Installing, Updating and Running Nessus
Posted on April 09, 2014
- and tagged as
- security
Nessus is free and open source vulnerability scanner. With some 16,000 plugins it can scan pretty much anything and come up with useful information. On Unix- like systems, Nessus is based upon the client-server model, consisting of nessusd, the daemon and nessus, the client. This is written for FreeBSD, but should work on other BSD/Linux distros without changing anything but the paths and installation commands.
Installation, Configuring and Updating
cd /usr/ports/security/nessus
make install clean
make cert
To download the latest plugins (each plugin runs tests against a specific
vulnerability), register at nessus.org. Once you
receive your activation code run /usr/local/bin/nessus-fetch --register
[activation-code]
. This will automatically update the plugins. To perform a
manul update, run /usr/local/bin/nessus-fetch --plugins
. This will download
a .tar into your current directory, the plugins need to be extracted into
/usr/local/lib/nessus/plugins
. Add a user for Nessus: `
/usr/local/bin/nessus-adduser
At this point, a target file which specifies which hosts will be scanned
needs to be created.
vim /root/nessus.targets
The syntax is rather flexible, it accepts one IP per line, CIDR notation
(192.168.1.1/24) to scan an whole subnet, from-to (10.1.1.1-10.1.1.25)
notation, and IPs separated by commas. Once finished, start the nessud daemon:
/usr/local/sbin/nessusd -D
` You should see something like Loading the plugins… 2040 (out of 15651).
Performing a Vulnerability Scan
To perform the scan and generate the results as a .html file use the following syntax: `
nessus -T [format] [host] [port] [user] [password] [targets-file] [result-file]
eg:
nessus -T html localhost 1241 nessususer password123 /root/nessus.targets /home/www/nessus.html
` Port 1241 is the default Nessus port. To keep things simple, set the paranoia level to 1 when prompted.
Centos 5 Notes
The rpm package will have to be downloaded and installed manually from the download page on nessus.org.
The default installation path is /opt/nessus/
.
The config file location is /opt/nessus/etc/nessus/nessusd.conf
.
To create a user: /opt/nessus/sbin/nessus-add-first-user
.
To register: /opt/nessus/bin/nessus-fetch –register [activation-code]
.
To update: /opt/nessus/sbin/nessus-update-plugins
.
Start nessud: service nessusd start
.