Scanning a Debian-based network with Nessus

December 2016






Nessus is a network scanner that tries to detect potential security vulnerabilities in the machines of a network (based on a list of known vulnerabilities).

Note that the Nessus vulnerability and threat database is updated daily, but you are also allowed to create your own plugins due to Nessus modularity.

Here is how to install Nessus (on Debian) and how to use it to scan a machine.

Introduction


Nessus consists of 2 parts: the server and the client.
  • This is the server that performs safety tests.
  • The client may be located on another machine, and ask the server to perform a safety test on one or more machines.

Installation


sudo install nessus nessusd

Configuration


We must add users to the Nessus server to allow them to carry out safety tests.
sudo nessus-adduser
  • Login: Enter the user name
  • Authentication: Just press ENTER (selection of 'password' as an authentication)
  • Login password: Enter the password for the user
  • Login password (again): Enter the password.
  • User rules: You can leave it empty. Just press CTRL + D
  • Is that ok? : Confirm the creation of the user and there ENTER




Example:

jak@ubuntu:~$ sudo nessus-adduser
Using /var/tmp as a temporary file holder

Add a new nessusd user
----------------------


Login : john
Authentication (pass/cert) [pass] : 
Login password : 
Login password (again) : 

User rules
----------
nessusd has a rules system which allows you to restrict the hosts
that john has the right to test. For instance, you may want
him to be able to scan his own host only.

Please see the nessus-adduser(8) man page for the rules syntax

Enter the rules for this user, and hit ctrl-D once you are done : 
(the user can have an empty rules set)


Login             : john
Password          : ***********
DN                : 
Rules             : 


Is that ok ? (y/n) [y] y
user added.

Starting Nessus Server

Start the Nessus server: sudo /etc/init.d/nessusd start

==Nessus Server Connection==

Start the Nessus client (start Nessus in a terminal or Applications Menu> Internet> Nessus Ubuntu)

Enter the Nessus server address, and the login and password, then click "Log in".




As the certificate of your Nessus server has not been signed by a certification authority, select the first option:




The certificate will then be shown: Accept it by clicking Yes.


Using the Nessus client


By default, the plugins at may crash down machines to be tested are disabled.
(Nessus also warn you of it by a small popup window.)

You can leave the defaults in the first instance.
  • Plugin tab lets you choose among the tests.
  • Credentials tab allows you to provide any logins / passwords to access the machines to test.
  • Scan options you can choose which ports to test and how to detect an open port.
  • Target can choose what to test: You can enter the IP address or the name of the machine to be tested.





Enter the IP address of the machine to be tested in the Target tab and click "Start the scan" at the bottom of the screen.



Leave the test be conducted:



Simply click on results to check out results (you can see the results by machine, by subnet, port, by severity ...)


Notes


Rights Management

Nessus has a rights management to describe precisely what are the rights assign to a user.

Updates

It is important to maintain the list of plugins up to date so that Nessus is able to detect the latest vulnerabilities.
Run regularly nessus-update-plugins: sudo nessus-update-plugins

If you use a proxy, create /etc/nessus/nessus-fetch.rc file and put in the address of the proxy and the login/passwords also:

proxy=192.168.0.1
proxy_port=3128
proxy_username=renaud
proxy_password=s3cr3t

Related :

This document entitled « Scanning a Debian-based network with Nessus » from CCM (ccm.net) is made available under the Creative Commons license. You can copy, modify copies of this page, under the conditions stipulated by the license, as this note appears clearly.