some places have a user in the domain administrator group that the nessus scans use. some places have an administrator from the controlling group put the password into nessus when these scans are run. some do allow the security group to have root perms.
if this is a major concern for you, you can take the output of the sudo logs that you have there and construct a fairly restricted set of sudo commands and pop them into a sudo alias in the sudoers file. This is detailed in man sudoers or in http://www.courtesan.com/sudo/man/sudoers.html . I don't doubt that this would be a fairly tedious process :) On Thu, Oct 2, 2008 at 8:09 PM, Jason Haar <[EMAIL PROTECTED]> wrote: > Hi there > > I was hoping to be able to use the sudo support to "ease the way" for me > getting access to certain sensitive Unix application servers we have. I > was hoping to be able to convince the App owners that they could use > sudo to limit what the scanner could do down to just the pieces they > were comfortable with. > > However, I can see that nessus just assumes sudo is set to allow the > nessus account to run any command as root - not specific ones! > > e.g. > > sudo: tibs : TTY=pts/22 ; PWD=/home/nessus ; USER=root ; > COMMAND=/bin/sh -c echo nessus_su_${nb:-319115419} ; LC_ALL=C rpm -q -f > '/usr/sbin/sshd' || echo FileIsNotPackaged; echo nessus_su_${ne:-839977099} > > Blarg. Basically that means sudo has to allow nessus to run /bin/sh as > root - sorta open don't you think? > > How are others managing to cross the "group boundaries" when it comes to > audits? I can't believe that everyone just gives "the security group" > 100% admin access to everything? > > -- > Cheers > > Jason Haar > Information Security Manager, Trimble Navigation Ltd. > Phone: +64 3 9635 377 Fax: +64 3 9635 417 > PGP Fingerprint: 7A2E 0407 C9A6 CAF6 2B9F 8422 C063 5EBB FE1D 66D1 > > _______________________________________________ > Nessus mailing list > [email protected] > http://mail.nessus.org/mailman/listinfo/nessus > -- Doug Nordwall Unix, Network, and Security Administrator You mean the vision is subject to low subscription rates?!!? - Scott Stone, on MMORPGs
_______________________________________________ Nessus mailing list [email protected] http://mail.nessus.org/mailman/listinfo/nessus
