Login | Register For Free | Help
Search for: (Advanced)

Mailing List Archive: Nessus: users

AIX root lockouts

 

 

Nessus users RSS feed   Index | Next | Previous | View Threaded


Jones.David.H at principal

Jan 21, 2009, 9:27 AM

Post #1 of 3 (2485 views)
Permalink
AIX root lockouts

I'm having an issue with Nessus locking out root accounts on AIX servers. My config seems like this shouldn't be happening: Safe Checks are enabled. The following plugin families are disabled: "Default Unix Accounts" - "Gain a shell remotely" - "Gain root remotely".

I have also taken the "root" username out of the "SSH user name" field in the "Credentials" section.

According to the server admin that's complaining, these lockouts appear to be coming from SSH connections.

I have no idea which further plugins to disable, or what config changes to make. Any assistance would be greatly appreciated.

FYI:
nessus -v
nessus (Nessus) 3.2.1 for Linux

(C) 1998 - 2008 Tenable Network Security, Inc.
SSL used for client - server communication


Thanks!

David Jones
Principal Financial Group
I/S Information Security
711 High Street
Des Moines, IA 50392-0257

Email: jones.david.h [at] principal
Phone: 515.362.2224



-----Message Disclaimer-----

This e-mail message is intended only for the use of the individual or
entity to which it is addressed, and may contain information that is
privileged, confidential and exempt from disclosure under applicable law.
If you are not the intended recipient, any dissemination, distribution or
copying of this communication is strictly prohibited. If you have
received this communication in error, please notify us immediately by
reply email to Connect [at] principal and delete or destroy all copies of
the original message and attachments thereto. Email sent to or from the
Principal Financial Group or any of its member companies may be retained
as required by law or regulation.

Nothing in this message is intended to constitute an Electronic signature
for purposes of the Uniform Electronic Transactions Act (UETA) or the
Electronic Signatures in Global and National Commerce Act ("E-Sign")
unless a specific statement to the contrary is included in this message.

While this communication may be used to promote or market a transaction
or an idea that is discussed in the publication, it is intended to provide
general information about the subject matter covered and is provided with
the understanding that The Principal is not rendering legal, accounting,
or tax advice. It is not a marketed opinion and may not be used to avoid
penalties under the Internal Revenue Code. You should consult with
appropriate counsel or other advisors on all matters pertaining to legal,
tax, or accounting obligations and requirements.

_______________________________________________
Nessus mailing list
Nessus [at] list
http://mail.nessus.org/mailman/listinfo/nessus


mikhail at nessus

Jan 21, 2009, 11:19 AM

Post #2 of 3 (2308 views)
Permalink
Re: AIX root lockouts [In reply to]

On Wednesday 21 January 2009 18:27:17 Jones, David H wrote:
> I'm having an issue with Nessus locking out root accounts on AIX servers.

IMHO, the configuration of these servers is broken. Autolock on root is a
vulnerability in itself, as it exposes you to a very simple denial of
service.

> My config seems like this shouldn't be happening: Safe Checks are enabled.
> The following plugin families are disabled: "Default Unix Accounts" -
> "Gain a shell remotely" - "Gain root remotely".

Did you enable Hydra or Medusa tests?
_______________________________________________
Nessus mailing list
Nessus [at] list
http://mail.nessus.org/mailman/listinfo/nessus


rgula at tenablesecurity

Jan 21, 2009, 11:55 AM

Post #3 of 3 (2310 views)
Permalink
Re: AIX root lockouts [In reply to]

Hi David,

Nessus 3 has a feature where you can specify to not
log into a system with user accounts not specified in
the credentials. This is under the 'Global Variable
Settings' tab. Some Nessus plugins try various combinations
of user/pass as a security audit. With this setting

Ron Gula, CTO
Tenable Network Security

Jones, David H wrote:
> I'm having an issue with Nessus locking out root accounts on AIX servers. My config seems like this shouldn't be happening: Safe Checks are enabled. The following plugin families are disabled: "Default Unix Accounts" - "Gain a shell remotely" - "Gain root remotely".
>
> I have also taken the "root" username out of the "SSH user name" field in the "Credentials" section.
>
> According to the server admin that's complaining, these lockouts appear to be coming from SSH connections.
>
> I have no idea which further plugins to disable, or what config changes to make. Any assistance would be greatly appreciated.
>
> FYI:
> nessus -v
> nessus (Nessus) 3.2.1 for Linux
>
> (C) 1998 - 2008 Tenable Network Security, Inc.
> SSL used for client - server communication
>
>
> Thanks!
>
> David Jones
> Principal Financial Group
> I/S Information Security
> 711 High Street
> Des Moines, IA 50392-0257
>
> Email: jones.david.h [at] principal
> Phone: 515.362.2224
>
>
>
> -----Message Disclaimer-----
>
> This e-mail message is intended only for the use of the individual or
> entity to which it is addressed, and may contain information that is
> privileged, confidential and exempt from disclosure under applicable law.
> If you are not the intended recipient, any dissemination, distribution or
> copying of this communication is strictly prohibited. If you have
> received this communication in error, please notify us immediately by
> reply email to Connect [at] principal and delete or destroy all copies of
> the original message and attachments thereto. Email sent to or from the
> Principal Financial Group or any of its member companies may be retained
> as required by law or regulation.
>
> Nothing in this message is intended to constitute an Electronic signature
> for purposes of the Uniform Electronic Transactions Act (UETA) or the
> Electronic Signatures in Global and National Commerce Act ("E-Sign")
> unless a specific statement to the contrary is included in this message.
>
> While this communication may be used to promote or market a transaction
> or an idea that is discussed in the publication, it is intended to provide
> general information about the subject matter covered and is provided with
> the understanding that The Principal is not rendering legal, accounting,
> or tax advice. It is not a marketed opinion and may not be used to avoid
> penalties under the Internal Revenue Code. You should consult with
> appropriate counsel or other advisors on all matters pertaining to legal,
> tax, or accounting obligations and requirements.
>
> _______________________________________________
> Nessus mailing list
> Nessus [at] list
> http://mail.nessus.org/mailman/listinfo/nessus
>

_______________________________________________
Nessus mailing list
Nessus [at] list
http://mail.nessus.org/mailman/listinfo/nessus

Nessus users RSS feed   Index | Next | Previous | View Threaded
 
 


Interested in having your list archived? Contact Gossamer Threads
 
  Web Applications & Managed Hosting Powered by Gossamer Threads Inc.