2 Replies Latest reply on Jun 16, 2014 3:41 PM by user83

    Scanning a CentOS based host

    shawn313

      I am just learning the Foundstone product, so I'm hoping this is something with an easy answer. I'm trying to scan a device with CentOS, but I'm having a hard time getting authenticated scans to work.  I verified the credentials and network access with putty from the scan engine I'm using, so that's okay. I also tried running a discovery on the asset to collect the keys which was suggested in another post. There was a knowledge base article listing the commands that would need to be executed successfully for it to determine which set of FASL scripts to run and those all ran correctly. Am I having trouble because the account I was provisioned to scan the asset can SSH to it and already has root level privileges?  Anyway, here's how the credential set is configured:

       

      Trust unknown remote-shell targets - checked

      Account Type - Shell Individual Host

      Shell Individual Host - IP address of the asset

      User ID - user ID that was provided to me

      Password - password that was provided to me

      Confirm password - password that was provided to me

      Protocol - SSHv2 (I also tried with the SSHv1 and Telnet boxes checked, but that didn't help)

      Security - Password (I also tried with the Certificate box checked, but that didn't help)

      Privileged access - root

      User ID (Optional) - user ID that was provided to me (also tried leaving it blank)

      Password - password that was provided to me

      Confirm Password - password that was provided to me

       

       

      Thanks for any help!

        • 1. Re: Scanning a CentOS based host
          tommad

          If you aren't logging in as root, the account you are using will need sudo access to enable proper scanning. (this can be checked by logging in and running "sudo su -" .  You'll asked for the login-accounts password.   If that works, you're set.

           

          You then check the sudo box at the bottom, and enter the login account's credentials.

          • 2. Re: Scanning a CentOS based host
            user83

            Shawn313, the above information all looks correct, but something to be aware of is that MVM will only authenticate to a system if it is running a check that requires it.  Meaning if you are just running a discovery scan, or a scan with only checks that don't require authentication to the target device, then no authentication will be recorded in the reports.  So if you are testing your authentication be sure to select checks that require it.  For CentOS checks, just go into the vulnerability section and under shell there is a CentOS sub group. Those checks will require authentication to the CentOS device.

             

            Also, most UNIX/Linux checks within MVM do not require sudo or root level access, though there are a few that do for certain UNIX/Linux OS types.

             

            Finally, not sure where you are verifying your authentication status, but in the HTML report you need to look in the UNIX Host Assessment --> UNIX Access section under the "Report Pages", or if using the CVS report you can look in the authentication_hosts.csv file.  You should see your access level under the protocol you used to authenticate to the device (SSHv1, SSHv2, Telnet, etc)