Nessus
Setting Up The NST System To Run Nessus
If you plan on running the free version of Nessus that comes with the NST distribution, then follow these steps to setup Nessus using the NST Web User Interface (WUI):
- From the NST WUI menu bar, select System then Users & Passwords then NST Password.
- On the NST Password page, scroll down to the General area under Clear Text Passwords.
- Change the General clear text password to something you will remember and then press the Set General Password button. You will need to remember this password if you want to run the Nessus GUI client later.
- From the NST WUI menu bar, select Security then Active Scanners then Nessus Management.
- Press the Setup Nessus button.
- After the Nessus set up completes, press the Exit button.
- Press the Start button to start the nessusd service.
- Press the Return button.
- At this point the Nessus server should be set up and ready for use.
- You can fill in a IP Address and press the Start Scan button to verify your setup is operational.
Reducing The Load Nessus Puts On The System
When Nessus scans systems, it can perform multiple tests on multiple hosts simultaneously. This can put a rather large load on your NST system. In addition to the large load on your system, if you are running from a Live CD on a system with too little RAM, its possible to run out of memory and lock your system.
You can reduce the load by adjusting the "max_hosts", "max_checks", and "be_nice" settings found in the "/etc/nessus/nessusd.conf" file. The following snip of the "/etc/nessus/nessusd.conf" file demonstrates values you might use to reduce the load:
# Maximum number of simultaneous hosts tested : max_hosts = 3 # Maximum number of simultaneous checks against each host tested : max_checks = 5 # Niceness. If set to 'yes', nessusd will renice itself to 10. be_nice = yes
Determining The Password For The Nessus Client
If you use the Nessus client, you'll be required to enter a user name and password when you connect to the Nessus server. By default, you will need to enter root as the user ID and the value of NSTCTPASSWD found in /etc/nst.conf.
This password is not set by the nstpasswd script which is used to set many of the encrypted passwords found on they system. The Nessus client/server installation on the NST requires a "clear text" password so the Nessus scans can be run directly from the NST WUI.
The Nessus server uses the value of the NSTCTPASSWD variable found in /etc/nst.conf. If you don't want to edit the file by hand, you can use the grep and sed commands to examine and change the "clear text" password used by Nessus. All changes need to be done PRIOR to starting up Nessus server.
[root@probe root]# grep NSTCTPASSWD /etc/nst.conf NSTCTPASSWD="shoth7pheigh" [root@probe root]# sed -i -e 's/^NSTCTPASSWD=.*/NSTCTPASSWD="NEWPASSWORD"/' /etc/nst.conf [root@probe root]# grep NSTCTPASSWD /etc/nst.conf NSTCTPASSWD="NEWPASSWORD" [root@probe root]#
Enabling Logging
We discovered that the Nessus daemon likes to create very large log and dump files under the /var/nessus/logs directory. Unfortunately, this can chew through a lot of RAM on a live boot of the NST and result in system lock ups. So, by default, we have disabled much of the Nessus logging capabilities in the template /etc/nessus/nessusd.conf configuration file.
If you are using a hard disk installation, you may want to adjust some of the logging related parameters in the /etc/nessus/nessusd.conf file. In particular, look for the logfile, log_whole_attack, log_plugins_name_at_load, and dumpfile parameters. The following shows a snippet from the /etc/nessus/nessusd.conf file as how these parameters are initially set on a NST system:
# Log file (or 'syslog') : #logfile = /var/log/nessus/nessusd.messages logfile = /dev/null # Shall we log every details of the attack ? log_whole_attack = no # Log the name of the plugins that are loaded by the server ? log_plugins_name_at_load = no # Dump file for debugging output, use `-' for stdout #dumpfile = /usr/local/var/nessus/logs/nessusd.dump dumpfile = /dev/null
Running Nessus In A Virtual Machine
It is possible to run Nessus within the NST Virtual Machine. This has several advantages over a Live CD boot (permanent disk storage for one). However, you may notice a significant performance hit when running Nessus from within a virtual machine.
Registering A Nessus Installation
Using The NST WUI
The NST WUI allows you to specify your Nessus activation code when updating the Nessus rules. The activation code only needs to be specified the first time you update your rules (leave the field blank on subsequent updates).
Using The Command Line
After setting up Nessus on a NST probe with the local rule set, you may decide that they would like to register your Nessus installation. This will greatly increase the number of rules Nessus will have at its disposal. In order to register your Nessus installation, you will need to request a registration code from the Nessus web site (http://www.nessus.org). You will then need to run the nessus-fetch command as shown below:
[root@nic /]# nessus-fetch --register 9732-2C31-316C-7C06-5A32 Your activation code has been registered properly - thank you. Now fetching the newest plugin set from plugins.nessus.org... Your Nessus installation is now up-to-date. Make sure to call regularly use the command 'nessus-update-plugins' to stay up-to-date To automate the update process, please visit <http://www.nessus.org/documentation/index.php?doc=cron> [root@nic /]#
Keeping The Nessus Rules Up To Date
After registering your system with Nessus, there are several ways to keep you Nessus plugins up to date.
- Use the NST WUI to update your Nessus plugins.
- Run the nessus-update-plugins command to manually update the plugins.
- Add a cron entry, or symbolic link to run the nessus-update-plugins command automatically (NOTE: the crond service must be running). The following would enable the updates once per day.
[root@nic ~] ln -s $(which nessus-update-plugins) /etc/cron.daily/ [root@nic ~] service crond start Starting crond: [ OK ] [root@nic ~]
Upgrading To Nessus v4.2.2 (NST 2.13.0)
 2010-Nov-11: This section describes the steps taken to install Nessus v4.2.2 onto a hard disk installation of NST v2.13.0. As software releases will change more quickly than this document, be aware that you may need to make adjustments.
 2010-Nov-11: This section describes the steps taken to install Nessus v4.2.2 onto a hard disk installation of NST v2.13.0. As software releases will change more quickly than this document, be aware that you may need to make adjustments.
Nessus offers enhanced versions of the Nessus Vulnerability Scanner software which we are not permitted to include in the NST distribution. However, you can download and install this enhanced version of the Nessus Vulnerability Scanner software yourself.
Caveats
There are some issues with upgrading to the full version of Nessus:
- You will not be able to use the NST WUI to manage your Nessus installation. However, if your nstwui package is up to date, it should redirect your browser to the web server interface provided by the new Nessus installation.
- The installation will require the removal of the Open Source version of the Nessus packages which will also trigger the removal of the nst-live package. This is not a major issue as this is a pseudo package which forces the installation of optional and replaceable packages included in the NST distribution.
Download Nessus
The first step to upgrading the Nessus software is to download the necessary package from the Nessus web site.
- Determine if your NST system is a 32 bit or 64 bit installation. Run the command below, if it reports i686 it indicates you have a 32 bit installation. If it reports x86_64 it indicates that you have a 32 bit installation.
[root@probe ~]# uname -m i686 [root@probe ~]#
- Go to the Nessus web site (http://www.nessus.org/) and download the Linux package for Fedora 12/13. Pick the 32 bit version if you have a 32 bit NST installation. Pick the 64 bit version if you have a 64 bit NST installation.
Remove The Open Source Version of Nessus
Before removing the Open Source version of Nessus from your NST system, it is recommended to make sure that all of the packages on your NST system are up to date. This is recommended because of a refactoring of package dependencies after the NST 2.13.0 release.
[root@cayenne ~]# yum update ... Lot's of output as your system is brought up to date ... [root@cayenne ~]#
Before installing the updated version of Nessus, you need to remove the Open Source version included with the NST distribution:
[root@cayenne ~]# yum remove nessus-core nessus-libraries ... Lot's of output as dependencies are checked ... Dependencies Resolved ================================================================================= Package Arch Version Repository Size ================================================================================= Removing: nessus-core i686 2.2.11-5.fc12 @released/$releasever 167 k nessus-libraries i686 2.2.11-3.fc12 @released/$releasever 169 k Removing for dependencies: libnasl i686 2.2.11-7.fc12 @released/$releasever 455 k nessus-client i686 2.2.11-5.fc12 @released/$releasever 228 k nessus-gui i686 2.2.11-5.fc12 @released/$releasever 590 k nessus-plugins-gpl i686 2.2.11-3.nst13 @NstRepo/$releasever 4.0 M nessus-server i686 2.2.11-5.fc12 @released/$releasever 515 k nst-live noarch 2.13.0-33.nst13 @NstRepo/$releasever 0.0 Transaction Summary ================================================================================= Remove 8 Package(s) Installed size: 6.1 M Is this ok [y/N]: y ... More output as packages are removed ... Complete! [root@cayenne ~]#
Install The Nessus RPM
After removing the Open Source version of Nessus that comes with the NST distribution, you can use the yum command to install the RPM file you downloaded from the Nessus web site. Using the yum command instead of the rpm command will enable the download and installation of any other package dependencies.
[root@cayenne ~]# yum --nogpgcheck localinstall /tmp/Nessus-4.2.2-fc12.i386.rpm ... Dependency check output ... ================================================================================= Package Arch Version Repository Size ================================================================================= Installing: Nessus i386 4.2.2-fc12 /Nessus-4.2.2-fc12.i386 11 M Transaction Summary ================================================================================= Install 1 Package(s) Total size: 11 M Installed size: 11 M Is this ok [y/N]: y ... Installation output ... Installed: Nessus.i386 0:4.2.2-fc12 Complete! [root@cayenne ~]#
Set Up
At this point you will need to configure and set up Nessus on your NST system. You can follow the excellent Nessus Documentation to complete the installation. When reading the documentation remember to think of your NST system as being referenced as a Fedora 13 or Fedora Core 13 system in the Nessus documentation.
Here's a synopsis from the Nessus Installation Guide describing what needs to be done to complete the installation:
- Register your Nessus installation at the Nessus web site and receive your registration code via email.
- Add one or more Nessus admin users:
[root@rice ~]# /opt/nessus/sbin/nessus-adduser Login : root Login password : Login password (again) : Do you want this user to be a Nessus 'admin' user ? (can upload plugins, etc...) (y/n) [n]: y User rules ---------- nessusd has a rules system which allows you to restrict the hosts that root has the right to test. For instance, you may want him to be able to scan his own host only. Please see the nessus-adduser manual for the rules syntax Enter the rules for this user, and enter a BLANK LINE once you are done : (the user can have an empty rules set) Login : root Password : *********** This user will have 'admin' privileges within the Nessus server Rules : Is that ok ? (y/n) [y] y User added [root@rice ~]#
- Register your system using the registration code you received via email.
[root@rice ~]# /opt/nessus/bin/nessus-fetch --register "0123-4567-89AB-CDEF-FFFF" Your activation code has been registered properly - thank you. Now fetching the newest plugin set from plugins.nessus.org... Your Nessus installation is now up-to-date. If auto_update is set to 'yes' in nessusd.conf, Nessus will update the plugins by itself. [root@rice ~]#
- Start the nessusd service:
[root@rice ~]# service nessusd start Starting Nessus services: [root@rice ~]# service nessusd status nessusd (pid 19369) is running... [root@rice ~]#
- Connect to the Nessus server (change 127.0.0.1 to the IP address of your NST system if connecting remotely):
firefox https://127.0.0.1:8834/
Upgrading To Nessus v4.4.1 (NST 2.15.0)
 2011-Aug-1: This section describes the steps taken to install Nessus v4.4.1 onto a hard disk installation of NST v2.15.0. As software releases will change more quickly than this document, be aware that you may need to make adjustments.
 2011-Aug-1: This section describes the steps taken to install Nessus v4.4.1 onto a hard disk installation of NST v2.15.0. As software releases will change more quickly than this document, be aware that you may need to make adjustments.
Nessus offers enhanced versions of the Nessus Vulnerability Scanner software which we are not permitted to include in the NST distribution. However, you can download and install this enhanced version of the Nessus Vulnerability Scanner software yourself.
Caveats
There are some issues with upgrading to the full version of Nessus:
- You will not be able to use the NST WUI to manage your Nessus installation. However, if your nstwui package is up to date, it should redirect your browser to the web server interface provided by the new Nessus installation.
Download Nessus
The first step to upgrading the Nessus software is to download the necessary package from the Nessus web site.
- Determine if your NST system is a 32 bit or 64 bit installation. Run the command below, if it reports i686 it indicates you have a 32 bit installation. If it reports x86_64 it indicates that you have a 32 bit installation.
[root@probe ~]# uname -m i686 [root@probe ~]#
- Go to the Nessus web site (http://www.nessus.org/) and download the Linux package for Fedora 14. Pick the 32 bit version if you have a 32 bit NST installation. Pick the 64 bit version if you have a 64 bit NST installation.
Remove The Open Source Version of Nessus
The NST 2.15.0 release no longer includes the open source version of Nessus as it has become dated (OpenVAS was added as the open source replacement in 2.15.0). However, if you have installed any of the nessus packages by hand, you should remove them before upgrading to 4.4.1. Use the following command to determine if you have any of the Nessus packages installed:
[root@cayenne ~]# rpm -qa | grep nessus [root@cayenne ~]#
If you see any packages listed in the above output, use yum remove to remove them from your NST system.
Install The Nessus RPM
After removing the Open Source version of Nessus that comes with the NST distribution, you can use the yum command to install the RPM file you downloaded from the Nessus web site. Using the yum command instead of the rpm command will enable the download and installation of any other package dependencies.
[root@cayenne ~]# yum --nogpgcheck install /tmp/Nessus-4.4.1-fc14.i386.rpm ... Dependency check output ... ======================================================================================== Package Arch Version Repository Size ======================================================================================== Installing: Nessus i386 4.4.1-fc14 /Nessus-4.4.1-fc14.i386 25 M Transaction Summary ======================================================================================== Install 1 Package(s) Total size: 25 M Installed size: 25 M Is this ok [y/N]: y ... Installation output ... All plugins loaded - Please run /opt/nessus//sbin/nessus-adduser to add a user - Register your Nessus scanner at http://www.nessus.org/register/ to obtain all the newest plugins - You can start nessusd by typing /sbin/service nessusd start Installed: Nessus.i386 0:4.4.1-fc14 Complete! [root@cayenne ~]#
Set Up
At this point you will need to configure and set up Nessus on your NST system. You can follow the excellent Nessus Documentation to complete the installation. When reading the documentation remember to think of your NST system as being referenced as a Fedora 14 or Fedora Core 14 system in the Nessus documentation.
Here's a synopsis from the Nessus Installation Guide describing what needs to be done to complete the installation:
- Register your Nessus installation at the Nessus web site and receive your registration code via email.
- Add one or more Nessus admin users:
[root@rice ~]# /opt/nessus/sbin/nessus-adduser Login : root Login password : Login password (again) : Do you want this user to be a Nessus 'admin' user ? (can upload plugins, etc...) (y/n) [n]: y User rules ---------- nessusd has a rules system which allows you to restrict the hosts that root has the right to test. For instance, you may want him to be able to scan his own host only. Please see the nessus-adduser manual for the rules syntax Enter the rules for this user, and enter a BLANK LINE once you are done : (the user can have an empty rules set) Login : root Password : *********** This user will have 'admin' privileges within the Nessus server Rules : Is that ok ? (y/n) [y] y User added [root@rice ~]#
- Register your system using the registration code you received via email.
[root@rice ~]# /opt/nessus/bin/nessus-fetch --register "0123-4567-89AB-CDEF-FFFF" Your activation code has been registered properly - thank you. Now fetching the newest plugin set from plugins.nessus.org... Your Nessus installation is now up-to-date. If auto_update is set to 'yes' in nessusd.conf, Nessus will update the plugins by itself. [root@rice ~]#
- Start the nessusd service:
[root@cayenne-e ~]# systemctl start nessusd.service [root@cayenne-e ~]# systemctl status nessusd.service nessusd.service - SYSV: Starts and stops the Nessus Scanner Loaded: loaded (/etc/rc.d/init.d/nessusd) Active: active (running) since Mon, 01 Aug 2011 17:19:12 -0400; 6s ago Process: 7608 ExecStart=/etc/rc.d/init.d/nessusd start (code=exited, status=0/SUCCESS) Main PID: 7612 (nessus-service) CGroup: name=systemd:/system/nessusd.service ├ 7612 /opt/nessus//sbin/nessus-service -q -D └ 7613 nessusd -q [root@cayenne-e ~]#
- Connect to the Nessus server (change 127.0.0.1 to the IP address of your NST system if connecting remotely):
firefox https://127.0.0.1:8834/
Optional Nessus Apps
Nessus Android App
The full version of Nessus has web based interface. However, if you are interested, Nessus also has a free client app you can run under Android. See the Nessus Downloads Page for details.
Nessus iPhone/iTouch App
The full version of Nessus has web based interface. However, if you are interested, Nessus also has a free client app you can run on a Apple iTouch or iPhone. To install the app, search for "Nessus" in Apple's App Store. The app will allow you to:
- Connect to your Nessus server
- Run a Scan
- View Reports
