the account is able to login and execute sudo without a password prompt.
Using Shell Wrappers
The following commands must be enabled in sudo for the target user or service account, if the Elevate with Sudo configuration on the data source is not going to be enabled. Shell wrappers reduce the number of commands executed.
| Wrap Sudo Command in Shell | Commands |
|---|---|
| True | /bin/sh -c * |
| False | /usr/bin/lastlog |
/usr/bin/chage * | |
/usr/bin/getent shadow | |
/usr/sbin/sshd * | |
/usr/bin/cat * | |
/usr/bin/stat * | |
/usr/bin/ssh-keygen * | |
/usr/bin/test * | |
/usr/bin/gzip * | |
/usr/bin/ls * | |
/usr/bin/grep * | |
/usr/bin/find * | |
/usr/bin/file * |
Setting up the Linux Host Data Source
The following guides you through the necessary steps.
Login to your Hydden tenant.
To access the data sources page, navigate to Configuration > Discover and select Data Sources or use the data source URL:
https://portal.hydden.com/configuration/datasource.To add the Linux Host data source, click + Add Data Source.
From the configuration wizard, select the Linux Host logo tile.
For Name enter an easy-to-identify name, especially if several data sources for the same service are to be created.
You may ignore the optional Preset field. When pre-configured data source presets are available for selection from the drop-down, but they can also be added manually via the +. Create a data source preset to bulk import a list of servers.
For Hostname, enter your Linux Host connection URL, for example an IP Address.
If you already created your credential, select that credential from the Credential drop-down. If you have not yet created a credential, click the + to add an Account Credential for your Linux Host instance.
You may ignore the optional Schedule field. To specify a Schedule either select from the list of pre-configured collection schedules or manually enter a new schedule via +.
Under Site, which is an optional field, specify the site that your client is installed, it can also be "default" if there is only one client for your organization.
Check the Elevate with Sudo checkbox, to always run the data collection with sudo privileges.
If not enabled, refer to the Using Shell Wrappers information under Permissions above.
Check the Use Sudo Shell checkbox if your environment requires spawning a sudo shell for privilege elevation commands.
Custom Properties is an optional field, if needed for your organization, enter specific
key=valuepairs, for example, environment=production.Click Add to save the data source. You have an option to manually run the data collection via the Run Now button.
NOTE
If custom mapping rules are required, refer to the Advanced Configuration section in the Data Source Overview topic.
At this point, you can run a collection from the Data Sources page and shortly after, you will see your Linux Host users listed on the Identity Posture dashboard, in Global Search and the Search Library.
Privilege Elevation Methods
The Linux Host collector supports multiple privilege elevation methods to accommodate different enterprise Linux configurations and security policies.
Standard Sudo
The most common method for privilege elevation. The collector executes commands prefixed with sudo to gain necessary permissions.
Configuration:
- Enable the Elevate with Sudo checkbox in the data source configuration
- Ensure the service account has passwordless sudo access
- Configure sudoers file with required commands (see Using Shell Wrappers)
Example sudoers entry:
hydden_collector ALL=(ALL) NOPASSWD: /bin/sh -c *dzdo (Centrify/Delinea)
For environments using Centrify DirectControl or Delinea Server Suite, the collector supports dzdo as an alternative to standard sudo.
What is dzdo?
dzdo is Centrify's implementation of privilege elevation that integrates with Active Directory for centralized access control and auditing. It provides the same functionality as sudo but with enterprise-level audit logging and policy management.
Configuration:
The collector automatically detects and uses dzdo when:
- The
dzdocommand is available on the target system - The service account has dzdo privileges configured in Centrify/Delinea policies
- Standard sudo is not available or not configured
No manual configuration required — the collector will attempt dzdo if sudo elevation fails.
TIP
To verify dzdo is working, check the collection logs for "Using dzdo for privilege elevation" messages.
Sudo Shell Mode
Some Linux environments require commands to run within a sudo-spawned shell rather than as individual sudo command invocations.
When to use Sudo Shell:
- PAM configurations that enforce session requirements
- Systems with complex sudoers rules that don't work with command-line sudo
- Environments where audit logging requires persistent sudo sessions
Configuration:
- Enable Elevate with Sudo checkbox
- Enable Use Sudo Shell checkbox
- Ensure the service account can execute:
sudo /bin/sh
How it works:
Instead of running sudo command for each operation, the collector:
- Spawns a sudo shell:
sudo /bin/sh - Executes all commands within that shell session
- Closes the shell when collection completes
NOTE
Sudo Shell mode may be required on hardened Linux systems or when using complex PAM module configurations.
Privilege Elevation Troubleshooting
| Issue | Cause | Solution |
|---|---|---|
| "sudo: no tty present" error | Sudo requires interactive terminal | Add Defaults:hydden_collector !requiretty to sudoers |
| "dzdo: command not found" | Centrify not installed | Use standard sudo or install Centrify DirectControl |
| Commands fail with permission denied | Insufficient sudo privileges | Check sudoers configuration includes required commands |
| Sudo prompts for password | Passwordless sudo not configured | Add NOPASSWD to sudoers entry |
| Collection hangs during privilege elevation | Sudo waiting for password | Enable NOPASSWD or check for TTY requirement |