分类: LINUX
2007-06-06 16:07:17
Nessus的安装和使用
1。到注册一个帐号,下载最新的安装文件.并到你注册的邮箱查收注册码保存。
Nessus-
NessusClient-1[1].0.2-es4.i386.rpm
2。安装Nessus-
[root@test8 sbin] rpm -ivh Nessus-
Preparing... ########################################### [100%]
1:Nessus ########################################### [100%]
**** This host seems to be running under VMware.
**** Nessus performance is abysmal when running under VMware
**** We do not recommand you use this setup in production
**** This host seems to be running under VMware.
**** Nessus performance is abysmal when running under VMware
**** We do not recommand you use this setup in production
nessusd (Nessus)
(C) 1998 - 2007 Tenable Network Security, Inc.
Processing the Nessus plugins...
[##################################################]
All plugins loaded
- Please run /opt/nessus//sbin/nessus-add-first-user to add an admin user
- Register your Nessus scanner at register/ to obtain
all the newest plugins
- You can start nessusd by typing /sbin/service nessusd start
3.添加检测用户帐号和密码
[root@test8 sbin]# ./nessus-add-first-user
**** This host seems to be running under VMware.
**** Nessus performance is abysmal when running under VMware
**** We do not recommand you use this setup in production
**** This host seems to be running under VMware.
**** Nessus performance is abysmal when running under VMware
**** We do not recommand you use this setup in production
Using /var/tmp as a temporary file holder
Add a new nessusd user
----------------------
Login : admin
Authentication (pass/cert) [pass] : pass
Login password :
Login password (again) :
User rules
----------
nessusd has a rules system which allows you to restrict the hosts
that admin has the right to test. For instance, you may want
him to be able to scan his own host only.
Please see the nessus-adduser(8) man page for the rules syntax
Enter the rules for this user, and hit ctrl-D once you are done :
(the user can have an empty rules set)
Login : admin
Password : ***********
DN :
Rules :
Is that ok ? (y/n) [y] y
user added.
Thank you. You can now start Nessus by typing :
/opt/nessus//sbin/nessusd -D
4。注册Nessus
[root@test8 sbin]#/opt/nessus/bin/nessus-fetch --register AA
5。启用Nessus服务
[root@test8 sbin]# ./nessusd -D
**** This host seems to be running under VMware.
**** Nessus performance is abysmal when running under VMware
**** We do not recommand you use this setup in production
nessusd (Nessus)
(C) 1998 - 2007 Tenable Network Security, Inc.
Processing the Nessus plugins...
[##################################################]
All plugins loaded
6。基于安全考虑创建CA证书
[root@test8 bin]# ./nessus-mkcert-client
Do you want to register the users in the Nessus server
as soon as you create their certificates ? (y/n): y
This script will now ask you the relevant information to create the SSL
client certificates for Nessus.
Client certificates life time in days [365]:365
Your country (two letter code) [FR]: CN
Your state or province name [none]: BJ
Your location (e.g. town) [
Your organization [none]: Test
Your organizational unit [none]:Test
**********
We are going to ask you some question for each client certificate
If some question has a default answer, you can force an empty answer by
entering a single dot '.'
*********
User #1 name (e.g. Nessus username): admin
Client certificates life time in days [365]:admin
Country (two letter code) [CN]: CN
State or province name [BJ]:
Location (e.g. town) [BJ]:
Organization [Test]:
Organization unit [Test]:
e-mail []: admin@test.com
Generating RSA private key, 1024 bit long modulus
......................++++++
...................++++++
e is 65537 (0x10001)
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [FR]:State or Province Name (full name)
[Some-State]:Locality Name (eg, city) []:Organization Name (eg, company)
[Internet Widgits Pty Ltd]:Organizational Unit Name (eg, section) []:Common
Name (eg, your name or your server's hostname) []:Email Address []:Using
configuration from /tmp/nessus-mkcert.6217/stdC.cnf
Check that the request matches the signature
Signature ok
The Subject's Distinguished Name is as follows
countryName :PRINTABLE:'CN'
stateOrProvinceName :PRINTABLE:'BJ'
localityName :PRINTABLE:'BJ'
organizationName :PRINTABLE:'Test'
organizationalUnitName:PRINTABLE:'Test'
commonName :PRINTABLE:'admin'
emailAddress :IA5STRING:'admin@test.com'
Certificate is to be certified until May 25 17:37:42 2008 GMT (365 days)
Write out database with 1 new entries
Data Base Updated
User rules
----------
nessusd has a rules system which allows you to restrict the hosts
that has the right to test. For instance, you may want
him to be able to scan his own host only.
Please see the nessus-adduser(8) man page for the rules syntax
Enter the rules for this user, and hit ctrl-D once you are done:
(the user can have an empty rules set)
User added to Nessus.
Another client certificate? n
Your client certificates are in /tmp/nessus-mkcert.6217 ;证书在/tmp/nessus-mkcert.6217,要妥善保存
You will have to copy them by hand
7.将证书放到nessus的证书目录下
[root@test8 /]# cd /tmp/nessus-mkcert.6217/
[root@test8 nessus-mkcert.6217]# ls
01.pem index.txt req_admin.pem stdC.cnf
cert_admin.pem index.txt.old serial
cert_nessuswx_admin.pem key_admin.pem serial.old
[root@test8 nessus-mkcert.6217]# cp *.pem /opt/nessus/com/nessus/CA/
8安装并启用NessussClient
[root@test8 /]# mv NessusClient-1[1].0.2-es4.i386 NessusClient.rpm
[root@test8 /]# rpm -ivh NessusClient.rpm
[root@test8 /]#NessussClient
在“File”菜单中点击“Connect”出现以下对话框:
“Hostname”: nessus服务器名称或地址
“Port”:nessus服务端口地址;
“Login”和”Password”为用户名和密码;
“Use SSL encryption”启用SSL协议
”Authentication by certificate”用证书方式认证
一般可以通过用户名和密码登陆进行检测,如需安全的证书人证登陆请将
“Use SSL encryption”和”Authentication by certificate”
9.建立扫描任务
在“File” 菜单点击“Scan Assistant”,用Scan Assistant定制检测任务。
10。启用扫描
