Would anyone have any insight into why Nessus scanners are not successfully scanning our F5 devices? We've verified that they are logging in, but for some reason are throwing the below error about not having local security checks enabled. We see external scans being done; just not internal. Have tried verifying the credentials and tried different credentials, with full admin rights. Can putty into the devices with same credentials just fine. They are setup with TACACS authentication, which always shows the scanner authenticating. Have also tried taking one device off of TACACS and making it local with a new local account - no difference. Also tried scanning against the management port and ethernet port/self IP (port security checked). SSH Allow checked.
I have done a F5 support case for this already. Verified with logs, etc. that it is authenticating. Thinking it has something to do with the "or some other problem occurred" as mentioned in the error. Just running out of ideas to what that could be. Devices affected include LTMs, GTMs, and an Enterprise Manager.
The local security checks are disabled.
Local security checks have been disabled for this host because either the credentials supplied in the scan policy did not allow Nessus to log into it or some other problem occurred.
Address the problem(s) so that local security checks are enabled.
Nessus Plugin ID
Additional failure information from ssh_get_info2.nasl :
We are able to run commands on the remote host, but are unable to currently identify it in this plugin.
- SSH was unable to login with any supplied credentials.
What "shell"(thinking it may be set to tmos shell and maybe should default to bash) is set for the account that nessus is using to authenticate against the F5 device.
I have done both bash and tmsh. Have validated with logs that the F5 shows the account as an administrator upon login. Currently is set to bash w/ admin role.
How are you passing the "credentials"? Maybe you can try authentication using SSH/keys instead of username/password?
Creds are being passed via username/password. Thought about trying SSH keys, but other personnel manage the scanners, and not sure if they would even allow that type of configuration as everything is user/password base creds. Another entity has F5s and use user/pass creds and supposedly they get successful scans. Only thing I've found different from theirs is that they are using 13.x. My models don't support 13.x.
Might have to see about doing SSH keys. Just don't see that being easily done (i.e. policies/politics). If I understand correctly, you have to create the SSH public/private key pair for each F5 device on each scanner you use, correct? So say you have 4 F5s and 2 scanners, I would have to do the key creation process on one scanner for each device, then same thing on the other scanner.