8 Replies Latest reply on Nov 18, 2010 7:31 AM by Josh Hankins

    Authenticated UNIX P&C Scan

    masterofd Level 1

      I am looking for assistance on getting the Policy & Compliance scans to run authenticated.  Are you doing it?  How did you accomplish and convince your UNIX folks to let Qualys run and execute root-level commands?

        • Re: Authenticated UNIX P&C Scan
          bblackwo Lurker

          I created them scan accounts restricted to their asset groups that they could include in their SOP. When they were included in the configuration and schedule, the UNIX folks were more than happy to make it automated and have the high visibilty vulns remediated.

          • Re: Authenticated UNIX P&C Scan
            jfredrickson Level 1

            John - do you have any digital password vaults installed in your UNIX environment?

            • Re: Authenticated UNIX P&C Scan
              Keith Shaw Level 2

              Thread was moved to the Policy Compliance community.

                • Re: Authenticated UNIX P&C Scan
                  John Wiggins Level 1

                  Convincing people to allow you root access can be hard, how about convincing the Unix guys to setup a set of key pairs so you can authenticate and then use sudo to run the commands?

                   

                  In the end of the day your give them better information if you can get root level access and I'm sure they run a similar set of tools on their own systems that check patches that have a similar level of access as root. If they don't then that could be another reason that they should allow you access!

                    • Re: Authenticated UNIX P&C Scan
                      masterofd Level 1

                      Thanks for the replies.  It is really just a question of the commands that are being run could have horrific impacts to the environment.

                        • Re: Authenticated UNIX P&C Scan
                          Clement Herssens Level 2

                          I once received a detailed list of commands that are executed during an authenticated scan on UNIX. Although this list is probably outdated by now, I can give you the details if you PM me.

                           

                          You could also ask technical support to send you the most recent list...

                          • Re: Authenticated UNIX P&C Scan
                            Josh Hankins Level 1

                            You're question John is always a challenge. Here's what I did to gather "buy-in" from my Unix team. (By the way, I've been running Qualys PC on computing environment for approximately 2 years. My environment is made up of over 600 Unix servers and about 4000 Window boxes.)

                             

                            1.) Get the technical details from Qualys stating why root level access is needed.

                            2.) What Clement mentioned above is a great idea.

                            3.) I did the following and it worked great for me. I got a cross section of Unix servers that represented our Unix OS environment.  These servers were test and dev. I made sure I could scan them any time I wanted and myself and my Unix contact could make config changes (within reason) during the day.

                             

                            Once my Unix contact and his manager realized the PC scans was pretty benign, we took the next steps to productionalize the PC scans.

                             

                            We've had no issues since turning that scan feature on. (We also do Vuln scans as well.) I do PC scans once a week and vuln scans once a week. The scan do not overlap.

                             

                            Hopefully you find this helpful.

                             

                            -Josh

                            1 of 1 people found this helpful