2010年9月13日 星期一

Linux Service - setup nessus

1. download the nessus rpm. My host was FC8, so I download the Fedora Core 6 package: Nessus-4.2.2-fc6.i386.rpm.
# rpm -ivh Nessus-4.2.2-fc6.i386.rpm

2. After extract the files from tar ball, then create a nessus root user.
# /opt/nessus/sbin/nessus-adduser

3. Register on the nessus web site, and nessus will send a registration feedback mail in clude the serial code. Include the following messages
>>>
+ Linux and Solaris Users :
To activate your account, simply execute the following command :
# /opt/nessus/bin/nessus-fetch --register WEBEVAL-E607-9C72-E426-8695-5424
>>>

So I simplify run the directed command
# /opt/nessus/bin/nessus-fetch --register WEBEVAL-E607-9C72-E426-8695-5424

4. Start the nessus daemon
# /opt/nessus/sbin/nessus-service -D
Copyright 2004-2010, Tenable Network Security, Inc. 25
nessusd (Nessus) 4.2.2 for Linux
(C) 1998 - 2008 Tenable Network Security, Inc.
Processing the Nessus plugins...
[##################################################]
All plugins loaded

5. Use browser to connect to the nessus host, like following link. My nessus host was located in the private network.
https://172.25.104.16:8834/ ==> Note, here is "https" service

6. Construct a nessus "Policy" to define the testing behavior

7. Construct a nessus "Scan" to utilize the pre-setting Policy


nessusd will play the role of scan server. And we can use any browser to connect the nessusd resident server. And then control nessusd (set policy/issue scan/view report...). Another way we can use nessus as a client daemon to control nessusd.


check feed types
# cat /opt/nessus/lib/nessus/plugins/plugin_feed_info.inc
PLUGIN_SET = "201009122334";
PLUGIN_FEED = "HomeFeed (Non-commercial use only)";

update the most recent plugins
# /opt/nessus/sbin/nessus-update-plugins

check what the feed type you are current usage
# /opt/nessus/bin/nessus-fetch --check

we can check the plugin load/unload messages through the following files. (We must enable the feature by click the Edit Policy->General->Scan->Log Scan Details to Server option)
# ls -la /opt/nessus/var/nessus/logs/nessusd.messages

messages was something like this >>
[Tue Sep 14 12:04:12 2010][7322.3407] user xxx : launching torture_cgi_inject_html.nasl against 192.168.0.1 [4979]
[Tue Sep 14 12:04:12 2010][7322.3407] torture_cgi_header_injection.nasl (process 4978) finished its job in 0.018 seconds
[Tue Sep 14 12:04:12 2010][7322.3407] user xxx : launching torture_cgi_redirection.nasl against 192.168.0.1 [4980]
[Tue Sep 14 12:04:12 2010][7322.3407] torture_cgi_inject_html.nasl (process 4979) finished its job in 0.018 seconds

沒有留言: