How to Setup Mac’s For a Nessus Credentialed Patch Scan
Setting up a Mac so that It can be scanned by Nessus using a fully credentialed patch scan is a quick and straight forward process. This guide includes the manual steps required but you can also implement the settings using a centralised RMM tool if you have one.
The process is as follows:
1 . Setup a dedicated administrator account to use with the scan.
2. Enable Remote Login.
3. Setup new SSH credentials in Nessus to use during the scan.
Setup a Dedicated Administrator Account
Go into System Preferences from the Mac Apple menu in the top left corner and click on ‘Users & Groups’.
Click on the Padlock symbol to unlock the settings and press the Plus icon to add a new account.
Set the new account to ‘Administrator’ and set a name and password for it. Use a random password of at least 13 characters. Use the same username and password for each Mac being scanned. After the scan has been fully completed you should remove this account.
Configure Remote Login
No we need to enable remote login so that the scanner can connect and gather information it needs.
Click on Sharing from System Preferences.
Tick Remote Login. and select ‘Only these users’ then remove any existing entries from the list and add the new account created in the previous step.
Setup new SSH credentials in Nessus to use during the scan
Now in Nessus configure a new SSH credential using the same username and password created on the Mac’s being scanned. Set the authentication method to password and leave all other options set to their defaults.
Now when you run the scan you should see a successful fully authenticated patch scan completes.
Hope you found this useful and if you did please comment below.