Chinaunix首页 | 论坛 | 博客
  • 博客访问: 272525
  • 博文数量: 188
  • 博客积分: 0
  • 博客等级: 民兵
  • 技术积分: -30
  • 用 户 组: 普通用户
  • 注册时间: 2017-03-29 11:17
文章分类
文章存档

2013年(8)

2012年(5)

2011年(13)

2010年(26)

2009年(63)

2008年(20)

2007年(32)

2006年(21)

分类: LINUX

2007-06-06 16:07:17

Nessus的安装和使用

 

1。到注册一个帐号,下载最新的安装文件.并到你注册的邮箱查收注册码保存。

Nessus-3.0.5-es4.i386.rpm

NessusClient-1[1].0.2-es4.i386.rpm

 

2。安装Nessus-3.0.5-es4.i386

[root@test8 sbin] rpm -ivh Nessus-3.0.5-es4.i386.rpm

Preparing...                ########################################### [100%]

 1:Nessus                 ########################################### [100%]

 

 

**** This host seems to be running under VMware.

**** Nessus performance is abysmal when running under VMware

**** We do not recommand you use this setup in production

 

**** This host seems to be running under VMware.

**** Nessus performance is abysmal when running under VMware

**** We do not recommand you use this setup in production

 

nessusd (Nessus) 3.0.5. for Linux

(C) 1998 - 2007 Tenable Network Security, Inc.

 

Processing the Nessus plugins...

[##################################################]

 

All plugins loaded

 - Please run /opt/nessus//sbin/nessus-add-first-user to add an admin user

 - Register your Nessus scanner at register/ to obtain

   all the newest plugins

 - You can start nessusd by typing /sbin/service nessusd start

 

 

3.添加检测用户帐号和密码

[root@test8 sbin]# ./nessus-add-first-user

 

**** This host seems to be running under VMware.

**** Nessus performance is abysmal when running under VMware

**** We do not recommand you use this setup in production

 

**** This host seems to be running under VMware.

**** Nessus performance is abysmal when running under VMware

**** We do not recommand you use this setup in production

 

Using /var/tmp as a temporary file holder

 

Add a new nessusd user

----------------------

 

 

Login : admin

Authentication (pass/cert) [pass] : pass

Login password :

Login password (again) :

 

User rules

----------

nessusd has a rules system which allows you to restrict the hosts

that admin has the right to test. For instance, you may want

him to be able to scan his own host only.

 

Please see the nessus-adduser(8) man page for the rules syntax

 

Enter the rules for this user, and hit ctrl-D once you are done :

(the user can have an empty rules set)

 

 

Login             : admin

Password          : ***********

DN                :

Rules             :

 

 

Is that ok ? (y/n) [y] y

user added.

Thank you. You can now start Nessus by typing :

/opt/nessus//sbin/nessusd -D

 

4。注册Nessus

 

[root@test8 sbin]#/opt/nessus/bin/nessus-fetch --register AA2A-8930-320E-A2FF-3BC3

 

5。启用Nessus服务

[root@test8 sbin]# ./nessusd -D

 

 

**** This host seems to be running under VMware.

**** Nessus performance is abysmal when running under VMware

**** We do not recommand you use this setup in production

 

 

nessusd (Nessus) 3.0.5. for Linux

(C) 1998 - 2007 Tenable Network Security, Inc.

 

Processing the Nessus plugins...

[##################################################]

 

All plugins loaded

 

6。基于安全考虑创建CA证书

[root@test8 bin]# ./nessus-mkcert-client

Do you want to register the users in the Nessus server

as soon as you create their certificates ? (y/n): y

This script will now ask you the relevant information to create the SSL

client certificates for Nessus.

Client certificates life time in days [365]:365

Your country (two letter code) [FR]: CN

Your state or province name [none]: BJ

Your location (e.g. town) [Paris]: BJ

Your organization [none]: Test

Your organizational unit [none]:Test

**********

We are going to ask you some question for each client certificate

If some question has a default answer, you can force an empty answer by

entering a single dot '.'

*********

User #1 name (e.g. Nessus username): admin

Client certificates life time in days [365]:admin

Country (two letter code) [CN]: CN

State or province name [BJ]:

Location (e.g. town) [BJ]:

Organization [Test]:

Organization unit [Test]:

e-mail []: admin@test.com

Generating RSA private key, 1024 bit long modulus

......................++++++

...................++++++

e is 65537 (0x10001)

You are about to be asked to enter information that will be incorporated

into your certificate request.

What you are about to enter is what is called a Distinguished Name or a DN.

There are quite a few fields but you can leave some blank

For some fields there will be a default value,

If you enter '.', the field will be left blank.

-----

Country Name (2 letter code) [FR]:State or Province Name (full name)

[Some-State]:Locality Name (eg, city) []:Organization Name (eg, company)

[Internet Widgits Pty Ltd]:Organizational Unit Name (eg, section) []:Common

Name (eg, your name or your server's hostname) []:Email Address []:Using

configuration from /tmp/nessus-mkcert.6217/stdC.cnf

Check that the request matches the signature

Signature ok

The Subject's Distinguished Name is as follows

countryName           :PRINTABLE:'CN'

stateOrProvinceName   :PRINTABLE:'BJ'

localityName          :PRINTABLE:'BJ'

organizationName      :PRINTABLE:'Test'

organizationalUnitName:PRINTABLE:'Test'

commonName            :PRINTABLE:'admin'

emailAddress          :IA5STRING:'admin@test.com'

Certificate is to be certified until May 25 17:37:42 2008 GMT (365 days)

 

Write out database with 1 new entries

Data Base Updated

 

User rules

----------

nessusd has a rules system which allows you to restrict the hosts

that  has the right to test. For instance, you may want

him to be able to scan his own host only.

 

Please see the nessus-adduser(8) man page for the rules syntax

 

Enter the rules for this user, and hit ctrl-D once you are done:

(the user can have an empty rules set)

User added to Nessus.

Another client certificate? n

Your client certificates are in /tmp/nessus-mkcert.6217                             ;证书在/tmp/nessus-mkcert.6217,要妥善保存

You will have to copy them by hand

 

 

7.将证书放到nessus的证书目录下

[root@test8 /]# cd /tmp/nessus-mkcert.6217/

[root@test8 nessus-mkcert.6217]# ls

01.pem                   index.txt      req_admin.pem  stdC.cnf

cert_admin.pem           index.txt.old  serial

cert_nessuswx_admin.pem  key_admin.pem  serial.old

[root@test8 nessus-mkcert.6217]# cp *.pem /opt/nessus/com/nessus/CA/

 

8安装并启用NessussClient

[root@test8 /]# mv NessusClient-1[1].0.2-es4.i386 NessusClient.rpm

[root@test8 /]# rpm -ivh NessusClient.rpm

 

[root@test8 /]#NessussClient

 

在“File”菜单中点击“Connect”出现以下对话框:

 

 

“Hostname”: nessus服务器名称或地址

“Port”:nessus服务端口地址;

“Login””Password”为用户名和密码;

Use SSL encryption”启用SSL协议

”Authentication by certificate”用证书方式认证

 

一般可以通过用户名和密码登陆进行检测,如需安全的证书人证登陆请将

Use SSL encryption””Authentication by certificate”

 

9.建立扫描任务

在“File” 菜单点击“Scan Assistant”,用Scan Assistant定制检测任务。

 

 

 

10。启用扫描

阅读(3857) | 评论(1) | 转发(0) |
0

上一篇:Windows下MRTG完全配置说明

下一篇:CDN技术

给主人留下些什么吧!~~

chinaunix网友2009-12-30 16:21:32

很受用,感谢了。