Target Credential Issues by Authentication Protocol - Insufficient Privilege

[cyb3rslack3r]

Version

2.4.40

Installation Method

Security Onion ISO image

Description

other (please provide detail below)

Installation Type

Standalone

Location

airgap

Hardware Specs

Meets minimum requirements

CPU

6

RAM

16 GB

Storage for /

1 TB

Storage for /nsm

500 GB

Network Traffic Collection

tap

Network Traffic Speeds

Less than 1Gbps

Status

Yes, all services on all nodes are running OK

Salt Status

No, there are no failures

Logs

No, there are no additional clues

Detail

Scanning the SO2 2.4.40 or any previous version with Oracle Linux 9 operating system is getting limited credentialed scans with Nessus Pro (Target Credential Issues by Authentication Protocol - Insufficient Privilege). I have tried steps from previous recommendations to change the ssh_config and it still is not working. Not sure what else to change to get full credentialed scans

Guidelines

• I have read the discussion guidelines at Read before posting! #1720 and assert that I have followed the guidelines.

[reyesj2]

Security Onion doesn't manage the sshd config, so any changes you make to the files won't be overwritten.
Make sure the account logging in is in /etc/sudoers. I think in nessus you can also change the escalation command, so it can do sudo <cmd> or do sudo su before running commands during scan.

[cyb3rslack3r]

Thanks for the feedback. I was able to slow the scan settings down and did get a good credentialed scan on a system without any DISA STIGs applied. Still did not get full credentialed scans on Security Onion 2.4.40 with DISA STIGs applied. I haven't found any useful information online to help fix that. I tried disabling TMUX as one post suggested, but that didn't work.