rgula at tenablesecurity
Jan 21, 2009, 11:55 AM
Post #3 of 3
Nessus 3 has a feature where you can specify to not
log into a system with user accounts not specified in
the credentials. This is under the 'Global Variable
Settings' tab. Some Nessus plugins try various combinations
of user/pass as a security audit. With this setting
Ron Gula, CTO
Tenable Network Security
Jones, David H wrote:
> I'm having an issue with Nessus locking out root accounts on AIX servers. My config seems like this shouldn't be happening: Safe Checks are enabled. The following plugin families are disabled: "Default Unix Accounts" - "Gain a shell remotely" - "Gain root remotely".
> I have also taken the "root" username out of the "SSH user name" field in the "Credentials" section.
> According to the server admin that's complaining, these lockouts appear to be coming from SSH connections.
> I have no idea which further plugins to disable, or what config changes to make. Any assistance would be greatly appreciated.
> nessus -v
> nessus (Nessus) 3.2.1 for Linux
> (C) 1998 - 2008 Tenable Network Security, Inc.
> SSL used for client - server communication
> David Jones
> Principal Financial Group
> I/S Information Security
> 711 High Street
> Des Moines, IA 50392-0257
> Email: jones.david.h [at] principal
> Phone: 515.362.2224
> -----Message Disclaimer-----
> This e-mail message is intended only for the use of the individual or
> entity to which it is addressed, and may contain information that is
> privileged, confidential and exempt from disclosure under applicable law.
> If you are not the intended recipient, any dissemination, distribution or
> copying of this communication is strictly prohibited. If you have
> received this communication in error, please notify us immediately by
> reply email to Connect [at] principal and delete or destroy all copies of
> the original message and attachments thereto. Email sent to or from the
> Principal Financial Group or any of its member companies may be retained
> as required by law or regulation.
> Nothing in this message is intended to constitute an Electronic signature
> for purposes of the Uniform Electronic Transactions Act (UETA) or the
> Electronic Signatures in Global and National Commerce Act ("E-Sign")
> unless a specific statement to the contrary is included in this message.
> While this communication may be used to promote or market a transaction
> or an idea that is discussed in the publication, it is intended to provide
> general information about the subject matter covered and is provided with
> the understanding that The Principal is not rendering legal, accounting,
> or tax advice. It is not a marketed opinion and may not be used to avoid
> penalties under the Internal Revenue Code. You should consult with
> appropriate counsel or other advisors on all matters pertaining to legal,
> tax, or accounting obligations and requirements.
> Nessus mailing list
> Nessus [at] list
Nessus mailing list
Nessus [at] list