Question

Accounts for security scans

  • 18 April 2023
  • 2 replies
  • 39 views

Hi, I’m new to Nutanix, coming from the vSphere world.

I am working on getting our new Nutanix infrastructure set up to run Qualys scans for security.  I have been looking at the following document:

https://portal.nutanix.com/page/documents/kbs/details?targetId=kA07V000000LXYqSAO

I am getting stuck at determining which accounts to use to set up authentication, so that Qualys can run its scans on the Hypervisors, CVMs, and Prism Central appliances.  My research shows that adding new accounts via the OS to these components is not supported.  Does that mean that Qualys then has to log in as root, nutanix, and admin respectively, to scan these components?  Or am I looking in the wrong place for the Qualys account to be set up, to scan for vulnerabilities and compliance?  I feel like I'm missing something here.  Thanks!
 


This topic has been closed for comments

2 replies

Userlevel 6
Badge +8

Yes, adding accounts is not supported. You should setup cluster lockdown so that they can use a keypair to authenticate. 

Thanks, JeroenTielen!  I appreciate the quick response.  I did notice the Cluster Lockdown feature.  It sounds like you would create just one key for the cluster, and it would be used in lieu of the “nutanix” username and password for the CVMs, correct?  And then the individuals and services that would need to log into the CVMs would have that key, and could then ssh to the hypervisors if needed through the CVMs.  I’m just trying to picture how it’s supposed to be working.