Aug 222008
 


The Nessus vulnerability scanner, is the world-leader in active scanners, featuring high speed discovery, configuration auditing, asset profiling, sensitive data discovery and vulnerability analysis of your security posture. Nessus scanners can be distributed throughout an entire enterprise, inside DMZs, and across physically separate networks. Nessus can also be used for ad-hoc scanning, daily scans, and quick-response audits.


Install Nessus in openSUSE

The latest stable version of Nessus vulnerability scanner is 3.2.1. There isn’t a package for openSUSE but thats not a problem, we can download and install the RPM for SUSE 10.0 and that should work just fine.

Download the Nessus Core daemon here

Download the Nessus Client (GUI Interface) here

Remember, you need to Accept the Nessus Software license agreement before being able to download the software.

Also, as information about new vulnerabilities are discovered and released into the general public domain, Tenable’s research staff designs programs to enable Nessus to detect the presence of them. These are then delivered as plugins to the Nessus vulnerability scanner. A Non-professional homefeed license is available for you to register and activate. Click here to register for a Homefeed. Once registered an email with your activation code is sent on an email. This is required as soon as the installation to activate your plugin feed.

Right, assuming you have downloaded the software above and have registered and received a activation code, we’ll proceed to installing Nessus.

Install compat-openssl097g-32bit

Installing compat-openssl097g-32bit is required to provide the libraries

/usr/lib/libcrypto.so.0.9.7
/usr/lib/libssl.so.0.9.7

Else, we may end up with dependency errors during installation

opensuse11:~ # yast2 -i compat-openssl097g-32bit

Once installed, install Nessus Core Daemon

opensuse11:~ # rpm -ivh ~saibaba/Desktop/Nessus-3.2.1-suse10.0.i586.rpm
Preparing…                ########################################### [100%]
1:Nessus                 ########################################### [100%]
nessusd (Nessus) 3.2.1. for Linux
(C) 1998 – 2008 Tenable Network Security, Inc.

Processing the Nessus plugins…
[##################################################]

All plugins loaded

– Please run /opt/nessus//sbin/nessus-adduser to add an admin user
– Register your Nessus scanner at http://www.nessus.org/register/ to obtain
all the newest plugins
– You can start nessusd by typing /etc/rc.d/nessusd start

That installs the Nessus core daemon.

Add Admin user

We need to add atleast one Admin user for Nessus. To add an Admin user run the following command. Here select the Authentication method as Pass for password and enter the password twice and press CTRL+D to proceed without adding any rules at the start as below ( I create an admin user called nessusadmin):

opensuse11:~ # /opt/nessus//sbin/nessus-adduser
Using /var/tmp as a temporary file holder

Add a new nessusd user
———————-
Login : nessusadmin
Authentication (pass/cert) [pass] : pass
Login password :
Login password (again) :

User rules
———-
nessusd has a rules system which allows you to restrict the hosts
that nessusadmin has the right to test. For instance, you may want
him to be able to scan his own host only.

Please see the nessus-adduser(8) man page for the rules syntax

Enter the rules for this user, and hit ctrl-D once you are done :
(the user can have an empty rules set)

Login             : nessusadmin
Password          : ***********
DN                :
Rules             :

Is that ok ? (y/n) [y]
user added.

Activate Plugin registration code

First check the revision of the plugins installed so as to ensure that newer version of the plugins are installed after activating the code.

To view the current pluginset:

opensuse11:~ # cat /opt/nessus/lib/nessus/plugins/plugin_feed_info.inc
PLUGIN_SET = “200805290241”;
PLUGIN_FEED = “Release”;

This indicates the plugin set is dated 29th May 2008 (20080529).

By now, you should have received an Activation code. Register the activation code as follows:

opensuse11:~ # /opt/nessus/bin/nessus-fetch –register XXXX-XXXX-XXXX-XXXX-XXXX
Your activation code has been registered properly – thank you.
Now fetching the newest plugin set from plugins.nessus.org…
Your Nessus installation is now up-to-date.
If auto_update is set to ‘yes’ in nessusd.conf, Nessus will
update the plugins by itself.

Now, check the plugin set version again

opensuse11:~ # cat /opt/nessus/lib/nessus/plugins/plugin_feed_info.inc
PLUGIN_SET = “200808221434”;
PLUGIN_FEED = “HomeFeed (Non-commercial use only)”;

The newer plugin set dated 22nd August 2008 (20080822).

Start Nessus Core Daemon

Now, we are ready to start the Nessus Daemon. The startup script for Nessus daemon is loaded as “nessusd” under /etc/init.d/

Start Nessus Daemon as follows:

opensuse11:/etc/init.d # /etc/init.d/nessusd start
Starting the Nessus Daemon                                            done

To check the processes

opensuse11:~ # ps -ef | grep nessus
root      4306     1  0 21:26 ?        00:00:00 nessusd: nessusd-update : idle
root      4307     1  0 21:26 ?        00:00:01 nessusd: waiting for incoming connections

Install Nessus Client

Now, install the Nessus Client downloaded as follows:

opensuse11:~ # rpm -ivh NessusClient-3.2.1-suse10.3.i586.rpm
error: failed to stat /home/saibaba/virtual-drives/1: Permission denied
Preparing…                ########################################### [100%]
1:NessusClient           ########################################### [100%]

This installs the client and adds a menu item under “Application – Internet – Administration” as “Nessus Client


Start Nessus client from the menu. This will launch the GUI client for Nessus.

Click Connect to connect to a nessus server (core daemon). It’s “localhost” here as we running Nessus Core daemon on the same system.


From the connection Manager window, select “localhost” and click Edit and enter the appropriate username and password details (nessusadmin in our case) and click Save.

Now, click Connect. Click Yes on the first connection message box.

Once connected, under “Network to scan”, click the plus next under it and select Hostname or IP Address or network address and click Save. In the right policy window, use the default policy or create a new policy and go to “plugins” and select or unselect the plugins relevant to the network or the host you are scanning. Once done, click Scan now.


This should scan and provide you results under the “Reports” tab. You can drill down each of the scan results with the details including severity, vulnerability and a detailed Nessus notes ID for detailed explanation. You can filter the results for clarity on the basis of Plugin ID, or Plugin name, portname, hostname, severity etc using the “Filter” option.

For more advanced guide for usage of Nessus, click here

A great peice of software for a regular vulnerability scan on your own systems or you are an organisation who can afford to buy the license for professional feed then you can use it commercially as well.