Application Transformer for VMware Tanzu requires certain permissions on the VM where you perform the introspection. Here is the list of configurations you must perform on your VM.
Access permissions to the following Linux commands
/bin/ls /bin/bash /bin/cat /bin/rm /usr/bin/python /usr/bin/python2.7 /usr/bin/python3 /usr/bin/cat /usr/bin/bash /usr/bin/ls /usr/bin/rm /usr/bin/cat /usr/bin/echo /usr/bin/chmod
Access permissions to the following Windows commands
(Get-WmiObject -class Win32_OperatingSystem).Caption Get-WmiObject -Class Win32_Process Get-Process -IncludeUserName netstat -bano
Note: You must have the administrator permissions to run these commands using powershell script.
Install VMware Tools
You must install the VMware Tools and update the PAM configuration file for the VMware Tools.
Note:
- To introspect Windows VMs using users other than Windows Administrators, you must install VMware Tools 11 or a later version.
- Users must be part of Windows Administrators group for elevated access.
cat /etc/pam.d/vmtoolsd #%PAM-1.0 auth required pam_sepermit.so auth substack password-auth auth include postlogin # Used with polkit to reauthorize users in remote sessions -auth optional pam_reauthorize.so prepare account required pam_nologin.so account include password-auth password include password-auth # pam_selinux.so close should be the first session rule session required pam_selinux.so close session required pam_loginuid.so # pam_selinux.so open should only be followed by sessions to be executed in the user context session required pam_selinux.so open env_params session required pam_namespace.so session optional pam_keyinit.so force revoke session include password-auth session include postlogin # Used with polkit to reauthorize users in remote sessions -session optional pam_reauthorize.so prepare
Set the Virtual Machine Guest Operations privileges
Set the Virtual Machine Guest Operations privileges at the VM level.
Configure the NoPassword prompt
Run the visudo
command to open the sudo config file and update the file with the following entry to remove the password prompt for the non-root users:
%<non-root-user> ALL=(ALL) NOPASSWD: /usr/bin/python3