1 Reply Latest reply: Dec 2, 2013 4:22 PM by craig.carrigan RSS

    Vulnerability Manager credential non-windows "Shell"




      I have makes a questions


      1Q) When I try to do a scan in Vulnerability Manager with a credential on a Non-Windows operating system, do not know what information to place in "Domain Shell", "Shell Single Host" or "Shell Default". This happens to scan computers Unix, Routers, Switchs, Firewall and any other.


      Please someone can tell me what information I write in "Shell"



      2Q) What is the different between "Domain/Workgruop", "Individual Host", "Default" and "Application".  How do I know which should I choose?





        • 1. Re: Vulnerability Manager credential non-windows "Shell"

          Good Afternoon Arfelix,


          I have messed with this in the past and this is the way I do it.


          First in the default shell line you have to tell the scanner what shell it needs to use during the session. You can also find in the Knowledge Base the commands the scanner needs to be able to run so it can scan successfully.


          https://kc.mcafee.com/corporate/index?page=content&id=KB54752&actp=search&viewlo cale=en_US&searchid=1360272419418


          Depending on the level of access the account you use for the scanner has,you do not really need to provide root access


          I check the password box and leave Certificate checked, MVM does not like it if it is unchecked, and it’s default behavior is to use certs, which it may not have, there is a KB article on it; if it locks out your account on the target server here.


          https://kc.mcafee.com/corporate/index?page=content&id=KB67689&actp=search&viewlo cale=en_US&searchid=1352321054440


          I have not quite figured out the whole Sudo with a certificate yet, so I do not mess with it.


          Be sure to check the boxes for SSH key collection and Trust remote shells orthe SSH session will fail.




          As for the windows options; Domain is for a server using creds in ActiveDirectory. Workgroup I do not have any good explanation for. Servers that are stand alone, I use Windows Individual Host and whatever creds are local to the server and they work fine.


          Application is for web app scanning as I understand it. I could be wrong


          I hope that helps


          Message was edited by: craig.carrigan on 12/2/13 4:22:39 PM CST