This section describes the process of updating Kali and the configuration of some additional tools. These tools will be useful in later chapters. Kali software packages are constantly being updated and released, users quickly discover a new set of tools that are more useful than the packages originally downloaded on DVD rom. This section obtains an activation code for Nessus by updating the installation method. Finally, install squid.
The steps to apply the update and configure additional security tools are as follows.
(1) Update the local package list library. The execution commands are as follows:
[email protected]:~# apt-get update
After executing the above command, you need to wait a while. After execution, the program is automatically exited.
(2) Upgrade a package that already exists. The execution commands are as follows:
[email protected]:~# apt-get upgrade
(3) Upgrade to the latest version. The execution commands are as follows:
[email protected]:~# apt-get dist-upgrade
(4) Obtain an activation code from Http://www.nessus.org/products/nessus/nessus-plugins/obtain-an-activation-code official website. After you enter the address in the browser, the interface shown in 2.2 is displayed.
Figure 2.2 Getting the activation code
Select the free version of using Nessus at Home in this interface? option, click the Select button and the interface shown in 2.3 will be displayed.
Figure 2.3 Registration Information
Fill in the registration information in this interface, after filling out, click the Register button, you will receive a copy of the mail in the registered mailbox. After entering the mailbox, you can see that there is an activation code in the message.
(5) Create a user account for the Nessus network interface. The execution commands are as follows:
[email protected]:~#/opt/nessus/sbin/nessus-adduser login:admin #输入用户名为a DMin login pasword: #输入用户密码 login Password (again): #输入确认密码 do want This user to is a Nessus ' admin ' user? (Can upload plugins, etc ...) (y/n) [n]: y User rules #用户规则----------NESSUSD has a rules system which allows Restri CT the hosts that admin have the right to test. For instance, the want him to is able to scan he own host only. Please see the Nessus-adduser Manual for the Rules syntax Enter the ' rules for this ' user, and enter a BLANK line once you a Re done: (the user can has an empty rules set) #按下空格键提交输入 login:admin Password: *********** T His user would have an ' admin ' privileges within the Nessus server rules:is that OK? (y/n) [Y] y User added #用户被添加
From the output information you can see that the Admin user was added successfully.
(6) Activate Nessus. The execution commands are as follows:
[email protected]:~# /opt/nessus/bin/nessus-fetch --register XXXX-XXXX-XXXX- XXXX-XXXX
The xxxx-xxxx-xxxx-xxxx-xxxx in the above command refers to the activation code obtained in the message. After executing the above command, the output information is as follows:
Your Activation Code has been registered properly - thank you.Now fetching the newest plugin set from plugins.nessus.org #等待一段时间Could not verify the signature of all-2.0.tar.gz #不能证实all-2.0.tar.gz的签名
(7) Start the Nessus service. The execution commands are as follows:
[email protected]:~# /etc/init.d/nessusd start
When activating Nessus in step (6), the output and the same information above indicate that Nessus is not activated. This problem is not going to happen on Rhel. However, there are ways to solve this problem. The following steps are shown below.
(1) Delete file nessus-fetch.rc. The execution commands are as follows:
[email protected]:~# rm /opt/nessus/etc/nessus/nessus-fetch.rc
(2) Use Nessus-fetch--challenge to get the challenge code. The execution commands are as follows:
[email protected]:~# /opt/nessus/bin/nessus-fetch --challengeChallenge code: xxxxxxxxxxxxxxxxxxxxxxxxYou can copy the challenge code above and paste it alongside yourActivation Code at:https://plugins.nessus.org/offline.php
Among them, xxxxxxxxxxxxxxxxxxxxxxxx is the output Challenge code.
(3) Re-login to the http://www.nessus.org/products/nessus/nessus-plugins/obtain-an-activation- code website to get the activation code.
(4) Login to the https://plugins.nessus.org/offline.php website, enter the generated challenge code and Activation Code, 2.4 the interface shown in the interface.
Figure 2.4 Getting the plugin
When you click the Submit button, the interface shown in 2.5 is displayed.
Figure 2.5 Download Plugin
Download nessus-fetch.rc and all-2.0.tar.gz from this interface to download it locally.
(5) Copy the downloaded nessus-fetch.rc file to the/opt/nessus/etc/nessus/directory. The execution commands are as follows:
[email protected]:~# cp /root/nessus-fetch.rc /opt/nessus/etc/nessus
After executing the above command, there is no output information.
(6) Use the Nessus-update-plugins command to load the Nessus plug-in all-2.0.tar.gz. The execution commands are as follows:
[email protected]:~# /opt/nessus/sbin/nessus-update-plugins /root/all/all-2.0.tar.gzExpanding /root/all/all-2.0.tar.gz…Done. The Nessus server will start processing these plugins within a minute
(7) Restart the Nessus service. The execution commands are as follows:
[email protected]:~# /etc/init.d/nessusd restart$Shutting down Nessus : .$Starting Nessus : .
When the above steps are completed, the Nessus is activated. If you do not activate Nessus, it is not available.
Install Squid service in Kali. The execution commands are as follows:
[email protected]:~# apt-get install squid3
Setting up Squid service boot does not start automatically. The execution commands are as follows:
[email protected]:~# update-rc.d -f squid3 remove
Kali-linux Apply updates and configure additional security tools