Hello everyone. Please tell me where I can read what tests (commands) the scanner runs on Linux servers during scanning with authentication?
And what is the difference between using a user with root access and an unprivileged one? I really don’t want to give root access
See this Section 10.3.2 Using Credentials in the documentation. Among other things it says:
If elevated SSH credentials are configured, the default SSH credentials are only used for logging in on the target system. The elevated credentials are used for the scan.
Vulnerability tests (VTs) that are conducted during authenticated scans are known as Local Security Checks (LSC). There are some VT families that only contain LSC, you can see them from the SecInfo Portal NVT page viewing the charts at the top - hover to see the name, click to see the VTs. The SecInfo page is also availble in Greenbone look in menu.
These family name are also used to customize/edit VTs in the Scan Configuration edit view. So, you can have a good idea from these family tests. However, some LSC are in other famlies such as Policy , and Windows Bulletins and more.
If you have file access, and want to see the plugin files, you can grep for certain attributes of the .nasl files that are commonly used for local security checks such as:
┌──(kali㉿kali)-[/var/lib/openvas/plugins]
└─$ grep -r 'smb_nt.inc' /var/lib/openvas/plugins | wc -l
4256
$ grep -r 'SMB/' /var/lib/openvas/plugins | wc -l
6813
$ grep -r 'ssh/login' /var/lib/openvas/plugins | wc -l
44854
$ grep -r 'Local Security Checks' /var/lib/openvas/plugins | wc -l
60308