I'm not running the scans as root, I created a user (openvas) that is a member of root's group.
ssh openvas @ localhost
<banner.......>
openvas @ localhost's password: <password entered>
[openvas @ localhost ~]$ rpm -qa
yum-utils-1.1.30-14.el6.noarch
<100's more rpm's reported>
[openvas @ localhost ~]$
On July 1, 2015 at 10:05 AM Brandon Perry <[email protected]> wrote:I actually don't recommend running scans as root if you can get away with it. I use local accounts, can you SSH into the machine yourself? What happens when you run rpm -qa/dpkg -l if you can SSH into the box?On Wed, Jul 1, 2015 at 9:02 AM, Brian Thompson <[email protected]> wrote:Question about account permissions....
I'd like to use a local account for my scans instead of my personal LDAP entry but I can't seem to get the scans to work when I do. If I use my personal credentials (in LDAP with Public/Private key authentication) a scan results in about 200 detections. If I do the same scan but use a local account (useradd --create-home --uid=432 --gid=432 --groups=root openvas) I get only 50 detections. I've confirmed the user/pass I provided for the credential is correct (I was able to ssh to localhost and log in as openvas). So I'm thinking something else is missing? As you can see, I've created the account as a member of root's group.
Are there other groups it needs?
Is it not "seeing" the user because it's not in LDAP? I'd rather not put the account in LDAP, is there a way to get OpenVAS to recognize a local account?
Brian
_______________________________________________
Openvas-discuss mailing list
[email protected]
https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss--
_______________________________________________ Openvas-discuss mailing list [email protected] https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss
