HPE Community
Operating System - HP-UX
1820879 Members
3664 Online
109628 Solutions
New Discussion юеВ

Re: Nessus Security Scan disabling root on trusted system

 
SOLVED
Go to solution
Janet L White
Occasional Advisor

тАО01-12-2005 09:55 AM

тАО01-12-2005 09:55 AM

Nessus Security Scan disabling root on trusted system

Hello,

We have just recently converted to trusted systems on 11.0 and 11i HPUX servers. We have included root to be disabled after 3 failed log in attempts. My problem is our Security Team uses Nessus, and during the scans it attempts to access root(ssh/rexec etc)at least 3 times, and the account is disabled.

Our Security Staff believes this leaves us vulnerable... I do not have access to Nessus as it is run and supported by their group. Clearly there must be a way to modify Nessus so that it can still scan but not disable root, How do you keep the systems trusted and still utilize Nessus? Thank you for your time.
0 Kudos
Reply
9 REPLIES 9
Sanjay_6
Honored Contributor

тАО01-12-2005 10:06 AM

тАО01-12-2005 10:06 AM

Re: Nessus Security Scan disabling root on trusted system

Hi Janet,

Even if the root accounts get disabled, you can still login using the root account on the console.

Hope this helps.

Regds
0 Kudos
Reply
A. Clay Stephenson
Acclaimed Contributor

тАО01-12-2005 10:11 AM

тАО01-12-2005 10:11 AM

Re: Nessus Security Scan disabling root on trusted system

Bear in mind that it's not just the security scan but any failed login by root by any user would have the same effect. You can leave the global limit at 3 but customize u_maxtries for root. You can do this with SAM or edit /tcb/files/auth/r/root and add a u_maxtries#10 (for 10 attempts).

If you choose to directly edit the tcb files make sure that you are logged in as root in at least two session so that you can get yourself out of trouble as fast as you got yourself in.
If it ain't broke, I can fix that.
Reply
Sanjay_6
Honored Contributor

тАО01-12-2005 10:12 AM

тАО01-12-2005 10:12 AM

Re: Nessus Security Scan disabling root on trusted system

Hi,

Once you are logged into the console user "modprpw -k root" to reactivate the root account.

Hope this helps.

regds
0 Kudos
Reply
Janet L White
Occasional Advisor

тАО01-12-2005 10:30 AM

тАО01-12-2005 10:30 AM

Re: Nessus Security Scan disabling root on trusted system

I have no problems with re-activating, I just thought there might be a way to modify nessus, so it did not try to login as root during the scan. If modifying to the 10 attempts is what the majority of you guys do then I will go that route. Thank you for the responses.

Janet
0 Kudos
Reply
Mic V.
Esteemed Contributor

тАО01-12-2005 02:01 PM

тАО01-12-2005 02:01 PM

Solution

Re: Nessus Security Scan disabling root on trusted system

You may be able to configure nessus so that it doesn't perform those particular (login-type) scans at all -- as was said earlier, since the nessus login attempt is just *a* login attempt, the HP system responds appropriately -- while continuing to perform non-login-related scans.

Whether you change nessus or change the number of failed attemps that HP-UX allows root, you're vulnerable to a denial-of-service attack.

One question, I don't know the answer off the top of my head and don't have a test environment -- if you set sshd to disallow root logins, does the daemon head off the attempt without the operating system flagging it as a failed attempt?
What kind of a name is 'Wolverine'?
Reply
Janet L White
Occasional Advisor

тАО01-12-2005 11:27 PM

тАО01-12-2005 11:27 PM

Re: Nessus Security Scan disabling root on trusted system

I'll check the ssh out and let you know. Thank you.
0 Kudos
Reply
Janet L White
Occasional Advisor

тАО01-13-2005 12:36 AM

тАО01-13-2005 12:36 AM

Re: Nessus Security Scan disabling root on trusted system

Disallowing Root Login in sshd_conf file, did refuse the root login but did not deactivate root. Thank you. Now to find a way to change all our scripts that ssh as root to other internal servers, and still get the job done. Maybe it is time to use inetd.sec for allowable networks. Thank you all for your assistance.

Janet
0 Kudos
Reply
Florian Heigl (new acc)
Honored Contributor

тАО01-13-2005 07:09 AM

тАО01-13-2005 07:09 AM

Re: Nessus Security Scan disabling root on trusted system

On the nessus part, there is an option to avoid 'dangerous' scans, but I think that was more about things that might crash a system...

but in any way the ssh check could be taken out of the test run, OTOH raising the bad login limit a bit should be ok.
yesterday I stood at the edge. Today I'm one step ahead.
0 Kudos
Reply
Steven E. Protter
Exalted Contributor

тАО01-13-2005 07:44 AM

тАО01-13-2005 07:44 AM

Re: Nessus Security Scan disabling root on trusted system

This is goodness.

Did you use the gui or a script to do the nessus scan? If scripted, please share.

You made sure with testing that your root login will lock after three invalid attempts. Knowing this vastly limits the number of possibilities any hacker, internal or external has to make trouble.

A console login automatically re-enables the root login.

SEP
Steven E Protter
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.