MSL service account

[fcutler]

If a user is created by root in MSL (Border Gateway, NuPoint ver. 10.0.43) and added to the wheel group will this provide appropriate access as a service account for a security/vulnerability scanner? In this case Nexpose. On that note does anyone know what branch of Linux MSL is built off of?

[Navarre]

What are the requirements of such a scanner? I can't possibly answer without knowing that.

MSL is built on CentOS.

[fcutler]

Navarre, the scanner requires access to the whole filesystem. This is what I'm told by the security team involved. Thanks for the info on what MSL is built on, good to know.

[acejavelin]

What kind of scanner is this that it "requires access to the whole filesystem" In most cases, the most that is needed by security teams is to check for vulnerabilities on the public or sometimes internal IP address, or for viruses, the later being (almost) impossible in a Linux based system, especially one that is a closed system with no external file repository other than Mitel.

Not trying to argue with you, but I have worked with government offices, security and fraud companies, international organizations, and no one has said they need access to the entire file system of a Mitel server before... I am curious more than anything.

[fcutler]

Centene Corp. recently bought our company and they are unfamiliar with Mitel systems. The statement came from a security engineer because they are scanning for everything. Even though it's Mitel Linux they want a thorough vulnerability report on the system. I know it's overboard however it's their protocol. Also I am not really an expert myself with Mitel systems so I am not able to fully or eloquently inform or persuade them of the system's security.

[acejavelin]

Fair enough... I would just make a backup of the database and keep a system install DVD or USB drive on hand, never know what they could/might do. It will probably be fine to give them the root login and password, can always change it later.