Security scan using Nessus

sysconfig · Nov 3, 2006

Nessus is a free program released under the GPL. It is a great tool designed to automate the testing and discovery of known security problems.

One of the very powerful features of Nessus is its client server technology. Servers can be placed at various strategic points on a network allowing tests to be conducted from various points of view.

Nessus is made up of two parts - a client and a server. You need a Unix-like system to use the server (Linux is just fine).

First : download and install nessusd and nessus
Second : create a nessusd account

Installation:

Download Nessus and related component from the URL: http://www.nessus.org/download/ to particular directory:

* nessus-libraries-x.x.tar.gz
* libnasl-x.x.tar.gz
* nessus-core.x.x.tar.gz
* nessus-plugins.x.x.tar.gz
Click to expand...

Now, you need compile the related tool in order to install it in your linux system.

Extract the downloaded component using command:

tar -xvzf <pkg_Nm>

which will create related directory for each component.

Installing nessus-libraries

root:~# cd nessus-libraries
root:~# ./configure
root:~# make
root:~# make install

Installing libnasl

root:~# cd libnasl
root:~# ./configure
root:~# make
root:~# make install

Installing nessus-core

root:~# cd nessus-core
root:~# ./configure
root:~# make
root:~# make install

Installing nessus-plugins

root:~# cd nessus-plugins
root:~# ./configure
root:~# make
root:~# make install

you need to set the library path in linux if it is not set/configured:

root:~# cat /etc/ld.so.conf

You should able to see the line containing "/usr/local/lib" if it is not there then add it to /etc/ld.so.conf and type the folllowing command:

root:~# ldconfig

Installation is completed.

You can use nessus-adduser to add nessusd account.

root:~# nessus-adduser

Addition of a new nessusd user
------------------------------

Login : renaud
Authentication (pass/cert) [pass] : pass
Password : secret

User rules
----------
nessusd has a rules system which allows you to restrict the hosts
that renaud2 has the right to test. For instance, you may want
him to be able to scan his own host only.

Please see the nessus-adduser(8) man page for the rules syntax

Enter the rules for this user, and hit ctrl-D once you are done :
(the user can have an empty rules set)

deny 10.163.156.1
accept 10.163.156.0/24
default deny

Login : renaud
Password : secret
DN :
Rules :

deny 10.163.156.1
accept 10.163.156.0/24
default deny

Is that ok (y/n) ? [y] y

user added.
Click to expand...

Configuration File: /usr/local/etc/nessus/nessusd.conf

Where you can set several option for nessus configuration.

* Start nessusd deameon

root:~# nessusd -D

For client side configuration check the below mentioned URL:

http://www.nessus.org/demo/index.php?step=2

Courtesy: http://forums.linuxwebadmin.info/index.php/topic,132.0.html

Thanks,

sjau · Nov 3, 2006

For those using Debian, there's a package available

http://packages.debian.org/cgi-bin/...on=names&subword=1&version=stable&release=all

Same goes probably for other debian based distros like mepis und *buntu

Log in or Sign up

Security scan using Nessus

sysconfig New Member

sjau Local Meanie Moderator

Share This Page

Log in or Sign up

Security scan using Nessus

sysconfig New Member

sjau Local Meanie Moderator

Share This Page

Useful Searches