Showing results for 
Search instead for 
Did you mean: 
Level 7

Scanning a CentOS based host

I am just learning the Foundstone product, so I'm hoping this is something with an easy answer. I'm trying to scan a device with CentOS, but I'm having a hard time getting authenticated scans to work.  I verified the credentials and network access with putty from the scan engine I'm using, so that's okay. I also tried running a discovery on the asset to collect the keys which was suggested in another post. There was a knowledge base article listing the commands that would need to be executed successfully for it to determine which set of FASL scripts to run and those all ran correctly. Am I having trouble because the account I was provisioned to scan the asset can SSH to it and already has root level privileges?  Anyway, here's how the credential set is configured:

Trust unknown remote-shell targets - checked

Account Type - Shell Individual Host

Shell Individual Host - IP address of the asset

User ID - user ID that was provided to me

Password - password that was provided to me

Confirm password - password that was provided to me

Protocol - SSHv2 (I also tried with the SSHv1 and Telnet boxes checked, but that didn't help)

Security - Password (I also tried with the Certificate box checked, but that didn't help)

Privileged access - root

User ID (Optional) - user ID that was provided to me (also tried leaving it blank)

Password - password that was provided to me

Confirm Password - password that was provided to me

Thanks for any help!

0 Kudos
2 Replies
Level 7

Re: Scanning a CentOS based host

If you aren't logging in as root, the account you are using will need sudo access to enable proper scanning. (this can be checked by logging in and running "sudo su -" .  You'll asked for the login-accounts password.   If that works, you're set.

You then check the sudo box at the bottom, and enter the login account's credentials.

0 Kudos
Level 7

Re: Scanning a CentOS based host

Shawn313, the above information all looks correct, but something to be aware of is that MVM will only authenticate to a system if it is running a check that requires it.  Meaning if you are just running a discovery scan, or a scan with only checks that don't require authentication to the target device, then no authentication will be recorded in the reports.  So if you are testing your authentication be sure to select checks that require it.  For CentOS checks, just go into the vulnerability section and under shell there is a CentOS sub group. Those checks will require authentication to the CentOS device.

Also, most UNIX/Linux checks within MVM do not require sudo or root level access, though there are a few that do for certain UNIX/Linux OS types.

Finally, not sure where you are verifying your authentication status, but in the HTML report you need to look in the UNIX Host Assessment --> UNIX Access section under the "Report Pages", or if using the CVS report you can look in the authentication_hosts.csv file.  You should see your access level under the protocol you used to authenticate to the device (SSHv1, SSHv2, Telnet, etc)

0 Kudos