Configuring Least Privilege SSH scans with Nessus

Credentialed scans have long been advocated as the quickest and most accurate way to perform a vulnerability assessment against any network. But like with all things technology, it runs into two usual roadblocks: people and processes. When the topic of credentialed network scans is discussed it inevitably leads to questions such as, who is requesting access and why? What level of privileges is needed and why? Which commands will be run and why? All legitimate questions which should be rightly asked before granting access to any system. But the back-and-forth between different teams typically leads to a long, drawn-out process eventually resulting in either the requestor being denied access or getting access to a limited account which may lead to incomplete scan results. To help solve this problem, our customers have asked us to provide transparency around which commands are run by a Nessus® scan, what privileges are required to run the commands and if the commands failed, which Nessus plugins would fail as a result. An additional requirement was to provide this information in an easy-to-consume output format so that they can configure a scan account while having the least privileges and still be able to perform a...
Read more