Required User Privileges
To perform a successful compliance scan against a NetApp Data ONTAP system, authenticated users must have
root credentials for NetApp Data ONTAP filer.
In addition to the privileges above, an audit policy for NetApp Data ONTAP Compliance Checks and Nessus Plugin ID #66934 (NetApp Data ONTAP Compliance Checks) are required.
To run a scan against the device, start by creating the audit policy. Next, use the SSH settings menu under the Credentials tab of the policy to supply
root credentials. Under the Plugins tab of the policy, select the Policy Compliance plugin family, and enable plugin ID #66934 titled NetApp Data ONTAP Compliance Checks. Next, under the Preferences tab, select the NetApp Data ONTAP Compliance Checks drop-down and add the NetApp
.audit file from the Tenable Support Portal. Last, save the policy and execute the scan.
In the case where providing
root credentials is not an option, a lesser privileged account can be created to facilitate the audit:
Create a new role (e.g.,
# role add nessus_audit -a login-ssh,cli-version,cli-options,cli-uptime
Assign the role to a group (e.g.,
# group add nessus_admins -r nessus_audit
Assign the group to a user:
# useradmin user add nessus -g nessus_admins