SSH Integration with Privilege Escalation option

Tenable provides full SSH support for WALLIX Bastion, including optional Privilege Access Management (PAM). Complete the following steps to configure SSH credentials for scans with WALLIX Bastion.

For more information on Tenable scans, see the Nessus User Guide, the Tenable Vulnerability Management User Guide, or the Tenable Security Center User Guide.

  1. Log in to your Tenable user interface.

  2. In the upper-left corner, click the Menu button.

    The left navigation plane appears.

  3. In the left navigation plane, click Scans.

    The Scans page appears.

  4. In the upper-right corner of the page, click the Create a Scan button.

    The Select a Scan Template page appears.

  5. Select a scan template.

    The scan configuration page appears.

  6. In the Name box, type a name for the scan.

  7. In the Targets box, type an IP address, hostname, or range of IP addresses.
  8. (Optional) Add a description, folder location, scanner location, and specify target groups.

  9. Click the Credentials tab.

    The Credentials pane appears.

  10. In the Select a Credential menu, select the Host drop-down.

  11. Select SSH.

    The Settings pane appears.

  12. In the Auth Type drop-down box, click WALLIX Bastion.

    The WALLIX Bastion options appear.

  13. Configure each option for the SSH authentication.

    Option Description Required

    Wallix Host

    The IP address for the WALLIX Bastion host.

    yes

    Wallix Port

    The port on which the WALLIX Bastion API communicates. By default, Tenable uses 443.

    yes

    Authentication Type

    Basic authentication (with WALLIX Bastion user interface username and Password requirements) or API Key authentication (with username and WALLIX Bastion-generated API key requirements).

    yes
    Wallix User

    Your WALLIX Bastion user interface login username.

    		 yes
    Wallix Password Your WALLIX Bastion user interface login password. Used for Basic authentication to the API. yes
    Wallix API Key The API Key generated in the WALLIX Bastion user interface. Used for API Key authentication to the API. yes
    Get Credential by Device Account Name

    The account name associated with a Device you want to log in to the target systems with.

    Note: If your device has more than one account, you must enter the specific device name for the account you want to retrieve credentials for. Failure to do this may result in credentials for the wrong account returned by the system.

    Required only if you have a target and/or device with multiple accounts.

    Elevate privileges with

    This enables WALLIX Bastion Privileged Access Management (PAM). Use the drop-down menu to select the privilege elevation method. To bypass this function, leave this field set to Nothing.

    Caution: In your WALLIX Bastion account, the WALLIX Bastion super admin must have enabled "credential recovery" on your account for PAM to be enabled. Otherwise, your scan may not return any results. For more information, see your WALLIX Bastion documentation.

    Note: Multiple options for privilege escalation are supported, including su, su+sudo and sudo. For example, if you select sudo, more fields for sudo user, Escalation Account Name, and Location of su and sudo (directory) are provided and can be completed to support authentication and privilege escalation through WALLIX Bastion PAM. The Escalation Account Name field is then required to complete your privilege escalation.

    Note: For more information about supported privilege escalation types and their accompanying fields, see the Tenable Nessus User Guide, Tenable Vulnerability Management User Guide, or the Tenable Security Center User Guide.

    Required if you wish to escalate privileges.

    HTTPS

    This is enabled by default.

    Caution: The integration fails if you disable HTTPS.

    yes

    Verify SSL Certificate

    This is disabled by default and unsupported in WALLIX Bastion PAM integrations.

    no
    Targets to Prioritize Credentials

    Specify IPs or CIDR blocks on which this credential is attempted before any other credential. To specify multiple IPs or CIDR blocks, use a comma or space-separated list.

    Using this setting can decrease scan times by prioritizing a credential that you know works against your selected targets. For example, if your scan specifies 100 credentials, and the successful credential is the 59th credential out of 100, the first 58 credentials have to fail before the 59th credential succeeds. If you use Targets To Prioritize Credentials, you configure the scan to use the successful credential first, which allows the scan to access the target faster.

    		 no

  14. Do one of the following:

    • If you want to save without launching the scan, click Save.

    • If you want to save and launch the scan immediately, click Save & Launch.

      Note: If you scheduled the scan to run at a later time, the Save & Launch option is not available.

  1. Log in to Tenable Security Center.

  2. Click Scanning > Credentials (administrator users) or Scans > Credentials (organizational users).

    The Credentials page appears.

  3. Click Add.

    The Credential Templates page appears.

  4. In the Miscellaneous, API Gateway, Database, SNMP, SSH, or Windows, or Web Authentication sections, click the tile for the specific method you want to configure.

    The Add Credentials configuration page appears.

  5. In the Name box, type a name for the credentials.
  6. In the Description box, type a description for the credentials.
  7. (Optional) Type or select a Tag. For more information, see Tags in the Tenable Security Center User Guide.

  8. Configure each option for the SSH authentication.

    Option Description Required

    Wallix Host

    The IP address for the WALLIX Bastion host.

    yes

    Wallix Port

    The port on which the WALLIX Bastion API communicates. By default, Tenable uses 443.

    yes

    Authentication Type

    Basic authentication (with WALLIX Bastion user interface username and Password requirements) or API Key authentication (with username and WALLIX Bastion-generated API key requirements).

    yes
    Wallix User

    Your WALLIX Bastion user interface login username.

    		 yes
    Wallix Password Your WALLIX Bastion user interface login password. Used for Basic authentication to the API. yes
    Wallix API Key The API Key generated in the WALLIX Bastion user interface. Used for API Key authentication to the API. yes
    Get Credential by Device Account Name

    The account name associated with a Device you want to log in to the target systems with.

    Note: If your device has more than one account, you must enter the specific device name for the account you want to retrieve credentials for. Failure to do this may result in credentials for the wrong account returned by the system.

    Required only if you have a target and/or device with multiple accounts.

    Elevate privileges with

    This enables WALLIX Bastion Privileged Access Management (PAM). Use the drop-down menu to select the privilege elevation method. To bypass this function, leave this field set to Nothing.

    Caution: In your WALLIX Bastion account, the WALLIX Bastion super admin must have enabled "credential recovery" on your account for PAM to be enabled. Otherwise, your scan may not return any results. For more information, see your WALLIX Bastion documentation.

    Note: Multiple options for privilege escalation are supported, including su, su+sudo and sudo. For example, if you select sudo, more fields for sudo user, Escalation Account Name, and Location of su and sudo (directory) are provided and can be completed to support authentication and privilege escalation through WALLIX Bastion PAM. The Escalation Account Name field is then required to complete your privilege escalation.

    Note: For more information about supported privilege escalation types and their accompanying fields, see the Tenable Nessus User Guide, Tenable Vulnerability Management User Guide, or the Tenable Security Center User Guide.

    Required if you wish to escalate privileges.

    HTTPS

    This is enabled by default.

    Caution: The integration fails if you disable HTTPS.

    yes

    Verify SSL Certificate

    This is disabled by default and unsupported in WALLIX Bastion PAM integrations.

    no
    Targets to Prioritize Credentials

    Specify IPs or CIDR blocks on which this credential is attempted before any other credential. To specify multiple IPs or CIDR blocks, use a comma or space-separated list.

    Using this setting can decrease scan times by prioritizing a credential that you know works against your selected targets. For example, if your scan specifies 100 credentials, and the successful credential is the 59th credential out of 100, the first 58 credentials have to fail before the 59th credential succeeds. If you use Targets To Prioritize Credentials, you configure the scan to use the successful credential first, which allows the scan to access the target faster.

    		 no

  9. Click Submit.

    Tenable Security Center saves your configuration.