Nessus

Nessus is the defacto Open-source vulnerability scanner utilised within the IT Security industry today.  The reasons for this, there are many but the main ones are:

• Extensible with multiple platform support and ability to target all OS.

• Regularly updated as and when new vulnerabilities are discovered.

• Free (albeit the registered version gives you a 7 day lead on new released plug-ins and a number of extra add-ons).

I believe that Nessus has become more enterprise, (commercially), orientated and as such is tailoring its product to a centralised server product that allows connection from multiple clients on disparate OS.

The product has now been split into two separate parts, nessusd and NessusClient.

Installation:

Nessus is available to download after prior registration from the main Nessus site and a number of mirrors.

You need to install both the server and client parts of this product, (In this case Nessus3 for RedHat Enterprise 3 on a Fedora Core 1 client and Nessus Client RC2:

root@FC1]# rpm -ivh Nessus-3.1.3-fc6.i386.rpm

Preparing... ########################################### [100%]

1:Nessus ########################################### [100%]

**** This host seems to be running under VMware.

**** Nessus performance is abysmal when running under VMware

**** We do not recommend you use this setup in production

nessusd (Nessus) 3.0.0. for Linux

(C) 2005 Tenable Network Security, Inc.

Processing the Nessus plugins...

[##################################################]

All plugins loaded

- Please run /opt/nessus/sbin/nessus-add-first-user to add an admin user

- Register your Nessus scanner at http://www.nessus.org/register/ to obtain all the newest plugins

- You can start nessusd by typing /sbin/service nessusd start

After installing the main rpm, you next have to add your first (administrative user):

[root@FC1]# /opt/nessus/sbin/nessus-add-first-user

nessusd (Nessus) 3.1.3 for Linux

(C) 2007 Tenable Network Security, Inc.

Using /var/tmp as a temporary file holder

Add a new nessusd user

----------------------

Login : admin

Authentication (pass/cert) [pass] : pass

Login password :

Login password (again) :

User rules

----------

nessusd has a rules system which allows you to restrict the hosts that admin has the right to test. For instance, you may want him to be able to scan his own host only.

Please see the nessus-adduser(8) man page for the rules syntax

Enter the rules for this user, and hit ctrl-D once you are done :

(the user can have an empty rules set)

Login : admin

Password : ***********

DN :

Rules :

The rules can restrict a user to a particular submit etc.

Is that ok ? (y/n) [y]

user added.

Thank you. You can now start Nessus by typing :

/opt/nessus//sbin/nessusd -D

[root@FC1]# /opt/nessus/sbin/nessusd -D

nessusd (Nessus) 3.1.3 for Linux

(C) 2007 Tenable Network Security, Inc.

Processing the Nessus plugins...

[##################################################]

All plugins loaded

Now to add the client to enable it to talk to the Nessus server:

[root@FC1]rpm -ivh NessusClient-3.1.3.i386.rpm

[root@FC1]cd NessusClient-version

or dependant on what process you are using to build from:

[root@FC1]tar -zxvf NessusClient-version.tar.gz

[root@FC1]cd NessusClient-version

[root@FC1]./configure & make && make install

--------------------------------------------------------------

NessusClient has been successfully installed.

--------------------------------------------------------------

[root@FC1 NessusClient-version]# ./nessus-mkcert-client

Do you want to register the users in the Nessus server as soon as you create their certificates? (y/n): y

This script will now ask you the relevant information to create the SSL client certificates for Nessus.

Client certificates life time in days [365]: 365

Your country (two letter code) [FR]:gb

Your state or province name [none]:

Your location (e.g. town) [Paris]:london

Your organization [none]: vulnerabilityassessment.co.uk

Your organizational unit [none]:

**********

We are going to ask you some question for each client certificate.

If some question has a default answer, you can force an empty answer by entering a single dot '.'

*********

User #1 name (e.g. Nessus username):admin1

Client certificates life time in days [365]:365

Country (two letter code) [gb]:gb

State or province name []:

Location (e.g. town) [london]:

Organization [vulnerabilityassessment.co.uk]:

Organization unit []:

e-Mail []:

Generating RSA private key, 1024 bit long modulus

......++++++

......................++++++e is 65537 (0x10001)

You are about to be asked to enter information that will be incorporated into your certificate request. What you are about to enter is what is called a Distinguished Name or a DN. There are quite a few fields but you can leave some blank For some fields there will be a default value, If you enter '.', the field will be left blank.

-----

Country Name (2 letter code) [FR]:State or Province Name (full name) [Some-State]:Locality Name (eg, city) []:Organization Name (eg, company) [Internet Widgits Pty Ltd]:Organizational Unit Name (eg, section) []:Common Name (eg, your name or your server's hostname) []:Email Address []:Using configuration from /tmp/nessus-mkcert.5751/stdC.cnf

Check that the request matches the signature

Signature ok

The Subject's Distinguished Name is as follows

countryName :PRINTABLE:'gb'

localityName :PRINTABLE:'london'

organizationName :PRINTABLE:'vulnerabilityassessment.co.uk'

commonName :PRINTABLE:'admin1'

Certificate is to be certified until Dec 29 06:37:32 2007 GMT (365 days)

Write out database with 1 new entries

Data Base Updated

User rules

----------

nessusd has a rules system which allows you to restrict the hosts that has the right to test. For instance, you may want him to be able to scan his own host only.

Please see the nessus-adduser(8) man page for the rules syntax.

Enter the rules for this user, and hit ctrl-D once you are done:

(the user can have an empty rules set)

User added to Nessus.

Another client certificate? (y/n) n

Your client certificates are in /tmp/nessus-mkcert.5751.

You will have to copy them by hand.

To start the Nessus client type NessusClient. 

Note:- You may want to add the path to this in your path statement if it does not work out of the box

For easy point and click, use the scan assistant button on the left (looks like a lifebelt).  This walks you through setting up a new task, scope, a target and finally allows you to execute the scan:

The certificate should be displayed to you the first time the connection runs and is then stored.

A port scan will be carried out together with all plug-ins selected.  (You can amend the plug-ins in Global Settings)

Results

Here are examples of reports provided by Nessus when scanning a Windows XP Home client and a Fedora Core host