The scanning process
Snow Inventory Java Scanner performs a file system search in the same locations as the Snow Inventory Agent, configured in the Software element of the agent configuration file, snowagent.config
. See Agent configuration file for more information.
For Linux, macOS, and Unix environments, the file system search will ignore all mounted drives with a file system type different from the root (/
) file system type, unless it is listed in <Software><IncludeCriteria><FileSystem>.
For Linux and macOS environments, the following fixed exclude paths are added to align the file search behavior with the Snow Inventory Agent:
Platform | Exclude paths |
---|---|
Linux | /net/* /panfs/* /tmp/* /boot/* /usr/include/* /usr/share/* /usr/src/* /var/* |
macOS | /.MobileBackups/* /.Spotlight-V100/* /.Trashes/* |
For Linux environments, you can configure bind mounts and autofs mounts to be excluded from the scan. For Unix environments, you can configure bind mounts to be excluded from the scan. See Configure the agent to exclude bind mounts and autofs mounts from the scan in the Snow Inventory Agent for Linux user guide for a description of both configurations.
The inventory data collected by the scanner reflects a snapshot of the Java environment at the instant when the inventory scan is performed.
File scanning
The scanner searches for the following files to get information about the Java installations:
Platform | Filenames |
---|---|
Linux macOS Unix | java jcmd |
Windows | java.exe jcmd.exe java*.msi |
File types and paths specified in the <Software><Exclude> section of the agent configuration file, snowagent.config, will not be included in the scan. Therefore, for the scanner to collect all the required files, you must make sure that the files listed in this section are not part of the <Software><Exclude section>.
Scanning active Java processes
If found in the scanned locations, the Snow Inventory Java Scanner will use JDK's JCMD utility in order to find active Java processes and detect the usage of the Java Flight Recorder commercial feature. The following JCMD commands are executed:
-
jcmd -l
-
jcmd {process_id} VM.system_properties
-
jcmd {process_id} VM.check_commercial_features
Identifying Java installations
In order to properly identify Java installations, for each Java executable that is found during the file system search, the following command is executed:
- {path_to_java_exe} -XshowSettings:properties -version
Security level of the scanner
If the scanner is executed with a dedicated user, every Java executable found during the file system search will be treated as a secure (admin) path and all the commands will be executed in the same security context as the user executing the scanner.
When executing the scanner with elevated permissions, that is, as Administrator (Windows) or root (Linux, Unix, and macOS), the security level at which the scanner will be executed can be configured, see Configure the security level of the scanner.