Skip navigation
8805 Views 8 Replies Latest reply: Nov 18, 2010 7:31 AM by Josh Hankins RSS
Currently Being Moderated

Jul 27, 2010 8:16 AM

Authenticated UNIX P&C Scan

I am looking for assistance on getting the Policy & Compliance scans to run authenticated.  Are you doing it?  How did you accomplish and convince your UNIX folks to let Qualys run and execute root-level commands?

  • bblackwo Lurker 1 posts since
    Jul 27, 2010
    Currently Being Moderated
    Jul 27, 2010 8:21 AM (in response to masterofd)
    Re: Authenticated UNIX P&C Scan

    I created them scan accounts restricted to their asset groups that they could include in their SOP. When they were included in the configuration and schedule, the UNIX folks were more than happy to make it automated and have the high visibilty vulns remediated.

  • jfredrickson Level 1 7 posts since
    Jul 25, 2010
    Currently Being Moderated
    Jul 27, 2010 12:29 PM (in response to masterofd)
    Re: Authenticated UNIX P&C Scan

    John - do you have any digital password vaults installed in your UNIX environment?

  • Keith Shaw Level 1 12 posts since
    Jun 28, 2010
    Currently Being Moderated
    Jul 27, 2010 3:53 PM (in response to masterofd)
    Re: Authenticated UNIX P&C Scan

    Thread was moved to the Policy Compliance community.

    • John Wiggins Level 1 9 posts since
      Jul 29, 2010
      Currently Being Moderated
      Aug 2, 2010 8:54 AM (in response to Keith Shaw)
      Re: Authenticated UNIX P&C Scan

      Convincing people to allow you root access can be hard, how about convincing the Unix guys to setup a set of key pairs so you can authenticate and then use sudo to run the commands?

       

      In the end of the day your give them better information if you can get root level access and I'm sure they run a similar set of tools on their own systems that check patches that have a similar level of access as root. If they don't then that could be another reason that they should allow you access!

        • Clement Herssens Level 2 29 posts since
          Aug 9, 2010
          Currently Being Moderated
          Aug 11, 2010 2:35 PM (in response to masterofd)
          Re: Authenticated UNIX P&C Scan

          I once received a detailed list of commands that are executed during an authenticated scan on UNIX. Although this list is probably outdated by now, I can give you the details if you PM me.

           

          You could also ask technical support to send you the most recent list...

        • Josh Hankins Level 1 11 posts since
          Oct 12, 2010
          Currently Being Moderated
          Nov 18, 2010 7:31 AM (in response to masterofd)
          Re: Authenticated UNIX P&C Scan

          You're question John is always a challenge. Here's what I did to gather "buy-in" from my Unix team. (By the way, I've been running Qualys PC on computing environment for approximately 2 years. My environment is made up of over 600 Unix servers and about 4000 Window boxes.)

           

          1.) Get the technical details from Qualys stating why root level access is needed.

          2.) What Clement mentioned above is a great idea.

          3.) I did the following and it worked great for me. I got a cross section of Unix servers that represented our Unix OS environment.  These servers were test and dev. I made sure I could scan them any time I wanted and myself and my Unix contact could make config changes (within reason) during the day.

           

          Once my Unix contact and his manager realized the PC scans was pretty benign, we took the next steps to productionalize the PC scans.

           

          We've had no issues since turning that scan feature on. (We also do Vuln scans as well.) I do PC scans once a week and vuln scans once a week. The scan do not overlap.

           

          Hopefully you find this helpful.

           

          -Josh

More Like This

  • Retrieving data ...

Bookmarked By (0)

Legend

  • Correct Answers - 10 points
  • Helpful Answers - 6 points