Hi David,
Nessus 3 has a feature where you can specify to not
log into a system with user accounts not specified in
the credentials. This is under the 'Global Variable
Settings' tab. Some Nessus plugins try various combinations
of user/pass as a security audit. With this setting
Ron Gula, CTO
Tenable Network Security
Jones, David H wrote:
> I'm having an issue with Nessus locking out root accounts on AIX servers. My
> config seems like this shouldn't be happening: Safe Checks are enabled. The
> following plugin families are disabled: "Default Unix Accounts" - "Gain a
> shell remotely" - "Gain root remotely".
>
> I have also taken the "root" username out of the "SSH user name" field in the
> "Credentials" section.
>
> According to the server admin that's complaining, these lockouts appear to be
> coming from SSH connections.
>
> I have no idea which further plugins to disable, or what config changes to
> make. Any assistance would be greatly appreciated.
>
> FYI:
> nessus -v
> nessus (Nessus) 3.2.1 for Linux
>
> (C) 1998 - 2008 Tenable Network Security, Inc.
> SSL used for client - server communication
>
>
> Thanks!
>
> David Jones
> Principal Financial Group
> I/S Information Security
> 711 High Street
> Des Moines, IA 50392-0257
>
> Email: jones.davi...@principal.com
> Phone: 515.362.2224
>
>
>
> -----Message Disclaimer-----
>
> This e-mail message is intended only for the use of the individual or
> entity to which it is addressed, and may contain information that is
> privileged, confidential and exempt from disclosure under applicable law.
> If you are not the intended recipient, any dissemination, distribution or
> copying of this communication is strictly prohibited. If you have
> received this communication in error, please notify us immediately by
> reply email to conn...@principal.com and delete or destroy all copies of
> the original message and attachments thereto. Email sent to or from the
> Principal Financial Group or any of its member companies may be retained
> as required by law or regulation.
>
> Nothing in this message is intended to constitute an Electronic signature
> for purposes of the Uniform Electronic Transactions Act (UETA) or the
> Electronic Signatures in Global and National Commerce Act ("E-Sign")
> unless a specific statement to the contrary is included in this message.
>
> While this communication may be used to promote or market a transaction
> or an idea that is discussed in the publication, it is intended to provide
> general information about the subject matter covered and is provided with
> the understanding that The Principal is not rendering legal, accounting,
> or tax advice. It is not a marketed opinion and may not be used to avoid
> penalties under the Internal Revenue Code. You should consult with
> appropriate counsel or other advisors on all matters pertaining to legal,
> tax, or accounting obligations and requirements.
>
> _______________________________________________
> Nessus mailing list
> Nessus@list.nessus.org
> http://mail.nessus.org/mailman/listinfo/nessus
>
_______________________________________________
Nessus mailing list
Nessus@list.nessus.org
http://mail.nessus.org/mailman/listinfo/nessus
