I am looking for assistance on getting the Policy & Compliance scans to run authenticated. Are you doing it? How did you accomplish and convince your UNIX folks to let Qualys run and execute root-level commands?
As PC scans can only succeed if auth is already configured (and working) for the host its a prerequisite for project implementation.
We did it by pushing out a change request to add a new SSH public key to each UNIX system's authorized_keys(2) file and to update the standard build with the same public key so that new systems automatically conformed. We also had to tidy up any system sshd_config files which blocked remote root access by changing PermitRootLogin to say without-password (and restart sshd).
Anyhow, without auth scanning you're losing much of the accuracy for VM scanning too - especially on windows systems, so that should be enough to push it through.
Try to have your UNIX guys in a confcall with your TAM so you can discuss how authenticated scans work, how Qualys securely stores your credentials and the beneffits of authenticated scans (both for VM and PC).
This is a typical challenge with UNIX admins, they (we ) are just the kind of people who like to know exactly what's going on with their systems. Which, in the end, is a good thing.
From my experience, once they get to understand how the scan works in more detail and the beneffits they can get from it, they are usually more confortable with providing credentials.
Has anyone had any experience in performing autheticated scans via a jump server or found a work around for performing scans via a jump server?
I don't think that functionality is available yet as a product. Pressure your TAMs to provide a software jumpserver to forward all your scanner appliance scan traffic through and onto your real target. If they send you a demo - let me know
John - Our ML code has recently been updated to allow for integration with the CyberArc Safe and the front end functionality is presently being developed. It's highly likely that by the end of 2010 (if not sooner) QualysGuard will be able to authenticate with CyberArc and retrieve the necessary credentials to assist with authenticated assessments.
Has this been addressed? All of our UNIX environments (we have 10 separate in the US) go through jump servers and we even though we are scanning on the same subnet, we cannot MAP any of our UNIX servers. Linux and Windows are fine, just not the UNIX servers.
Is your issue similar to the one described in this thread -> https://community.qualys.com/message/3741#3741 ?
Meanwhile could you describe how you're using a jump server to scan another subnet ?
What is the OS/mechanism/ports/forwarding arrangement etc ?
Damian:Yes it is the same issue....I was doing research when I saw this thread and after I posted here, I realized my issue wasn't really the same as this thread and I didn't want to hijack this thread to my issue.
Part two, we are not using a jumpserver to scan another environment, our UNIX/Linux teams are using jumpservers to access their supporting servers. We use VLANs to scan across environments/subnets. I did discover that just by adjusting the NETMASK on my VLAN I was able to successfully capture on of my environments UNIX (Solaris) servers.
We have various OS (Solaris, HP-UX, AIX mostly for UNIX) in our environments and ports should be using the standard scanned ports.
I apologize if this was the wrong thread.
Retrieving data ...