TOC & Recently Viewed

Recently Viewed Topics

Privilege Escalation

You can configure privilege escalation for a credentialed scan if the scan uses the following authentication methods:

Authentication Methods that Support Escalation Supported Escalation Methods

certificate
CyberArk
Kerberos
password
public key
Thycotic Secret Server

.k5login
Cisco 'enable'
dzdo
pbrun
su
su+sudo
sudo

The tables below describe the additional credential options you must configure for privilege escalation.

Note: BeyondTrust's PowerBroker (pbrun) and Centrify's DirectAuthorize (dzdo) are proprietary root task delegation methods for Unix and Linux systems.

Tip: Scans run using su+sudo allow the user to scan with a non-privileged account and then switch to a user with sudo privileges on the remote host. This is important for locations where remote privileged login is prohibited.

Note: Scans run using sudo vs. the root user do not always return the same results because of the different environmental variables applied to the sudo user and other subtle differences. For more information, see: https://www.sudo.ws/man/sudo.man.html.

Copyright © 2019 Tenable, Inc. All rights reserved. Tenable, Tenable.io, Tenable Network Security, Nessus, SecurityCenter, SecurityCenter Continuous View and Log Correlation Engine are registered trademarks of Tenable, Inc.. Tenable.sc, Lumin, Assure, and the Cyber Exposure Company are trademarks of Tenable, Inc. All other products or services are trademarks of their respective owners.