Prior to running a vulnerability scan such as Nessus, Qualys Rapid7, etc., it is recommended that the following steps be taken:
Ensure that you are running the most recent service pack and patch level available. Service packs and patches are available for download on RSA Link. Please follow all documentation on how to install software updates. Failure to do so can cause damage to the system, such as breaking replication.
Turn off SSH access to the server through the Operations Console (Administration > Operating System Access). SSH should only be enabled when it is absolutely required for maintenance.
Run the Authentication Manager server in single user mode. The Authentication Manager server is a hardened device and is designed to have one user (that is, the rsaadmin user).
Note that during Quick Setup another user name may have been selected. If that is the case, use that user name.
It is not recommended to have additional users on the server. Please refer to your scan software’s documentation on how to run a scan using the rsaadmin account.