その他の認証情報
このセクションでは、[Miscellaneous] (その他) セクションで説明される情報と認証情報の設定について説明します。
ADSI
ADSI には、ドメインコントローラー情報、ドメイン、ドメイン管理者とパスワードが必要です。
ADSI allows Tenable Nessus to query an ActiveSync server to determine if any Android or iOS-based devices are connected. Using the credentials and server information, Tenable Nessus authenticates to the domain controller (not the Exchange server) to directly query it for device information. These settings are required for mobile device scanning.
Tenable Nessus supports obtaining the mobile information from Exchange Server 2010 and 2013 only.
| Option | Description | Default |
|---|---|---|
|
Domain Controller |
(Required) The name of the domain controller for ActiveSync. |
- |
|
Domain |
(Required) The name of the NetBIOS domain for ActiveSync. |
- |
|
Domain Admin |
(Required) The domain administrator's username. |
- |
|
Domain Password |
(Required) The domain administrator's password. |
- |
Nessus がモバイル情報を取得できるのは、Exchange Server 2010 と 2013 からのみです。Exchange Server 2007 から情報は読み取れません。
F5
| Option | Description | Default |
|---|---|---|
| Username |
(Required) The username for the scanning F5 account that Tenable Nessus uses to perform checks on the target system. |
- |
| Password | (Required) The password for the F5 user. | - |
| Port |
(Required) The TCP port that F5 listens on for communications from Tenable Nessus. |
443 |
| HTTPS |
When enabled, Tenable connects using secure communication (HTTPS). When disabled, Tenable connects using standard HTTP. |
enabled |
| Verify SSL Certificate |
When enabled, Tenable verifies that the SSL certificate on the server is signed by a trusted CA. Tip: If you are using a self-signed certificate, disable this setting. |
enabled |
IBM iSeries
| Option | Description | Default |
|---|---|---|
| Username |
(Required) The username for the IBM iSeries account that Tenable Nessus uses to perform checks on the target system. |
- |
| Password | (Required) The password for the IBM iSeries user. | - |
NetApp API
| Option | Description | Default |
|---|---|---|
| Username |
(Required) The username for the Netapp API account with HTTPS access that Tenable Nessus uses to perform checks on the target system. |
- |
| Password | (Required) The password for the Netapp API user. | - |
| vFiler |
The vFiler nodes to scan for on the target systems. To limit the audit to a single vFiler, type the name of the vFiler. To audit for all discovered Netapp virtual filers (vFilers) on target systems, leave the field blank. |
- |
| Port | (Required) The TCP port that Netapp API listens on for communications from Tenable Nessus. | 443 |
Nutanix Prism
ヒント: Nutanix Prism の認証情報が正常に認証されたかどうかを確認するには、スキャンの完了後に integration_status.nasl プラグインのプラグイン出力を確認します。詳細は、プラグイン を参照してください。
| Option | Description | Default |
|---|---|---|
|
Nutanix Host |
(Required) Hostname or IP address of the Nutanix Prism Central host. |
- |
|
Nutanix Port |
(Required) The TCP port that the Nutanix Prism Central host listens on for communications from Tenable. |
9440 |
|
Username |
(Required) Username used for authentication to the Nutanix Prism Central host. |
- |
|
Password |
(Required) Password used for authentication to the Nutanix Prism Central host. |
- |
|
Discover Host |
This option adds any discovered Nutanix Prism Central hosts to the scan targets to be scanned. | - |
|
Discover Virtual Machines |
This option adds any discovered Nutanix Prism Central Virtual Machines to the scan targets to be scanned. | - |
|
HTTPS |
When enabled, Tenable connects using secure communication (HTTPS). When disabled, Tenable connects using standard HTTP. |
enabled |
|
Verify SSL Certificate |
When enabled, Tenable verifies that the SSL certificate on the server is signed by a trusted CA. Tip: If you are using a self-signed certificate, disable this setting. |
enabled |
OpenStack
| Option | Description | Default |
|---|---|---|
| Username |
(Required) The username for the OpenStack account that Tenable Nessus uses to perform checks on the target system. |
- |
| Password | (Required) The password for the OpenStack user. | - |
| Tenant Name for Authentication | (Required) The name of the specific tenant the scan uses to authenticate. | admin |
| Port |
(Required) The TCP port that OpenStack listens on for communications from Tenable Nessus. |
443 |
| HTTPS |
When enabled, Tenable connects using secure communication (HTTPS). When disabled, Tenable connects using standard HTTP. |
enabled |
| Verify SSL Certificate |
When enabled, Tenable verifies that the SSL certificate on the server is signed by a trusted CA. Tip: If you are using a self-signed certificate, disable this setting. |
enabled |
Palo Alto Networks PAN-OS
| Option | Description | Default |
|---|---|---|
| Username | (Required) The username for the PAN-OS account that Tenable Nessus uses to perform checks on the target system. | - |
| Password | (Required) The password for the PAN-OS user. | - |
| Port | (Required) The TCP port that PAN-OS listens on for communications from Tenable Nessus. | 443 |
| HTTPS |
When enabled, Tenable connects using secure communication (HTTPS). When disabled, Tenable connects using standard HTTP. |
enabled |
| Verify SSL Certificate |
When enabled, Tenable verifies that the SSL certificate on the server is signed by a trusted CA. Tip: If you are using a self-signed certificate, disable this setting. |
enabled |
Red Hat Enterprise Virtualization (RHEV)
| Option | Description | Default |
|---|---|---|
|
Username |
(Required) The username for RHEV account that Tenable Nessus uses to perform checks on the target system. |
- |
|
Password |
(Required) The password for the RHEV user. |
- |
|
Port |
(Required) The TCP port that the RHEV server listens on for communications from Tenable Nessus. |
443 |
|
Verify SSL Certificate |
When enabled, Tenable verifies that the SSL certificate on the server is signed by a trusted CA. Tip: If you are using a self-signed certificate, disable this setting. |
enabled |
VMware ESX SOAP API
VMware サーバーにはネイティブの SOAP API を通じてアクセスできます。ESX と ESXi サーバーには、VMware ESX SOAP API でユーザー名とパスワードを使用してアクセスできます。また、SSL 証明書の検証を無効にすることも可能です。
VMWare ESX SOAP API の設定についての詳細は、vSphere スキャンの設定 を参照してください。
ヒント: ESXi SOAP API の認証情報が正常に認証されたかどうかを確認するには、スキャンの完了後に integration_status.nasl プラグインのプラグイン出力を確認します。詳細は、プラグインを参照してください。
Tenable can access VMware servers through the native VMware SOAP API.
| Option | Description | Default |
|---|---|---|
|
ESX SOAP API Authentication Method |
(Required) The user can choose from a list of authentication methods:
|
Username and Password |
|
Do not verify SSL Certificate |
Do not validate the SSL certificate for the ESXi server. |
disabled |
VMware vCenter
VMWare vCenter SOAP API の設定についての詳細は、vSphere スキャンの設定 を参照してください。
ヒント: VMware vCenter の認証情報が正常に認証されたかどうかを確認するには、スキャンの完了後に integration_status.nasl プラグインのプラグイン出力を確認します。詳細は、プラグインを参照してください。
Tenable can access vCenter through the native VMware vCenter SOAP API. If available, Tenable uses the vCenter REST API to collect data in addition to the SOAP API.
Note: Tenable supports VMware vCenter/ESXi versions 7.0.3 and later for authenticated scans. This does not impact vulnerability checks for VMware vCenter/ESXi, which do not require authentication.
Note: The SOAP API requires a vCenter account with read permissions and settings privileges. The REST API requires a vCenter admin account with general read permissions and required Lifecycle Manager privileges to enumerate VIBs.
| Option | Description | Default |
|---|---|---|
|
vCenter Host |
(Required) The name of the vCenter host. |
- |
|
vCenter Port |
(Required) The TCP port that vCenter listens on for communications from Tenable. |
443 |
|
Username |
(Required) The username for the vCenter server account with admin read/write access that Tenable uses to perform checks on the target system. |
- |
|
Password |
(Required) The password for the vCenver server user. |
- |
|
HTTPS |
When enabled, Tenable connects using secure communication (HTTPS). When disabled, Tenable connects using standard HTTP. |
enabled |
|
Verify SSL Certificate |
When enabled, Tenable verifies that the SSL certificate on the server is signed by a trusted CA. Tip: If you are using a self-signed certificate, disable this setting. |
enabled |
|
Auto Discover Managed VMware ESXi Hosts |
This option adds any discovered VMware ESXi hypervisor hosts to the scan targets you include in your scan. |
disabled |
|
Auto Discover Managed VMware ESXi Virtual Machines |
This option adds any discovered VMware ESXi hypervisor virtual machines to the scan targets you include in your scan. | disabled |
X.509
| Option | Description | Default |
|---|---|---|
|
Client certificate |
(Required) The client certificate. |
- |
|
Client key |
(Required) The client private key. | - |
|
Password for key |
(Required) The passphrase for the client private key. | - |
|
CA certificate to trust |
(Required) The trusted Certificate Authority's (CA) digital certificate. | - |