Nessus Security Scanner is an open-source vulnerability scanner that you can use to audit your network. Available from http://www.nessus.org, Nessus has three primary components: a server that launches tests, a client that controls the server, and vulnerability plugins. The server/client division lets clients communicate with one server and lets you distribute tests among different users, and Nessus's many plugins let you run different attacks against a specified host and determine which holes are exploitable.
Although originally developed for UNIX systems—in fact, the Nessus server component runs only on UNIX—Nessus's plugins can attack Windows machines as well, and a GUI client called NessusWX is available for Windows. The scanner uses OS-fingerprinting techniques to identify the target OS and runs only plugins related to that OS.
Let's take a look at how to install and configure a Nessus server, then how to install the NessusWX client. Finally, we'll walk through the process of performing a security scan.
Server Installation
As I mentioned earlier, you must install the Nessus server on a UNIX host. The Nessus Web site doesn't specify the particular flavors of UNIX with which Nessus is compatible, but any reasonably modern version of UNIX should be able to compile it. I've successfully compiled the scanner on Linux (Red Hat Linux 7.2, Red Hat Linux 7.1, SUSE Linux 8.0, and SUSE Linux 7.1) and Sun Microsystems' Sun Solaris 8 and Sun Solaris 7.
Before you download and install Nessus, I recommend that you install Nmap 2.52, a port-scanning tool that you can download at http://www.insecure.org/nmap. If at all possible, also install OpenSSL, which ensures secure client-server communication and lets you test for Secure Sockets Layer (SSL) vulnerabilities; you can download OpenSSL at http://www.openssl.org. If you plan to use the UNIX GUI, you'll also need GTK 1.2, a UNIX graphics library, which you can download at ftp://ftp.gimp.org/pub/gtk/v1.2. Installation of these components is outside the scope of this article, but any modern Linux distribution (such as Red Hat Linux 7.3) will likely install them by default. Otherwise, the methods for installing these packages are similar to the method for installing Nessus.
To install the latest version of the Nessus server (version 1.2.5, as of this writing), use the nessus-installer.sh script, which you'll find in the \nessus-installer directory. Execute the script as root (i.e., the machine's superuser or administrator) by running the following command:
UNIX # sh ./nessus-installer.sh
The script prompts you for the location in which you want to install the binary files—the default location, \usr\local, should be fine for most users. The script then compiles the software and installs it for you. The script might prompt you to add \usr\local\lib to \etc\ld.so.conf; answer Yes.
Server Configuration
Nessus contains a database of rules that can control how users use the scanner, but you must initialize the database, then use a certificate to secure it. Then, you can distribute the power of Nessus to certain individuals and groups, and you can prevent those individuals or groups from using Nessus outside a permissible range. For example, you can grant a top-level administrator the ability to scan all hosts while letting department administrators audit only their networks.
First, you need to install a security certificate so that the client can communicate with the server. The script creates a Certificate Authority (CA), if none currently exists, and a server certificate that authenticates the server. On the server, run the following (as the root):
UNIX # /usr/local /sbin/nessus-mkcert
The program will prompt you for information. For the most part, the default values will work fine—you can press Enter to accept a value presented within brackets as the default. First, enter your organization's name. Next, you need to add at least one user. To add a user, run the following command:
UNIX # /usr/local /sbin/nessus-adduser
At the resulting logon prompt, enter the username you want to use to connect to the server. The program will then prompt you for an authentication method: pass or cert. Choose pass (for password), and the program will prompt you for the user's password. The cert method permits authentication through a certificate file. (Interested users can find documentation about the cert method at the Nessus Web site.)
After you enter the password, the program will ask for the user's ruleset. Simply press Ctrl+D to give the user a blank ruleset. (I cover the syntax for user rules in the Nessus Rules for Users section.) Confirm the choices you made by choosing Y. You've now added a Nessus user.
Finally, start the Nessus daemon. Run the following command:
UNIX # /usr/local /sbin/nessusd -D
This command places Nessus in the background, listening on TCP port 1241.