FD
Recently had a request to add a non-root/out of the box root user for some Nessus scans recently. For ESXi hosts it’s a process of creating a localuser and running the contents of the below in a Powershell Script.
$esx_hosts = Get-VMHost | where {$_.ConnectionState -ne “NotResponding”}
foreach ($esx_host in $esx_hosts) {
Write-Host $esx_host -ForegroundColor Green
$esxcli = Get-EsxCli -VMhost $esx_host -V2
$arguments1 = $esxcli.system.account.add.CreateArgs()
$arguments1.id = ‘<INSERT “USERNAME” Here>’
$arguments1.password = ‘<INSERT 20 Char Password Here>’
$arguments1.passwordconfirmation = ‘<INSERT 20 Char Password Here>’
$arguments1.description = ‘Tenable user’
$esxcli.system.account.add.Invoke($arguments1)
$arguments2 = $esxcli.system.permission.set.CreateArgs()
$arguments2.id = ‘<Username>’
$arguments2.role = ‘Admin’
$esxcli.system.permission.set.Invoke($arguments2)
}
Virtual Apps (VCSA, VROPS, VRLIA etc)
Log in as root user and run these from the console.
useradd <Username>
mkdir /home/<Username>
chown tenable /home/<username>
usermod -G root,wheel <username>
passwd tenable ‘<INSERT 20 Char Password Here>’