Difference between revisions of "Nessus"
(Nessus Security Scanner installation) |
m |
||
Line 99: | Line 99: | ||
---- | ---- | ||
[[Category:Howto]] | [[Category:Howto]] | ||
+ | [[Category:Administration:Monitoring]] |
Latest revision as of 15:29, 10 May 2010
Nessus®
Introduction
From http://www.nessus.org/nessus/:
The Nessus® vulnerability scanner, is the world-leader in active scanners, featuring high speed discovery, configuration auditing, asset profiling, sensitive data discovery and vulnerability analysis of your security posture. Nessus® scanners can be distributed throughout an entire enterprise, inside DMZs, and across physically separate networks.
When Nessus is managed with Tenable's Security Center, an enterprise can perform full life-cycle vulnerability and configuration management. Organizations can communicate recommendations to the responsible parties, track remediations, and verify security patches and required configurations.
Nessus is supported by a world renowned research team and has the largest vulnerability knowledge base, making it suitable for even the most complex environments.
Nessus can be used to scan remote hosts, to make sure that your publicly available servers are secure from the latest security vulnerabilities; it can also be run against your local hosts, to verify Windows patch installation, or look for signs of compromised system on your local network.
Installation
Nessus is split into two pieces - the Nessus server and the Nessus client. This procedure will guide you through the installation of the server on your SME 7.x system, and of the client on your windows workstation.
Server Installation
- Download the latest "es4" version of the Nessus application from http://www.nessus.org/download/nessus_download.php (as of 3/2/2008, this is Nessus-3.0.6-es4.i386.rpm).
NOTE: This file cannot be downloaded using "wget" or "curl", so you will have to download it using a browser that will allow you to fill out the registration information, then move it to an appropriate location on your SME server, such as /root/addons.
- Install using the commands below (takes about 7 minutes on a P4 2.8GHz)
cd /root/addons (or whatever directory you chose to hold the Nessus rpm) rpm -Uvh Nessus-3.0.6-es4.i386.rpm
After rpm finishes, you will be shown the following post-installation instructions:
- Please run /opt/nessus//sbin/nessus-add-first-user to add an admin user - Register your Nessus scanner at http://www.nessus.org/register/ to obtain all the newest plugins - You can start nessusd by typing /sbin/service nessusd start
- Please run /opt/nessus//sbin/nessus-add-first-user to add an admin user
Create the first user by running the command listed below. You will be prompted to supply a username and password; be sure to select a secure password! (Note: it is possible to configure Nessus to use SSL certificates for authentication. This topic is not covered in this document)
/opt/nessus//sbin/nessus-add-first-user
- Register your Nessus scanner at http://www.nessus.org/register/ to obtain all the newest plugins
You have already registered, as you were required to do so before download. You should by now have received your registration confirmation email containing your registration ID.
The registration email will include the command required to register your copy of Nessus with Tenable in order to get free plugin updates.
Each registration ID is only good for one registration; you will need to register with Tenable if you install the same download on an additional servers.
Note: Registration allows you to download Tenable's Free plugin updates, which are delayed by 7 days behind paid update subscriptions. If you want immediate access to the latest plugins at all times you need to purchase a direct feed subscription (currently $1200 per year).
The actual registration command will be similar to:
/opt/nessus/bin/nessus-fetch --register 1234-5678-9012-3456-7890
- You can start nessusd by typing /sbin/service nessusd start
This is inaccurate. The actual command required to start Nessus on your SME is shown below, and takes about 7 minutes on a P4 2.8GHz:
/opt/nessus//sbin/nessusd -D
- Configure nessus to start at system boot:
echo '#! /bin/sh /opt/nessus//sbin/nessusd -D' > /etc/e-smith/events/local/S95nessusd chmod 555 /etc/e-smith/events/local/S95nessusd
Nessus will now start automatically at each reboot, or you can start it manually using
signal-event local
Client Installation
- Download the client you wish to use (Windows or Linux) from the Tenable download site (the instructions below apply to the Windows client).
- Install the downloaded package
- Start the newly installed program
- Add a "Connection" to the Nessus server installation on your SME server
- Click "Connect" in the lower left corner of the Nessus Client
- Click + to add a new connection
- Enter the desired connection name, the hostname or IP address by which your client can access your SME server, and the login and password that you created during the Nessus server installation. Leave the "Port" unchanged at 1241 unless you need to change it for personal reasons.
- Click Save
- Highlight your new connection and click "Connect"
You are now ready to start scanning either local or remote systems for security vulnerabilities.
Operation
At its simplest, Nessus can be used to perform a "Default scan policy" scan of any host as follows:
- Click the + below the "Network(s) to scan:" window
- Enter a hostname, ip address, ip range, network/subnet combination, or the name of a text file containing the host(s) you want to scan.
- Highlight the "Default scan policy" in the "Select a scan policy:" window
- Click on "Scan Now"
Once you have run a scan, you can export the results in HTML format for delivery to clients (or others).
Learn more about using Nessus from the Advanced User's Guide
References
- Tenable Network Security Homepage
- Nessus downloads
- Nessus Installation Guide
- Nessus Advanced User's Guide