Paket von http://nessus.org herunterladen, installieren, registrieren und Plugins laden:
Wähle vormals abgewähltes Paket nessus. (Lese Datenbank ... 178675 Dateien und Verzeichnisse sind derzeit installiert.) Entpacke nessus (aus .../Nessus-4.2.0-ubuntu910_i386.deb) ... Richte nessus ein (4.2.0) ... nessusd (Nessus) 4.2.0 [build K9080] for Linux (C) 1998 - 2009 Tenable Network Security, Inc. - Please run /opt/nessus/sbin/nessus-adduser to add a user - Register your Nessus scanner at http://www.nessus.org/register/ to obtain all the newest plugins - You can start nessusd by typing /etc/init.d/nessusd start Verarbeite Trigger für ureadahead ... ureadahead will be reprofiled on next reboot
# /opt/nessus/sbin/nessus-adduser Login : nessusadmin Login password : Login password (again) : Do you want this user to be a Nessus 'admin' user ? (can upload plugins, etc...) (y/n) [n]: y User rules ---------- nessusd has a rules system which allows you to restrict the hosts that vp has the right to test. For instance, you may want him to be able to scan his own host only. Please see the nessus-adduser manual for the rules syntax Enter the rules for this user, and enter a BLANK LINE once you are done : (the user can have an empty rules set) Login : nessusadmin Password : *********** This user will have 'admin' privileges within the Nessus server Rules : Is that ok ? (y/n) [y] y User added #
Die Path-Variabel muss (zumindest bei Ubuntu) erweitert werden:
export PATH="${PATH}:/opt/nessus/bin:/opt/nessus/sbin"
Auf http://www.nessus.org/register/ kann man sich gratis eine Home-Lizenz registrieren.
Dann muss man den Anweisungen im Mail folgen.
Die RC-Datei herunterladen lassen bzw. manuell herunterladen und konfigurieren.
Plugins herunterladen & ins Verzeichnis '/opt/nessus/lib/nessus/plugins'' wechseln. Darin das tgz auspacken:
# tar -vxf /pfad/zum/all-2.0.tar.gz
Serice starten:
# /etc/init.d/nessusd start
Datei: /opt/nessus/etc/nessus/nessusd.conf
... # Automatic plugins updates - if enabled and Nessus is registered, then # fetch the newest plugins from plugins.nessus.org automatically. Disable # if the scanner is on an isolated network not able to reach the Internet. #auto_update = yes auto_update = no ...
# nessus-mkcert
-------------------------------------------------------------------------------
Creation of the Nessus SSL Certificate
-------------------------------------------------------------------------------
This script will now ask you the relevant information to create the SSL
certificate of Nessus. Note that this information will *NOT* be sent to
anybody (everything stays local), but anyone with the ability to connect to your
Nessus daemon will be able to retrieve this information.
CA certificate life time in days [1460]: 1460
Server certificate life time in days [365]: 1460
Your country (two letter code) [US]: CH
Your state or province name [NY]: ZH
Your location (e.g. town) [New York]: Zuerich
Your organization [Nessus Users United]: Meins
This host name [servername]: localhost
Congratulations. Your server certificate was properly created.
The following files were created :
. Certification authority :
Certificate = /opt/nessus//com/nessus/CA/cacert.pem
Private key = /opt/nessus//var/nessus/CA/cakey.pem
. Nessus Server :
Certificate = /opt/nessus//com/nessus/CA/servercert.pem
Private key = /opt/nessus//var/nessus/CA/serverkey.pem
#
Seit Version 4.2 ist kein Client mehr nötig. Als dient jetzt Firefox 3.5 oder Internetexporer 8 mit Flash.
Kleine Anleitung: http://www.youtube.com/watch?v=3RgOtjv4v8E
Paket von http://nessus.org herunterladen und installieren:
Wähle vormals abgewähltes Paket nessusclient. (Lese Datenbank ... 178732 Dateien und Verzeichnisse sind derzeit installiert.) Entpacke nessusclient (aus .../NessusClient-4.0.2-ubuntu810_i386.deb) ... Richte nessusclient ein (4.0.2) ... Verarbeite Trigger für desktop-file-utils ...