What are the privileges required to scan UNIX targets from Symantec Control Compliance Suite Vulnerability Manager (CCS VM) ?
This article should be referred while granting privileges to the sudo user account on the target Linux machines for Symantec CCS VM to successfully perform authenticated scanning for vulnerability analysis.
For scanning Linux systems, root access is required for certain checks but not for most others. If you plan to scan with a non-root user, you need to make sure the account has specified permissions, and be aware that the non-root user will not find certain checks. The following section contains guidelines for what to configure and what can only be found with root access. Due to the complexity of the checks and the fact that they are updated frequently, it is not guaranteed to be comprehensive.
NOTE: The application expects that the commands are part of the PATH variable and there are no non-standard PATH collisions.
Nexpose will attempt to scan certain files, and will be able to perform the corresponding checks if the user account has the appropriate access to those files. The following is a list of files that the account needs to be able to access:
Root Access Needed
/root /home -type f -name .netrc -xdev
'/', '/dev', '/sys', and '/proc' "/home" "/var" "/etc"
For certain checks, root access is required. If you choose to scan with a non-root user, be aware that these vulnerabilities will not be found, even if they exist on your system. The following is a list of checks that require root access:
Note: You can search for the Vulnerability ID in the Security Console to find the description and other details.
Solaris Serial Login Prompts
Solaris Loose Destination Multihoming
Solaris Forward Source Routing Enabled
Solaris Echo Multicast Reply Enabled
Solaris ICMP Redirect Errors Accepted
Solaris Reverse Source Routing Enabled
Solaris Forward Directed Broadcasts Enabled
Solaris Timestamp Broadcast Reply Enabled
Solaris Echo Broadcast Reply Enabled
Solaris Empty Passwords
OpenSSH config allows SSHv1 protocol
.rhosts files exist
Root's umask value is unsafe
.netrc files exist
Temporary File Symlink Attack
Partition Mounting Weakness
Target UNIX machines
Imported Document ID: TECH225533
Subscribing will provide email updates when this Article is updated. Login is required.