8 Replies Latest reply on Jun 20, 2011 10:31 AM by Todd Luther

    Authenticated UNIX P&C Scans

    masterofd Level 1

      I am looking for assistance on getting the Policy & Compliance scans to run authenticated.  Are you doing it?  How did you accomplish and convince your UNIX folks to let Qualys run and execute root-level commands?

        • Re: Authenticated UNIX P&C Scans
          Damian OHara Level 2

          Hi John,

          As PC scans can only succeed if auth is already configured (and working) for the host its a prerequisite for project implementation.

          We did it by pushing out a change request to add a new SSH public key to each UNIX system's authorized_keys(2) file and to update the standard build with the same public key so that new systems automatically conformed. We also had to tidy up any system sshd_config files which blocked remote root access by changing PermitRootLogin to say without-password (and restart sshd).

          Anyhow, without auth scanning you're losing much of the accuracy for VM scanning too - especially on windows systems, so that should be enough to push it through.

          Damian

          • Re: Authenticated UNIX P&C Scans
            Jadson Level 2

            Hi John,

             

            Try to have your UNIX guys in a confcall with your TAM so you can discuss how authenticated scans work, how Qualys securely stores your credentials and the beneffits of authenticated scans (both for VM and PC).

             

            This is a typical challenge with UNIX admins, they (we ) are just the kind of people who like to know exactly what's going on with their systems. Which, in the end, is a good thing.

             

            From my experience, once they get to understand how the scan works in more detail and the beneffits they can get from it, they are usually more confortable with providing credentials.

            • Re: Authenticated UNIX P&C Scans
              John Wiggins Level 1

              Has anyone had any experience in performing autheticated scans via a jump server or found a work around for performing scans via a jump server?

                • Re: Authenticated UNIX P&C Scans
                  Damian OHara Level 2

                  I don't think that functionality is available yet as a product. Pressure your TAMs to provide a software jumpserver to forward all your scanner appliance scan traffic through and onto your real target. If they send you a demo - let me know

                  • Re: Authenticated UNIX P&C Scans
                    nthomas Level 2

                    John - Our ML code has recently been updated to allow for integration with the CyberArc Safe and the front end functionality is presently being developed.  It's highly likely that by the end of 2010 (if not sooner) QualysGuard will be able to authenticate with CyberArc and retrieve the necessary credentials to assist with authenticated assessments.

                      • Re: Authenticated UNIX P&C Scans
                        Todd Luther Level 1

                        Has this been addressed?  All of our UNIX environments (we have 10 separate in the US) go through jump servers and we even though we are scanning on the same subnet, we cannot MAP any of our UNIX servers.   Linux and Windows are fine, just not the UNIX servers.

                          • Authenticated UNIX P&C Scans
                            Damian OHara Level 3

                            Hi Todd,

                             

                            Is your issue similar to the one described in this thread -> https://community.qualys.com/message/3741#3741 ?

                            Meanwhile could you describe how you're using a jump server to scan another subnet ?

                            What is the OS/mechanism/ports/forwarding arrangement etc ?

                             

                            Damian

                              • Authenticated UNIX P&C Scans
                                Todd Luther Level 1

                                Damian:
                                Yes it is the same issue....I was doing research when I saw this thread and after I posted here, I realized my issue wasn't really the same as this thread and I didn't want to hijack this thread to my issue.

                                 

                                Part two, we are not using a jumpserver to scan another environment, our UNIX/Linux teams are using jumpservers to access their supporting servers.  We use VLANs to scan across environments/subnets.  I did discover that just by adjusting the NETMASK on my VLAN I was able to successfully capture on of my environments UNIX (Solaris) servers.

                                 

                                We have various OS (Solaris, HP-UX, AIX mostly for UNIX) in our environments and ports should be using the standard scanned ports.  

                                 

                                I apologize if this was the wrong thread.

                                 

                                Regards,

                                 

                                Todd