- Knowledge Base
- System & Network Scanning
- Authenticated Network Scanning
-
Security Announcements
-
Product News
-
Next-Gen Vulnerability Management
-
Getting Started
-
General
-
Operating Status
-
System & Network Scanning
-
Web Application Scanning
-
Cloud Scanning (CSPM)
-
API Scanning
-
Phishing & Awareness Training
-
Scanner Appliance
-
Device Agent
-
On-premise platform deployment
-
Asset Management
-
Vulnerability Manager
-
Reports
-
Digest Reports
-
Organizer
-
Continuous Monitoring
-
Integrations
-
Platform API
-
Remediation
-
Users
-
PCI DSS
-
Terms & Conditions
What are the supported systems and requirements?
Supported systems
Windows
Accessed using the SMB protocol (with user credentials) to check installed software on the system as well as the patch levels.
Linux/Unix
Accessed using SSH with user credentials or SSH key.
Requirements
Windows
Registry access
To access the Windows registry properly, the target system must have the Remote Registry service enabled and running.
- Open the Control Panel.
- Select Administrative Tools.
- Select Services.
- Right-click the Remote Registry Service and select Properties.
- Under Startup Type, select Automatic from the drop-down menu.
- Check that the Remote Procedure Call service is also configured to start automatically.
- For standalone target systems, that are not included in a local domain, it is important to set this registry key:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\system\
DWORD: LocalAccountTokenFilterPolicy = 1 - Have the File and Printer Sharing service enabled.
- If you are scanning multiple servers within a domain, it is recommended to set up a user in the "Domain Administrators group". This will make it easier to manage permissions for the scanning centrally. External link:
How to setup a domain user account - Set the SMB EncryptData to false.
In Powershell, to list SMB configuration, use the following command:
Get-SmbServerConfiguration
To set the SMB configuration to false, use the following command:
Set-SmbServerConfiguration -EncryptData $false
Linux
There are two ways to authenticate a Linux/Unix system.
1. First alternative
Using username and password. To use that option, you need to enable SSH Password Authentication. You must SSH in as root to edit the following file:
/etc/ssh/sshd_config
Then, change the line
PasswordAuthenatication no
to
PasswordAuthentication yes
2. Second alterantive
Using username and RSA private key. You need to have a RSA private key and its associated public key inside /etc/ssh file. You should also have the associated public key inside home/user/.ssh/authorized_keys. Also, when you provide the RSA private key, include the first line -----BEGIN RSA PRIVATE KEY----- and the last line -----END RSA PRIVATE KEY----- .