Forum Discussion

Marvin's avatar
Marvin
Icon for Cirrocumulus rankCirrocumulus
Jul 30, 2019

enable read-only bash access for guest user

For Rapid7 vulnerability scanner a user account is needed to be able to retrieve several information from F5 including certain files that needs to be listed and checked by this tool. This scan will be performed on a monthly recurrent basis.

 

We dont want to grant administrator role access on the F5 Big IP but a better solution would be to have Guest access or auditor read only access with advanced bash shell (limited to only listing commands).

 

Is there a way to create a local user on the F5 Big IP with limited advanced shell bash access and how?

 

 

2 Replies

  • Marvin's avatar
    Marvin
    Icon for Cirrocumulus rankCirrocumulus

    The requirement is to read the following information

    It should connect as a user that has access to the standard shell. It must be able to perform these commands:

     

    ifconfig

    java

    sha1

    sha1sum

    md5

    md5sum

    awk

    grep

    egrep

    cut

    id

    ls

    unzip

     

    Then for F5 it will also need:

     

    "version", "show", or "tmsh show sys version"

     

    In regards to file access, the account will need will need to be able to get to any of these, if they exist in your instance:

     

    /etc/group

    /etc/passwd

    grub.conf

    menu.lst

    lilo.conf

    syslog.conf

    /etc/permissions

    /etc/securetty

    /var/log/postgresql

    /etc/hosts.equiv

    .netrc

    '/', '/dev', '/sys', and '/proc' "/home" "/var" "/etc"

    /etc/master.passwd

    sshd_config

  • Were you able to find a solution for this? I too need to provide a guest user with shell access.