SSH Integration with Privilege Escalation option

Tenable provides full SSH support for WALLIX Bastion, including optional Privilege Access Management (PAM). Complete the following steps to configure SSH credentials for scans with WALLIX Bastion.

For more information on Tenable scans, see the Nessus User Guide, the Tenable Vulnerability Management User Guide, or the Tenable Security Center User Guide.

Requirements:

• WALLIX Bastion account
• Tenable Vulnerability Management or Tenable Nessus Manager account

To configure SSH integration:

1. Log in to your Tenable user interface.
2. Click Scans.

3. Click + New Scan.

   The Scan Templates page appears.

   

4. Select Advanced Scan.

   The selected scan template appears.

   

5. In the Name box, type a name for the scan.

6. In the Targets box, type an IP address, hostname, or range of IP addresses.
7. (Optional) Add a description, folder location, scanner location, and specify target groups.

8. Click the Credentials tab.

   The Credentials options appear.

   

9. In the left-hand menu, select SSH.

10. Click Authentication method.

11. Select Wallix Bastion in the drop-down box.

    The Wallix Bastion SSH options appear.

    

12. Configure each field for SSH authentication.

    Option	Description	Required
    Wallix Host	The IP address for the WALLIX Bastion host.	yes
    Wallix Port	The port on which the WALLIX Bastion API communicates. By default, Tenable Nessus Manager uses 443.	yes
    Authentication Type	Basic authentication (with WALLIX Bastion user interface username and Password requirements) or API Key authentication (with username and WALLIX Bastion-generated API key requirements).	yes
    Wallix User	Your WALLIX Bastion user interface login username.	yes
    Wallix Password	Your WALLIX Bastion user interface login password. Used for Basic authentication to the API.	yes
    Wallix API Key	The API Key generated in the WALLIX Bastion user interface. Used for API Key authentication to the API.	yes
    Get Credential by Device Account Name	The account name associated with a Device you want to log in to the target systems with. Note: If your device has more than one account, you must enter the specific device name for the account you want to retrieve credentials for. Failure to do this may result in credentials for the wrong account returned by the system.	Required only if you have a target and/or device with multiple accounts.
    Elevate privileges with	This enables WALLIX Bastion Privileged Access Management (PAM). Use the drop-down menu to select the privilege elevation method. To bypass this function, leave this field set to Nothing. Caution: In your WALLIX Bastion account, the WALLIX Bastion super admin must have enabled "credential recovery" on your account for PAM to be enabled. Otherwise, your scan may not return any results. For more information, see your WALLIX Bastion documentation. Note: Multiple options for privilege escalation are supported, including su, su+sudo and sudo. For example, if you select sudo, more fields for sudo user, Escalation Account Name, and Location of su and sudo (directory) are provided and can be completed to support authentication and privilege escalation through WALLIX Bastion PAM. The Escalation Account Name field is then required to complete your privilege escalation. Note: For more information about supported privilege escalation types and their accompanying fields, see the Tenable Nessus User Guide, Tenable Vulnerability Management User Guide, or the Tenable Security Center User Guide.	Required if you wish to escalate privileges.
    HTTPS	This is enabled by default. Caution: The integration fails if you disable HTTPS.	yes
    Verify SSL Certificate	This is disabled by default and unsupported in WALLIX Bastion PAM integrations.	no

13. Click Save.

Verification

1. Click the arrow next to the Save button to drop down the launch button.

2. To verify the integration is working, click the Launch button to initiate an on-demand scan.

3. After the scan completes, click the scan to view the results.