Nessus

From SME Server
Revision as of 15:29, 10 May 2010 by Timn (talk | contribs)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to navigationJump to search

Nessus®

Introduction

From http://www.nessus.org/nessus/:
The Nessus® vulnerability scanner, is the world-leader in active scanners, featuring high speed discovery, configuration auditing, asset profiling, sensitive data discovery and vulnerability analysis of your security posture. Nessus® scanners can be distributed throughout an entire enterprise, inside DMZs, and across physically separate networks.

When Nessus is managed with Tenable's Security Center, an enterprise can perform full life-cycle vulnerability and configuration management. Organizations can communicate recommendations to the responsible parties, track remediations, and verify security patches and required configurations.

Nessus is supported by a world renowned research team and has the largest vulnerability knowledge base, making it suitable for even the most complex environments.

Nessus can be used to scan remote hosts, to make sure that your publicly available servers are secure from the latest security vulnerabilities; it can also be run against your local hosts, to verify Windows patch installation, or look for signs of compromised system on your local network.

Installation

Nessus is split into two pieces - the Nessus server and the Nessus client. This procedure will guide you through the installation of the server on your SME 7.x system, and of the client on your windows workstation.

Server Installation

NOTE: This file cannot be downloaded using "wget" or "curl", so you will have to download it using a browser that will allow you to fill out the registration information, then move it to an appropriate location on your SME server, such as /root/addons.

  • Install using the commands below (takes about 7 minutes on a P4 2.8GHz)
cd /root/addons (or whatever directory you chose to hold the Nessus rpm)
rpm -Uvh Nessus-3.0.6-es4.i386.rpm 

After rpm finishes, you will be shown the following post-installation instructions:

- Please run /opt/nessus//sbin/nessus-add-first-user to add an admin user
- Register your Nessus scanner at http://www.nessus.org/register/ to obtain
  all the newest plugins
- You can start nessusd by typing /sbin/service nessusd start
  • Please run /opt/nessus//sbin/nessus-add-first-user to add an admin user

Create the first user by running the command listed below. You will be prompted to supply a username and password; be sure to select a secure password! (Note: it is possible to configure Nessus to use SSL certificates for authentication. This topic is not covered in this document)

/opt/nessus//sbin/nessus-add-first-user


You have already registered, as you were required to do so before download. You should by now have received your registration confirmation email containing your registration ID.

The registration email will include the command required to register your copy of Nessus with Tenable in order to get free plugin updates.

Each registration ID is only good for one registration; you will need to register with Tenable if you install the same download on an additional servers.

Note: Registration allows you to download Tenable's Free plugin updates, which are delayed by 7 days behind paid update subscriptions. If you want immediate access to the latest plugins at all times you need to purchase a direct feed subscription (currently $1200 per year).


The actual registration command will be similar to:

/opt/nessus/bin/nessus-fetch --register 1234-5678-9012-3456-7890


  • You can start nessusd by typing /sbin/service nessusd start

This is inaccurate. The actual command required to start Nessus on your SME is shown below, and takes about 7 minutes on a P4 2.8GHz:

/opt/nessus//sbin/nessusd -D


  • Configure nessus to start at system boot:
echo '#! /bin/sh
/opt/nessus//sbin/nessusd -D' > /etc/e-smith/events/local/S95nessusd
chmod 555 /etc/e-smith/events/local/S95nessusd

Nessus will now start automatically at each reboot, or you can start it manually using

signal-event local


Client Installation

  • Download the client you wish to use (Windows or Linux) from the Tenable download site (the instructions below apply to the Windows client).
  • Install the downloaded package
  • Start the newly installed program
  • Add a "Connection" to the Nessus server installation on your SME server
    • Click "Connect" in the lower left corner of the Nessus Client
    • Click + to add a new connection
    • Enter the desired connection name, the hostname or IP address by which your client can access your SME server, and the login and password that you created during the Nessus server installation. Leave the "Port" unchanged at 1241 unless you need to change it for personal reasons.
    • Click Save
    • Highlight your new connection and click "Connect"

You are now ready to start scanning either local or remote systems for security vulnerabilities.

Operation

At its simplest, Nessus can be used to perform a "Default scan policy" scan of any host as follows:

  • Click the + below the "Network(s) to scan:" window
  • Enter a hostname, ip address, ip range, network/subnet combination, or the name of a text file containing the host(s) you want to scan.
  • Highlight the "Default scan policy" in the "Select a scan policy:" window
  • Click on "Scan Now"

Once you have run a scan, you can export the results in HTML format for delivery to clients (or others).

Learn more about using Nessus from the Advanced User's Guide


Warning.png Warning:
Some of the nessus scan options can cause the host being scanned to lock up (these options are all disabled by default).

Nessus is designed to use all available network bandwidth. Incautious scanning of a large number of hosts may saturate your Internet connection, or even your local area network (if your Nessus server is fast enough)


References