TOC & Recently Viewed

Recently Viewed Topics

Privilege Escalation

Some SSH credential types support privilege escalation.

Note: BeyondTrust's PowerBroker (pbrun) and Centrify's DirectAuthorize (dzdo) are proprietary root task delegation methods for Unix and Linux systems.

Tip: Scans run using su+sudo allow the user to scan with a non-privileged account and then switch to a user with sudo privileges on the remote host. This is important for locations where remote privileged login is prohibited.

Note: Scans run using sudo vs. the root user do not always return the same results because of the different environmental variables applied to the sudo user and other subtle differences. For more information, see: https://www.sudo.ws/man/sudo.man.html.

The following table describes the additional options to configure for privilege escalation.

Option SSH Types Description
Escalation Username

Kerberos

Password

Public Key

The username for the account with elevated privileges.

Escalation Password

Kerberos

Password

Public Key

The password for the account with elevated privileges.

Escalation Path

Kerberos

Password

Public Key

The directory path for the privilege escalation commands.
Escalation Su User

CyberArk

Kerberos

Password

Public Key

The username for the account with su privileges.

CyberArk Account Details Name CyberArk

The name parameter for the CyberArk account with elevated privileges.

Escalation Account CyberArk The username for the account with elevated privileges.
Escalation sudo user CyberArk The username for the account with sudo privileges.
Location of dzdo (directory) CyberArk The directory path for the dzdo command.
Location of pbrun (directory) CyberArk The directory path for the pbrun command.
Location of su (directory) CyberArk The directory path for the su command.
Location of su and sudo (directory) CyberArk The directory path for the su and sudo commands.
Location of sudo (directory) CyberArk The directory path for the sudo command.
su login CyberArk The username for the account with su privileges.
sudo login CyberArk The username for the account with sudo privileges.

Copyright 2017-2018 Tenable, Inc. All rights reserved. Tenable Network Security, Nessus, SecurityCenter, SecurityCenter Continuous View and Log Correlation Engine are registered trademarks of Tenable, Inc. Tenable, Tenable.io, Assure, and The Cyber Exposure Company are trademarks of Tenable, Inc. All other products or services are trademarks of their respective owners.