When matching a Linux based device, we prefer to use the Dbus id concatenated with the hostname. We can also use other options as per the above below table, but we can retrieve the Dbus ID without root. To retrieve the UUID (from the motherboard), we need to run dmidecode, which does require root. Unfortunately, when you clone an ESXi guest, the Dbus ID does not get recreated - hence our concatenating this with the hostname. There is a good article linked here that details the why's of hardware IDs. http://0pointer.de/blog/projects/ids.html
As at Open-AudIT 3.3.0 we will be implementing a match routine that essentially says "If all I have is an IP, and that IP belongs to a device in the database and that device has not been audited, match that device regardless of the match_ip rule.
The reason for this is in the case of a discovered device that we don't have credentials for, we have virtually no information except the IP and maybe the DNS Hostname. Neither are considered unique (think DHCP). But in the case where we have a device with that lack of data already preset in the database, assume it is the same device so that we don't create many false duplicates. This configuration item will be called match_ip_no_data and will be set to YES by default.
Enterprise Per Discovery Matching
For Enterprise Users, the below properties are able to be set per individual discovery. If a discovery has a value of 'y' or 'n' for a match rule, that will be used. If no value is present, the discovery will use the value set in the global configuration.
These properties are stored in Open-AudIT's configuration; to access them select Admin -> Configuration -> Discovery from Open-AudIT's menu. The default values of 'y' and 'n' simply mean YES and NO. We will use YES and NO in the description, rather than 'y' and 'n'. The stored value should always be either a lowercase y or n.