lunes, 21 de diciembre de 2009

Nessus 4.2.0 en Debian Lenny



Descargar Nessus 4.2.0 de su pagina oficial.

http://www.nessus.org/download/nessus_download.php

Escoger el paquete de acuerdo a la arquitectura 32 o 64bits

Descargarlo en mi caso es 32 bits.

Lo instalamos

box:/download# dpkg -i Nessus-4.2.0-debian5_i386.deb
Seleccionando el paquete nessus previamente no seleccionado.
(Leyendo la base de datos ...
136264 ficheros y directorios instalados actualmente.)
Desempaquetando nessus (de Nessus-4.2.0-debian5_i386.deb) ...
Configurando nessus (4.2.0) ...
nessusd (Nessus) 4.2.0 [build K9080] for Linux
(C) 1998 - 2009 Tenable Network Security, Inc.


- Please run /opt/nessus/sbin/nessus-adduser to add a user
- Register your Nessus scanner at http://www.nessus.org/register/ to obtain
all the newest plugins
- You can start nessusd by typing /etc/init.d/nessusd start

box:/download#

Ahora agregamos un usuario para loguearnos en Nessus

box:/download# /opt/nessus/sbin/nessus-adduser
Login : nuser
Login password :
Login password (again) :
Do you want this user to be a Nessus 'admin' user ? (can upload plugins, etc...) (y/n) [n]: y
User rules
----------
nessusd has a rules system which allows you to restrict the hosts
that nuser has the right to test. For instance, you may want
him to be able to scan his own host only.

Please see the nessus-adduser manual for the rules syntax

Enter the rules for this user, and enter a BLANK LINE once you are done :
(the user can have an empty rules set)



Login : nuser
Password : ***********
This user will have 'admin' privileges within the Nessus server
Rules :
Is that ok ? (y/n) [y]
User added
box:/download#

Levantamos el servicio

box:/download# /etc/init.d/nessusd start
Starting Nessus : .
box:/download# Missing plugins. Attempting a plugin update...
Your installation is missing plugins. Please register and try again.
To register, please visit http://www.nessus.org/register/

Pero sale el mensaje "Your installation is missing plugins"

Nos vamos a este link:

http://www.nessus.org/plugins/?view=register-info

y seleccionamos "HomeFeed", luego de unos clicks te pedira un corre
donde enviar el "activation code", que se usara una sola vez, si usas nuevamente te sale un mensaje
The provided activation code has already been used

En el correo te llega el "activation code"
/opt/nessus/bin/nessus-fetch --register

Lo aplicamos y te sale un mensaje como este.
Your activation code has been registered properly - thank you.
Now fetching the newest plugin set from plugins.nessus.org...
Your Nessus installation is now up-to-date.
If auto_update is set to 'yes' in nessusd.conf, Nessus will
update the plugins by itself.

Ahora si levantamos el servicio:

box:/download# /etc/init.d/nessusd start
Starting Nessus : .
box:/download#

http://www.nessus.org/plugins/?view=register-info

Tenemos que tener habilitado el https para poder loguearnos en su interface web, sino lo tenemos
pues:

box:/download# a2enmod ssl
Enabling module ssl.
See /usr/share/doc/apache2.2-common/README.Debian.gz on how to configure SSL and create self-signed certificates.
Run '/etc/init.d/apache2 restart' to activate new configuration!

reiniciamos apache2 y ya nos mostrara la pagina. Hay que confirmar la excepcion



Luego nos aparece la pagina de logueo.



listo !!!

PD: Ahora el link para actualizar los plugins de nessus es:
http://www.nessus.org/products/nessus/nessus-plugins/register-a-homefeed

Fuente:
http://www.nessus.org/documentation/

No hay comentarios.: