How do I set up my VM for authenticated vulnerability scanning?
On Linux systems, a normal user login (without root privileges) is required. The authentication is done with a SSH key stored on the GSM server. All VMs of the service level PaaS, as well as VMs of the service level IaaS provided after 11.05.2018, already have the necessary user login since the time of their creation: zih-gsm. On Linux VMs of the IaaS service level that were created before May 11, 2018, the login can be set up subsequently by simply installing an additional software package:
Alternatively, the login can also be created manually - for example with the command adduser zih-gsm. Then the following SSH public key must be stored in the user's HOME directory under ~/.ssh/authorized_keys:
credential-zih-gsm.pub
SHA256 Checksum: 8d0edcef351bf767a4bdf62c7b589fdc1f0b97e3c8fb02bf03d7908b2b0f454a
ZIH recommends that this check be set up on all self-administered IaaS VMs. For Windows VMs, an authenticated vulnerability scan is currently not yet possible.