Nessus Vulnerability Scanning Tutorial configuration Nessus

Nessus Vulnerability Scanning Tutorial configuration Nessus configuration Nessus

When the Nessus tool is successfully installed, you can use the tool to implement vulnerability scanning. In order for the user to better use the tool, the relevant settings of the tool are introduced, such as service startup, software update, user management, and so on. This section provides a brief introduction to the Nessus service configuration.

Start the Nessus service

After the Nessus service is installed, it is automatically started by default. If the user restarts the system, obtains other operations, and shuts down the Nessus service, the service must be started first. The methods for starting the Nessus service in different operating systems are described separately below.

1.Windows Start the Nessus service

The way to start the Nessus service under Windows is as follows:

(1 ) to open the Windows System Services window. Clicking the Run command in the Startup menu bar of the Windows system will bring up the Run dialog box, shown in 1.22.

Figure 1.22 Running the dialog box

(2 Enter "Services.msc" in the dialog box, and then click the OK button to open the Services window, as shown in 1.23.

Figure 1.23 Service Window

(3 The Tenable Nessus service is found in the Name column of the interface to manage the service, such as stopping, starting, or restarting.

In Windows, you can also stop or start the Nessus service from the command line. For example, stop the Nessus service. The execution commands are as follows:

• C:\users\administrator>net Stop "tenable Nessus"
• Tenable Nessus Service is stopping.
• Tenable Nessus Service has stopped successfully.

From the output information above, you can see that the Nessus service has stopped successfully. If you start the Nessus service, the Execute command looks like this:

• C:\users\administrator>net start "tenable Nessus"
• Tenable Nessus Service is starting.
• Tenable Nessus Service has started successfully.

From the output information above, you can see that the Nessus service has started successfully.

2.Linux Start the Nessus service

Start the Nessus service under Linux. The execution commands are as follows:

• [[Email protected] ~]# service NESSUSD start
• Start Nessus service: [OK]

From the output information above, you can see that the Nessus service has started successfully. If the user is unsure whether the service is started, you can use the following command to view its status. As shown below:

• [[Email protected] ~]# service NESSUSD status
• NESSUSD (PID 5948) is running ...

From the output information above, you can see that the Nessus service is running.

Nessus Software Updates

In order to be able to use Nessus for a successful vulnerability scan, it is important to check for and update nessus before scanning, using the latest plugins. This ensures that all the latest vulnerabilities are scanned. The following is an example of the Windows operating system, which describes how to update the plug-in.

1. Online Updates

"Example 1-3" updates the plug-in in Nessus under Windows. The procedure is as follows:

(1 ) log in to the Nessus service. Entering the https://IP:8834/address in the browser address bar in Windows opens the interface shown in 1.24.

Figure 1.24 Certificate is not trusted

(2 Select the "Continue browsing this site (not recommended)" option in this interface, which will open the interface shown in 1.25.

Figure 1.25 Login interface diagram 1.26 Nessus login interface

(3 Enter the user name and password for managing the Nessus service in this interface. Then, click the Sign In button. After the login is successful, the interface shown in 1.26 is displayed.

(4 in the interface, click the small triangle that follows the upper-right corner, and a menu bar will pop up, as shown in 1.27. In the menu bar, click the Settings command, which opens the Settings screen, shown in 1.28.

Figure 1.27 Menu bar Figure 1.28 Setup interface

(5 from the left column of the interface, you can see that there are two sub-options, overview (overview) and software update (software update) options. In Figure 1.28, the information in the overview option is displayed. Among them, including Nessus version, connection time, platform, last update time, activation code and so on. If you are making a software update, selecting the Software update option will display the interface shown in 1.29.

Figure 1.29 Software update Figure 1.30 updating software manually

(6 from this interface, you can see that there are three ways to update the Automatic Updates (update all components) and update Plugins (update plugin) and disabled (no update). Users can choose any kind of update method. Also, Nessus provides a custom plug-in Update method for specific hosts. For example, to update the plug-in that the IP address provides for the 192.168.1.100 host, enter the address 192.168.1.100 in the text box corresponding to the custom host. If users do not want to update automatically, they can also make manual updates. Click the manual Software update (manual update) button in the upper-right corner of the interface to display the interface shown in 1.30.

(7 There are also three update methods available, namely update all component (all updates), update plugins (update plugin), and upload your own plugin Archive (upload your own plugin documentation). After the user selects the desired update mode, click the Continue button to start the update. When the update is complete, the top-right (bell) icon will prompt for the update to succeed, as shown in 1.31.

Figure 1.31 Software update success Figure 1.32 Generate challenge code

2. Offline Update

The above update methods are online updates. If you update it this way, you have to make sure your network is in a normal state. You can use the offline Update method if the user cannot confirm their network. This method does not require the Nessus system connection to be connected to the Internet. The following describes how offline updates are.

"Example 1-4" Below is an example of the Windows 7 operating system, which describes how to update the plug-in offline.

(1 ) gets an activation code. Can only be used once because of the activation code obtained. Therefore, if you activate the service again, you need to retrieve an activation code again.

(2 ) to generate a challenge code, execute the command as follows:

• C:\Program files\tenable\nessus> Nessuscli.exe Fetch--challenge

After executing the above command, the result is shown in effect 1.32.

Tip: If you are on a Linux system, the following commands are shown:

• [Email protected] ~]#/OPT/NESSUS/SBIN/NESSUSCLI fetch--challenge

(3 ) from which you can see that an activation code has been generated. Next, you can download the Nessus plugin offline. Among them, for https://plugins.nessus.org/v2/offline.php. When the address is successfully accessed in the browser, the interface shown in 1.33 is displayed.

(4 Enter the challenge code obtained in step (2) in the first line of the text box in the interface, and enter the activation code obtained in the second line of the text box. Then, click the Submit button to start downloading the plugin. The interface gets 6.3 and updated plugins. If the user wants to get the plugin before version 6.3, clicking on the arrow in the figure refers to the here command, which will jump to another page, as shown in 1.34.

Figure 1.33 Offline download plugin figure 1.34 Download the previous version of the plugin

(5 the interface and figure 1.31 show the same content. The generated challenge code and activation Code are also entered here to get the old version of the plugin.

User Management in Nessus

User management is an additional feature provided by Nessus. It is very useful to manage users in a large enterprise environment, or with more people using Nessus. When using the Nessus scan in this case, the administrator can set different security levels for multiple scan users.

Nessus provides two different user roles, administrator (Administrator) and standard (normal user). The users of the Administrator role have access to all the features in the Nessus, and the users of the standard role are limited to some features, such as software updates, user management, and advanced settings. The following describes the methods for managing users in Nessus.

1. Create a new user

Select the Accounts tab in the Nessus Settings screen and the interface shown in 1.35 will be displayed.

Figure 1.35 Account Setup interface figure 1.36 New user

Clicking on the New User button in the upper-right corner of the interface will open the interface shown in 1.36.

Enter the user name and password you want to create in this interface. The text box corresponding to User role has two options, namely standard and system Administrator. Where the standard option indicates that the user created is a normal user, and the System administrator option indicates that the user created is an administrator user. Then click the Save button and you will see the interface shown in 1.37.

Figure 1.37 User interface Figure 1.38 Deleting a user

From this interface, you can see that you have successfully created a named user, type Standard.

2. Delete a user

When a user is not needed by the Nessus scan, the user can be deleted. The exact method is as follows:

(1 ) Open the User Settings screen, shown in 1.31.

(2 Select the user you want to delete in the interface, and then click the (wrong number) icon after the user name to delete the user. Alternatively, tick the checkbox in front of the user name. At this point, a Delete button appears on the left side of the search box, as shown in 1.38. Then, click the Delete button and the interface shown in 1.39 is displayed.

Figure 1.39 Confirm Delete User Figure 1.40 Edit user Interface

The interface prompts you to determine whether you want to delete the user. If the confirmation is OK, click the Delete button to successfully delete the user.

3. Modifying an existing user role

You can change the user's role by clicking the user in the user interface (figure 1.31) to modify the role. For example, edit user users. After you click the user user interface, the interface shown in 1.40 is displayed.

From this interface, you can see the user's role as standard. Click the small triangle behind the user role corresponding to the text box to select the role you want to modify. For example, modifying to the system Administrator role will display the interface shown in 1.41.

Figure 1.41 Modifying a user role Figure 1.42 Modifying a password

At this point, the user role has been successfully modified. Next, you need to click the Save button to save your settings. Otherwise, the setting is not valid.

4. Modify User Password

The change password is also modified in the user settings interface. Similarly, click the user who wants to change the password. Then, click on the Change Password tab in the left column to display the interface shown in 1.42.

Enter the new password that you want to reset in the interface. Then click the Save button to successfully modify its user password.

Communication settings in Nessus

The communication settings here refer to the Communication tab in the Setup options. In this tab setting, there are two settings options, proxy Server and SMTP server, respectively. The following sections describe how these two services are set up.

Figure 1.43 Proxy Server Setup interface diagram 1.44 SMTP Service Setup Interface

1.Proxy Service

The proxy service is used to forward HTTP requests. Nessus will use this setting to implement plug-in updates and communicate with remote scanners, if required by the network organization. The setting method for proxy service is described below. As shown below:

(1 in the Settings screen, select the Communication tab and the interface shown in 1.43 will be displayed.

As you can see from this interface, there are five fields. However, only the host and port fields are required. The Username, password, and user-agent three fields are optional. The meanings of each field are described below, as follows:

• Q Host: the hostname or IP of the proxy server.
• Q Port: The port number of the proxy server connection.
• Q Username: The user name of the proxy server connection.
• Q Password: The user name password of the proxy server connection.
• Q user-agent: If the proxy server uses the specified HTTP user agent filter, the field is set. This field is used primarily for custom use with proxy strings.

2. SMTP Service

SMTP (Simple Mail Transfer Protocol) is the standard for sending and receiving messages. Once the SMTP service is configured, Nessus sends the scan results as a message to the recipients specified by the "Email notifications" option. Where the SMTP service is set up in interface 1.44 as shown.

Each of the fields in the SMTP Service settings interface is described in more detail below. As shown below:

• Q HOST:SMTP The host name or IP address of the service.
• Q Port: The port number used to connect to the SMTP service.
• Q from (sender email): Send the email address of the scan report.
• Q Encryption: Which encryption method is used to encrypt the contents of the message. Nessus is available in three ways, namely Force SSL, Force TLS, and use TLS if available. By default, no encryption (no encryption) is used.
• Q Hostname (for email links): The host name or IP address of the Nessus service.
• Q Auth METHOD:SMTP Service authentication method. Nessus provides five authentication methods, namely plain, LOGIN, NTLM, and CRAM-MD5. By default, no authentication method is used, that is none.
• Q Username: User name used to authenticate the SMTP service
• Q Password: The password that is used to authenticate the SMTP service user.

tip: in the SMTP Service Setup interface, the username and password fields will not appear if no authentication method is used.

This article is selected from: Nessus Vulnerability Scanning Basic Tutorial University bully internal information, reproduced please indicate the source, respect the technology respect it people!

Nessus Vulnerability Scanning Tutorial configuration Nessus