Forum Discussion
Marvin
Cirrocumulus
Cirrocumulusenable read-only bash access for guest user
For Rapid7 vulnerability scanner a user account is needed to be able to retrieve several information from F5 including certain files that needs to be listed and checked by this tool. This scan will be performed on a monthly recurrent basis.
We dont want to grant administrator role access on the F5 Big IP but a better solution would be to have Guest access or auditor read only access with advanced bash shell (limited to only listing commands).
Is there a way to create a local user on the F5 Big IP with limited advanced shell bash access and how?
MarvinThe requirement is to read the following information
It should connect as a user that has access to the standard shell. It must be able to perform these commands:
ifconfig
java
sha1
sha1sum
md5
md5sum
awk
grep
egrep
cut
id
ls
unzip
Then for F5 it will also need:
"version", "show", or "tmsh show sys version"
In regards to file access, the account will need will need to be able to get to any of these, if they exist in your instance:
/etc/group
/etc/passwd
grub.conf
menu.lst
lilo.conf
syslog.conf
/etc/permissions
/etc/securetty
/var/log/postgresql
/etc/hosts.equiv
.netrc
'/', '/dev', '/sys', and '/proc' "/home" "/var" "/etc"
/etc/master.passwd
sshd_config
rparikhNimbostratus
Were you able to find a solution for this? I too need to provide a guest user with shell access.