How to configure Nessus and Nessus vulnerability scan in the nessus vulnerability scan tutorial
How to configure Nessus In the Nessus vulnerability scan tutorial
After the Nessus tool is successfully installed, you can use it to perform vulnerability scanning. To better use the tool, we will introduce the related settings of the tool, such as service start, software update, and user management. This section briefly introduces the Nessus service configuration.
Start the Nessus Service
After the Nessus service is installed, it is automatically started by default. If the user restarts the system and closes the Nessus service when obtaining other operations, the user must start the service before accessing the service again. The following describes how to start the Nessus service in different operating systems.
1. Start the Nessus service in Windows
To start the Nessus service in Windows, follow these steps:
(1)Open the Windows service window. On the Windows Startup Menu Bar, click "run" to bring up the "run" dialog box, as shown in 1.22.
Figure 1.22 run dialog box
(2)In the dialog box, enter "services. msc" and click "OK". The "service" window is displayed, as shown in Figure 1.23.
Figure 1.23 service dialog box
(3)Find the "Tenable Nessus" service in the name column of the interface to manage the service, such as stopping, starting, or restarting.
In Windows, you can also use the command line to stop or start the Nessus service. For example, stop the Nessus service. Run the following command:
- C: \ Users \ Administrator> net stop "Tenable Nessus"
- The Tenable Nessus service is being stopped.
- The Tenable Nessus service has been stopped successfully.
From the above output information, we can see that the Nessus service has been successfully stopped. If you start the Nessus service, run the following command:
- C: \ Users \ Administrator> net start "Tenable Nessus"
- Tenable Nessus service is starting.
- The Tenable Nessus service has been started successfully.
From the above output information, we can see that the Nessus service has been successfully started.
2. Start the Nessus service in Linux
Start the Nessus service in Linux. Run the following command:
- [Root @ Server ~] # Service nessusd start
- Start the Nessus service: [OK]
From the above output information, we can see that the Nessus service has been successfully started. If you are not sure whether the service is started, run the following command to check the status. As follows:
- [Root @ Server ~] # Service nessusd status
- Nessusd (pid 5948) is running...
From the above output information, we can see that the Nessus service is running.
Nessus Software Update
To be able to use Nessus for a successful vulnerability scan, it is important to check and update Nessus before scanning. This ensures that all the latest vulnerabilities are scanned. The following uses the Windows operating system as an example to describe how to update the plug-in.
1. Online update
[Example 1-3] update the plug-in Nessus in Windows. The procedure is as follows:
(1)Log on to the Nessus service. Enter https: // IP: 8834/address in the address bar of the Windows browser to open the page shown in 1.24.
Figure 1.24 untrusted Certificate
(2)Select "continue to browse this website (not recommended)" on this page. The page shown in 1.25 is displayed.
Figure 1.25 logon page figure 1.26 Nessus logon page
(3)Enter the user name and password used to manage the Nessus service on this page. Then, click the Sign In button. After successful logon, the page shown in 1.26 is displayed.
(4)Click the triangle behind the upper right corner of the page. A menu bar is displayed, as shown in Figure 1.27. On the menu bar, click the Settings command to open the Settings page, as shown in Figure 1.28.
Figure 1.27 menu bar figure 1.28 setting page
(5)On the left bar of the page, you can see two sub-options: Overview and Software Update. In Figure 1.28, information in the Overview option is displayed. Including the Nessus version, connection time, platform, Last Update Time, and activation code. If you want to Update the Software, select the Software Update option. The page shown in 1.29 is displayed.
Figure 1.29 Software Update 1.30 manual software update
(6)From this interface, we can see that there are three Update methods under the Automatic Update (Automatic Update): Update all components (Update all components), Update plugins (Update INS) and Disabled (update prohibited ). You can select any update method. In addition, Nessus provides a custom plug-in update method for specific hosts. For example, if the IP address is updated to the plug-in provided by the Host 192.168.1.100, enter the IP address 192.168.1.100 in the M Host text box. If you do not want automatic updates, you can also perform manual updates. Click the Manual Software Update (Manual Update) button in the upper-right corner of the page. The page shown in 1.30 is displayed.
(7)Three Update methods are also provided here: Update all components (Update all components), Update plugins (Update INS), and Upload your own plugin archive (Upload your own plug-in documents ). After selecting the desired update method, click the Continue button to start the update. After the update is complete, the update is successful at the upper-right corner (Bell) icon, as shown in 1.31.
Figure 1.31 Software Update Success Figure 1.32 generate a challenge code
2. Offline update
The above update method is online update. If you use this update method, you must make sure that your network is always in normal state. If you cannot confirm your network, you can use the offline update method. In this way, you do not need to connect the Nessus system to the Internet. The following describes the offline update method.
[Example 1-4] the following uses Windows 7 as an example to describe how to update the plug-in offline.
(1)Obtain an activation code. The obtained activation code can only be used once. Therefore, if you activate the service again, you need to obtain a new activation code.
(2)Generate a challenge code and execute the command as follows:
- C: \ Program Files \ Tenable \ Nessus> nessuscli.exe fetch -- challenge
After running the preceding command, the result is 1.32.
Tip:In Linux, run the following command:
- [Root @ localhost ~] #/Opt/nessus/sbin/nessuscli fetch -- challenge
(3)An activation code is generated. Next, you can download the Nessus plug-in offline. Here, it is https://plugins.nessus.org/v2/offline.php. After the address is successfully accessed in the browser, the page shown in 1.33 is displayed.
(4)Enter the challenge code obtained in step 2 in the text box at the first line of the interface, and enter the obtained activation code in the text box at the second line. Click the Submit button to download the plug-in. On this page, we get the 6.3 and updated plug-ins. If you want to obtain the plug-in before version 6.3, click the here command shown by the arrow in the figure to go to another page, as shown in Figure 1.34.
Figure 1.33 offline download plug-in Figure 1.34 download old version of plug-in
(5)This interface is the same as that shown in Figure 1.31. Enter the generated challenge code and activation code to obtain the old version of the plug-in.
User Management in Nessus
User management is an additional function provided by Nessus. In a large enterprise environment, it is very useful to manage users if there are too many people using Nessus. In this case, the administrator can set different security levels for multiple scan users.
Nessus provides two different user roles: Administrator and Standard ). Users of the Administrator role can access all functions in Nessus. Users of the Standard role are restricted in some functions, such as software updates, user management, and advanced settings. The following describes how to manage users in Nessus.
1. Create a user
On the Nessus settings page, select the Accounts tab. The page shown in 1.35 is displayed.
Figure 1.35 account settings page figure 1.36 create a user
Click the New User button in the upper-right corner to open the page shown in 1.36.
Enter the user name and password to be created on this page. The text box corresponding to the User Role has two options: Standard and System Administrator. The Standard option indicates that the created user is a normal user, and the System Administrator option indicates that the created user is an Administrator user. Click Save. The page shown in 1.37 is displayed.
Figure 1.37 user page 1.38 delete a user
You can see from this interface that the user name is successfully created and the type is Standard.
2. delete a user
When a user is not required for a Nessus scan, the user can be deleted. The specific method is as follows:
(1)Open the user settings page, as shown in Figure 1.31.
(2)On this page, select the user you want to delete and click the (error code) icon next to the user name to delete the user. Alternatively, select the check box before the user name. A Delete button is displayed on the left of the search box, as shown in Figure 1.38. Then, click Delete to display the page shown in 1.39.
Figure 1.39 confirm user deletion figure 1.40 edit user interface
This interface prompts whether you are sure you want to delete the user. If no problem is found, click Delete to Delete the user.
3. modify an existing user role
On the user interface (Figure 1.31), click the user whose role you want to modify to change the role of the user. For example, edit a user. Click user on the user page. The page shown in 1.40 is displayed.
The user role is Standard. Click the triangle behind the text box corresponding to the User Role to select the Role to be modified. For example, if you change the role to System Administrator, the page shown in 1.41 is displayed.
Figure 1.41 Change User Role figure 1.42 Change Password
The user role has been successfully modified. Next, click Save to Save the settings. Otherwise, the setting is invalid.
4. Change the User Password
You can also change the password on the user settings page. Similarly, click the user whose password you want to change. Then, click the Change Password tab in the left column, and the page shown in 1.42 is displayed.
Enter the new password you want to reset on this page. Click Save to modify the user password.
Communication settings in Nessus
Communication settings here refer to the Communication tab in the setting options. In this tab settings, there are two options: Proxy Server and SMTP Server. The following describes how to set these two services.
Figure 1.43 Proxy Server setting page figure 1.44 SMTP service setting page
1. Proxy Service
The Proxy service is used to forward HTTP requests. If needed, Nessus uses this setting to update the plug-in and communicate with remote scanners. The following describes how to set the Proxy service. As follows:
(1)On the setting page, select the Communication tab. The page shown in 1.43 is displayed.
The page shows that there are five fields. However, only the Host and Port fields are required. The Username, Password, and User-Agent fields are optional. The meanings of each field are described as follows:
- Q Host: Host Name or IP address of the proxy server.
- Q Port: the Port number connected to the proxy server.
- Q Username: the Username used to connect to the proxy server.
- Q Password: the username and Password used to connect to the proxy server.
- Q User-Agent: this field is set if the proxy server uses the specified HTTP User proxy filter. This field is used to customize proxy strings.
2. SMTP Service
SMTP (Simple Mail Transfer Protocol) is a standard for sending and receiving emails. Once the SMTP service is configured, Nessus sends the scan result to the recipient specified by the "Email notification" option by Email. The SMTP service settings page is shown in Figure 1.44.
The following describes each field on the SMTP service settings page. As follows:
- Q Host: the Host name or IP address of the SMTP service.
- Q Port: the Port number used to connect to the SMTP service.
- Q From (sender email): the email address that sends the scan report.
- Q Encryption: Which Encryption method is used to encrypt the mail content. Nessus provides three methods: Force SSL, Force TLS, and Use TLS if available. By default, No Encryption is used ).
- Q Hostname (for email links): The name or IP address of the Nessus service.
- Q Auth Method: SMTP service authentication Method. Nessus provides five authentication methods: PLAIN, LOGIN, NTLM, and CRAM-MD5. By default, the authentication method is not used, that is, NONE.
- Q Username: the user name used to authenticate the SMTP service
- Q Password: the Password used to authenticate the SMTP service user.
Tip:On the SMTP service settings page, if no authentication method is used, the Username and Password fields are not displayed.
This document is selected from:Nessus vulnerability scan basic tutorial Ba internal information, reprinted please indicate the source, respect technology respect it people!
Copyright Disclaimer: This article is an original article by the blogger and cannot be reproduced without the permission of the blogger.