There are a number of security scanners out there.
Most of them are vendor specific, and each boasts a number of vulnerability checks to determine what is secure on your system and what is not. So what if you are a hardcore open source paranoid like myself who wouldn't think to spend a dime on the latest commercial security scanner from CyberSlueths or
CrackerCops? Well there is a superior alternative that is regularly updated, free, and open source. It's called Nessus, and it is by far the best scanner available.
The
first
time I encountered Nessus was when I was looking into what crackers use
to scan for vulnerabilities of systems that they plan to exploit. The
logic here is that by first scanning yourself using their tool of choice,
you are taking the initative in preventing the exploitation, since you
are aware of what they are looking for and have already taken steps to
prevent it. That is the beauty of Nessus. It is an incredibly versitile
and extremely efficient application that not only identifies nasty vulnerabilities
that could be exploited, but tells you how to prevent hackers from taking
advantage of your system, and even gives you a risk level for each vulnerability
it discovers. There are many tricks and tweeks that that can used within
Nessus, including its own scripting language, the Nessus Attack Scripting
Language (NASL), which you can use to write your own security tests. But
those subjects are beyond the scope of this article.
At first, I intended just
to download and install Nessus, do a quick scan of my systems, and be
on my merry way, safer and a little more secure, just like I would do with
Nmap, the excellent port scanner from insecure.org. But what happened was
a little more complicated. Nessus is composed of two parts: a client and
a server. The server is in charge of the attacks, whereas the client is
the front end, so that you can perform scans of your whole network via
your local work station. So there is a little more to setting it up than
your typical application.
That is what this article
covers. I'll show you how to get Nessus onto your machine as quickly and
painlessly as possible, without having to spend hours fiddling with it
or pulling out your hair due to the fact that you missed one little thing.
I began with a fresh installation
of Red Hat 7.0. Make sure when you install that you select the custom option
and choose the development load so that you'll have all the necessary libraries
and compilers. Then follow these instructions step by step in order to
get Nessus up and running.
1.
Make sure /usr/local/bin is in your path. To check, at the command line,
type echo $PATH If it is not in your path, add usr/local/bin to the /etc/profile
file. Remember: If you have to add this to your path, you have to log out
and log back in for the change to take effect, or you can type:
export PATH=$PATH:/usr/local/bin
2. Add /usr/local/lib
to the /etc/ld.so.conf file. Then go to /sbin and type: ./ldconfig
3. Nessus
uses Nmap for port scans so you'll want to go to www.insecure.org and download
the Nmap tarball and untar it.
tar -zxvf nmap-VERSION
cd nmap
./configure
make su (to super user)
make install
To make sure that it is properly
installed, type nmap at the command line and you should get a list of options
and flags. This shows you that it has been properly installed.
4. In your home directory,
create a new sub-directory 'mkdir Nessus'
5. Download
the Nessus tarballs into your new Nessus directory.
6. In the Nessus
directory, you should have four tarballs. You absolutely must have all
four for Nessus to work. You want to untar, configure, make, and make install
in this order exactly.
su (into superuser)
tar -zxvf nessus-libraries-VERSION cd nessus-libraries
./configure
make
make install
After you finish the make install
of the libraries, you get a prompt to make sure that you have /usr/local/lib
in the /etc/ld.so.conf file, and to type ldconfig. But since we
already covered this in step two, all you need to do is go back to /sbin
and run ./ldconfig again.
7. Go back to
the Nessus directory, and just like in step six, untar, configure, make,
and make install the other three downloaded files in this order.
libnasl
nessus-core
nessus-plugins
8. At this time
go back to /sbin and run ./ldconfig again.
9. Go to /usr/local/sbin
and, as superuser, type: ./nessus-adduser
This runs a script that starts
by generating some primes. Then you should see a prompt that asks you to
add a user. You will get another prompt for Authentication method, cipher
or plaintext. The default is cipher, so just hit Enter. It should then
ask you if your user name is a local user. Type y and hit enter. It then
tells you that it is treating your user name as a local user.
After this, the add-user
program prompts you to add rules such as where you can or cannot scan.
I leave this blank since I am the only one using my machine and I want
to scan everything in my network. And since this is a quick start guide,
we don't want to complicate things.
Then hit Ctrl - d, and the
program will ask you if your selections are correct. If they are, type
y and hit Enter.
Once more the program generates
some primes. Now you will be asked for a passphrase and you will be prompted
to repeat it twice more. Then you will get a confirmation that the user
was added and you will be returned to a shell prompt.
10. To run Nessus
the Nessus daemon must be running. In the /user/local/sbin type ./nessusd
which will start the daemon. (It will continue to run while you are
using the scanner. When you finish using the scanner, kill it by typing
Ctrl - c). If you choose to have the daemon running in the background all
the time type ./nessusd -D and then you can close that terminal
window without killing the process.
11. Return to
your home directory as a normal user and not superuser. Type: nessus
and the nessus program begins with a password prompt. Your login name should
be the same user name that you entered in the nessus-adduser program.
Then click the login button
and you are ready to go.
You then see different option
tabs that you can click through: Nessusd host, Plugins, Preferences, Scan
options, Target selection, User, and Credits. These options are generally
preconfigured so that while you are getting aquainted with Nessus you don't
have to worry about changing the settings.There is one exception: if you
are planning to run a scan against your own local host where you have Nessus
running, you must only use the Nmap TCP scan and disable the other five.
According to the man pages, there is a bug that will prevent them from
working properly.
There you have it. A quick
and easy step-by-step guide to getting Nessus up and running on your system.
As I mentioned earlier, Nessus is extemely versatile and there are an infinite
number of ways that it can be configured and utilized. In no way is this
article a substitute for the man pages, README files or the online instructions
found at the nessus.org site. I strongly encourage you to read all availible
documentation so that you'll have a better understanding of the scanner
itself since such a powerful and diverse tool can be used just as easily
to exploit systems as to secure them.
Resources:
Nessus Homepage
http://www.nessus.org
Nmap Homepage
http://www.insecure.org
Author Bio:
Paul Christensen currently
works for Penguin Computing as a Linux Support Specialist. He is a regular
contributor to "Best of Technical Support" in the Linux Journal and spends
the rest of his free time working with Open Source security applications.
Only registered users can write comments.
Please login or register. Powered by AkoComment! |
