RVANOC
Contributor
Contributor

Nessus Scans ESXi

I have a regulatory requirement to let Nessus scan my ESXi boxes.  I have two challenges with this.

Challenge 1: Turning on the ESXi Shell and SSH on.  How can I automate this so it happens to all boxes at the same time?

Challenge 2:  Using a Windows account I can add to let it log on to the ESXi box.  Windows accounts can logon to vSphere but not ESXi.  I do not want to give a way the root account.

How do you let your environment get scanned.

0 Kudos
1 Reply

Hi RVANOC.

Challenge 1:

If your ESXi are being managed by vCenter you can enable SSH with PowerCLI:

1. Open PowerCLI

2. Connect-VIServer <myVC>

3. Get-VMHost | Get-VMHostService | Where Key -EQ "TSM-SSH" | Start-VMHostService

To stop it:

Get-VMHost | Get-VMHostService | Where Key -EQ "TSM-SSH" | Stop-VMHostService -Confirm:$False

Challenge 2:

I believe you need to create a Read Only user for your ESXi servers with read only permissions, since Nessus need to access OS and it cannot do it from vCenter.

Please take a look at this document Assigning Privileges for ESXi Hosts​ and Using Roles to Assign Privileges  for more precise instructions

Regards

0 Kudos