Troubleshooting Nessus

How to solve various Nessus credentialed audit problems.

When you are trying to use Nessus to perform a credentialed audit of a Linux or Windows host, you may run into an issue where Nessus will not fully perform the credentialed audit.

You may see an error like this:

Nessus "Authentication Failure" error.

Don't worry! Here's a list of things you can do to prevent this error and perform the full scan.

Windows

Windows Firewall

If you're scanning a Windows host, one of the most likely blockers is Windows Firewall.

Firewall settings.

On the Windows host, firstly open the firewalls "inbound rules" settings, shown above

Then ALLOW all services for ports 137, 139 and 445

All ports using 137.
All ports using 139.
All ports using 445.

Windows Services

If you're scanning a Windows host, another likely blocker is a Windows service not running. There are two services that need to be running, so open up Windows services and lets search:

The first service you need to check is the "Remote Registry" service:

Remote Registry service is running.

If the service is not running, double click it and select startup type "disabled". Then press "start"

Starting the Remote Registry service.

The second service you need to check is the "WMI" service:

WMI service is running.

Registry Keys and Local Security Policy

If you're scanning a Windows host, another likely blocker is registry keys. There are two keys that sometimes need to be set, so open up regedit and let's set them:

The first registry key is:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\LanmanServer\Parameters\SmbServerNameHardeningLevel = 1

Setting SmbServerNameHardeningLevel to 1.

The next registry key is:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\LocalAccountTokenFilterPolicy = 1

Setting LocalAccountTokenFilterPolicy to 1.

Finally, go to the Local Security Policy show below and set "Server SPN target name validation level" to "Required from client":

Local Security Policy settings.

SMB 1.0

If you're scanning a Windows host, an unlikely blocker is the SMB v1 service not running. This should never be a problem but it's something to try. To turn SMBv1 on, go to Windows Features and check the "SMB 1.0/CIFS File Sharing Support" box:

Enabling SMB1.0.

Linux

SUDO vs Root

To perform a nessus audit on Linux, the user must be root or in the SUDO group, Take a look at /etc/sudoers to ensure the user you are using is present.

pentest user has full "ALL" access to the host.

SSHD_CONFIG

To perform a nessus audit on Linux, Nessus needs to login using SSH. Take a look at the following file to ensure that there are no blockers etc/ssh/sshd_config mentioned below:

If your user is the root user, "PermitRootLogin" must be set to "yes":

PermitRootLogin set to yes.

If you are trying to login with a password, "PasswordAuthentication" must be set to "yes":

Password authentication set to yes.

Hosts.Allow

To perform a nessus audit on Linux, Nessus needs to login using SSH. There is a file called etc/hosts.allow that is sometimes used on Linux hosts to restrict access. In this instance, you will need to set the IP Address of the connecting Nessus host in this file:

Setting nessus IP address.

If you want to see these tips in practice, take a look at the video below:

Last updated