Staying Secure with Nessus Vulnerability Scanner

This is a simple walk through guide to installing nessus, configuring nessus, and running the popular Nessus Vulnerability Scanner on Linux. From the Nessus website: Nessus is the world’s most popular vulnerability scanner used in over 75,000 organizations world-wide. Many of the world’s largest organizations are realizing significant cost savings by using Nessus to audit business-critical enterprise devices and applications. I use Nessus on a weekly basis to scan my servers and desktop machines, both Windows and Linux, for vulnerabilities. It has proved to be a vital tool for me personally and professionally, while not costing me a dime.

The distribution used in this document is Slackware 11.0 on a custom kernel. While it is possible and sometimes needed to install Nessusd on a ‘server’ and NessusClient on a ‘workstation’, in this document, we go over installing Nessusd and NessusClient both on the same machine.

Installing Nessus 2.2.9:

For the most part, you will want to refer to the Nessus installation documents provided on the Nessus website. However, the easiest way to get Nessus installed is to download the installer that is suitable for all Unix systems. Visit the Nessus website and download the file. Once downloaded, execute it by typing:

root@foo:~# sh

After completing the installation, you will want to create a certificate as well as add a nessusd user.

adam@foo:~$ nessus-mkcert

follow on screen instructions

adam@foo:~$ nessus-adduser

follow on screen instructions

Now all we need to do is start the nessus daemon.

adam@foo:~# nessusd -D

Installing the Nessus GUI Client:

Since I find it easier to use the Nessus Client, we will go over that installation as well. First, go to Downloads area on the Nessus website and select the NessusClient 1.0.1 (a GUI for Nessusd). After downloading, install it by executing:

adam@foo:~/source/NessusClient-1.0.1$ ./configure && make

adam@foo:~/source/NessusClient-1.0.1$ su
root@foo:~/source/NessusClient-1.0.1$ make install

Now execute NessusClient

adam@foo:~$ /usr/local/bin/NessusClient

Now you should see a pretty GUI.

NessusClient GUI

Scanning a Host for Vulnerabilities:

For the purposes of this document, we will run a simple scan on our localhost with all the default configuration settings. Feel free to tinker with the settings to produce maximum results on your scans.

In order to scan a host for vulnerabilities, we must tell NessusClient that we want to create a new task and a new scope. Click Task > New and give your task a name of localscan.

We then need to tell NessusClient to connect to our nessus server daemon, which in this case will be localhost. Click on File > Connect, your screen should look something like this:

NessusClient GUI Connect Settings

Once all settings are correct, click OK and NessusClient will connect to the nessus daemon. During connect, you should see a window telling you that Nessus is loading all the plugins.

Next, in the Options menu, navigate to the Target Selection area and make sure localhost is added. You can add more hosts by separating them with a comma. Click to enlarge.
NessusClient GUI Target Selection (Click to Enlarge)

Now all we need to do is tell the NessusClient to execute the scan by clicking on Scope > Execute. This will bring up a window that shows the status of the scan.

NessusClient GUI Execute (Click to Enlarge)

Once the scan is complete, Nessus will generate a report file that lists everything found during the scan along with the severity of each issue. Read through each item found and follow any solution instructions given.

NessusClient GUI Reports (Click to Enlarge)

Thats all! I would recommend reading through the documentation on the website and adjusting the settings to fit your needs further.

Good luck and happy auditing!

3 thoughts on “Staying Secure with Nessus Vulnerability Scanner

  1. What about the initial ‘Can’t Connect to Localhost’ issue?

    Some help on the would be handy.

    Cause I just can’t connect to local host regardless of anything.

  2. drwho,

    The first thing I would do is verify that nessud is listening on a port. Something like “netstat -anp | grep nessus” should return a line stating the port its listening on. Verify you are connecting to the right port ..

  3. Pingback: Trip Hop Clan » Blog Archive » Penetration testing

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>