Nessus is a network scanner that tries to detect potential security vulnerabilities in the machines of a network (based on a list of known vulnerabilities).
Note that the Nessus vulnerability and threat database is updated daily, but you are also allowed to create your own plugins due to Nessus modularity.
Here is how to install Nessus (on Debian) and how to use it to scan a machine.
Nessus consists of 2 parts: the server and the client.
sudo install nessus nessusd
We must add users to the Nessus server to allow them to carry out safety tests.
jak@ubuntu:~$ sudo nessus-adduser Using /var/tmp as a temporary file holder Add a new nessusd user ---------------------- Login : john Authentication (pass/cert) [pass] : Login password : Login password (again) : User rules ---------- nessusd has a rules system which allows you to restrict the hosts that john has the right to test. For instance, you may want him to be able to scan his own host only. Please see the nessus-adduser(8) man page for the rules syntax Enter the rules for this user, and hit ctrl-D once you are done : (the user can have an empty rules set) Login : john Password : *********** DN : Rules : Is that ok ? (y/n) [y] y user added.
Start the Nessus server: sudo /etc/init.d/nessusd start
==Nessus Server Connection==
Start the Nessus client (start Nessus in a terminal or Applications Menu> Internet> Nessus Ubuntu)
Enter the Nessus server address, and the login and password, then click "Log in".
As the certificate of your Nessus server has not been signed by a certification authority, select the first option:
The certificate will then be shown: Accept it by clicking Yes.
By default, the plugins at may crash down machines to be tested are disabled.
(Nessus also warn you of it by a small popup window.)
You can leave the defaults in the first instance.
Enter the IP address of the machine to be tested in the Target tab and click "Start the scan" at the bottom of the screen.
Leave the test be conducted:
Simply click on results to check out results (you can see the results by machine, by subnet, port, by severity ...)
Nessus has a rights management to describe precisely what are the rights assign to a user.
It is important to maintain the list of plugins up to date so that Nessus is able to detect the latest vulnerabilities.
Run regularly nessus-update-plugins: sudo nessus-update-plugins
If you use a proxy, create /etc/nessus/nessus-fetch.rc file and put in the address of the proxy and the login/passwords also:
proxy=192.168.0.1 proxy_port=3128 proxy_username=renaud proxy_password=s3cr3t