Nessus Scans ESXi

RVANOC · ‎06-10-2020

I have a regulatory requirement to let Nessus scan my ESXi boxes. I have two challenges with this.

Challenge 1: Turning on the ESXi Shell and SSH on. How can I automate this so it happens to all boxes at the same time?

Challenge 2: Using a Windows account I can add to let it log on to the ESXi box. Windows accounts can logon to vSphere but not ESXi. I do not want to give a way the root account.

How do you let your environment get scanned.

lucasbernadsky · ‎06-10-2020

Hi RVANOC.

Challenge 1:

If your ESXi are being managed by vCenter you can enable SSH with PowerCLI:

1. Open PowerCLI

2. Connect-VIServer <myVC>

3. Get-VMHost | Get-VMHostService | Where Key -EQ "TSM-SSH" | Start-VMHostService

To stop it:

Get-VMHost | Get-VMHostService | Where Key -EQ "TSM-SSH" | Stop-VMHostService -Confirm:$False

Challenge 2:

I believe you need to create a Read Only user for your ESXi servers with read only permissions, since Nessus need to access OS and it cannot do it from vCenter.

Please take a look at this document Assigning Privileges for ESXi Hosts and Using Roles to Assign Privileges for more precise instructions

Regards

All

Nessus Scans ESXi