When you are trying to use Nessus to perform a credentialed audit of a Linux or Windows host, you may run into an issue where Nessus will not fully perform the credentialed audit.

You may see an error like this:

Don't worry! Here's a list of things you can do to prevent this error and perform the full scan.

Windows

Windows Firewall

If you're scanning a Windows host, one of the most likely blockers is Windows Firewall.

On the Windows host, firstly open the firewalls "inbound rules" settings, shown above

Then ALLOW all services for ports 137, 139 and 445

Windows Services

If you're scanning a Windows host, another likely blocker is a Windows service not running. There are two services that need to be running, so open up Windows services and lets search:

The first service you need to check is the "Remote Registry" service:

If the service is not running, double click it and select startup type "disabled". Then press "start"

The second service you need to check is the "WMI" service:

Registry Keys and Local Security Policy

If you're scanning a Windows host, another likely blocker is registry keys. There are two keys that sometimes need to be set, so open up regedit and let's set them:

The first registry key is:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\LanmanServer\Parameters\SmbServerNameHardeningLevel = 1

The next registry key is:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\LocalAccountTokenFilterPolicy = 1

Finally, go to the Local Security Policy show below and set "Server SPN target name validation level" to "Required from client":

SMB 1.0

If you're scanning a Windows host, an unlikely blocker is the SMB v1 service not running. This should never be a problem but it's something to try. To turn SMBv1 on, go to Windows Features and check the "SMB 1.0/CIFS File Sharing Support" box:

Linux

SUDO vs Root

To perform a nessus audit on Linux, the user must be root or in the SUDO group, Take a look at /etc/sudoers to ensure the user you are using is present.

SSHD_CONFIG

To perform a nessus audit on Linux, Nessus needs to login using SSH. Take a look at the following file to ensure that there are no blockers etc/ssh/sshd_config mentioned below:

If your user is the root user, "PermitRootLogin" must be set to "yes":

If you are trying to login with a password, "PasswordAuthentication" must be set to "yes":

Hosts.Allow

To perform a nessus audit on Linux, Nessus needs to login using SSH. There is a file called etc/hosts.allow that is sometimes used on Linux hosts to restrict access. In this instance, you will need to set the IP Address of the connecting Nessus host in this file:

If you want to see these tips in practice, take a look at the video below: