cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Help
Beaner
Cadet
Cadet
Thursday
  • 108 Views

Looking for assistance with setting up a account for Vulnerability scanning

Looking for assistance with setting up a account for Vulnerability scanning. We're really trying to create an account on red hat. I know in order to get a good scan, you use full access. But, is there a way to setup an account on Red Hat that is the next best thing with out giving full access. Will read access do it? or is that even psssible?

Join the discussion
3 Replies
Travis
Moderator
Moderator
Thursday
  • 81 Views

@Beaner -

I think before anyone can provide assistance, you might need to explain more what you are doing. If you just need an account setup, you can easily add a user and create a service account, however I know several vulnerability scanning applications want a specific account with specific permissions.

Nessus (Tenable) wanted to be able to perform "authorized" scanning in which it would login to a system with username/password type authentication where it was an "authorized" user performing scans from the inside. This is one type of scanning. Another type is the unauthenticated user in which you are scanning the system like an "outsider". Both types can expose various levels of vulnerability.

In terms of "root" or full admin access, you could go with a regular user account and maybe provide "sudo" to a handful of commands the scanning user would need. Again, this would be very dependent on the scanning application and what you are attempting to accomplish and what requirements it has.

Travis Michette, RHCA XIII
https://rhtapps.redhat.com/verify?certId=111-134-086
SENIOR TECHNICAL INSTRUCTOR / CERTIFIED INSTRUCTOR AND EXAMINER
Red Hat Certification + Training
Beaner
Cadet
Cadet
Thursday
  • 69 Views

We are using tenable Security Centre and we want to do an authenicated scan. So we have an account setup on red hat server with sudo access. It was a while since Red Hat sudo account was setup( I'm not the adminisrtator for Red Hat). So, I would rather remove that one and start all over again because i'm not sure what commands where done. Like start off fresh. 

Trying to get some advice, on the "right" way to setup an account that will give us a good vulnerability scan. 

We have a number of Red hat servers, and we would like to setup up the tenable credentials that could possible scan all the Red Hat Servers( not sure if that is possible or not).

0 Kudos
Chetan_Tiwary_
Community Manager
Community Manager
Thursday
  • 69 Views

@Beaner The following roles enable standard or enhanced access to vulnerability service features in Insights for RHEL :

Vulnerability viewer :- Read any vulnerability-service resource.
Vulnerability administrator :-  Perform any available operation against any vulnerability-service resource.

If you are using a third party tool like Rapid7, ensure sudo access with minimum privileges - you just need RO access to system data like rpm ,yum updateinfo, subscription manager etc.

But there could be issues related to backporting with minimal access. 

 

https://www.redhat.com/en/blog/a-quickstart-guide-on-vulnerability-scanners-how-they-work-and-why-th... 

https://docs.redhat.com/en/documentation/red_hat_enterprise_linux/7/html/security_guide/vulnerabilit... 

0 Kudos
Join the discussion
You must log in to join this conversation.
Red Hat Learning Community

Red Hat

Learning Community

A collaborative learning environment, enabling open source skill development.

Red Hat Inc. Copyright ?2025 Red Hat, Inc. Privacy policy Terms of use