Nessus

From NST Wiki
Revision as of 11:08, 14 June 2007 by Paul Blankenbaker (talk | contribs) (Caveats)
Jump to navigationJump to search

Upgrading To Nessus v3.0.5

The Nessus license does not permit v3.0.5 to be included in the NST distribution. The following provides the steps necessary to upgrade a NST system to Nessus v3.0.5.

Requirements

  • Registration at the Nessus site.
  • A hard disk installation of NST v1.5.0 (a virtual hard disk installation will work - but is not optimal).


Caveats

  • The "html_graph" option is no longer available as an output method (performing Nessus scans using the NST WUI will still be possible, but a little awkward).
  • The upgrade disables the X GUI Nessus client. You will need to download a separate Nessus client package if you need this feature.
  • You may need to setup Inprotect by running the nstinprotect script outside of the NST WUI (it takes so long for the Inprotect setup to complete with a full Nessus install, that the installation may fail to complete before the loading of the page times out).

Instructions

Register At the Nessus Site

In order to install Nessus v3.0.5, you will need to register at the Nessus web site. Once registered, you will be able to download the necessary RPM and you will receive a activation code via email which will be used to activate your installation.

Download RPM and Copy To NST

Unfortunately, you will need to download and copy the appropriate RPM for Nessus to the: "/tmp" directory on your NST system by hand (this is due to the fact that you need to register at the Nessus site). Here are the steps which you will need to follow:

  • From the pull down list, select "Nessus 3.0.5 for Linux" and press the "Download" button.
  • Complete the registration process (use a working email address when you register as you will need the registration code later).
  • Download the file: "Nessus-3.0.5-fc5.i386.rpm".
  • Transfer the downloaded file to the: "/tmp" directory on your NST system.

After completing this step, you should see results similar to those shown below on your NST system:


After Downloading RPM
[root@probe ~]# ls -l /tmp/Nessus*
-rw-r--r-- 1 root root 8053747 Jun 14 08:39 /tmp/Nessus-3.0.5-fc5.i386.rpm
[root@probe ~]#

Update Your NST WUI

We are going to be using a automated patch/update script to extract, install and update files from the Nessus RPM we downloaded onto the NST system. Before proceeding to the "" page, one should make sure that they have the most recent version of the NST WUI installed on the system.

  • From the main NST WUI index page, locate the "Downloads & Updates" row in the "System" table and select the "NST WUI Updates" link.
  • Select the radio button next to the: "v1.5.0" choice.
  • Press the: "Download/Install NST WUI Management Interface" button.
  • This will download the latest version of the NST WUI and restart the web server on your NST system.
  • You may need to force your browser to reload the updated CSS and JavaScript files after the NST WUI update (on Firefox, hold down the Shift key while pressing the browser Reload button).

After the installation completes, you should be ready to proceed to updating your NST system.

Install System Update: U200706131

A update (U200706131) has been provided that will complete the installation of the Nessus RPM onto the NST system. Here are the steps you need to follow to install the update:

  • From the main NST WUI Index, locate the "Downloads & Updates" row in the "System" table and select the "NST System Patch Management" link.
  • From the "NST System Patch Management" page, press the: "Retrieve/Update Patch Information" button near the bottom of the page (this will download the latest list of available patches and updates for your NST system).
  • After the download completes, you should see update: "U200706131" listed in your patch table.
  • Select the radio button next to update: "U200706131" and press the "Patch NST System" button found below the table of available patches/updates.
  • At the bottom of the output (showing the results of applying the update), one should see an indication that the update completed successfully (if it failed, it means that you downloaded the wrong RPM from the Nessus site, or did not copy it to the appropriate location).

Setup/Start Nessus Via WUI

Run Test Nessus Scan

Final Comments