Showing results for 
Show  only  | Search instead for 
Did you mean: 

Scanning a CentOS based host

I am just learning the Foundstone product, so I'm hoping this is something with an easy answer. I'm trying to scan a device with CentOS, but I'm having a hard time getting authenticated scans to work.  I verified the credentials and network access with putty from the scan engine I'm using, so that's okay. I also tried running a discovery on the asset to collect the keys which was suggested in another post. There was a knowledge base article listing the commands that would need to be executed successfully for it to determine which set of FASL scripts to run and those all ran correctly. Am I having trouble because the account I was provisioned to scan the asset can SSH to it and already has root level privileges?  Anyway, here's how the credential set is configured:

Trust unknown remote-shell targets - checked

Account Type - Shell Individual Host

Shell Individual Host - IP address of the asset

User ID - user ID that was provided to me

Password - password that was provided to me

Confirm password - password that was provided to me

Protocol - SSHv2 (I also tried with the SSHv1 and Telnet boxes checked, but that didn't help)

Security - Password (I also tried with the Certificate box checked, but that didn't help)

Privileged access - root

User ID (Optional) - user ID that was provided to me (also tried leaving it blank)

Password - password that was provided to me

Confirm Password - password that was provided to me

Thanks for any help!

2 Replies
Level 7
Report Inappropriate Content
Message 2 of 3

Re: Scanning a CentOS based host

If you aren't logging in as root, the account you are using will need sudo access to enable proper scanning. (this can be checked by logging in and running "sudo su -" .  You'll asked for the login-accounts password.   If that works, you're set.

You then check the sudo box at the bottom, and enter the login account's credentials.

Level 7
Report Inappropriate Content
Message 3 of 3

Re: Scanning a CentOS based host

Shawn313, the above information all looks correct, but something to be aware of is that MVM will only authenticate to a system if it is running a check that requires it.  Meaning if you are just running a discovery scan, or a scan with only checks that don't require authentication to the target device, then no authentication will be recorded in the reports.  So if you are testing your authentication be sure to select checks that require it.  For CentOS checks, just go into the vulnerability section and under shell there is a CentOS sub group. Those checks will require authentication to the CentOS device.

Also, most UNIX/Linux checks within MVM do not require sudo or root level access, though there are a few that do for certain UNIX/Linux OS types.

Finally, not sure where you are verifying your authentication status, but in the HTML report you need to look in the UNIX Host Assessment --> UNIX Access section under the "Report Pages", or if using the CVS report you can look in the authentication_hosts.csv file.  You should see your access level under the protocol you used to authenticate to the device (SSHv1, SSHv2, Telnet, etc)

You Deserve an Award
Don't forget, when your helpful posts earn a kudos or get accepted as a solution you can unlock perks and badges. Those aren't the only badges, either. How many can you collect? Click here to learn more.

Community Help Hub

    New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

  • Find Forum FAQs
  • Learn How to Earn Badges
  • Ask for Help
Go to Community Help

Join the Community

    Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

  • Get helpful solutions from McAfee experts.
  • Stay connected to product conversations that matter to you.
  • Participate in product groups led by McAfee employees.
Join the Community
Join the Community