A very simple nessus installation

[harman]

Hi All,

After searching for nessus in this forum, and finding nothing concrete, i found nesseus installation very simple :

1. sudo apt-get install nessusd nessus nessus-plugins

During the installation, it will ask you to create a Certificate, accept defaults, change location, state, etc if you like.

2. sudo update-rc.d nessusd defualts

3. /etc/init.d/nessusd start

4. sudo nessus-adduser

Now, when you come to "policy for this user" read the man page for nessus-adduser. I wanted to be able to scan any host i please so i said "default accept". As i said, read man nessus-adduser

5. /etc/init.d/nessud restart

6. Go a shell, and type "nessus"

7. If you do not know how to use the window that pops up, well this little guide is not for you

HTH
Harman

[Mizike789]

Hi! I registered just to say "thank you" for posting this guide.

Thank you.

[jiyuu0]

sudo update-rc.d nessusd defaults

i tried restart... nessusd doesn't start by default...
any idea?

[jiyuu0]

found the solution

sudo ln -s /etc/init.d/nessusd /etc/rc2.d/S20nessusd

[seekyrr]

Thanks for the nessus install tips. I do have one follow up question.

I get this error trying to register my server.

sudo nessus-fetch --register XXXXXXXXXXXXXXXXXX

Unknown error while decoding HTTP response (http error code = 1208493298)


Any help would be much appreciated.

John

EDIT.

Still got error when I tried again. Rebooted and did update command. Now getting all the plugins. Seems fixed.

[SkEaToN]

i am ending in a loop trying to enter a login name and pass at "sudo nessus-adduser"

Login : test
Authentication (pass/cert) [pass] : *****
Authentication (pass/cert) [pass] : *****
Authentication (pass/cert) [pass] : *****
Authentication (pass/cert) [pass] : *****
Authentication (pass/cert) [pass] : *****
Authentication (pass/cert) [pass] : *****


does anybody know why?

[Nimefurahi]

Harman,

Your instructions worked flawlessly for me. Thank you. Nessus is up and running.

After running Nessus against this Ubuntu system, I feel compelled to share an observation, and it's simply that, an observation. This comment is certainly not meant to "bash" other distributions. We have so many distributions and various "flavors" of Linux to choose from, all of which are superb and sport their various strengths and weaknesses. But I only want to share my smile with Nessus users of what initially appears to be a rock-solid Ubuntu (Debian-flavored) distribution...

There is a certain irony in that so many of the "net security" distributions seem to display a certain disposition toward vulnerability. I know. It sounds incredible, but (and please forgive me for posting names of truely superb distributions) there are some like Auditor, Operator, Knoppix STD, Phlak, LAS, and so many others that seem to fail my Nessus test of impenetrabilty. Honest! So many distributions meant to serve network security seem to have beaucoup port flaws of their own. I'm dumbfounded! They fail my Nessus expectations. For me it's like wearing rain boots with holes in their soles. I might as well go barefooted. (May I add at this point that if users are looking for a "hardened" Linux distribution, you may want to check out Trustix, or just stay right here with Ubuntu).

Not so with Ubuntu. I first fell in love with it's idealogy, it's universality, its community and humanism. I wasn't necessarily looking for a Debian-based Linux distribution built like the Rock of Gibraltar, but this "out-of-the-box" Ubuntu distro scored the highest results by my criterion when scanned with Nessus. Can you believe it!?

Kudos to the Ubuntu development team. Hackers, beware of my Ubuntu!

Once again Harman, thanks for making the Nessus installation so simple.

Nimefurahi

[Wardhog]

this "out-of-the-box" Ubuntu distro scored the highest results by my criterion when scanned with Nessus.

Could you share with us what you found? Ie. What were some potentially unwise default settings, what was good? Are there any potentially exploitable services running by default?

I'm interested in this, but haven't yet got off my butt to use Nessus.

[Res]

Hi, I am new to Ubuntu but I have read many posting regarding Nessus and I was able to install it on my own. However I can not get it to start automatically when I reboot. I tried using "sudo ln -s /etc/init.d/nessusd /etc/rc2.d/S20nessusd
" and that command run fine but when I reboot, nessusd is still not running. I have to manually start it before I can use the Nessus client.

I am running Nessus 2.2.5 (I have to install this with the "sh nessus.sh" command -- found at Nessus website, because using apt-get install nessus only installed an older version (version 2.2.3, which has issues with plugins updates)

Would appreciate any help. Thanks.


- Res

[eifersucht]

i got this with the first instruction (sudo apt-get install nessusd nessus nessus-plugins)

E: dpkg was interrupted, you must manually run 'dpkg --configure -a' to correct the problem.

and i dont know what is it or how to fix it