Linux based devices contain multiple attributes such as hardware, certificates, patches, apps, and more. With Sensors, you can collect data for these attributes using the Workspace ONE UEM console and display the data returned by Sensors in Workspace ONE.

Linux devices have a huge number of attributes associated with them. This number increases when you track the different apps, distro versions, patches, and other continually changing variables. It can be difficult to track all of these attributes.

Workspace ONE UEM tracks a limited number of device attributes by default. However, with Sensors, you can track any specific device attributes needed. For example, you can create a Sensor that tracks the number of battery charge cycles, last updated date of a virus definition file, or the build version of a specific security agent. Sensors allow you to track various attributes across your devices using Bash. For your Linux devices, these sensor scripts can be configured to run periodically.

Find Sensors in the main Workspace ONE UEM console navigation under Resources.

Workspace ONE UEM Options

  • Bash Scripts - The Bash script you create determines the value of each sensor. For examples of what scripts you can create, see Bash Examples.

  • Support for Variables - If your sensor script requires dynamic or sensitive information that must be defined outside of the script, variables can be used to securely store this information. Variable data is encrypted at-rest and in-transit. The variables can be referenced in the code directly by name $myvariable.

  • Sensors Triggers - When configuring Sensors, you can control when the device reports the sensor data back to the Workspace ONE UEM console with triggers. Currently, for Linux devices, you can schedule these triggers based on the Intelligent Hub Sample Schedule (periodically). Other triggers are currently not available.

  • Device Details > Sensors - You can see data for single devices on the Sensors tab in a device's Device Details page.

Workspace ONE Intelligence Options

If you use the Workspace ONE Intelligence service, you can run a report or create a dashboard to view and interact with the data from your Sensors. When you run reports, use the Workspace ONE UEM category, Device Sensors. You can find your sensors and select them for queries in reports and dashboards.

For details on how to work in Workspace ONE Intelligence, see VMware Workspace ONE Intelligence Products.

Creating Sensors for Linux Devices

Create Sensors in the Workspace ONE UEM console to track specific device attributes such as remaining battery, specific version or build information, or average CPU usage. Each sensor includes a script of code to collect the desired data. You can upload these scripts or enter them directly into the console.

For Linux devices, Sensors use Bash scripts to gather attribute values. You must create these scripts yourself either before creating a sensor or during configuration in the scripting window.

Note:

To view Sensors for multiple devices and interact with the data in reports and dashboards, you must opt into VMware Workspace ONE Intelligence. If you want to view Sensors data for a single device, you do not need VMware Workspace ONE Intelligence. Go to the device's Device Details page and select the Sensors tab to view the data.

  1. In the Workspace ONE UEM console, navigate to Resources > Sensors.

  2. On the Sensors page, click Add and select Linux.

  3. In the New Sensor page, navigate to General > Name and enter the following:

    1. Setting

      Decription

      Name

      Enter the name of the sensor. The name must start with a lowercase letter followed by alpha-numeric characters and underscores. The name must be between 2 and 64 characters.

      Description

      Enter the description of the sensor.

  4. Click Next.

  5. Configure the sensor settings in the Details tab.

    1. Setting

      Description

      Language

      Select the language. Currently only Bash is support for Linux devices.

      Execution Context

      This setting controls the context with which the script runs. Currently only System is support for Linux devices.

      Response Data Type

      Select the type of response the script will return. You can choose between:

      • String

      • Integer

      • Boolean

      • Date Time

      Code

      Upload a script for the sensor or write your won in the text box provided.

  6. Click Next.

  7. In the Variables tab, you can optionally define variable names and values to use in your Sensor script. These variables are securely stored, encrypted at-rest, and only used temporarily during script execution in the scripting environment.

    Variables support static text or UEM lookup values. The lookup values are resolved before being delivered to the device for execution.

    Bash scripts can reference the variables directly by name from the environment like $myvariable.

  8. Click Save or Save and Assign.

    You can save the sensors information and go back to menu or can move to the Assignment page to add sensors to a smart group.

What to do next

To add a sensor to a smart group, perform the following steps:

  1. In the New Assignment page, enter the Assignment Name and Select Smart Group. Click Next

  2. In the Deployment page, currently, the only option available is Periodically. The script will run periodically based on the Intelligent Hub Data Transmit Interval configured in All Settings > Device & Users > Linux > Intelligent Hub Settings

  3. Click Save.

After the assignment group is saved, you can prioritize the assignments if multiple smart groups are configured with potentially overlapping sets of devices. Once this step is done, devices with Intelligent Hub installed will receive the Sensor configurations on the next check-in. Intelligent Hub then runs the Sensors and reports the data back to Workspace ONE.

View Sensors in Linux Device Details

Sensor data can be viewed in the Workspace ONE UEM console in Device Details > Sensors tab.

  1. In the Workspace ONE UEM console, navigate to Device > Details View and select the Sensors tab. The following details are displayed in the Sensors tab:

    1. Name - Name of the Sensor.

    2. Value - Value reported by the device.

    3. Last executed date - The timestamp for when the Sensor value was collected.

  2. To request the device to on-demand, run the Sensor and report the value back, select a Sensor name, and click Run.

    1. Note:

      Run button is displayed in Device Details only if the Hub version is supported. The minimum supported Linux Hub version is 21.05.

  3. To view information about Sensors execution, navigate to Details View > Troubleshooting. In the event log filters, select Sensors.

    1. Note:

      This is seen only if the event log level is set to capture information or debug messages.

Linux Sensor Examples

When you create Sensors for Linux devices, you must upload a bash script or enter the bash script in the text box provided during configuration in the Workspace ONE UEM console. These commands return the values for the sensor attributes.

Bash Examples: The following examples contain the settings and the code needed for standard Ubuntu and may not work on other Linux distributions.

Get the current Host Name:

  • Language: Bash

  • Execution Context: System

  • Response Data Type: String

cat /proc/sys/kernel/hostname |

Get a list of all users currently logged in:

  • Language: Bash

  • Execution Context: System

  • Response Data Type: String

who | cut -d' ' -f1 | sort | uniq

Get current distribution version:

  • Language: Bash

  • Execution Context: System

  • Response Data Type: String

( lsb_release -ds || cat /etc/*release || uname -om ) 2>/dev/null | head -n1 |

Determine if an SSH Server is running:

  • Language: Bash

  • Execution Context: System

  • Response Data Type: Integer

ps -ef | grep sshd | grep -v "grep" | wc -l

Note:

The returned value equates to the number of SSH daemons running on the endpoint