Skip navigation
8432 Views 8 Replies Latest reply: Jun 20, 2011 10:31 AM by Todd Luther RSS
Currently Being Moderated

Jul 27, 2010 8:00 AM

Authenticated UNIX P&C Scans

I am looking for assistance on getting the Policy & Compliance scans to run authenticated.  Are you doing it?  How did you accomplish and convince your UNIX folks to let Qualys run and execute root-level commands?

  • Damian OHara Level 2 26 posts since
    Jul 28, 2010
    Currently Being Moderated
    Jul 28, 2010 4:31 AM (in response to masterofd)
    Re: Authenticated UNIX P&C Scans

    Hi John,

    As PC scans can only succeed if auth is already configured (and working) for the host its a prerequisite for project implementation.

    We did it by pushing out a change request to add a new SSH public key to each UNIX system's authorized_keys(2) file and to update the standard build with the same public key so that new systems automatically conformed. We also had to tidy up any system sshd_config files which blocked remote root access by changing PermitRootLogin to say without-password (and restart sshd).

    Anyhow, without auth scanning you're losing much of the accuracy for VM scanning too - especially on windows systems, so that should be enough to push it through.

    Damian

  • Jadson Level 2 29 posts since
    Jul 23, 2010
    Currently Being Moderated
    Jul 29, 2010 8:20 AM (in response to masterofd)
    Re: Authenticated UNIX P&C Scans

    Hi John,

     

    Try to have your UNIX guys in a confcall with your TAM so you can discuss how authenticated scans work, how Qualys securely stores your credentials and the beneffits of authenticated scans (both for VM and PC).

     

    This is a typical challenge with UNIX admins, they (we ) are just the kind of people who like to know exactly what's going on with their systems. Which, in the end, is a good thing.

     

    From my experience, once they get to understand how the scan works in more detail and the beneffits they can get from it, they are usually more confortable with providing credentials.

  • John Wiggins Level 1 9 posts since
    Jul 29, 2010
    Currently Being Moderated
    Jul 30, 2010 4:34 AM (in response to masterofd)
    Re: Authenticated UNIX P&C Scans

    Has anyone had any experience in performing autheticated scans via a jump server or found a work around for performing scans via a jump server?

    • Damian OHara Level 2 26 posts since
      Jul 28, 2010
      Currently Being Moderated
      Jul 31, 2010 1:10 PM (in response to John Wiggins)
      Re: Authenticated UNIX P&C Scans

      I don't think that functionality is available yet as a product. Pressure your TAMs to provide a software jumpserver to forward all your scanner appliance scan traffic through and onto your real target. If they send you a demo - let me know

    • nthomas Level 2 40 posts since
      Jul 26, 2010
      Currently Being Moderated
      Aug 4, 2010 7:17 AM (in response to John Wiggins)
      Re: Authenticated UNIX P&C Scans

      John - Our ML code has recently been updated to allow for integration with the CyberArc Safe and the front end functionality is presently being developed.  It's highly likely that by the end of 2010 (if not sooner) QualysGuard will be able to authenticate with CyberArc and retrieve the necessary credentials to assist with authenticated assessments.

      • Todd Luther Level 1 15 posts since
        Jun 17, 2011
        Currently Being Moderated
        Jun 17, 2011 10:34 AM (in response to nthomas)
        Re: Authenticated UNIX P&C Scans

        Has this been addressed?  All of our UNIX environments (we have 10 separate in the US) go through jump servers and we even though we are scanning on the same subnet, we cannot MAP any of our UNIX servers.   Linux and Windows are fine, just not the UNIX servers.

        • Damian OHara Level 2 182 posts since
          May 10, 2011
          Currently Being Moderated
          Jun 20, 2011 9:40 AM (in response to Todd Luther)
          Authenticated UNIX P&C Scans

          Hi Todd,

           

          Is your issue similar to the one described in this thread -> https://community.qualys.com/message/3741#3741 ?

          Meanwhile could you describe how you're using a jump server to scan another subnet ?

          What is the OS/mechanism/ports/forwarding arrangement etc ?

           

          Damian

          • Todd Luther Level 1 15 posts since
            Jun 17, 2011
            Currently Being Moderated
            Jun 20, 2011 10:31 AM (in response to Damian OHara)
            Authenticated UNIX P&C Scans

            Damian:
            Yes it is the same issue....I was doing research when I saw this thread and after I posted here, I realized my issue wasn't really the same as this thread and I didn't want to hijack this thread to my issue.

             

            Part two, we are not using a jumpserver to scan another environment, our UNIX/Linux teams are using jumpservers to access their supporting servers.  We use VLANs to scan across environments/subnets.  I did discover that just by adjusting the NETMASK on my VLAN I was able to successfully capture on of my environments UNIX (Solaris) servers.

             

            We have various OS (Solaris, HP-UX, AIX mostly for UNIX) in our environments and ports should be using the standard scanned ports.  

             

            I apologize if this was the wrong thread.

             

            Regards,

             

            Todd

More Like This

  • Retrieving data ...

Bookmarked By (0)

Legend

  • Correct Answers - 10 points
  • Helpful Answers - 6 points