Database

Nessus supports database authentication using PostgreSQL, DB2, MySQL SQL Server, Oracle, and MongoDB.

Database

Nessus supports the following authentication methods:

Option

Description

Username

The username for the database.

Password

The password for the supplied username.

Database Type

Nessus supports Oracle, SQL Server, MySQL, DB2, Informix/DRDA, and PostgreSQL.

In Nessus Manager, you have the option of using CyberArk to manage your credentials. CyberArk is a popular enterprise password vault that helps you manage privileged credentials to use in a scan.

Option Description

Username

The target system’s username.

Central Credential Provider Host

The CyberArk Central Credential Provider IP/DNS address.

Central Credential Provider Port

The port on which the CyberArk Central Credential Provider is listening.

CyberArk AIM Service URL

The URL of the AIM service. By default, this field uses /AIMWebservice/v1.1/AIM.asmx.

Central Credential Provider Username

If the CyberArk Central Credential Provider is configured to use basic authentication, you can fill in this field for authentication.

Central Credential Provider Password

If the CyberArk Central Credential Provider is configured to use basic authentication, you can fill in this field for authentication.

Safe

The safe on the CyberArk Central Credential Provider server that contained the authentication information you would like to retrieve.
CyberArk Client Certificate The file that contains the PEM certificate used to communicate with the CyberArk host.
CyberArk Client Certificate Private Key The file that contains the PEM private key for the client certificate.
CyberArk Client Certificate Private Key Passphrase (Optional) The passphrase for the private key, if required.

AppId

The AppId that has been allocated permissions on the CyberArk Central Credential Provider to retrieve the target password.

Folder

The folder on the CyberArk Central Credential Provider server that contains the authentication information you would like to retrieve.

CyberArk Account Details Name

 The unique name of the credential you want to retrieve from CyberArk.

Use SSL

If CyberArk Central Credential Provider is configured to support SSL through IIS check for secure communication.

Verify SSL Certificate

If CyberArk Central Credential Provider is configured to support SSL through IIS and you want to validate the certificate, select this option. Refer to the custom_CA.inc documentation for how to use self-signed certificates.

Database Type

Nessus supports Oracle, SQL Server, MySQL, DB2, Informix/DRDA, and PostgreSQL.
Option Database Type Description

Required
Username All The target system’s username. yes
Lieberman host All

The Lieberman IP/DNS address.

Note: If your Lieberman installation is in a subdirectory, you must include the subdirectory path. For example, type IP address or hostname / subdirectory path.

 yes
Lieberman port All The port on which Lieberman listens. yes
Lieberman API URL All The URL Nessus uses to access Lieberman. no
Lieberman user All The Lieberman explicit user for authenticating to the Lieberman API. yes
Lieberman password All The password for the Lieberman explicit user. yes
Lieberman Authenticator All

The alias used for the authenticator in Lieberman. The name should match the name used in Lieberman.

Note: If you use this option, append a domain to the Lieberman user option, i.e., domain\user.

 no
Lieberman Client Certificate All

The file that contains the PEM certificate used to communicate with the Lieberman host.

Note: If you use this option, you do not have to enter information in the Lieberman user, Lieberman password, and Lieberman Authenticator fields.

 no
Lieberman Client Certificate Private Key All The file that contains the PEM private key for the client certificate. no
Lieberman Client Certificate Private Key Passphrase All The passphrase for the private key, if required. no
Use SSL All

If Lieberman is configured to support SSL through IIS, check for secure communication.

 no
Verify SSL Certificate All

If Lieberman is configured to support SSL through IIS and you want to validate the certificate, check this option. Refer to Custom CA documentation for how to use self-signed certificates.

no
System Name All In the rare case your organization uses one default Lieberman entry for all managed systems, enter the default entry name. no
Database Port All The port on which Nessus communicates with the database. yes
Database Name

DB2

PostgreSQL

 (PostgreSQL and DB2 databases only) The name of the database. no
Auth type

Oracle

SQL Server

Sybase ASE

(SQL Server, Oracle. and Sybase ASE databases only)

SQL Server values include:

  • Windows
  • SQL

Oracle values include:

  • SYSDBA
  • SYSOPER
  • NORMAL

Sybase ASE values include:

  • RSA
  • Plain Text
 yes
Instance Name SQL Server The name for your database instance. no
Service type Oracle

Valid values include:

  • SID
  • SERVICE_NAME
 yes
Service Oracle The SID value for your database instance or a SERVICE_NAME value. The Service value you enter must match your parameter selection for the Service Type option. no

MongoDB

Option

Description

Username

The username for the database.

Password

The password for the supplied username.

Database

Name of the database to audit.

Port

Port the database listens on.