API tools faq
paste
Advertisement
itnetsec

Setting up a Nessus server for vulnerability scanning

itnetsec
Dec 3rd, 2011
335
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 5.68 KB | None | 0 0
raw download clone embed print report
  1. #Written by Michael Wood
  2. #Date 12-3-2011
  3. Nessus is a powerful, up-to-date and easy to use network security scanner. It is currently rated among the top products of its type throughout the security industry and is endorsed by professional information security organizations such as the SANS Institute. Nessus allows you to remotely audit a given network and determine if it has been broken into or misused in some way. Nessus also provides the ability to locally audit a specific machine for vulnerabilities, compliance specifications, content policy violations and more.
  4.  
  5. More information located here: http://www.nessus.org/products/nessus
  6.  
  7. So, now you know what Nessus is and what it does we are going to setup the server side of it on an Ubuntu Linux machine. Then we can access the web interface from any web browser that supports Flash.
  8.  
  9. Go here http://www.nessus.org/products/nessus/nessus-download-agreement and "Accept" the agreement. You will be redirected to download the package for your operating system. I chose "Nessus-4.4.1-ubuntu1010_amd64.deb" for obvious reasons. If you have an x86 operating system download the x86 package. Pretty easy, huh?
  10.  
  11. Next, you need to register for an "Activation code". Browse here http://www.nessus.org/products/nessus/nessus-plugins/obtain-an-activation-code
  12. Choose the "Home" option. You are more than welcome to choose the "Professional" feed if you have $590-$4,790. The Professional feed is pretty bad ass though. It includes plugins for SCADA vulnerability checks to detect and audit Control System devices (Remember Stuxnet?) and a plethora of others.
  13.  
  14. Ok, so after you have clicked the link above go ahead and register for the "Home Feed". Fill out your name and email address. You will receive an email in a few moments with the activation code. Later on in this tutorial we will register the activation code in the program.
  15.  
  16. Lets begin the install of Nessus. You have the installation package you downloaded, right? I downloaded mine from a Windows machine and uploaded it via SFTP to my Linux box.
  17.  
  18. Via SSH I'll begin the install process. The file "Nessus-4.4.1-ubuntu1010_amd64.deb" is located, on my server, at /home/mwood.
  19. cd /home/mwood
  20.  
  21. Run this command:
  22. sudo dpkg -i Nessus-4.4.1-ubuntu1010_amd64.deb <---Replace the filename with whatever version you downloaded x86 or x64
  23.  
  24. Output from running the above command:
  25. Selecting previously deselected package nessus.
  26. (Reading database ... 94106 files and directories currently installed.)
  27. Unpacking nessus (from Nessus-4.4.1-ubuntu1010_amd64.deb) ...
  28. Setting up nessus (4.4.1) ...
  29. nessusd (Nessus) 4.4.1 [build M15078] for Linux
  30. (C) 1998 - 2011 Tenable Network Security, Inc.
  31.  
  32. Processing the Nessus plugins...
  33. [##################################################]
  34.  
  35. All plugins loaded
  36.  
  37. - Please run /opt/nessus/sbin/nessus-adduser to add a user
  38. - Register your Nessus scanner at http://www.nessus.org/register/ to obtain
  39. all the newest plugins
  40. - You can start nessusd by typing /etc/init.d/nessusd start
  41.  
  42. Processing triggers for ureadahead ...
  43.  
  44.  
  45. Now we need to register our activation code to use with Nessus. Run this command:
  46. /opt/nessus/bin/nessus-fetch --register XXXX-XXXX-XXXX-XXXX-XXXX <---Replace the X's with your activation code
  47.  
  48. Output from running the above command:
  49. Your activation code has been registered properly - thank you.
  50. Now fetching the newest plugin set from plugins.nessus.org...
  51. Your Nessus installation is now up-to-date.
  52. If auto_update is set to 'yes' in nessusd.conf, Nessus will
  53. update the plugins by itself.
  54.  
  55. Make sure it registed correctly. You should see Home Feed (Non-commercial use only):
  56. sudo cat /opt/nessus/lib/nessus/plugins/plugin_feed_info.inc
  57.  
  58. Output from the above command:
  59. PLUGIN_SET = "201112022238";
  60. PLUGIN_FEED = "HomeFeed (Non-commercial use only)";
  61.  
  62. You can change additional configuration settings in the /opt/nessus/etc/nessus/nessusd.conf file
  63.  
  64. We need to add a user, so run this command:
  65. sudo /opt/nessus/sbin/nessus-adduser
  66.  
  67. It will ask you for a Login name and password. Choose whatever you want here. It will then ask you if you want the new user you just created to be an Admin user, choose "Y".
  68.  
  69. Output from the add-user command:
  70. Login :
  71. Login password :
  72. Login password (again) :
  73. Do you want this user to be a Nessus 'admin' user ? (can upload plugins, etc...) (y/n) [n]:
  74. User rules
  75. ----------
  76. nessusd has a rules system which allows you to restrict the hosts
  77. that <username you chose> has the right to test. For instance, you may want
  78. him to be able to scan his own host only.
  79.  
  80. Please see the nessus-adduser manual for the rules syntax
  81.  
  82. Enter the rules for this user, and enter a BLANK LINE once you are done :
  83. (the user can have an empty rules set)
  84.  
  85.  
  86.  
  87. Login : username you chose
  88. Password : ***********
  89. This user will have 'admin' privileges within the Nessus server
  90. Rules :
  91. Is that ok ? (y/n) [y]
  92.  
  93. Update the plugins:
  94. sudo /opt/nessus/sbin/nessus-update-plugins
  95.  
  96. Start the Nessus service daemon:
  97. sudo /etc/init.d/nessusd start
  98.  
  99. Let's take a gander at the web interface now. The Nessus User Interface (UI) is a web-based interface to the Nessus scanner that is made up of a simple HTTP server and web client, requiring no software installation apart from the Nessus server.
  100.  
  101. Browse to https://[server IP]:8834
  102.  
  103. Continue by adding the security certificate to the exceptions list. Now login with the user account you created earlier. Just remember before you run any scans make sure to update the plugin cache:
  104. sudo /opt/nessus/sbin/nessus-update-plugins
  105.  
  106. Additional information can be located here:
  107. http://static.tenable.com/documentation/nessus_4.4_user_guide.pdf
  108.  
  109. Have Fun!
  110.  
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!