Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

Credentialed Linux Scanning

by Ron Gula
July 15, 2015

Monitoring the status of Linux/UNIX credentialed scanning is important in supporting both patch and compliance auditing of Linux/UNIX systems. Tenable.sc CV has the ability to perform credentialed scans on Linux/UNIX, thus increasing the accuracy of the collected data. This dashboard monitors Linux/UNIX credentialed scans.

The dashboard and its components are available in the Tenable.sc Feed, a comprehensive collection of dashboards, reports, assurance report cards and assets. The dashboard can be easily located in the Tenable.sc Feed under the category Monitoring.

The dashboard requirements are:

  • Tenable.sc 4.8.2
  • Nessus 8.4.0
  • NNM 5.9.0

During the initial rollout of Linux/UNIX credentialed scans, an important task to monitor is tracking systems that failed authentication.  When a system fails a credentialed scan, patch and compliance auditing will be incomplete or possibly inaccurate. Just as important is the continuous analysis of the scans’ results, as changes to networks and hosts could affect the risk exposure of an organization.

The dashboard consists of six components covering network and host resources required to perform a successful agent-less patch and/or compliance audit leveraging the appropriate Linux/UNIX account. The six components leverage the following plugins, which must be enabled during a credentialed scan:

  • 19506 - Nessus Scan Information
  • 11936 - OS Identification
  • 21745 - Authentication Failure - Local Checks Not Run
  • 10267 - SSH Server Type and Version Information
  • 22869 - Software Enumeration (SSH)
  • 12634 - Authenticated Check: OS Name and Installed Package Enumeration

All of the components on this dashboard need to have their assets’ filters modified so the displayed results will only show Linux/UNIX credentialed scans. Further information can be found at Using Assets with Dashboards How-To Guide.

Tenable.sc Continuous View (CV) is scalable vulnerability management system that identifies the biggest risk across the entire enterprise. Tenable’s products allows for the most comprehensive and integrated view of network health. Nessus and Tenable.sc are continuously updated with information about advanced threats and zero-day vulnerabilities, as well as new types of regulatory compliance configuration audits, allowing organizations to respond to new threats as they emerge.

Components

Credentialed Linux Scanning - Hosts available with SSH port: This matrix component indicates the percentage of hosts with vulnerabilities discovered on TCP Port 22 (SSH). Nessus uses Secure Shell (SSH) for credentialed scans on Linux/Unix operating systems. Nessus supports three types of authentication methods for use with SSH: username and password, public/private keys, and Kerberos. If SSH servers are running on another port, the scan policies will need to be modified, and the filter in this matrix will need to be modified to reflect the correct SSH service port.

Credentialed Linux Scanning - Accessible Host Authentication Services: This matrix component highlights the percentage of hosts that are running an OpenSSH service detected by plugin 10267. While performing patch and configuration auditing, Tenable recommends leveraging the Netstat scanner, used via SSH, to considerably speed up, and in some cases improve port scan accuracy. The “SSH Server Type and Version Information” (10267), detects the SSH server type and version information by sending an empty authentication request. This plugin obfuscates the version by collecting banner information from the SSH session or other methods.

Credentialed Linux Scanning - Host Port Scan Method: This component displays indicators for different types of successful Nessus scanning methods by host percentages. When scanning Linux/Unix systems there are several different methods for conducting port scanning. The scan policy can be configured to use more than one port scan method.  There are four port scan methods used when scanning a Linux/Unix system; this component highlights each of the four methods.

Credentialed Linux Scanning - OS Identification: This table component displays the various Linux/UNIX platforms being audited with a credentialed scan. This table is sorted by OS count and displays the OS version, count, and detection method. This information is useful to an analyst who needs to know the numerous Linux/UNIX platforms that are being scanned in the network environment.

Credentialed Linux Scanning - Host Access Capabilities: When a Nessus server logs on to a Linux/UNIX host, there are many factors that can still block a successful patch and/or compliance audit. The "Host access capabilities" matrix component measures the success of accessing various host resources required by a host logon session. If the resources are available, then the Nessus scanner can enumerate software and installed packages. If the login fails or the login session does not provide the necessary resources, then authentication will fail, highlighted as a percentage over the hosts audited in the final bar in the component. The authentication failure status is provided by plugin 21745 reporting a problem.

Credentialed Linux Scanning - Logon Host Failures: This table displays the Linux/UNIX systems that failed login for credentialed scans. If the resources are available, then the Nessus scanner can enumerate software and installed packages. If the login fails or the login session does not provide the necessary resources, then authentication will fail. The authentication failure status is provided by plugin 21745 reporting a problem.  This filter in this component uses a regular express to exclude SMB login failures, which helps eliminate false positives of Windows login failures.

Try for Free Buy Now

Try Tenable.io

FREE FOR 30 DAYS

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Sign up now.

Buy Tenable.io

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.

65 assets

$2,275

Buy Now

Try for Free Buy Now

Try Nessus Professional Free

FREE FOR 7 DAYS

Nessus® is the most comprehensive vulnerability scanner on the market today. Nessus Professional will help automate the vulnerability scanning process, save time in your compliance cycles and allow you to engage your IT team.

Buy Nessus Professional

Nessus® is the most comprehensive vulnerability scanner on the market today. Nessus Professional will help automate the vulnerability scanning process, save time in your compliance cycles and allow you to engage your IT team.

Buy a multi-year license and save. Add Advanced Support for access to phone, email, community and chat support 24 hours a day, 365 days a year. Full details here.

Try for Free Buy Now

Try Tenable.io Web Application Scanning

FREE FOR 30 DAYS

Enjoy full access to our latest web application scanning offering designed for modern applications as part of the Tenable.io platform. Safely scan your entire online portfolio for vulnerabilities with a high degree of accuracy without heavy manual effort or disruption to critical web applications. Sign up now.

Buy Tenable.io Web Application Scanning

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.

5 FQDNs

$3,578

Buy Now

Try for Free Contact Sales

Try Tenable.io Container Security

FREE FOR 30 DAYS

Enjoy full access to the only container security offering integrated into a vulnerability management platform. Monitor container images for vulnerabilities, malware and policy violations. Integrate with continuous integration and continuous deployment (CI/CD) systems to support DevOps practices, strengthen security and support enterprise policy compliance.

Buy Tenable.io Container Security

Tenable.io Container Security seamlessly and securely enables DevOps processes by providing visibility into the security of container images – including vulnerabilities, malware and policy violations – through integration with the build process.

Learn More about Industrial Security

Get a Demo of Tenable.sc

Please fill out the form below with your contact information and a sales representative will contact you shortly to schedule a demo. You may also include a short comment (limited to 255 characters). Please note that fields with asterisks (*) are mandatory.

Try for Free Contact Sales

Try Tenable Lumin

FREE FOR 30 DAYS

Visualize and explore your Cyber Exposure, track risk reduction over time and benchmark against your peers with Tenable Lumin.

Buy Tenable Lumin

Contact a Sales Representative to see how Lumin can help you gain insight across your entire organization and manage cyber risk.