Nessus

From MediaWiki
Revision as of 10:51, 14 June 2007 by Paul Blankenbaker (talk | contribs) (Starting and verifying nessus server)
Jump to navigationJump to search

Upgrading To Nessus v3.0.5

The Nessus license does not permit v3.0.5 to be included in the NST distribution. The following provides the steps necessary to upgrade a NST system to Nessus v3.0.5.

Requirements

  • Registration at the Nessus site.
  • A hard disk installation of NST v1.5.0 (a virtual hard disk installation will work - but is not optimal).


Caveats

  • The "html_graph" option is no longer available as an output method (performing Nessus scans using the NST WUI will still be possible, but a little awkward).
  • The upgrade disables the X GUI Nessus client. You will need to download a separate Nessus client package if you need this feature (the new client does not need to be installed on the NST system - a Windows version is available as well).
  • You may need to setup Inprotect by running the nstinprotect script outside of the NST WUI (it takes so long for the Inprotect setup to complete with a full Nessus install, that the installation may fail to complete before the loading of the page times out).

Instructions

Register At the Nessus Site

In order to install Nessus v3.0.5, you will need to register at the Nessus web site. Once registered, you will be able to download the necessary RPM and you will receive a activation code via email which will be used to activate your installation.

Download RPM and Copy To NST

Unfortunately, you will need to download and copy the appropriate RPM for Nessus to the: "/tmp" directory on your NST system by hand (this is due to the fact that you need to register at the Nessus site). Here are the steps which you will need to follow:

  • From the pull down list, select "Nessus 3.0.5 for Linux" and press the "Download" button.
  • Complete the registration process (use a working email address when you register as you will need the registration code later).
  • Download the file: "Nessus-3.0.5-fc5.i386.rpm".
  • Transfer the downloaded file to the: "/tmp" directory on your NST system.

After completing this step, you should see results similar to those shown below on your NST system:

After Downloading RPM
[root@probe ~]# ls -l /tmp/Nessus*
-rw-r--r-- 1 root root 8053747 Jun 14 08:39 /tmp/Nessus-3.0.5-fc5.i386.rpm
[root@probe ~]#

Update Your NST WUI

We are going to be using a automated patch/update script to extract, install and update files from the Nessus RPM we downloaded onto the NST system. Before proceeding to the "NST System Patch Management" page, one should make sure that they have the most recent version of the NST WUI installed on the system.

  • From the main NST WUI index page, locate the "Downloads & Updates" row in the "System" table and select the "NST WUI Updates" link.
  • Select the radio button next to the: "v1.5.0" choice.
  • Press the: "Download/Install NST WUI Management Interface" button.
  • This will download the latest version of the NST WUI and restart the web server on your NST system. NOTE: This might cause processes launched directly from the NST WUI to terminate and you may need to restart them.
  • You may need to force your browser to reload the updated CSS and JavaScript files after the NST WUI update (on Firefox, hold down the Shift key while pressing the browser Reload button).

After the installation completes, you should be ready to proceed to updating your NST system.

Install System Update: U200706131

A update (U200706131) has been provided that will complete the installation of the Nessus RPM onto the NST system. Here are the steps you need to follow to install the update:

  • From the main NST WUI Index, locate the "Downloads & Updates" row in the "System" table and select the "NST System Patch Management" link.
  • From the "NST System Patch Management" page, press the: "Retrieve/Update Patch Information" button near the bottom of the page (this will download the latest list of available patches and updates for your NST system).
  • After the download completes, you should see update: "U200706131" listed in your patch table.
  • Select the radio button next to update: "U200706131" and press the "Patch NST System" button found below the table of available patches/updates.
  • Depending upon the speed of your NST system, the update may take a few moments to complete - be patient (DO NOT HIT YOUR BROWSER'S RELOAD BUTTON)!
  • At the bottom of the output (showing the results of applying the update), one should see an indication that the update completed successfully (if it failed, it means that you downloaded the wrong RPM from the Nessus site, or did not copy it to the appropriate location).

Setup/Start Nessus

At this point, you should be able to setup and start the Nessus server:

  • On the main NST WUI index page, locate the "Active Scanners" row in the "Security" table and select the "Nessus Management" link.
  • From the "Nessus Management" page, scroll to the "Setup & Start Nessus" section, set the Options to: "-v -rdir /var/nst" and press the: "Start Nessus" button.
  • Wait for Nessus to come up (you will see a "Nessus Starting/Busy" section on the "Nessus Management" page until Nessus is ready).
  • Once Nessus is ready (it can seem to take forever the first time), locate the Activation Code you received from the Nessus site after registration. It has the form: "D733-779D-BD5E-DBB9-8913".
  • Locate the "Update Nessus Plugins" section on the "Nessus Management" page and enter your Activation Code into the field provided and press the: "Update Plugins" button.
  • Be patient as the Nessus plugins are updated.

Run A Test Nessus Scan

At this point the Nessus server should be fully initialized and ready for use on the NST system. To verify that it is working, perform a quick Nessus scan of the NST system itself.

  • Scroll to the "Run Nessus Scans" section on the "Nessus Management Page".
  • Enter a Address of: "127.0.0.1".
  • Enter the Options of: "-V -x -T html". NOTE: The "html_graph" option is not available in v3.0.5 of Nessus, so make sure you specified the options shown here as they won't match the default options on the page!
  • Press the: "Start Scan" button.

It will take awhile for the scan to complete. You can press the "Refresh" button as you wait for it to complete. Once it completes, you will see a new section titled: "Unknown Results" and it will contain a single button: "View /var/nst/nessus/results". The results are "Unknown" as the "html" output option was specified and the NST WUI is only designed to work with the "html_graph" output. However, you can still view the results:

  • Select the: "View /var/nst/nessus/results" button.
  • From the NST File Viewer page, select the "Browse" button.
  • You should be taken to a HTML page showing the results of the Nessus scan.

If you were able to find the results, congratulations, you have just verified that your Nessus server is running.

Final Comments