xkln.net

Installing, Updating and Running Nessus

Posted on April 09, 2014

Nessus is free and open source vulnerability scanner. With some 16,000 plugins it can scan pretty much anything and come up with useful information. On Unix- like systems, Nessus is based upon the client-server model, consisting of nessusd, the daemon and nessus, the client. This is written for FreeBSD, but should work on other BSD/Linux distros without changing anything but the paths and installation commands.

Installation, Configuring and Updating

cd /usr/ports/security/nessus
make install clean
make cert

To download the latest plugins (each plugin runs tests against a specific vulnerability), register at nessus.org. Once you receive your activation code run /usr/local/bin/nessus-fetch --register [activation-code]. This will automatically update the plugins. To perform a manul update, run /usr/local/bin/nessus-fetch --plugins. This will download a .tar into your current directory, the plugins need to be extracted into /usr/local/lib/nessus/plugins. Add a user for Nessus: `

/usr/local/bin/nessus-adduser

At this point, a target file which specifies which hosts will be scanned needs to be created.

vim /root/nessus.targets

The syntax is rather flexible, it accepts one IP per line, CIDR notation (192.168.1.1/24) to scan an whole subnet, from-to (10.1.1.1-10.1.1.25) notation, and IPs separated by commas. Once finished, start the nessud daemon:

/usr/local/sbin/nessusd -D

` You should see something like Loading the plugins… 2040 (out of 15651).

Performing a Vulnerability Scan

To perform the scan and generate the results as a .html file use the following syntax: `

nessus -T [format] [host] [port] [user] [password] [targets-file] [result-file]

eg:

nessus -T html localhost 1241 nessususer password123 /root/nessus.targets /home/www/nessus.html

` Port 1241 is the default Nessus port. To keep things simple, set the paranoia level to 1 when prompted.

Centos 5 Notes

The rpm package will have to be downloaded and installed manually from the download page on nessus.org.

The default installation path is /opt/nessus/.
The config file location is /opt/nessus/etc/nessus/nessusd.conf.
To create a user: /opt/nessus/sbin/nessus-add-first-user.
To register: /opt/nessus/bin/nessus-fetch –register [activation-code].
To update: /opt/nessus/sbin/nessus-update-plugins.
Start nessud: service nessusd start.

If you enjoyed this post consider sharing it on , , , or , and .

© 2008-2024, xkln.net