8 Replies Latest reply: Nov 18, 2010 7:31 AM by Josh Hankins RSS

Authenticated UNIX P&C Scan

masterofd

I am looking for assistance on getting the Policy & Compliance scans to run authenticated.  Are you doing it?  How did you accomplish and convince your UNIX folks to let Qualys run and execute root-level commands?

  • Re: Authenticated UNIX P&C Scan
    bblackwo

    I created them scan accounts restricted to their asset groups that they could include in their SOP. When they were included in the configuration and schedule, the UNIX folks were more than happy to make it automated and have the high visibilty vulns remediated.

  • Re: Authenticated UNIX P&C Scan
    jfredrickson

    John - do you have any digital password vaults installed in your UNIX environment?

  • Re: Authenticated UNIX P&C Scan
    Keith Shaw

    Thread was moved to the Policy Compliance community.

    • Re: Authenticated UNIX P&C Scan
      John Wiggins

      Convincing people to allow you root access can be hard, how about convincing the Unix guys to setup a set of key pairs so you can authenticate and then use sudo to run the commands?

       

      In the end of the day your give them better information if you can get root level access and I'm sure they run a similar set of tools on their own systems that check patches that have a similar level of access as root. If they don't then that could be another reason that they should allow you access!

      • Re: Authenticated UNIX P&C Scan
        masterofd

        Thanks for the replies.  It is really just a question of the commands that are being run could have horrific impacts to the environment.

        • Re: Authenticated UNIX P&C Scan
          Clement Herssens

          I once received a detailed list of commands that are executed during an authenticated scan on UNIX. Although this list is probably outdated by now, I can give you the details if you PM me.

           

          You could also ask technical support to send you the most recent list...

        • Re: Authenticated UNIX P&C Scan
          Josh Hankins

          You're question John is always a challenge. Here's what I did to gather "buy-in" from my Unix team. (By the way, I've been running Qualys PC on computing environment for approximately 2 years. My environment is made up of over 600 Unix servers and about 4000 Window boxes.)

           

          1.) Get the technical details from Qualys stating why root level access is needed.

          2.) What Clement mentioned above is a great idea.

          3.) I did the following and it worked great for me. I got a cross section of Unix servers that represented our Unix OS environment.  These servers were test and dev. I made sure I could scan them any time I wanted and myself and my Unix contact could make config changes (within reason) during the day.

           

          Once my Unix contact and his manager realized the PC scans was pretty benign, we took the next steps to productionalize the PC scans.

           

          We've had no issues since turning that scan feature on. (We also do Vuln scans as well.) I do PC scans once a week and vuln scans once a week. The scan do not overlap.

           

          Hopefully you find this helpful.

           

          -Josh