Nessus: Difference between revisions

From MediaWiki
Jump to navigationJump to search
No edit summary
 
(21 intermediate revisions by the same user not shown)
Line 1: Line 1:
'''''This whole section needs updating.....The lowest version of Nessus available currently is 3.2 and that does not have a FC11 package. Also Inprotect has been removed from the NST.'''''
= Setting Up The NST System To Run Nessus =


= Upgrading To Nessus v3.0.5 =
If you plan on running the free version of Nessus that comes with the NST distribution, then follow these steps to setup Nessus using the NST Web User Interface (WUI):


The '''Nessus''' license does not permit ''v3.0.5'' to be included in the '''NST''' distribution. The following provides the steps necessary to upgrade a '''NST''' system to '''Nessus''' ''v3.0.5''.
* From the NST WUI menu bar, select ''System'' then ''Users & Passwords'' then ''NST Password''.
* On the ''NST Password'' page, scroll down to the ''General'' area under ''Clear Text Passwords''.
* Change the ''General'' clear text password to something you will remember and then press the ''Set General Password'' button. You will need to remember this password if you want to run the Nessus GUI client later.
* From the NST WUI menu bar, select ''Security'' then ''Active Scanners'' then ''Nessus Management''.
* Press the ''Setup Nessus'' button.
* After the Nessus set up completes, press the ''Exit'' button.
* Press the ''Start'' button to start the '''nessusd''' service.
* Press the ''Return'' button.
* At this point the Nessus server should be set up and ready for use.
* You can fill in a ''IP Address'' and press the ''Start Scan'' button to verify your setup is operational.


== Requirements ==
= Reducing The Load Nessus Puts On The System =


* Registration at the '''Nessus''' site.
When Nessus scans systems, it can perform multiple tests on multiple hosts simultaneously. This can put a rather large load on your NST system. In addition to the large load on your system, if you are running from a Live CD on a system with too little RAM, its possible to run out of memory and lock your system.


* A hard disk installation of '''NST''' ''v1.5.0'' (a virtual hard disk installation will work - but is not optimal).
You can reduce the load by adjusting the "''max_hosts''", "''max_checks''", and "''be_nice''" settings found in the "'''/etc/nessus/nessusd.conf'''" file. The following snip of the "'''/etc/nessus/nessusd.conf'''" file demonstrates values you might use to reduce the load:


# Maximum number of simultaneous hosts tested :
max_hosts = 3
# Maximum number of simultaneous checks against each host tested :
max_checks = 5
# Niceness. If set to 'yes', nessusd will renice itself to 10.
be_nice = yes


== Caveats ==
= Determining The Password For The Nessus Client =
 
If you use the Nessus client, you'll be required to enter a user name and password when you connect to the Nessus server. By default, you will need to enter ''root'' as the user ID and the value of ''NSTCTPASSWD'' found in '''/etc/nst.conf'''.
 
This password is ''not'' set by the nstpasswd script which is used to set many of the encrypted passwords found on they system. The Nessus client/server installation on the NST requires a "clear text" password so the Nessus scans can be run directly from the NST WUI.
 
The Nessus server uses the value of the ''NSTCTPASSWD'' variable found in '''/etc/nst.conf'''. If you don't want to edit the file by hand, you can use the '''grep''' and '''sed''' commands to examine and change the "clear text" password used by Nessus. All changes need to be done PRIOR to starting up Nessus server.
 
[root@probe root]# grep NSTCTPASSWD /etc/nst.conf
NSTCTPASSWD="shoth7pheigh"
[root@probe root]# sed -i -e 's/^NSTCTPASSWD=.*/NSTCTPASSWD="NEWPASSWORD"/' /etc/nst.conf
[root@probe root]# grep NSTCTPASSWD /etc/nst.conf
NSTCTPASSWD="NEWPASSWORD"
[root@probe root]#
 
= Enabling Logging =
 
We discovered that the Nessus daemon likes to create very large log and dump files under the '''/var/nessus/logs''' directory. Unfortunately, this can chew through a lot of RAM on a ''live boot'' of the NST and result in system lock ups. So, by default, we have disabled much of the Nessus logging capabilities in the template '''/etc/nessus/nessusd.conf''' configuration file.
 
If you are using a hard disk installation, you may want to adjust some of the logging related parameters in the '''/etc/nessus/nessusd.conf''' file. In particular, look for the ''logfile'', ''log_whole_attack'', ''log_plugins_name_at_load'', and ''dumpfile'' parameters. The following shows a snippet from the '''/etc/nessus/nessusd.conf''' file as how these parameters are initially set on a NST system:
 
# Log file (or 'syslog') :                                                     
#logfile = /var/log/nessus/nessusd.messages                                     
logfile = /dev/null
# Shall we log every details of the attack ?                                   
log_whole_attack = no
# Log the name of the plugins that are loaded by the server ?                   
log_plugins_name_at_load = no
# Dump file for debugging output, use `-' for stdout                           
#dumpfile = /usr/local/var/nessus/logs/nessusd.dump                             
dumpfile = /dev/null
 
= Running Nessus In A Virtual Machine =
 
It is possible to run Nessus within the NST Virtual Machine. This has several advantages over a Live CD boot (permanent disk storage for one). However, you may notice a significant performance hit when running Nessus from within a virtual machine.
 
= Registering A Nessus Installation =
 
== Using The NST WUI ==
 
The NST WUI allows you to specify your Nessus activation code when updating the Nessus rules. The activation code only needs to be specified the first time you update your rules (leave the field blank on subsequent updates).


* The "''html_graph''" option is no longer available as an output method (performing '''Nessus''' scans using the '''NST WUI''' will still be possible, but a little awkward).
== Using The Command Line ==


* The upgrade disables the '''X GUI Nessus''' client. You will need to download a separate '''Nessus''' client package if you need this feature (the new client does not need to be installed on the '''NST''' system - a '''Windows''' version is available as well).
After setting up Nessus on a NST probe with the local rule set, you may decide that they would like to register your Nessus installation. This will greatly increase the number of rules Nessus will have at its disposal. In order to register your Nessus installation, you will need to request a registration code from the Nessus web site (http://www.nessus.org). You will then need to run the '''nessus-fetch''' command as shown below:


* You may need to setup '''Inprotect''' by running the '''nstinprotect''' script outside of the '''NST WUI''' (it takes so long for the '''Inprotect''' setup to complete with a full '''Nessus''' install, that the installation may fail to complete before the loading of the page times out).
[root@nic /]# nessus-fetch --register 9732-2C31-316C-7C06-5A32
Your activation code has been registered properly - thank you.
Now fetching the newest plugin set from plugins.nessus.org...
Your Nessus installation is now up-to-date.
Make sure to call regularly use the command 'nessus-update-plugins' to stay up-to-date
To automate the update process, please visit <http://www.nessus.org/documentation/index.php?doc=cron>
[root@nic /]#


== Instructions ==
= Keeping The Nessus Rules Up To Date =


=== Register At the Nessus Site ===
After registering your system with Nessus, there are several ways to keep you Nessus plugins up to date.


In order to install '''Nessus''' ''v3.0.5'', you will need to register at the '''Nessus''' [http://www.nessus.org/ web site]. Once registered, you will be able to download the necessary RPM and you will receive a activation code via email which will be used to activate your installation.
* Use the NST WUI to update your Nessus plugins.
* Run the '''nessus-update-plugins''' command to manually update the plugins.
* Add a cron entry, or symbolic link to run the '''nessus-update-plugins''' command automatically (NOTE: the '''crond''' service must be running). The following would enable the updates once per day.


=== Download RPM and Copy To NST ===
[root@nic ~] ln -s $(which nessus-update-plugins) /etc/cron.daily/
[root@nic ~] service crond start
Starting crond:                                            [  OK  ]
[root@nic ~]


Unfortunately, you will need to download and copy the appropriate '''RPM''' for '''Nessus''' to the: "''/tmp''" directory on your '''NST''' system by hand  (this is due to the fact that you need to register at the '''Nessus''' site). Here are the steps which you will need to follow:


* Go to the '''Nessus''' download area: "http://www.nessus.org/download/".
= Upgrading To Nessus v4.2.2 (NST 2.13.0) =


* From the pull down list, select "''Nessus 3.0.5 for Linux''" and press the "''Download''" button.
[[File:Warning.png|16px]] ''2010-Nov-11'': This section describes the steps taken to install [http://www.nessus.org Nessus] v4.2.2 onto a hard disk installation of NST v2.13.0. As software releases will change more quickly than this document, be aware that you may need to make adjustments.


* Complete the registration process (use a working email address when you register as you will need the registration code later).


* Download the file: "''Nessus-3.0.5-fc5.i386.rpm''".
[http://www.nessus.org Nessus] offers enhanced versions of the Nessus Vulnerability Scanner software which we are not permitted to include in the NST distribution. However, you can download and install this enhanced version of the Nessus Vulnerability Scanner software yourself.


* Transfer the downloaded file to the: "''/tmp''" directory on your '''NST''' system.
== Caveats ==


After completing this step, you should see results similar to those shown below on your '''NST''' system:
There are some issues with upgrading to the full version of Nessus:


<div class="screen">
* You will not be able to use the NST WUI to manage your Nessus installation. However, if your '''nstwui''' package is up to date, it should redirect your browser to the web server interface provided by the new Nessus installation.
  <div class="screenTitle">After Downloading RPM</div>
* The installation will require the removal of the Open Source version of the Nessus packages which will also trigger the removal of the ''nst-live'' package. This is not a major issue as this is a ''pseudo'' package which forces the installation of optional and replaceable packages included in the NST distribution.
  <div class="userInput"><span class="prompt">[root@probe ~]# </span>ls -l /tmp/Nessus*</div>
  <pre class="computerOutput">
-rw-r--r-- 1 root root 8053747 Jun 14 08:39 /tmp/Nessus-3.0.5-fc5.i386.rpm
</pre>
  <div class="userInput"><span class="prompt">[root@probe ~]# </span></div>
</div>


=== Update Your NST WUI ===
== Download Nessus ==


We are going to be using a automated patch/update script to extract, install and update files from the '''Nessus''' '''RPM''' we downloaded onto the '''NST''' system. Before proceeding to the "''NST System Patch Management''" page, one should make sure that they have the most recent version of the '''NST WUI''' installed on the system.
The first step to upgrading the Nessus software is to download the necessary package from the [http://www.nessus.org/ Nessus] web site.


* From the main '''NST''' '''WUI''' index page, locate the "''Downloads & Updates''" row in the "''System''" table and select the "''NST WUI Updates''" link.
* Determine if your NST system is a 32 bit or 64 bit installation. Run the command below, if it reports ''i686'' it indicates you have a 32 bit installation. If it reports ''x86_64'' it indicates that you have a 32 bit installation.


* Select the radio button next to the: "''v1.5.0''" choice.
[root@probe ~]# uname -m
i686
[root@probe ~]#


* Press the: "''Download/Install NST WUI Management Interface''" button.
* Go to the Nessus web site (http://www.nessus.org/) and download the Linux package for Fedora 12/13. Pick the 32 bit version if you have a 32 bit NST installation. Pick the 64 bit version if you have a 64 bit NST installation.


* This will download the latest version of the '''NST WUI''' and restart the web server on your '''NST''' system. NOTE: This might cause processes launched directly from the '''NST WUI''' to terminate and you may need to restart them.
== Remove The Open Source Version of Nessus ==


* You may need to force your browser to reload the updated '''CSS''' and '''JavaScript''' files after the '''NST WUI''' update (on '''Firefox''', hold down the ''Shift'' key while pressing the browser ''Reload'' button).
Before removing the Open Source version of Nessus from your NST system, it is recommended to make sure that all of the packages on your NST system are up to date. This is recommended because of a ''refactoring'' of package dependencies after the NST 2.13.0 release.


After the installation completes, you should be ready to proceed to updating your '''NST''' system.
[root@cayenne ~]# yum update
... Lot's of output as your system is brought up to date ...
[root@cayenne ~]#


=== Install System Update: U200706131 ===
Before installing the updated version of Nessus, you need to remove the Open Source version included with the NST distribution:


A update (''U200706131'') has been provided that will complete the installation of the '''Nessus RPM''' onto the '''NST''' system. Here are the steps you need to follow to install the update:
[root@cayenne ~]# yum remove nessus-core nessus-libraries
... Lot's of output as dependencies are checked ...
Dependencies Resolved
 
=================================================================================
  Package              Arch    Version            Repository              Size
=================================================================================
Removing:
  nessus-core          i686    2.2.11-5.fc12      @released/$releasever  167 k
  nessus-libraries    i686    2.2.11-3.fc12      @released/$releasever  169 k
Removing for dependencies:
  libnasl              i686    2.2.11-7.fc12      @released/$releasever  455 k
  nessus-client        i686    2.2.11-5.fc12      @released/$releasever  228 k
  nessus-gui          i686    2.2.11-5.fc12      @released/$releasever  590 k
  nessus-plugins-gpl  i686    2.2.11-3.nst13      @NstRepo/$releasever    4.0 M
  nessus-server        i686    2.2.11-5.fc12      @released/$releasever  515 k
  nst-live            noarch  2.13.0-33.nst13    @NstRepo/$releasever    0.0 
Transaction Summary
=================================================================================
Remove        8 Package(s)
Installed size: 6.1 M
Is this ok [y/N]: y
... More output as packages are removed ...
Complete!
[root@cayenne ~]#


* From the main '''NST WUI''' Index, locate the "''Downloads & Updates''" row in the "''System''" table and select the "''NST System Patch Management''" link.
== Install The Nessus RPM ==


* From the "''NST System Patch Management''" page, press the: "''Retrieve/Update Patch Information''" button near the bottom of the page (this will download the latest list of available patches and updates for your '''NST''' system).
After removing the Open Source version of Nessus that comes with the NST distribution, you can use the '''yum''' command to install the RPM file you downloaded from the Nessus web site. Using the '''yum''' command instead of the '''rpm''' command will enable the download and installation of any other package dependencies.


* After the download completes, you should see update: "''U200706131''" listed in your patch table.
[root@cayenne ~]# yum --nogpgcheck localinstall /tmp/Nessus-4.2.2-fc12.i386.rpm
... Dependency check output ...
=================================================================================
  Package      Arch      Version            Repository                    Size
=================================================================================
Installing:
  Nessus      i386      4.2.2-fc12          /Nessus-4.2.2-fc12.i386        11 M
Transaction Summary
=================================================================================
Install      1 Package(s)
Total size: 11 M
Installed size: 11 M
Is this ok [y/N]: y
... Installation output ...
Installed:
  Nessus.i386 0:4.2.2-fc12                                                     
Complete!
[root@cayenne ~]#
== Set Up ==


* Select the radio button next to update: "''U200706131''" and press the "''Patch NST System''" button found below the table of available patches/updates.
At this point you will need to configure and set up Nessus on your NST system. You can follow the ''excellent'' [http://www.nessus.org/documentation Nessus Documentation] to complete the installation. When reading the documentation remember to think of your NST system as being referenced as a ''Fedora 13'' or ''Fedora Core 13'' system in the Nessus documentation.


* Depending upon the speed of your '''NST''' system, the update may take a few moments to complete - be patient (DO NOT HIT YOUR BROWSER'S RELOAD BUTTON)!
Here's a synopsis from the [http://www.nessus.org/documentation Nessus Installation Guide] describing what needs to be done to complete the installation:


* At the bottom of the output (showing the results of applying the update), one should see an indication that the update completed successfully (if it failed, it means that you downloaded the wrong '''RPM''' from the '''Nessus''' site, or did not copy it to the appropriate location).
* Register your Nessus installation at the [http://www.nessus.org/ Nessus] web site and receive your registration code via email.


=== Setup/Start Nessus ===
* Add one or more Nessus ''admin users'':


At this point, you should be able to setup and start the '''Nessus''' server:
[root@rice ~]# /opt/nessus/sbin/nessus-adduser
Login : root
Login password :
Login password (again) :
Do you want this user to be a Nessus 'admin' user ? (can upload plugins, etc...) (y/n) [n]: y
User rules
----------
nessusd has a rules system which allows you to restrict the hosts
that root has the right to test. For instance, you may want
him to be able to scan his own host only.
Please see the nessus-adduser manual for the rules syntax
Enter the rules for this user, and enter a BLANK LINE once you are done :
(the user can have an empty rules set)
Login            : root
Password        : ***********
This user will have 'admin' privileges within the Nessus server
Rules            :
Is that ok ? (y/n) [y] y
User added
[root@rice ~]#


* On the main '''NST WUI''' index page, locate the "''Active Scanners''" row in the "''Security''" table and select the "''Nessus Management''" link.
* Register your system using the registration code you received via email.


* From the "''Nessus Management''" page, scroll to the "''Setup & Start Nessus''" section, set the Options to: "''-v -rdir /var/nst''" and press the: "''Start Nessus''" button.
[root@rice ~]# /opt/nessus/bin/nessus-fetch --register "0123-4567-89AB-CDEF-FFFF"
Your activation code  has been registered properly - thank you.
Now fetching the newest plugin set from plugins.nessus.org...
Your Nessus installation is now up-to-date.
If auto_update is set to 'yes' in nessusd.conf, Nessus will
update the plugins by itself.
[root@rice ~]#


* Wait for '''Nessus''' to come up (you will see a "''Nessus Starting/Busy''" section on the "''Nessus Management''" page until '''Nessus''' is ready).
* Start the '''nessusd''' service:


* Once '''Nessus''' is ready (it can seem to take forever the first time), locate the Activation Code you received from the '''Nessus''' site after registration. It has the form: "''D733-779D-BD5E-DBB9-8913''".
[root@rice ~]# service nessusd start
Starting Nessus services:
[root@rice ~]# service nessusd status
nessusd (pid 19369) is running...
[root@rice ~]#


* Locate the "''Update Nessus Plugins''" section on the "''Nessus Management''" page and enter your Activation Code into the field provided and press the: "''Update Plugins''" button.
* Connect to the Nessus server (change ''127.0.0.1'' to the IP address of your NST system if connecting remotely):


* Be patient as the '''Nessus''' plugins are updated.
firefox https://127.0.0.1:8834/


=== Run A Test Nessus Scan ===
= Upgrading To Nessus v4.4.1 (NST 2.15.0) =


At this point the '''Nessus''' server should be fully initialized and ready for use on the '''NST''' system. To verify that it is working, perform a quick '''Nessus''' scan of the '''NST''' system itself.
[[File:Warning.png|16px]] ''2011-Aug-1'': This section describes the steps taken to install [http://www.nessus.org Nessus] v4.4.1 onto a hard disk installation of NST v2.15.0. As software releases will change more quickly than this document, be aware that you may need to make adjustments.


* Scroll to the "''Run Nessus Scans''" section on the "''Nessus Management Page''".


* Enter a Address of: "''127.0.0.1''".
[http://www.nessus.org Nessus] offers enhanced versions of the Nessus Vulnerability Scanner software which we are not permitted to include in the NST distribution. However, you can download and install this enhanced version of the Nessus Vulnerability Scanner software yourself.


* Enter the Options of: "''-V -x -T html''". NOTE: The "''html_graph''" option is not available in v3.0.5 of '''Nessus''', so make sure you specified the options shown here as they won't match the default options on the page!
== Caveats ==


* Press the: "''Start Scan''" button.
There are some issues with upgrading to the full version of Nessus:


It will take awhile for the scan to complete. You can press the "''Refresh''" button as you wait for it to complete. Once it completes, you will see a new section titled: "''Unknown Results''" and it will contain a single button: "''View /var/nst/nessus/results''". The results are "Unknown" as the "''html''" output option was specified and the '''NST WUI''' is only designed to work with the "''html_graph''" output. However, you can still view the results:
* You will not be able to use the NST WUI to manage your Nessus installation. However, if your '''nstwui''' package is up to date, it should redirect your browser to the web server interface provided by the new Nessus installation.


* Select the: "''View /var/nst/nessus/results''" button.


* You should see the results within the '''NST''' File Viewer.
== Download Nessus ==


* From the '''NST''' File Viewer page, select the "''Browse''" button.
The first step to upgrading the Nessus software is to download the necessary package from the [http://www.nessus.org/ Nessus] web site.


* Locate the "''Files''" section and select the link labeled "''results''" on the left hand side of the table.
* Determine if your NST system is a 32 bit or 64 bit installation. Run the command below, if it reports ''i686'' it indicates you have a 32 bit installation. If it reports ''x86_64'' it indicates that you have a 32 bit installation.


* You should be taken to a '''HTML''' page showing the results of the '''Nessus''' scan.
[root@probe ~]# uname -m
i686
[root@probe ~]#


If you were able to find the results, congratulations, you have just verified that your '''Nessus''' server is running.
* Go to the Nessus web site (http://www.nessus.org/) and download the Linux package for Fedora 14. Pick the 32 bit version if you have a 32 bit NST installation. Pick the 64 bit version if you have a 64 bit NST installation.


=== Inprotect Setup (Optional) ===
== Remove The Open Source Version of Nessus ==


At this point you should have your '''NST''' system upgraded to '''Nessus''' v3.0.5. If you would like to setup '''Inprotect''' to work with the new system, you should proceed as follows:
The NST 2.15.0 release no longer includes the open source version of Nessus as it has become dated ([[OpenVAS]] was added as the open source replacement in 2.15.0). However, if you have installed any of the ''nessus'' packages by hand, you should remove them before upgrading to 4.4.1. Use the following command to determine if you have any of the Nessus packages installed:


* Go to the "''Inprotect Management''" page in the '''NST WUI'''.
[root@cayenne ~]# rpm -qa | grep nessus
[root@cayenne ~]#
If you see any packages listed in the above output, use ''yum remove'' to remove them from your NST system.


* Make sure that it shows that the related services ('''nessusd''', '''mysqld''', '''sendmail''', '''crond''', and '''ntpd''') are setup and running (if not, use the buttons provided to set them up).
== Install The Nessus RPM ==


* Unfortunately, you probably will NOT be able to start '''Inprotect''' using the '''NST''' interface (as it takes too long to come up). So, you will need to run the following command from the '''NST''' console or ssh connection (NOTE: Replace "''PASSWD''" with your own password):
After removing the Open Source version of Nessus that comes with the NST distribution, you can use the '''yum''' command to install the RPM file you downloaded from the Nessus web site. Using the '''yum''' command instead of the '''rpm''' command will enable the download and installation of any other package dependencies.


[root@cayenne ~]# yum --nogpgcheck install /tmp/Nessus-4.4.1-fc14.i386.rpm
... Dependency check output ...
========================================================================================
  Package        Arch        Version              Repository                      Size
========================================================================================
Installing:
  Nessus        i386        4.4.1-fc14          /Nessus-4.4.1-fc14.i386          25 M
Transaction Summary
========================================================================================
Install      1 Package(s)
Total size: 25 M
Installed size: 25 M
Is this ok [y/N]: y
... Installation output ...
All plugins loaded
  - Please run /opt/nessus//sbin/nessus-adduser to add a user
  - Register your Nessus scanner at http://www.nessus.org/register/ to obtain
    all the newest plugins
  - You can start nessusd by typing /sbin/service nessusd start
Installed:
  Nessus.i386 0:4.4.1-fc14                                     
 
Complete!
[root@cayenne ~]#
== Set Up ==


<div class="screen">
At this point you will need to configure and set up Nessus on your NST system. You can follow the ''excellent'' [http://www.nessus.org/documentation Nessus Documentation] to complete the installation. When reading the documentation remember to think of your NST system as being referenced as a ''Fedora 14'' or ''Fedora Core 14'' system in the Nessus documentation.
  <div class="screenTitle">Installing Inprotect</div>
  <div class="userInput"><span class="prompt">[root@probe ~]# </span>nstinprotect -v -m setup --update-now --passwd PASSWD &</div>
  <pre class="computerOutput">
### Start Time: 2007-06-14 13:02:32
+ SUCCESS + Shutdown "sched.pl" (pid 5373) process
+ SUCCESS + Removed "sched.pl" from /etc/rc.d/rc.local
+ SUCCESS + Removed crontab entries
+ BEGIN  + Remove files/directories
+ SUCCESS + Removed directory: "/etc/inprotect"
+ SUCCESS + Removed directory: "/var/log/inprotect"
+ END    + Remove files/directories
+ BEGIN  + Removing symlinks
+ SUCCESS + Removed symlink: "/var/www/html/inprotect"
+ END    + Removing symlinks


+ BEGIN  + Updating MySQL Server
Here's a synopsis from the [http://www.nessus.org/documentation Nessus Installation Guide] describing what needs to be done to complete the installation:
+ SUCCESS + Dropped the inprotect database
+ SUCCESS + Removed inprotect user (if present) from MySQL user table
+ END    + Updating MySQL Server


+ BEGIN  + Verifying environment
* Register your Nessus installation at the [http://www.nessus.org/ Nessus] web site and receive your registration code via email.
+ SUCCESS + Able to adminster MySQL on this host
+ SUCCESS + MySQL server is running and we can administer
+ SUCCESS + The "sendmail" service is running
+ SUCCESS + Found or created directory: "/etc/inprotect"
+ SUCCESS + Created symlink: "/var/www/html/inprotect"
+ END    + Verifying environment


+ SUCCESS + Created config file: /etc/inprotect/inprotect.cfg
* Add one or more Nessus ''admin users'':
+ SUCCESS + Created config file: /etc/inprotect/config.php
+ BEGIN  + Updating MySQL Server
+ SUCCESS + Initialized "inprotect" database
+ SUCCESS + Enabled inprotect user to modify inprotect database
+ SUCCESS + Updated inprotect root login password
+ SUCCESS + Inserted this NST probe into nessus_servers table
+ SUCCESS + Updated Inprotect URL to: "https://192.168.0.249/inprotect"
+ END    + Updating MySQL Server


+ SUCCESS + Updated crontab entry
[root@rice ~]# /opt/nessus/sbin/nessus-adduser
+ NOTE    + crond is already running no need to start
Login : root
+ SUCCESS + Added "sched.pl" to /etc/rc.d/rc.local
Login password :
+ NOTE    + Started the "sched.pl" process
Login password (again) :  
+ NOTE    + Running: /usr/local/bin/updateplugins.pl ...
Do you want this user to be a Nessus 'admin' user ? (can upload plugins, etc...) (y/n) [n]: y
  *** The plugins that have the ability to crash remote services or hosts
User rules
have been disabled. You should activate them if you want your security
----------
audit to be complete
nessusd has a rules system which allows you to restrict the hosts
*** The plugins that have the ability to crash remote services or hosts
  that root has the right to test. For instance, you may want
have been disabled. You should activate them if you want your security
him to be able to scan his own host only.
audit to be complete
Please see the nessus-adduser manual for the rules syntax
Enter the rules for this user, and enter a BLANK LINE once you are done :
(the user can have an empty rules set)
Login            : root
Password        : ***********
This user will have 'admin' privileges within the Nessus server
Rules            :
Is that ok ? (y/n) [y] y
User added
[root@rice ~]#


*** inprotect setup complete.
* Register your system using the registration code you received via email.
***
*** You should now be able to use the inprotect package by pointing your
*** browser at:
***
***      https://192.168.0.249/inprotect
-------------------------------------------------------------
### End Time: 2007-06-14 13:16:16  Duration: +0000 00:11:50


</pre>
[root@rice ~]# /opt/nessus/bin/nessus-fetch --register "0123-4567-89AB-CDEF-FFFF"
  <div class="userInput"><span class="prompt">[root@probe ~]# </span></div>
Your activation code  has been registered properly - thank you.
</div>
Now fetching the newest plugin set from plugins.nessus.org...
Your Nessus installation is now up-to-date.
If auto_update is set to 'yes' in nessusd.conf, Nessus will
update the plugins by itself.
[root@rice ~]#  


* The above will take awhile to complete (it takes a long time to import all of the '''Nessus''' rules into '''Inprotect''').
* Start the '''nessusd''' service:


* After the '''Inprotect''' task completes, return to the "''Inprotect Management''" page and select the "''Use Inprotect Interface''" button.
[root@cayenne-e ~]# systemctl start nessusd.service
[root@cayenne-e ~]# systemctl status nessusd.service
nessusd.service - SYSV: Starts and stops the Nessus Scanner
  Loaded: loaded (/etc/rc.d/init.d/nessusd)
  Active: active (running) since Mon, 01 Aug 2011 17:19:12 -0400; 6s ago
Process: 7608 ExecStart=/etc/rc.d/init.d/nessusd start (code=exited, status=0/SUCCESS)
Main PID: 7612 (nessus-service)
  CGroup: name=systemd:/system/nessusd.service
  ├ 7612 /opt/nessus//sbin/nessus-service -q -D
  └ 7613 nessusd -q
[root@cayenne-e ~]#


* The '''Inprotect''' home page should indicate that there are more than 14000 plugins in the database (this is why it took so long to update '''Inprotect''').
* Connect to the Nessus server (change ''127.0.0.1'' to the IP address of your NST system if connecting remotely):


* If you have not setup '''Inprotect''' on a '''NST''' system before, proceed to the "''Inprotect Setup Guide''" at: "http://nst.sourceforge.net/nst/docs/inprotect/index.html".
firefox https://127.0.0.1:8834/


== Final Comments/References ==
= Optional Nessus Apps =


* If you want the ''nessusd'' service to start the next time you reboot the system, either run the ''chkconfig'' command from the command line, or use the "Services" page (found in the "Control Management" row in the "''System''" table of the WUI index).
== Nessus Android App ==


* If you want '''Inprotect''' to start the next time you reboot the system, enable the ''mysqld'', ''sendmail'', ''crond'' and ''ntpd'' services in addition to the ''nessusd'' service.
The full version of Nessus has web based interface. However, if you are interested, Nessus also has a free client ''app'' you can run under Android. See the [http://www.nessus.org/products/nessus/select-your-operating-system Nessus Downloads Page] for details.


* The '''Nessus''' web site: "http://www.nessus.org/".
== Nessus iPhone/iTouch App ==


* The '''Inprotect''' web site: "http://inprotect.sourceforge.net/".
The full version of Nessus has web based interface. However, if you are interested, Nessus also has a free client ''app'' you can run on a Apple iTouch or iPhone. To install the ''app'', search for "''Nessus''" in Apple's ''App Store''. The ''app'' will allow you to:


* If you have not setup '''Inprotect''' on a '''NST''' system before, proceed to the "''Inprotect Setup Guide''" at: "http://nst.sourceforge.net/nst/docs/inprotect/index.html".
* Connect to your Nessus server
* Run a ''Scan''
* View ''Reports''

Latest revision as of 16:21, 1 August 2011

Setting Up The NST System To Run Nessus

If you plan on running the free version of Nessus that comes with the NST distribution, then follow these steps to setup Nessus using the NST Web User Interface (WUI):

  • From the NST WUI menu bar, select System then Users & Passwords then NST Password.
  • On the NST Password page, scroll down to the General area under Clear Text Passwords.
  • Change the General clear text password to something you will remember and then press the Set General Password button. You will need to remember this password if you want to run the Nessus GUI client later.
  • From the NST WUI menu bar, select Security then Active Scanners then Nessus Management.
  • Press the Setup Nessus button.
  • After the Nessus set up completes, press the Exit button.
  • Press the Start button to start the nessusd service.
  • Press the Return button.
  • At this point the Nessus server should be set up and ready for use.
  • You can fill in a IP Address and press the Start Scan button to verify your setup is operational.

Reducing The Load Nessus Puts On The System

When Nessus scans systems, it can perform multiple tests on multiple hosts simultaneously. This can put a rather large load on your NST system. In addition to the large load on your system, if you are running from a Live CD on a system with too little RAM, its possible to run out of memory and lock your system.

You can reduce the load by adjusting the "max_hosts", "max_checks", and "be_nice" settings found in the "/etc/nessus/nessusd.conf" file. The following snip of the "/etc/nessus/nessusd.conf" file demonstrates values you might use to reduce the load:

# Maximum number of simultaneous hosts tested : 
max_hosts = 3

# Maximum number of simultaneous checks against each host tested : 
max_checks = 5

# Niceness. If set to 'yes', nessusd will renice itself to 10.
be_nice = yes

Determining The Password For The Nessus Client

If you use the Nessus client, you'll be required to enter a user name and password when you connect to the Nessus server. By default, you will need to enter root as the user ID and the value of NSTCTPASSWD found in /etc/nst.conf.

This password is not set by the nstpasswd script which is used to set many of the encrypted passwords found on they system. The Nessus client/server installation on the NST requires a "clear text" password so the Nessus scans can be run directly from the NST WUI.

The Nessus server uses the value of the NSTCTPASSWD variable found in /etc/nst.conf. If you don't want to edit the file by hand, you can use the grep and sed commands to examine and change the "clear text" password used by Nessus. All changes need to be done PRIOR to starting up Nessus server.

[root@probe root]# grep NSTCTPASSWD /etc/nst.conf
NSTCTPASSWD="shoth7pheigh"
[root@probe root]# sed -i -e 's/^NSTCTPASSWD=.*/NSTCTPASSWD="NEWPASSWORD"/' /etc/nst.conf
[root@probe root]# grep NSTCTPASSWD /etc/nst.conf
NSTCTPASSWD="NEWPASSWORD"
[root@probe root]#

Enabling Logging

We discovered that the Nessus daemon likes to create very large log and dump files under the /var/nessus/logs directory. Unfortunately, this can chew through a lot of RAM on a live boot of the NST and result in system lock ups. So, by default, we have disabled much of the Nessus logging capabilities in the template /etc/nessus/nessusd.conf configuration file.

If you are using a hard disk installation, you may want to adjust some of the logging related parameters in the /etc/nessus/nessusd.conf file. In particular, look for the logfile, log_whole_attack, log_plugins_name_at_load, and dumpfile parameters. The following shows a snippet from the /etc/nessus/nessusd.conf file as how these parameters are initially set on a NST system:

# Log file (or 'syslog') :                                                       
#logfile = /var/log/nessus/nessusd.messages                                      
logfile = /dev/null

# Shall we log every details of the attack ?                                     
log_whole_attack = no

# Log the name of the plugins that are loaded by the server ?                    
log_plugins_name_at_load = no

# Dump file for debugging output, use `-' for stdout                             
#dumpfile = /usr/local/var/nessus/logs/nessusd.dump                              
dumpfile = /dev/null

Running Nessus In A Virtual Machine

It is possible to run Nessus within the NST Virtual Machine. This has several advantages over a Live CD boot (permanent disk storage for one). However, you may notice a significant performance hit when running Nessus from within a virtual machine.

Registering A Nessus Installation

Using The NST WUI

The NST WUI allows you to specify your Nessus activation code when updating the Nessus rules. The activation code only needs to be specified the first time you update your rules (leave the field blank on subsequent updates).

Using The Command Line

After setting up Nessus on a NST probe with the local rule set, you may decide that they would like to register your Nessus installation. This will greatly increase the number of rules Nessus will have at its disposal. In order to register your Nessus installation, you will need to request a registration code from the Nessus web site (http://www.nessus.org). You will then need to run the nessus-fetch command as shown below:

[root@nic /]# nessus-fetch --register 9732-2C31-316C-7C06-5A32
Your activation code has been registered properly - thank you.
Now fetching the newest plugin set from plugins.nessus.org...
Your Nessus installation is now up-to-date.
Make sure to call regularly use the command 'nessus-update-plugins' to stay up-to-date
To automate the update process, please visit <http://www.nessus.org/documentation/index.php?doc=cron>


[root@nic /]# 

Keeping The Nessus Rules Up To Date

After registering your system with Nessus, there are several ways to keep you Nessus plugins up to date.

  • Use the NST WUI to update your Nessus plugins.
  • Run the nessus-update-plugins command to manually update the plugins.
  • Add a cron entry, or symbolic link to run the nessus-update-plugins command automatically (NOTE: the crond service must be running). The following would enable the updates once per day.
[root@nic ~] ln -s $(which nessus-update-plugins) /etc/cron.daily/
[root@nic ~] service crond start
Starting crond:                                            [  OK  ]
[root@nic ~] 


Upgrading To Nessus v4.2.2 (NST 2.13.0)

2010-Nov-11: This section describes the steps taken to install Nessus v4.2.2 onto a hard disk installation of NST v2.13.0. As software releases will change more quickly than this document, be aware that you may need to make adjustments.


Nessus offers enhanced versions of the Nessus Vulnerability Scanner software which we are not permitted to include in the NST distribution. However, you can download and install this enhanced version of the Nessus Vulnerability Scanner software yourself.

Caveats

There are some issues with upgrading to the full version of Nessus:

  • You will not be able to use the NST WUI to manage your Nessus installation. However, if your nstwui package is up to date, it should redirect your browser to the web server interface provided by the new Nessus installation.
  • The installation will require the removal of the Open Source version of the Nessus packages which will also trigger the removal of the nst-live package. This is not a major issue as this is a pseudo package which forces the installation of optional and replaceable packages included in the NST distribution.

Download Nessus

The first step to upgrading the Nessus software is to download the necessary package from the Nessus web site.

  • Determine if your NST system is a 32 bit or 64 bit installation. Run the command below, if it reports i686 it indicates you have a 32 bit installation. If it reports x86_64 it indicates that you have a 32 bit installation.
[root@probe ~]# uname -m
i686
[root@probe ~]# 
  • Go to the Nessus web site (http://www.nessus.org/) and download the Linux package for Fedora 12/13. Pick the 32 bit version if you have a 32 bit NST installation. Pick the 64 bit version if you have a 64 bit NST installation.

Remove The Open Source Version of Nessus

Before removing the Open Source version of Nessus from your NST system, it is recommended to make sure that all of the packages on your NST system are up to date. This is recommended because of a refactoring of package dependencies after the NST 2.13.0 release.

[root@cayenne ~]# yum update

... Lot's of output as your system is brought up to date ...

[root@cayenne ~]# 

Before installing the updated version of Nessus, you need to remove the Open Source version included with the NST distribution:

[root@cayenne ~]# yum remove nessus-core nessus-libraries

... Lot's of output as dependencies are checked ...

Dependencies Resolved
 
=================================================================================
 Package              Arch     Version             Repository               Size
=================================================================================
Removing:
 nessus-core          i686     2.2.11-5.fc12       @released/$releasever   167 k
 nessus-libraries     i686     2.2.11-3.fc12       @released/$releasever   169 k
Removing for dependencies:
 libnasl              i686     2.2.11-7.fc12       @released/$releasever   455 k
 nessus-client        i686     2.2.11-5.fc12       @released/$releasever   228 k
 nessus-gui           i686     2.2.11-5.fc12       @released/$releasever   590 k
 nessus-plugins-gpl   i686     2.2.11-3.nst13      @NstRepo/$releasever    4.0 M
 nessus-server        i686     2.2.11-5.fc12       @released/$releasever   515 k
 nst-live             noarch   2.13.0-33.nst13     @NstRepo/$releasever    0.0  

Transaction Summary
=================================================================================
Remove        8 Package(s)

Installed size: 6.1 M
Is this ok [y/N]: y

... More output as packages are removed ...

Complete!
[root@cayenne ~]#

Install The Nessus RPM

After removing the Open Source version of Nessus that comes with the NST distribution, you can use the yum command to install the RPM file you downloaded from the Nessus web site. Using the yum command instead of the rpm command will enable the download and installation of any other package dependencies.

[root@cayenne ~]# yum --nogpgcheck localinstall /tmp/Nessus-4.2.2-fc12.i386.rpm 

... Dependency check output ...

=================================================================================
 Package      Arch       Version             Repository                     Size
=================================================================================
Installing:
 Nessus       i386       4.2.2-fc12          /Nessus-4.2.2-fc12.i386        11 M

Transaction Summary
=================================================================================
Install       1 Package(s)

Total size: 11 M
Installed size: 11 M
Is this ok [y/N]: y

... Installation output ...

Installed:
  Nessus.i386 0:4.2.2-fc12                                                       

Complete!
[root@cayenne ~]# 

Set Up

At this point you will need to configure and set up Nessus on your NST system. You can follow the excellent Nessus Documentation to complete the installation. When reading the documentation remember to think of your NST system as being referenced as a Fedora 13 or Fedora Core 13 system in the Nessus documentation.

Here's a synopsis from the Nessus Installation Guide describing what needs to be done to complete the installation:

  • Register your Nessus installation at the Nessus web site and receive your registration code via email.
  • Add one or more Nessus admin users:
[root@rice ~]# /opt/nessus/sbin/nessus-adduser 
Login : root
Login password : 
Login password (again) : 
Do you want this user to be a Nessus 'admin' user ? (can upload plugins, etc...) (y/n) [n]: y
User rules
----------
nessusd has a rules system which allows you to restrict the hosts
that root has the right to test. For instance, you may want
him to be able to scan his own host only.

Please see the nessus-adduser manual for the rules syntax

Enter the rules for this user, and enter a BLANK LINE once you are done : 
(the user can have an empty rules set)



Login             : root
Password         : ***********
This user will have 'admin' privileges within the Nessus server
Rules             :
Is that ok ? (y/n) [y] y
User added
[root@rice ~]# 
  • Register your system using the registration code you received via email.
[root@rice ~]# /opt/nessus/bin/nessus-fetch --register "0123-4567-89AB-CDEF-FFFF"
Your activation code  has been registered properly - thank you.
Now fetching the newest plugin set from plugins.nessus.org...
Your Nessus installation is now up-to-date.
If auto_update is set to 'yes' in nessusd.conf, Nessus will
update the plugins by itself.
[root@rice ~]# 
  • Start the nessusd service:
[root@rice ~]# service nessusd start
Starting Nessus services: 
[root@rice ~]# service nessusd status
nessusd (pid 19369) is running...
[root@rice ~]# 
  • Connect to the Nessus server (change 127.0.0.1 to the IP address of your NST system if connecting remotely):
firefox https://127.0.0.1:8834/

Upgrading To Nessus v4.4.1 (NST 2.15.0)

2011-Aug-1: This section describes the steps taken to install Nessus v4.4.1 onto a hard disk installation of NST v2.15.0. As software releases will change more quickly than this document, be aware that you may need to make adjustments.


Nessus offers enhanced versions of the Nessus Vulnerability Scanner software which we are not permitted to include in the NST distribution. However, you can download and install this enhanced version of the Nessus Vulnerability Scanner software yourself.

Caveats

There are some issues with upgrading to the full version of Nessus:

  • You will not be able to use the NST WUI to manage your Nessus installation. However, if your nstwui package is up to date, it should redirect your browser to the web server interface provided by the new Nessus installation.


Download Nessus

The first step to upgrading the Nessus software is to download the necessary package from the Nessus web site.

  • Determine if your NST system is a 32 bit or 64 bit installation. Run the command below, if it reports i686 it indicates you have a 32 bit installation. If it reports x86_64 it indicates that you have a 32 bit installation.
[root@probe ~]# uname -m
i686
[root@probe ~]# 
  • Go to the Nessus web site (http://www.nessus.org/) and download the Linux package for Fedora 14. Pick the 32 bit version if you have a 32 bit NST installation. Pick the 64 bit version if you have a 64 bit NST installation.

Remove The Open Source Version of Nessus

The NST 2.15.0 release no longer includes the open source version of Nessus as it has become dated (OpenVAS was added as the open source replacement in 2.15.0). However, if you have installed any of the nessus packages by hand, you should remove them before upgrading to 4.4.1. Use the following command to determine if you have any of the Nessus packages installed:

[root@cayenne ~]# rpm -qa | grep nessus
[root@cayenne ~]# 

If you see any packages listed in the above output, use yum remove to remove them from your NST system.

Install The Nessus RPM

After removing the Open Source version of Nessus that comes with the NST distribution, you can use the yum command to install the RPM file you downloaded from the Nessus web site. Using the yum command instead of the rpm command will enable the download and installation of any other package dependencies.

[root@cayenne ~]# yum --nogpgcheck install /tmp/Nessus-4.4.1-fc14.i386.rpm 

... Dependency check output ...

========================================================================================
 Package        Arch         Version              Repository                       Size
========================================================================================
Installing:
 Nessus         i386         4.4.1-fc14           /Nessus-4.4.1-fc14.i386          25 M

Transaction Summary
========================================================================================
Install       1 Package(s)

Total size: 25 M
Installed size: 25 M
Is this ok [y/N]: y

... Installation output ...

All plugins loaded
 - Please run /opt/nessus//sbin/nessus-adduser to add a user
 - Register your Nessus scanner at http://www.nessus.org/register/ to obtain
   all the newest plugins
 - You can start nessusd by typing /sbin/service nessusd start


Installed:
  Nessus.i386 0:4.4.1-fc14                                      
 
Complete!
[root@cayenne ~]# 

Set Up

At this point you will need to configure and set up Nessus on your NST system. You can follow the excellent Nessus Documentation to complete the installation. When reading the documentation remember to think of your NST system as being referenced as a Fedora 14 or Fedora Core 14 system in the Nessus documentation.

Here's a synopsis from the Nessus Installation Guide describing what needs to be done to complete the installation:

  • Register your Nessus installation at the Nessus web site and receive your registration code via email.
  • Add one or more Nessus admin users:
[root@rice ~]# /opt/nessus/sbin/nessus-adduser 
Login : root
Login password : 
Login password (again) : 
Do you want this user to be a Nessus 'admin' user ? (can upload plugins, etc...) (y/n) [n]: y
User rules
----------
nessusd has a rules system which allows you to restrict the hosts
that root has the right to test. For instance, you may want
him to be able to scan his own host only.

Please see the nessus-adduser manual for the rules syntax

Enter the rules for this user, and enter a BLANK LINE once you are done : 
(the user can have an empty rules set)



Login             : root
Password         : ***********
This user will have 'admin' privileges within the Nessus server
Rules             :
Is that ok ? (y/n) [y] y
User added
[root@rice ~]# 
  • Register your system using the registration code you received via email.
[root@rice ~]# /opt/nessus/bin/nessus-fetch --register "0123-4567-89AB-CDEF-FFFF"
Your activation code  has been registered properly - thank you.
Now fetching the newest plugin set from plugins.nessus.org...
Your Nessus installation is now up-to-date.
If auto_update is set to 'yes' in nessusd.conf, Nessus will
update the plugins by itself.
[root@rice ~]# 
  • Start the nessusd service:
[root@cayenne-e ~]# systemctl start nessusd.service
[root@cayenne-e ~]# systemctl status nessusd.service
nessusd.service - SYSV: Starts and stops the Nessus Scanner
	  Loaded: loaded (/etc/rc.d/init.d/nessusd)
	  Active: active (running) since Mon, 01 Aug 2011 17:19:12 -0400; 6s ago
	 Process: 7608 ExecStart=/etc/rc.d/init.d/nessusd start (code=exited, status=0/SUCCESS)
	Main PID: 7612 (nessus-service)
	  CGroup: name=systemd:/system/nessusd.service
		  ├ 7612 /opt/nessus//sbin/nessus-service -q -D
		  └ 7613 nessusd -q
[root@cayenne-e ~]# 
  • Connect to the Nessus server (change 127.0.0.1 to the IP address of your NST system if connecting remotely):
firefox https://127.0.0.1:8834/

Optional Nessus Apps

Nessus Android App

The full version of Nessus has web based interface. However, if you are interested, Nessus also has a free client app you can run under Android. See the Nessus Downloads Page for details.

Nessus iPhone/iTouch App

The full version of Nessus has web based interface. However, if you are interested, Nessus also has a free client app you can run on a Apple iTouch or iPhone. To install the app, search for "Nessus" in Apple's App Store. The app will allow you to:

  • Connect to your Nessus server
  • Run a Scan
  • View Reports