[Openvas-discuss] local account used for scans

Brian Thompson bthompson at wyetechllc.com
Wed Jul 1 16:22:03 CEST 2015


No problem.  Hopefully someone else will have other ideas.  For your local
accounts, are they members of any special groups (wheel, root, adm, sys, etc)?


> On July 1, 2015 at 10:17 AM Brandon Perry <bperry.volatile at gmail.com> wrote:
> 
>     Ah, I misread your original post. Not sure then. :/
> 
>     On Wed, Jul 1, 2015 at 9:15 AM, Brian Thompson <bthompson at wyetechllc.com
> <mailto:bthompson at wyetechllc.com> > wrote:
> 
>         > > 
> >         I'm not running the scans as root, I created a user (openvas) that
> > is a member of root's group.
> > 
> > 
> >         ssh openvas @ localhost
> > 
> >         <banner.......>
> > 
> >         openvas @ localhost's password: <password entered>
> > 
> >         [openvas @ localhost ~]$ rpm -qa
> > 
> >         yum-utils-1.1.30-14.el6.noarch
> > 
> >         <100's more rpm's reported>
> > 
> >         [openvas @ localhost ~]$
> > 
> > 
> > 
> >             > > > On July 1, 2015 at 10:05 AM Brandon Perry
> >             > > > <bperry.volatile at gmail.com
> >             > > > <mailto:bperry.volatile at gmail.com> > wrote:
> > > 
> > >             I actually don't recommend running scans as root if you can
> > > get away with it. I use local accounts, can you SSH into the machine
> > > yourself? What happens when you run rpm -qa/dpkg -l if you can SSH into
> > > the box?
> > > 
> > >             On Wed, Jul 1, 2015 at 9:02 AM, Brian Thompson
> > > <bthompson at wyetechllc.com <mailto:bthompson at wyetechllc.com> > wrote:
> > > 
> > >                 > > > > 
> > > >                 Question about account permissions....
> > > > 
> > > > 
> > > >                 I'd like to use a local account for my scans instead of
> > > > my personal LDAP entry but I can't seem to get the scans to work when I
> > > > do.  If I use my personal credentials (in LDAP with Public/Private key
> > > > authentication) a scan results in about 200 detections.  If I do the
> > > > same scan but use a local account (useradd --create-home --uid=432
> > > > --gid=432 --groups=root openvas) I get only 50 detections.  I've
> > > > confirmed the user/pass I provided for the credential is correct (I was
> > > > able to ssh to localhost and log in as openvas).  So I'm thinking
> > > > something else is missing?  As you can see, I've created the account as
> > > > a member of root's group. 
> > > > 
> > > > 
> > > >                 Are there other groups it needs? 
> > > > 
> > > > 
> > > >                 Is it not "seeing" the user because it's not in LDAP?
> > > >  I'd rather not put the account in LDAP, is there a way to get OpenVAS
> > > > to recognize a local account?
> > > > 
> > > > 
> > > >                 Brian
> > > > 
> > > > 
> > > >                 _______________________________________________
> > > >                 Openvas-discuss mailing list
> > > >                 Openvas-discuss at wald.intevation.org
> > > > <mailto:Openvas-discuss at wald.intevation.org>
> > > > 
> > > >                https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss
> > > > 
> > > >             > > > 
> > > 
> > > 
> > >             --
> > >             http://volatile-minds.blogspot.com -- blog
> > >             http://www.volatileminds.net -- website
> > > 
> > >         > > 
> > 
> >          
> > 
> >     > 
> 
> 
>     --
>     http://volatile-minds.blogspot.com -- blog
>     http://www.volatileminds.net -- website
> 


 
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.wald.intevation.org/pipermail/openvas-discuss/attachments/20150701/361b8099/attachment.html>


More information about the Openvas-discuss mailing list