Configure Tenable Nessus for Lieberman SSH

Tenable Nessus provides an option for Lieberman SSH integration. Complete the following steps to configure Nessus with Lieberman SSH.

To configure Nessus for Lieberman SSH:

  1. Log in to your Tenable user interface.

  2. In the upper-left corner, click the Menu button.

    The left navigation plane appears.

  3. In the left navigation plane, click Scans.

    The Scans page appears.

  4. In the upper-right corner of the page, click the Create a Scan button.

    The Select a Scan Template page appears.

  5. Select a scan template.

    The scan configuration page appears.

  6. In the Name box, type a name for the scan.

  7. In the Targets box, type an IP address, hostname, or range of IP addresses.
  8. (Optional) Add a description, folder location, scanner location, and specify target groups.

  9. Click the Credentials tab.

    The Credentials pane appears.

  10. In the Select a Credential menu, select the Host drop-down.

  11. Select SSH.

    The Settings pane appears.

  12. In the Auth Type drop-down box, click Tenable Nessus for Lieberman RED.

    The Tenable Nessus for Lieberman RED options appear.

  13. Configure each option for the SSH authentication.

    Option Description Required
    Username The target system’s username.

    yes
    Lieberman host

    The Lieberman IP/DNS address.

    Note: If your Lieberman installation is in a subdirectory, you must include the subdirectory path. For example, type IP address or hostname / subdirectory path.

    yes
    Lieberman port The port on which Lieberman listens.

    yes
    Lieberman API URL The URL Tenable Vulnerability ManagementTenable Nessus uses to access Lieberman. no
    Lieberman user The Lieberman explicit user for authenticating to the Lieberman RED API.

    yes
    Lieberman password The password for the Lieberman explicit user.

    yes
    Lieberman Authenticator

    The alias used for the authenticator in Lieberman. The name should match the name used in Lieberman.

    Note: If you use this option, append a domain to the Lieberman user option, i.e., domain\user.

    		 no
    Lieberman Client Certificate

    The file that contains the PEM certificate used to communicate with the Lieberman host.

    Note: If you use this option, you do not have to enter information in the Lieberman user, Lieberman password, and Lieberman Authenticator fields.

    		 no
    Lieberman Client Certificate Private Key The file that contains the PEM private key for the client certificate. no
    Lieberman Client Certificate Private Key Passphrase The passphrase for the private key, if required. no
    Use SSL

    If Lieberman is configured to support SSL through IIS, check for secure communication.

    no
    Verify SSL Certificate

    If Lieberman is configured to support SSL through IIS and you want to validate the certificate, check this option. Refer to Custom CA documentation for how to use self-signed certificates.

    no
    Targets to Prioritize Credentials

    Specify IPs or CIDR blocks on which this credential is attempted before any other credential. To specify multiple IPs or CIDR blocks, use a comma or space-separated list.

    Using this setting can decrease scan times by prioritizing a credential that you know works against your selected targets. For example, if your scan specifies 100 credentials, and the successful credential is the 59th credential out of 100, the first 58 credentials have to fail before the 59th credential succeeds. If you use Targets To Prioritize Credentials, you configure the scan to use the successful credential first, which allows the scan to access the target faster.

    		 no
    System Name In the rare case your organization uses one default Lieberman entry for all managed systems, enter the default entry name.

    no
    Custom password prompt The password prompt used by the target host. Only use this setting when an interactive SSH session fails due to Tenable Vulnerability ManagementTenable Nessus receiving an unrecognized password prompt on the target host's interactive SSH shell.

    no

  14. Do one of the following:

    • If you want to save without launching the scan, click Save.

    • If you want to save and launch the scan immediately, click Save & Launch.

      Note: If you scheduled the scan to run at a later time, the Save & Launch option is not available.

What to do next:

  1. To verify the integration is working, click the Launch button to initiate an on-demand scan.

  2. Once the scan has completed, select the completed scan and look for Plugin ID 97993 and the corresponding message - It was possible to log into the remote host via SSH using 'password' authentication. This validates that authentication was successful.