1 Reply Latest reply on Jun 10, 2020 5:10 PM by lucasbernadsky

    Nessus Scans ESXi

    RVANOC Novice

      I have a regulatory requirement to let Nessus scan my ESXi boxes.  I have two challenges with this.

       

      Challenge 1: Turning on the ESXi Shell and SSH on.  How can I automate this so it happens to all boxes at the same time?

       

      Challenge 2:  Using a Windows account I can add to let it log on to the ESXi box.  Windows accounts can logon to vSphere but not ESXi.  I do not want to give a way the root account.

       

      How do you let your environment get scanned.

        • 1. Re: Nessus Scans ESXi
          lucasbernadsky Enthusiast

          Hi RVANOC.

           

          Challenge 1:

          If your ESXi are being managed by vCenter you can enable SSH with PowerCLI:

          1. Open PowerCLI

          2. Connect-VIServer <myVC>

          3. Get-VMHost | Get-VMHostService | Where Key -EQ "TSM-SSH" | Start-VMHostService

           

          To stop it:

          Get-VMHost | Get-VMHostService | Where Key -EQ "TSM-SSH" | Stop-VMHostService -Confirm:$False

           

          Challenge 2:

          I believe you need to create a Read Only user for your ESXi servers with read only permissions, since Nessus need to access OS and it cannot do it from vCenter.

          Please take a look at this document Assigning Privileges for ESXi Hosts and Using Roles to Assign Privileges  for more precise instructions

           

          Regards