Nessus is a vulnerability scanner that can scan a target network or a node to seek vulnerabilities, such as software bugs and backdoors. This program was developed by Renaud Deraison.
Hire Bobcares Linux Server Administrators
Get super reliable servers and delighted customers
Installation
To get Nessus installed on RedHat 9, you need to have the following RPMs installed in your system :
- sharutils-4.2.1-14.i386.rpm
- glib-devel-1.2.10-10.i386.rpm
- freetype-devel-2.1.3-6.i386.rpm
- fontconfig-devel-2.1-9.i386.rpm
- XFree86-devel-4.3.0-2.i386.rpm
- gtk+-devel-1.2.10-25.i386.rpm
- gdk-pixbuf-0.18.0-7.i386.rpm
- OpenSSL
Usually you may find these RPMs on the RedHat 9 installation CD. Make sure that you have installed OpenSSL (latest version can be found at www.openssl.org) before installing Nessus.
Installing Nessus RPMs
Install the following RPMs
nessus-client-1.2.7-fr1.i386.rpm nessus-server-1.2.7-fr1.i386.rpm
nessus-common-1.2.7-fr1.i386.rpm nessus-devel-1.2.7-fr1.i386.rpm
You can download these rpms from the URL http://www.nessus.org/download/
Create a nessusd account
The nessusd server has its own users database, each user having a a set of restrictions. This allows you to share a single nessusd server for a whole network and different administrators who will only test their part of the network.
The utility nessus-adduser takes care of the creation of a new account :
# nessus-adduser Addition of a new nessusd user Login : renaud Authentication (pass/cert) [pass] : pass Password : secret
User rules
nessusd has a rules system that restrict Hosts to renaud2. For instance, you may want him to be able to scan his own host only.
Check out the nessus-adduser man page for the rules syntax.
Enter the rules for this user, and hit ctrl-D once you are done : (the user can have an empty rules set)
deny 10.163.156.1 accept 10.163.156.0/24 default deny Login : renaud Password : secret DN : Rules : deny 10.163.156.1 accept 10.163.156.0/24 default deny Is that ok (y/n) ? [y] y user added.
Configure your nessus daemon
The file /usr/local/etc/nessus/nessusd.conf or /etc/nessus/nessusd.conf, allows you to set several options for nessusd. Typically this is where you can specify the resources you want nessusd to use, the speed at which it should read data, and so on… Note that if you don’t have a nessusd.conf file, nessusd will create one for you !
Start nessusd
Once all of this is done, you can safely start nessusd as root
nessusd -D
Client configuration
In the first step, we saw how to configure nessusd. Now, lets connect to it as a simple user.
Fire up nessus by typing the command nessus in the terminal
#nessus
Click on Login, since this setup is correct. If you haven’t connected to this server prior, it will show its certificate and prompt for acceptance. If you want to avoid man-in-the-middle attacks, you should configure the client so that it uses a recognized Certificate Authority to check SSL keys. You can configure the ssl cert certificate by issuing a command nessus-mkcert. Once connected, the Log in button changes to Log out, and a Connected label appears at its left.
Let it perform all the security checks, except the Denial of Service attacks, because that can cause hosts to crash. Clicking on a plugin name will pop up a window explaining what the plugin does.
You can give extra information to some security checks, so that the audit is comprehensive. For instance, if you enter a SMB login and account to nessusd, then you will be given local information about the remote Windows host (such as the missing security patches). Many options can be set through this panel.
Nessuss Scan options
I can choose which port scanner I want to use, how many hosts I want to have scanned at the same time, and how many plugins I want to run in parallel against each host. If I were to scan a firewalled web server, I could check the option “consider unscanned ports as closed” and only specify to scan port 80 – this would greatly speed up the scan.
Define the targets
The hosts of my local network are using private IP adresses. So entering ‘192.168.0.1-192.168.0.254’ is fine. I do not check the ‘Perform a DNS transfer zone’ option, since it would make DNS transfer on fr.nessus.org and nessus.org, and it would be useless, since it would not gain any new hosts.
I could use the following options to define my targets:
192.168.0.1 – A single IP address.
192.168.0.1-254 – A range of IP addresses.
192.168.0.1-192.168.0.254 – Another range of IP addresses.
192.168.0.1/24 – Again a range of IP addresses in CIDR notation.
hope.fr.nessus.org – A hostname in Full Qualified Domain Name notation.
hope – A hostname (as long as it is resolvable on the server).
prof – 192.168.0.1/24, Any combination of the formentioned forms seperated by a comma.
Start the scan
After the scan is over, the report window pops up and you can see all vulnerabilities on the target system.
About the author:
Shivin S. Hameed has worked in Bobcares.com as a Technical Support Engineer for the last 1.5 years
0 Comments