Installing and Using Nessus 4.2.2: The Basics Part 1

[JellyBelly]

Installing and Running Nessus 4.2.2: The Basics

Nessus is now no longer using the Nessus Client as in previous versions.
It uses a Web Interface to set up, scan and view reports.

To download the Nessus package:
Tenable Network Security

Choose Linux. > Accept the agreement. > Choose the version that is for your distribution.

You'll want to choose "Nessus-4.2.2-ubuntu810_i386" if your using Backtrack


To install:

Code:

root@bt~# dpkg --install Nessus-4.2.2-ubuntu810_i386.deb

Now you will need to add a user to use Nessus:

Code:

root@bt~# /opt/nessus/sbin/nessus-adduser

You are going to enter a login name and then a password for logging in to Nessus:

Code:

Login: (type what you want for a name)
Authentication <enter>
Login Password: (Create a Password)
Login Password: (Repeat)
Do you want this Nessus user to be an "admin" user? yes <Enter>
(Leave the rules blank) <Enter>
This user will have "admin" privileges on the Nessus server
Is this O.K.? Yes <Enter>
user added

You will now have to register to get the plugin feed:
Tenable Network Security

Accept the agreement. > Enter an E-mail address to recieve a key.
In the E-mail sent to you will be a path with the key added to it, copy that and paste in console.

Code:

root@bt~# /opt/nessus/bin/nessus-fetch --register <your key# here>

To start the Nessus server:

Code:

root@bt~# /etc/init.d/nessusd start

To stop the Nessus server:

Code:

root@bt~# /etc/init.d/nessusd stop

Now, isn't that simple?

The Web Interface.

Remember, there is no longer a Nessus Client.

Open your favorite browser and type in the address bar:

Code:

https://127.0.0.1:8834

(don't forget the "s" in https)
Note: If using Firefox with Noscript, make sure you allow the address to view the Nessus Web Interface.

You will now be shown the login access page.



Once you have entered your user name and password you will be taken to the Nessus web interface.
The default view is Reports.

Before scanning you must configure a few things:
Click Policies > + Add



Policies
1. Enter a Name.
2. In Port Scanners check all that apply.
3. In Port Scan Options you can leave it at default or choose a range for faster scanning.
4. Click Next



Credentials
1. Click Next

JellyBelly

[Archangel-Amael]

Nice first post. Good share.

[JellyBelly]

Installing and Running Nessus 4.2.2: The Basics Part 2


Note: Due to the settings in the Forum I had to multi post this How to.



Plugins
1. If you know a specific plugin you can filter by name.
I left it default blank.
2. Click Enable All
3. Click Next



Preferences
You can leave this default.
1. Click Submit

Now we have a policy to run a scan with.



Now we are ready to Run a Scan against targets.
Click Scans > + Add



Launch a Scan
1. Enter a Name for the network.
2. Leave type as default "Run Now"
3. Policy: Choose the policy name from the drop down box you created earlier.
4. Enter your Scan Targets.
5. Click Launch Scan

Thanks Archangel-Amael,

JellyBelly

[JellyBelly]

Note: This is the final part to complete the Basics of installing and scanning with nessus.



scan Status
1. Give it some time to finish scanning.
2. Click Reports when finished scanning.
3. Highlight the report for the network you scanned
4. Click Browse



1. Click on the IP you want more info about.



Oh No!
There is a vulnerability in BT4 involving Mono and XSS allowing privilege escalation?
No problem! Nessus offers a solution to fix it.
The solution is to upgrade to Ubuntu 9.04.



Happy scanning,

JellyBelly

[purehate]

Jellybelly, please scale the pictures in your post to a reasonable size or I will be forced to remove them. The pictures are to big and blow out the side of every browser.

[JellyBelly]

Done.

It was detracting some. I had made a note to fix it.
Got myself the FF add-on MeasureIt to help me.

Thanks

[SeekNDestroy]

Very good post! Thank You!

[frostbyt3]

JellyBelly
Thanks for a nice tutorial. I tried installing Nessus on my back|track 4 VM, & also my Ubuntu 10.04 VM. My problem lies with going to the local host address. I can't seem to bring the page up in either of my browsers. What could I be doing wrong?

And for the record I do have the server running..

Code:

 /etc/init.d/nessusd start

And I have changed NoScript to allow the address.

Any help is greatly appreciated.
Thanks.

[whitelisted]

Great post JellyBelly.

I'd also recommend editing /opt/nessus/etc/nessus/nessusd.conf so that the line "auto_update = yes" is commented, and "listen_address" is set to "127.0.0.1" so as to restrict access to your nessus instance from the network.

[macphail]

solid intro to the new interface, jelly.
thanx!