Installation guide
56
File
An interface that allows you to browse your local system or file shares for the audit file
Once an audit file has been uploaded, it can be referenced from within scan policies for enhanced security policy auditing.
For more information about SecurityCenter compliance auditing and audit files, refer to the Nessus Compliance Checks
document located at https://support.tenable.com.
Credentials
Credentials are reusable objects that facilitate scan target login. Credentials created by the admin user are available to all
Organizations, while those created by Organizational users are only available to the applicable Organization. Various
types of credentials can be configured for use in scan policies. Credentials can be shared between users for scanning
purposes and allow the user to scan a remote host without actually knowing the login credentials of the host. Available
credential types include:
Windows – Nessus has vulnerability checks that can use a Microsoft Windows domain account to find local
information from a remote Windows host. For example, using credentials enables Nessus to determine if
important security patches have been applied. To use this feature, enter the Username, Password, and Domain in
the text boxes.
Using a non-administrator account will greatly affect the quality of the scan results. Often it makes sense to
create a special Nessus user with administrative privileges that is used solely for scheduled scanning.
SSH (password with optional privilege escalation and key-based) – SSH credentials are used to obtain local
information from remote Linux, Unix, and Cisco IOS systems for patch auditing or compliance checks. There is a
field for entering the SSH username for the account that will perform the checks on the target system, along with
either the SSH password or the SSH public key and private key pair. There is also a field for entering the
passphrase for the SSH key, if it is required. In case of invalid or expired SSH keys use the “Clear” button to
remove the current SSH keys.
The most effective credentialed scans are those with “root” privileges (“enable” privileges for Cisco IOS). Since
many sites do not permit a remote login as “root”, a Nessus user account can invoke a variety of privilege
escalation options including: “su”, “sudo”, “su+sudo”, “DirectAuthorize (dzdo)”, “PowerBroker (pbrun)”, and “Cisco
Enable”.
PowerBroker (pbrun), from BeyondTrust and DirectAuthorize (dzdo), from Centrify, are proprietary root task
delegation methods for Unix and Linux systems.
Scans run using “su+sudo” allow the user to scan with a non-privileged account and then switch to a user with
“sudo” privileges on the remote host. This is important for locations where remote privileged login is prohibited.
Scans run using “sudo” vs. the root user do not always return the same results because of the different
environmental variables applied to the “sudo” user and other subtle differences. Please refer to the “sudo” man
pages or the following web page for more information:
http://www.gratisoft.us/sudo/man/sudo.html#Security%20Notes
To direct the Nessus scanner to use privilege escalation, click the drop-down menu labeled “Privilege Escalation”
and select the appropriate option for your target system. Enter the escalation information in the provided box.