This section shows you how I configured my Nessus server (nessusd) to scan a part of my network (eight hosts actually). Seven of the tested hosts are on a local network, whereas the last is located somewhere else, across the internet.
: the configuration of the server by the administrator
: the use of the Unix client (including screenshots)
: The results of the test.
第一步:服务端安装配置:
Nessus is made up of two parts : a client and a server. You need a Unix-like system to use the server (Linux is just fine). In this test, I used the standard client nessus, mainly because I wrote it and because it is the only one that supports the cipher layer.
·First : download and install nessusd and nessus
You can download the latest version of Nessus . See the installation instructions to find out how to compile it.
下载并编译nessus:
Download the stable version of the Nessus Security Scanner for Unix-compatible systems :
Nessus 需要GTK支持
The Nessus Security Scanner relies on the following items:
GTK - The Gimp Toolkit, version 1.2
GTK is a set of Widgets (like Motif) which are used by many open-sourced programs such as . GTK is used by the POSIX client nessus.
Download it at : .
Note : If your system comes with GTK, make sure that you have the gtk-config program installed. If you do not, install the gtk-devel package that should come on your distribution CDROM.
Note #2: If you do not want to install GTK and/or if your system lacks X11, then you can compile a command-line client by doing
./configure --disable-gtk
in nessus-core
OpenSSL (optional but heavily recommended). OpenSSL is used for the client - server communication as well as in the testing of SSL-enabled services. Get it at .
first:下载并安装Nessus 2.0.7
The latest stable release is Nessus 2.0.7
What is new in Nessus 2.0.7, compared to 2.0.6 :
changes by Renaud Deraison (deraison at cvs.nessus.org)
Fixed bad performances issues when pinging dead hosts
Fixed a bug which would prevent to store items larger than 2kb in the KB
NFS and SMB file-related functions completed (open, read and cwd are implemented)
Windows plugins are aware of 2000 SP4 and Windows 2003
Network IPs can now be evenly sliced instead of being scanned sequentially
User-definable source-IP(s) for the checks (nessusd -S)
Fixed a possible message corruption problem if a plugin was to send a too long message back to nessusd
Fixed a possible plugin corruption problem when the client overwrites existing plugins
Fixed various false positives and wording issues in several plugins
What is new in Nessus 2.0, compared to 1.2 :
Huge speed gains :
libnasl has been rewritten from scratch
extended the NASL language
Smarter plugin scheduler, for better parallelism
Enhanced service detection
Greatly reduced memory usage
Support for multiple CVE and BID in the plugins
New port scanner designed to be fast against firewalled hosts
Download and installation
There are two ways to install Nessus :
Solaris Users Solaris users can now download pre-compiled Nessus packages from
The easy and dangerous way (ala ximian gnome) If you are installing Nessus from a computer directly connected to the internet that has lynx installed, type this command (NOT as root! ) :
lynx -source | sh
·This method is considered as dangerous in the sense that if you do it, you are running commands that directly come from the internet. If someone is poisoning your domain name server, he may have you execute arbitrary commands as the user you will type this command as. The good point is that it completely automates the installation of Nessus, so if you are not under attack, you'll save some time.
The easy and less dangerous way Nessus also comes as a standalone package which auto-installs itself. To use it, download the script nessus-installer.sh (under the directory nessus-installer/, see the mirrors below) and type :
OR the usual and boring way : You can also install the Nessus tar archives individually. To install Nessus, you have to download and compile these packages in the following order:
注意编译顺序
nessus-libraries
libnasl
nessus-core
nessus-plugins
See if you have never compiled any tarballs before.
The nessusd server has its own users database, each user having a a set of restrictions. This allows you to share a single nessusd server for a whole network and different administrators who will only test their part of the network.
The utility nessus-adduser takes care of the creation of a new account :
# nessus-adduser
Addition of a new nessusd user
------------------------------
Login : renaud
Authentication (pass/cert) [pass] : pass
Password : secret
User rules
----------
nessusd has a rules system which allows you to restrict the hosts
that renaud2 has the right to test. For instance, you may want
him to be able to scan his own host only.
Please see the nessus-adduser(8) man page for the rules syntax
Enter the rules for this user, and hit ctrl-D once you are done :
(the user can have an empty rules set)
deny 10.163.156.1
accept 10.163.156.0/24
default deny
Login: renaud
Password: secret
DN :
Rules:
deny 10.163.156.1
allow 10.163.156.0/24
default deny
Is that ok (y/n) ? [y] y
user added.
·Third : configure your nessus daemon
In the file /usr/local/etc/nessus/nessusd.conf, I can set several options for nessusd. Typically this is where you can specify the resources you want nessusd to use, the speed at which it should read data, and so on... Note that if you don't have a nessusd.conf file, nessusd will create one for you !
·Start nessusd
Once all of this is done, I can safely start nessusd as root :
nessusd -D
第二步:unix客户端安装配置
Second step : the client configuration
In the step, we saw how I configured my nessusd, as root, to suit my needs. Now, I connect to it as a simple user.
命令行执行:
nessus
·Fire up nessus :
I immediately click on Login, since this setup is correct. Since I never connected to this server, it will show me its certificate and ask me if I accept it. Note that if I wanted to avoid man-in-the-middle attacks, I should configure my client so that it uses a recognized Certificate Authority to check SSL keys, but this is beyond the scope of the demo.
Once I am connected, the Log in button changes to Log out, and a Connected label appears at its left.
·The security checks configuration
I let all the security check to be performed, except the Denial of Service attacks, because I do not need my hosts to crash at this moment
Clicking on a plugin name will pop up a window explaining what the plugin does.
