You are here: Compliance Check Types > NetApp Data ONTAP > Required User Privileges

Required User Privileges

To perform a successful compliance scan against a NetApp Data ONTAP system, authenticated users must have root credentials for NetApp Data ONTAP filer.

In addition to the privileges above, an audit policy for NetApp Data ONTAP Compliance Checks and Nessus Plugin ID #66934 (NetApp Data ONTAP Compliance Checks) are required.

To run a scan against the device, start by creating the audit policy. Next, use the SSH settings menu under the Credentials tab of the policy to supply root credentials. Under the Plugins tab of the policy, select the Policy Compliance plugin family, and enable plugin ID #66934 titled NetApp Data ONTAP Compliance Checks. Next, under the Preferences tab, select the NetApp Data ONTAP Compliance Checks drop-down and add the NetApp .audit file from the Tenable Support Portal. Last, save the policy and execute the scan.

In the case where providing root credentials is not an option, a lesser privileged account can be created to facilitate the audit:

  • Create a new role (e.g., nessus_audit):

    # role add nessus_audit -a login-ssh,cli-version,cli-options,cli-uptime

  • Assign the role to a group (e.g., nessus_admins):

    # group add nessus_admins -r nessus_audit

  • Assign the group to a user:

    # useradmin user add nessus -g nessus_admins

Copyright © 2017. Tenable Network Security, Inc. All rights reserved. Tenable Network Security, Nessus, SecurityCenter Continuous View, Passive Vulnerability Scanner, and Log Correlation Engine are registered trademarks of Tenable Network Security, Inc. All other products or services are trademarks of their respective owners.