Credentialed Foundstone scan against RHEL5.5 won't connect.
Linux - SecurityThis forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
Credentialed Foundstone scan against RHEL5.5 won't connect.
Our org uses Foundstone. I gave them a wheel user and verified connectivity with putty from their server to my RH box. Foundstone never makes it in and I don't see anything from faillog, sshd logs, etc. Anyone ever deal with this?
Thanks,
Steve
Our org uses Foundstone. I gave them a wheel user and verified connectivity with putty from their server to my RH box. Foundstone never makes it in and I don't see anything from faillog, sshd logs, etc. Anyone ever deal with this?
Thanks,
Steve
Based on what you posted, it looks like a problem in Foundstone. Since you've checked the logs, and don't see anything failing, and you've already verified connectivity from server to server, the only piece left is Foundstone.
You can try to give them another (temporary) user ID to see if you can see anything. Check the logs for SUCCESSFUL logins from that user ID too, since Foundstone may be logging in correctly, then not actually doing anything.
Make sure that you are using the "bash" or "ksh" shells in the account that is being used to scan. Also, we use sshv2 certificates to credential scan and it works well.
In Foundstone, make sure and select " trust unknown remote-shell targets" when you enter credentials into the Foundstone Scanning Tool.
Great Ideas! For the first suggestion, is there a setting in foundstone for the shell or should I make sure the red hat account uses bash or ksh? I never verified what is was set up with. I will also try the trust unk...I am forwarding this info to our it security. They normally run the scans but don't have access to our systems(we enter the credentials for them).
Thanks!
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
Credentialed Foundstone scan against RHEL5.5 won't connect.
