[Openvas-discuss] local account used for scans

Brian Thompson bthompson at wyetechllc.com
Wed Jul 1 16:55:28 CEST 2015


Is sudo required for the account?  My personal account has the ability to do
sudo commands but the account I created does not. 



> On July 1, 2015 at 10:23 AM Brandon Perry <bperry.volatile at gmail.com> wrote:
> 
>     They are just regular local users added with useradd, no special groups at
> all.
> 
>     On Wed, Jul 1, 2015 at 9:22 AM, Brian Thompson <bthompson at wyetechllc.com
> <mailto:bthompson at wyetechllc.com> > wrote:
> 
>         > > 
> >         No problem.  Hopefully someone else will have other ideas.  For your
> > local accounts, are they members of any special groups (wheel, root, adm,
> > sys, etc)?
> > 
> > 
> >             > > > On July 1, 2015 at 10:17 AM Brandon Perry
> >             > > > <bperry.volatile at gmail.com
> >             > > > <mailto:bperry.volatile at gmail.com> > wrote:
> > > 
> > >             Ah, I misread your original post. Not sure then. :/
> > > 
> > >             On Wed, Jul 1, 2015 at 9:15 AM, Brian Thompson
> > > <bthompson at wyetechllc.com <mailto:bthompson at wyetechllc.com> > wrote:
> > > 
> > >                 > > > > 
> > > >                 I'm not running the scans as root, I created a user
> > > > (openvas) that is a member of root's group.
> > > > 
> > > > 
> > > >                 ssh openvas @ localhost
> > > > 
> > > >                 <banner.......>
> > > > 
> > > >                 openvas @ localhost's password: <password entered>
> > > > 
> > > >                 [openvas @ localhost ~]$ rpm -qa
> > > > 
> > > >                 yum-utils-1.1.30-14.el6.noarch
> > > > 
> > > >                 <100's more rpm's reported>
> > > > 
> > > >                 [openvas @ localhost ~]$
> > > > 
> > > > 
> > > > 
> > > >                     > > > > > On July 1, 2015 at 10:05 AM Brandon Perry
> > > >                     > > > > > <bperry.volatile at gmail.com
> > > >                     > > > > > <mailto:bperry.volatile at gmail.com> >
> > > >                     > > > > > wrote:
> > > > > 
> > > > >                     I actually don't recommend running scans as root
> > > > > if you can get away with it. I use local accounts, can you SSH into
> > > > > the machine yourself? What happens when you run rpm -qa/dpkg -l if you
> > > > > can SSH into the box?
> > > > > 
> > > > >                     On Wed, Jul 1, 2015 at 9:02 AM, Brian Thompson
> > > > > <bthompson at wyetechllc.com <mailto:bthompson at wyetechllc.com> > wrote:
> > > > > 
> > > > >                         > > > > > > 
> > > > > >                         Question about account permissions....
> > > > > > 
> > > > > > 
> > > > > >                         I'd like to use a local account for my scans
> > > > > > instead of my personal LDAP entry but I can't seem to get the scans
> > > > > > to work when I do.  If I use my personal credentials (in LDAP with
> > > > > > Public/Private key authentication) a scan results in about 200
> > > > > > detections.  If I do the same scan but use a local account (useradd
> > > > > > --create-home --uid=432 --gid=432 --groups=root openvas) I get only
> > > > > > 50 detections.  I've confirmed the user/pass I provided for the
> > > > > > credential is correct (I was able to ssh to localhost and log in as
> > > > > > openvas).  So I'm thinking something else is missing?  As you can
> > > > > > see, I've created the account as a member of root's group. 
> > > > > > 
> > > > > > 
> > > > > >                         Are there other groups it needs? 
> > > > > > 
> > > > > > 
> > > > > >                         Is it not "seeing" the user because it's not
> > > > > > in LDAP?  I'd rather not put the account in LDAP, is there a way to
> > > > > > get OpenVAS to recognize a local account?
> > > > > > 
> > > > > > 
> > > > > >                         Brian
> > > > > > 
> > > > > > 
> > > > > > 
> > > > > >                        _______________________________________________
> > > > > >                         Openvas-discuss mailing list
> > > > > >                         Openvas-discuss at wald.intevation.org
> > > > > > <mailto:Openvas-discuss at wald.intevation.org>
> > > > > > 
> > > > > >                        https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss
> > > > > > 
> > > > > >                     > > > > > 
> > > > > 
> > > > > 
> > > > >                     --
> > > > >                     http://volatile-minds.blogspot.com -- blog
> > > > >                     http://www.volatileminds.net -- website
> > > > > 
> > > > >                 > > > > 
> > > > 
> > > >                  
> > > > 
> > > >             > > > 
> > > 
> > > 
> > >             --
> > >             http://volatile-minds.blogspot.com -- blog
> > >             http://www.volatileminds.net -- website
> > > 
> > >         > > 
> > 
> >          
> > 
> >     > 
> 
> 
>     --
>     http://volatile-minds.blogspot.com -- blog
>     http://www.volatileminds.net -- website
> 


 
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.wald.intevation.org/pipermail/openvas-discuss/attachments/20150701/c450d9c1/attachment.html>


More information about the Openvas-discuss mailing list