Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

Nessus UNIX Configuration Auditing "sudo" Support

Tenable's research group recently added support to all SSH enabled UNIX configuration audits to make use of "sudo". Support is available in version 1.4.4 of the UNIX compliance checks. 

Some organizations explicitly prohibit remote "root" logins to their UNIX servers. However, many of these organizations do allow a "non-root" login which has access to the "sudo" command. The "sudo" facility allows a non-root user to run specific restricted commands at the root level. Activity related to "sudo" can be logged as well.

When Nessus logs into a UNIX host via SSH, if the remote account used to login is not "root", it will attempt the command "sudo id". If the identification of the root user is returned, Nessus will perform the configuration checks through the "sudo" command. If the "sudo" facility has not been configured, or it requires a password, Nessus won't use "sudo" and will instead perform it's audit with whatever privileges the remote user account has access to.

When configuring your "sudo" facility, keep the following guidelines in mind:

  • The account used by Nessus should be able to run the command "id" and see that it is effectively running as root without being prompted for a password.
  • The "sudo" facility should be configured to log all commands run by the Nessus account, including failed commands. These logs can be audited by the Log Correlation Engine to ensure only authorized users are running commands.
  • If you've restricted the list of commands available to the remote Nessus auditing account, you should perform some test audits to see if your Nessus scan policies can complete their audits. There is nothing wrong with restricting the commands allowed through "sudo", but testing this prior to performing an audit is important.

If you are using Nessus with the Direct Feed or Security Center, you do not need to make any changes to your existing scan policies. However, with this new update, you now have the flexibility to configure your target UNIX systems with accounts that have access to the "sudo" facility to support your CIS, NIST and other types of configuration audits.

Subscribe to the Tenable Blog

Subscribe
Try for Free Buy Now

Try Tenable.io Vulnerability Management

FREE FOR 60 DAYS

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Sign up now and run your first scan within 60 seconds.

Buy Tenable.io Vulnerability Management

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.

65 assets

Try Nessus Professional Free

FREE FOR 7 DAYS

Nessus® is the most comprehensive vulnerability scanner on the market today. Nessus Professional will help automate the vulnerability scanning process, save time in your compliance cycles and allow you to engage your IT team.