Privilege Escalation
Some SSH credential types support privilege escalation.
Note: BeyondTrust's PowerBroker (pbrun) and Centrify's DirectAuthorize (dzdo) are proprietary root task delegation methods for Unix and Linux systems.
Tip: Scans run using su+sudo allow the user to scan with a non-privileged account and then switch to a user with sudo privileges on the remote host. This is important for locations where remote privileged login is prohibited.
Note: Scans run using sudo vs. the root user do not always return the same results because of the different environmental variables applied to the sudo user and other subtle differences. For more information, see https://www.sudo.ws/docs/man/sudo.man/.
The following table describes the additional options to configure for privilege escalation.
|
Option |
SSH Types |
Description |
|---|---|---|
|
Escalation Username |
Arcon Checkpoint Gaia 'Expert' Kerberos Password Public Key WALLIX Bastion |
The username for the account with elevated privileges. |
|
Escalation Password |
Kerberos Password Public Key WALLIX Bastion |
The password for the account with elevated privileges. |
|
Escalation Path |
Arcon Kerberos Password Public Key WALLIX Bastion |
The directory path for the privilege escalation commands. |
|
Escalation Su User |
Arcon CyberArk Kerberos Password Public Key WALLIX Bastion |
The username for the account with su privileges. |
|
Escalation Account Name |
Arcon Checkpoint Gaia 'Expert' CyberArk Delinea Secret Server |
The name parameter for the account with elevated privileges. Note: For CyberArk credentials, the system uses the password associated with the CyberArk account name you provide for all scanned hosts. |
|
CyberArk Escalation Account Details Name |
Checkpoint Gaia 'Expert' CyberArk |
The name parameter for the account with elevated privileges. Note: For CyberArk credentials, the system uses the password associated with the CyberArk account name you provide for all scanned hosts. |
|
Escalation Account |
CyberArk |
The username for the account with elevated privileges. |
| Escalation Account Credential ID or Identifier | Senhasegura | The credential ID or identifier for the account with elevated privileges. |
| Escalation Account Secret Name | Hashicorp Vault | The key secret for the Hashicorp account with elevated privileges. |
|
Escalation sudo user |
CyberArk |
The username for the account with sudo privileges. |
| Escalation Credential ID |
Checkpoint Gaia 'Expert' Delinea Secret Server |
The secret name for the account with elevated privileges. |
| Expert Password | Checkpoint Gaia 'Expert' | The password for Expert mode in Gaia. |
|
Location of dzdo (directory) |
CyberArk Delinea Secret Server Hashicorp Vault Senhasegura |
The directory path for the dzdo command. |
|
Location of pbrun (directory) |
CyberArk Delinea Secret Server Hashicorp Vault Senhasegura |
The directory path for the pbrun command. |
|
Location of su (directory) |
CyberArk Delinea Secret Server Hashicorp Vault Senhasegura |
The directory path for the su command. |
|
Location of su and sudo (directory) |
CyberArk Delinea Secret Server Hashicorp Vault Senhasegura |
The directory path for the su and sudo commands. |
|
Location of sudo (directory) |
CyberArk Delinea Secret Server Hashicorp Vault |
The directory path for the sudo command. |
| su user |
Delinea Secret Server Hashicorp Vault Senhasegura |
The username for the account with su privileges. |
|
su login |
CyberArk Hashicorp Vault Senhasegura |
The username for the account with su privileges. |
| sudo user |
Hashicorp Vault Senhasegura |
The username for the account with sudo privileges. |
|
sudo login |
CyberArk |
The username for the account with sudo privileges. |
|
Thycotic Escalation Account |
Checkpoint Gaia 'Expert' Thycotic Secret Server |
The name parameter for the account with elevated privileges. Note: |