Cloud Security

Version:

  • Linux Control Center = 2.10.X or higher

Requirements:

  • Tenable Vulnerability Management Secret Key and Access Key

  • Hosts in the LCC database previously configured

Overview:

  • This guide provides information and step-by-step instructions for integrating Linux Control Center (LCC) with Tenable Vulnerability Management vulnerability manager.

Objective:

  • This integration allows you to run Tenable Vulnerability Management scans from LCC and use the scan results to quickly and easily identify vulnerabilities in Hosts managed by LCC.

Please note that all third-party solutions that interact with LCC must be configured correctly. Inconsistent data from these solutions cannot be reliably processed or presented by LCC.

Tenable Vulnerability Management does not have ACR and AES indexes to classify Host risk levels.

Integration Configuration

  1. To create the LCC connection with Tenable, access the menu on the left of the LCC and click on the Config option

  1. Click on Tenable

  1. Click on Vulnerability Manager

  1. Click on the Create button.

  1. Then, fill in the fields below; 1. Enter the name to identify the synchronization in the Name field

  2. Enter the URL https://cloud.tenable.com in the URL field

  3. Enter the Access Key and Secret Key in their respective fields.

  • Chunk Size: is the number of Assets that will be imported at a time

  • Number of Assets: is the maximum number of Hosts to import

  • Updated At: This option allows you to define from which date the LCC will be able to obtain the scan results.

Default: Vulnerabilities from 30 days ago.

  1. Click Save

  1. After saving, click on the previously saved item to open the Tenable Vulnerability Management integration window.

  1. Click on the GENERAL tab, and then click on the Test Connection button to test the connection with Tenable Vulnerability Management.

  1. The Status will turn green to confirm that the connection was successful

Sync Assets

Sync Assets compares the IP addresses of the Hosts in the LCC database with those in the Tenable Vulnerability Manager database. Only Hosts with the same IP addresses in both databases will be displayed in the LCC Assets screen.

Be careful not to create duplicate Assets in Tenable Vulnerability Manager. If you do, they cannot be processed or presented reliably by LCC.

  1. After validating the connection, click on Hosts

  2. Click on Sync Assets to synchronize the LCC Hosts with Tenable Vulnerability Management Assets

Running Scans

  1. Then, click on SCANS, click on the SYNC SCANS button to integrate which Scans are present in Tenable Vulnerability Management

  2. After SYNC SCANS finishes and lists the Tenable scans, click on RUN to run the desired scan.

Sync Results

This Action can only be run once every 24 hours. Before running Sync Results, check if any scans have been performed recently to ensure that vulnerability information is up to date.

The Action will have the status Aborted if it is run again within the 24-hour period.

  1. Access the Tenable web interface to monitor the scan execution. Once complete, return to Hosts and click Sync Results to synchronize the scan results with the LCC Console.

Schedules

  1. On the Tenable Vulnerability Management integration screen, click on the Schedule tab

  1. Click on Add Schedule

  1. These are the actions available to execute in the schedule.

Test Connection: Performs a connection test with Tenable Vulnerability Management to validate the integration Sync Scans: Updates the list of scans available in Tenable Vulnerability Management on the LCC integration Scans screen Sync Assets: Updates the list of Tenable Vulnerability Management assets according to the database LCC host data Launch Scan: Sends the command to run a desired scan in Tenable Vulnerability Management Sync Results: Synchronizes the results of the last scan run in Tenable Vulnerability Management with the hosts integrated in LCC.

  1. Then, define a name for the schedule in the Name field and choose one of the actions in the Action line

By default, the scheduling screen opens with the One Time option, to schedule a single execution at a specific hour, minute and date, as shown in the image below;

  1. By checking the Repeatedly box together with Minutes it is possible to execute the action every X defined minutes.

  1. Checking the Repeatedly box together with Daily allows you to execute the action every day every X hours and X minutes.

  1. Checking the Repeatedly box together with Advanced to choose the custom schedule, where you can choose the hour, minute, day of the week, day of the month and the desired month.

  1. After creating and saving a schedule, you can pause it if necessary by clicking Disable and monitor the status of whether it is enabled or not in the Active column.

  1. The Next Run column displays when the next run will be and the Last Run column displays when the last run was. The Count column counts how many times the schedule has been run.

  1. You can also delete a schedule by clicking the trash can icon next to the Disable/Enable button.

Vulnerability Fix

Fix Plugin ID 153588 - Weak SSH Ciphers

The LCC 7 Library has a script to change SSH encryption ciphers, configuring hosts to use stronger ciphers for SSH authentication.

To download and run this script, follow the steps below.

  1. Click 7 Library in the LCC left menu

  1. Click Sync Feed to update the 7 Library feed

  1. Click on the config SSH Ciphers Algorithms script

  1. Click Download and the script will be saved in the LCC and will be available in the Scripts screen

  1. Click on Scripts in the left side menu.

  1. Click on the script that was downloaded.

  1. Click on User for Execution.

  1. Choose which user will run the script (We recommend using the lcc.local user to avoid failures due to lack of permission.)

  1. Click on Save

  1. Then, click on Workflow in the left menu of the LCC

  1. Click Create

  1. Enter a name for the Workflow in the Name field

  1. Click Start New Workflow.

  1. Click Actions and choose the Execute Custom Script option

  1. Define one or more Hosts in the Host field

  1. If you have a pre-configured group, choose it in the Target Group field

  1. Choose the Config SSH Ciphers Algorithms script.

  1. Click Create.

  1. Click Save to save the Workflow.

  1. After creating the Workflow, click the Actions button, then Run.

  1. Click AGREE to confirm the execution of the Workflow.

  1. Wait for the Workflow execution to finish.

  2. Run the Tenable Vulnerability Management scan, as per step Scan Execution

  3. Run Sync Results, as per item 2 from the topic Sync Results

  4. Access the menu on the left of the LCC and click on Hosts

  1. Click on the desired Host which will open the Host window.

  2. Click on Tenable Plugins.

  1. Click on the Tenable Plugins tab and search for the number 153588 in the Search field

  1. We can see that the ID 153588 is no longer present in the Plugin ID column.

PreviousSecurity CenterNextUser Management

Last updated