Assessment Server

Nessus

Installation

diverses

11:57:17 nessus ~ [root]cat /etc/sysconfig/network
NETWORKING=yes
HOSTNAME=nessus.ISALAB.local

[root@sargeswi06 ~]# yum install screen.i386
[root@sargeswi06 nessus]# yum install rpm-build.i386
[root@sargeswi06 nessus]# wget http://asic-linux.com.mx/~izto/checkinstall/files/rpm/checkinstall-1.6.0-1.i386.rpm
[root@sargeswi06 nessus]# rpm -ihv checkinstall-1.6.0-1.i386.rpm 
[root@sargeswi06 nessus]# yum install nmap.i386

Nessus.org - Installationsanleitung

nessus-libraries

[root@sargeswi06 ~]# yum install nmap
[root@sargeswi06 nessus-libraries]# yum install gcc.i386
[root@sargeswi06 nessus-libraries]# yum install openssl-devel.i386
[root@sargeswi06 nessus-libraries]# yum install flex.i386
[root@sargeswi06 nessus-libraries]# yum install bison.i386

[root@sargeswi06 nessus]# tar xzf libnasl-2.2.8.tar.gz 
[root@sargeswi06 nessus]# tar xzf nessus-core-2.2.8.tar.gz 
[root@sargeswi06 nessus]# tar xzf nessus-libraries-2.2.8.tar.gz 
[root@sargeswi06 nessus]# tar xzf nessus-plugins-2.2.8.tar.gz 

[root@sargeswi06 nessus-libraries]# ./configure --sysconfdir=/etc --infodir=/usr/share/info --mandir=/usr/share/man --localstatedir=/var 
[root@sargeswi06 nessus-libraries]# make
[root@sargeswi06 nessus-libraries]# checkinstall 
[root@sargeswi06 nessus-libraries]# rpm -ihv /usr/src/redhat/RPMS/i386/nessus-libraries-2.2.8-1.i386.rpm

libnasl

[root@sargeswi06 libnasl]# ./configure --sysconfdir=/etc --infodir=/usr/share/info --mandir=/usr/share/man --localstatedir=/var
[root@sargeswi06 libnasl]# make
[root@sargeswi06 libnasl]# checkinstall 
[root@sargeswi06 libnasl]# rpm -ihv /usr/src/redhat/RPMS/i386/libnasl-2.2.8-1.i386.rpm

nessus-core

[root@sargeswi06 nessus-core]# ./configure --sysconfdir=/etc --infodir=/usr/share/info --mandir=/usr/share/man --localstatedir=/var --disable-gtk --enable-syslog
[root@sargeswi06 nessus-core]# make
[root@sargeswi06 nessus-core]# checkinstall 
[root@sargeswi06 nessus-core]# rpm -ihv --force /usr/src/redhat/RPMS/i386/nessus-core-2.2.8-1.i386.rpm

nessus-plugins

[root@sargeswi06 nessus-plugins]# ./configure --sysconfdir=/etc --infodir=/usr/share/info --mandir=/usr/share/man --localstatedir=/var 
[root@sargeswi06 nessus-plugins]# make
[root@sargeswi06 nessus-plugins]# make install

Weiteres:

falls nessusd mit folgendem Fehler quitiert:

13:47:09 debianmike ~ [root]nessusd
nessusd: error while loading shared libraries: libnasl.so.2: cannot open shared object file: No such file or directory

muss die Datei /etc/ld.so.conf um folgenden Eintrag ergänzt werden:

13:57:49 debianmike /var/www/praktikum/wiki [root]grep local /etc/ld.so.conf
/usr/local/lib

und anschließend noch ldconfig ausgeführt werden!

Grundkonfiguration

[root@sargeswi06 nessus-plugins]# mkdir /var/log/nessus
[root@sargeswi06 nessus-plugins]# mkdir /etc/nessus

[root@sargeswi06 nessus-plugins]# nessus-adduser 
Using /var/tmp as a temporary file holder

Add a new nessusd user
----------------------


Login : nessus
Authentication (pass/cert) [pass] : 
Login password : 
Login password (again) : 

User rules
----------
nessusd has a rules system which allows you to restrict the hosts
that nessus has the right to test. For instance, you may want
him to be able to scan his own host only.

Please see the nessus-adduser(8) man page for the rules syntax

Enter the rules for this user, and hit ctrl-D once you are done : 
(the user can have an empty rules set)


Login             : nessus
Password          : ***********
DN                : 
Rules             : 


Is that ok ? (y/n) [y] 
user added.

/etc/nessus/nessusd.conf

[root@sargeswi06 ~]# nessus-mkcert
/var/nessus/CA created
/usr/local/com/nessus/CA created
-------------------------------------------------------------------------------
                        Creation of the Nessus SSL Certificate
-------------------------------------------------------------------------------

This script will now ask you the relevant information to create the SSL
certificate of Nessus. Note that this information will *NOT* be sent to
anybody (everything stays local), but anyone with the ability to connect to your
Nessus daemon will be able to retrieve this information.


CA certificate life time in days [1460]: 
Server certificate life time in days [365]: 
Your country (two letter code) [FR]: AT
Your state or province name [none]: Salzburg
Your location (e.g. town) [Paris]: Salzburg
Your organization [Nessus Users United]: Universität Salzburg
-------------------------------------------------------------------------------
                        Creation of the Nessus SSL Certificate
-------------------------------------------------------------------------------

Congratulations. Your server certificate was properly created.

/etc/nessus/nessusd.conf updated
 
The following files were created : 

. Certification authority : 
   Certificate = /usr/local/com/nessus/CA/cacert.pem
   Private key = /var/nessus/CA/cakey.pem

. Nessus Server : 
    Certificate = /usr/local/com/nessus/CA/servercert.pem
    Private key = /var/nessus/CA/serverkey.pem

Press [ENTER] to exit

[root@sargeswi06 ~]# nessusd -D
All plugins loaded                                   
[root@sargeswi06 ~]# pstree -p | grep ness
        âânessusd(2166)

[root@sargeswi06 ~]# nmap 127.0.0.1

Starting nmap 3.70 ( http://www.insecure.org/nmap/ ) at 2006-10-09 15:48 CEST
Interesting ports on localhost (127.0.0.1):
(The 1654 ports scanned but not shown below are in state: closed)
PORT     STATE SERVICE
22/tcp   open  ssh
25/tcp   open  smtp
111/tcp  open  rpcbind
631/tcp  open  ipp
1024/tcp open  kdm
1241/tcp open  nessus

Nmap run completed -- 1 IP address (1 host up) scanned in 0.330 seconds

Plugins updaten

http://nessus.org/documentation/index.php?doc=cron

[root@sargeswi06 ~]# grep nessus /etc/crontab 
10 1 * * * /usr/local/sbin/nessus-update-plugins

Registrierung:

http://www.nessus.org/plugins/?view=register-info


Direct and Registered Plugin Feeds

Two feeds are available only for use with a copy of Nessus provided by Tenable - Direct and Registered

A 'Direct Feed' is commercially available which entitles subscribers to the latest vulnerability checks and commercial support for their Nessus 3 installation.

A 'Registered Feed' is available for free to the general public, but new plugins are added seven days after they are added to the 'Direct Feed'.


Nessus Registrierungsmail mit Key

[root@sargeswi06 ~]# nessus-fetch --register C8B8-F0AC-277C-0770-0747
Your activation code has been registered properly - thank you.
Now fetching the newest plugin set from plugins.nessus.org...

Your Nessus installation is now up-to-date.
Make sure to call regularly use the command 'nessus-update-plugins' to stay up-to-date
To automate the update process, please visit <http://www.nessus.org/documentation/index.php?doc=cron>

Addons usw.

Windows Client installieren

supervise nessusd

[root@sargeswi06 ~]# wget http://qmail.de-mirror.de/rpms/RPMS/daemontools-0.76-112memphis.i386.rpm
[root@sargeswi06 ~]# wget http://smarden.org/pape/djb/manpages/daemontools-0.76-man.tar.gz

[root@sargeswi06 ~]# rpm -ihv daemontools-0.76-112memphis.i386.rpm 
Preparing...                ########################################### [100%]
   1:daemontools            ########################################### [100%]
/service exists. I assume that svscan is already running.
You may want to add /command to PATH.
[root@sargeswi06 ~]# ls /service/
[root@sargeswi06 ~]# ls /command/
envdir     multilog       setlock    supervise  svscan      tai64n
envuidgid  pgrphack       setuidgid  svc        svscanboot  tai64nlocal
fghack     readproctitle  softlimit  svok       svstat
[root@sargeswi06 ~]# tar xvzf daemontools-0.76-man.tar.gz 
daemontools-man/
daemontools-man/envdir.8
daemontools-man/README
daemontools-man/envuidgid.8
daemontools-man/fghack.8
daemontools-man/multilog.8
daemontools-man/pgrphack.8
daemontools-man/readproctitle.8
daemontools-man/setlock.8
daemontools-man/setuidgid.8
daemontools-man/softlimit.8
daemontools-man/supervise.8
daemontools-man/svc.8
daemontools-man/svok.8
daemontools-man/svscan.8
daemontools-man/svscanboot.8
daemontools-man/svstat.8
daemontools-man/tai64n.8
daemontools-man/tai64nlocal.8
[root@sargeswi06 ~]# cd daemontools-man/
[root@sargeswi06 daemontools-man]# gzip *.8
[root@sargeswi06 daemontools-man]# cp *.8.gz /usr/share/man/man8/

[root@sargeswi06 daemontools-man]# ln -sf /etc/nessusd /service
[root@sargeswi06 daemontools-man]# ll /service/
total 0
lrwxrwxrwx  1 root root 12 Oct 10 12:06 nessusd -> /etc/nessusd

Nessus-Init Script with daemontools
Nessus-run Script for daemontools

[root@sargeswi06 ~]# runlevel 
N 3
[root@sargeswi06 ~]# cd /etc/rc3.d/
[root@sargeswi06 rc3.d]# ln -s ../init.d/nessusd S99nessusd
[root@sargeswi06 rc3.d]# ll | grep ness
lrwxrwxrwx  1 root root 17 Oct 10 12:23 S99nessusd -> ../init.d/nessusd

local checks

Webinterface

Apache
[root@sargeswi06 ~]# yum install lynx
[root@sargeswi06 ~]# yum install httpd.i386
[root@sargeswi06 ~]# /etc/init.d/httpd start
Starting httpd: httpd: Could not determine the server's fully qualified domain name, using 127.0.0.1 for ServerName
                                                           [  OK  ]
[root@sargeswi06 ~]# pstree -p | grep http
        ââhttpd(3791)ââ¬âhttpd(3794)
        â             ââhttpd(3795)
        â             ââhttpd(3796)
        â             ââhttpd(3797)
        â             ââhttpd(3798)
        â             ââhttpd(3799)
        â             ââhttpd(3800)
        â             ââhttpd(3801)
[root@sargeswi06 ~]# yum install php.i386
mySQL

http://dev.mysql.com/doc/refman/5.0/en/resetting-permissions.html

[root@sargeswi06 ~]# yum install mysql.i386 mysql-server.i386
[root@sargeswi06 ~]# yum install php-mysql.i386
[root@sargeswi06 html]# mysql -u root mysql
Reading table information for completion of table and column names
You can turn off this feature to get a quicker startup with -A

Welcome to the MySQL monitor.  Commands end with ; or \g.
Your MySQL connection id is 3 to server version: 4.1.20

Type 'help;' or '\h' for help. Type '\c' to clear the buffer.

mysql> UPDATE mysql.user SET Password=PASSWORD('labadmin')
    -> WHERE User='root';
Query OK, 2 rows affected (0.07 sec)
Rows matched: 2  Changed: 2  Warnings: 0

mysql> FLUSH PRIVILEGES;
Query OK, 0 rows affected (0.03 sec)

mysql> exit

[root@sargeswi06 html]# mysql -u root mysql
ERROR 1045 (28000): Access denied for user 'root'@'localhost' (using password: NO)
[root@sargeswi06 html]# mysql -u root mysql -p
Enter password: *******

[root@sargeswi06 ~]# wget http://kent.dl.sourceforge.net/sourceforge/phpmyadmin/phpMyAdmin-2.9.0.2-all-languages.tar.gz
[root@sargeswi06 ~]# tar xzf phpMyAdmin-2.9.0.2-all-languages.tar.gz 
[root@sargeswi06 ~]# cp phpMyAdmin-2.9.0.2-all-languages /var/www/html/phpmyadmin -pri
[root@sargeswi06 phpmyadmin]# cp config.sample.inc.php config.inc.php

[root@localhost rc3.d]# ln -s ../init.d/httpd S94apache
[root@localhost rc3.d]# ln -s ../init.d/mysqld S92mysqld

inprotect
[root@sargeswi06 ~]# wget http://puzzle.dl.sourceforge.net/sourceforge/inprotect/inprotect-0.22.05.tar.gz
[root@sargeswi06 ~]# tar xzf inprotect-0.22.05.tar.gz 
[root@sargeswi06 ~]# cd inprotect-0.22.05
[root@sargeswi06 ~]# yum install elinks.i386 
[root@sargeswi06 ~]# wget http://redhat-archive.osmirror.nl/9/en/os/i386/RedHat/RPMS/ncftp-3.1.5-4.i386.rpm
[root@sargeswi06 ~]# rpm -ihv ncftp-3.1.5-4.i386.rpm 
[root@sargeswi06 ~]# perl -MCPAN -e shell
  cpan> install DBI
  cpan> install MIME::Lite
  cpan> install Parallel::ForkManager
  cpan> install Date::Calc
  cpan> exit
[root@sargeswi06 ~]# yum install php-gd

...mySQL nach Anleitung im Readme konfigurieren!

[root@sargeswi06 ~]# wget http://members.chello.se/jpgraph/jpgdownloads/jpgraph-1.20.5.tar.gz
[root@sargeswi06 ~]# tar xzf jpgraph-1.20.5.tar.gz 
[root@sargeswi06 jpgraph-1.20.5]# cp -pri * /var/www/html/nessus/jpgraph/
[root@sargeswi06 nessus]# cd jpgraph/
[root@sargeswi06 jpgraph]# ls
docs  QPL.txt  README  src  VERSION
[root@sargeswi06 jpgraph]# mv src/* .
[root@sargeswi06 jpgraph]# rm src -r

Beispiele im Webbrowser testen (z.B.: http://141.201.70.153/nessus/jpgraph/src/Examples/bar_csimex2.php)

Nagios Monitoring

[root@labadclient02 nagios]# cat /etc/nagios/minimal.cfg 

...

# 'check_tcp' command definition
define command{
        command_name    check_tcp
        command_line    $USER1$/check_tcp -H $HOSTADDRESS$ -p $ARG1$
        }

...

define host{
        use                     generic-host            ; Name of host template to use
        host_name               Assessment
        alias                   Nessus
        address                 141.201.43.17
        check_command           check-host-alive
        max_check_attempts      10
        check_period            24x7
        notification_interval   120
        notification_period     24x7
        notification_options    d,r
        contact_groups  admins
        }

...

define hostgroup{
        hostgroup_name  test
        alias           Test Servers
        members         localhost,Xradius,Assessment
        }

...

define service{
        use                             generic-service         ; Name of service template to use
        host_name                       Assessment
        service_description             Nessusdaemon - Portcheck
        is_volatile                     0
        check_period                    24x7
        max_check_attempts              4
        normal_check_interval           5
        retry_check_interval            1
        contact_groups                  admins
        notification_options            w,u,c,r
        notification_interval           960
        notification_period             24x7
        check_command                   check_tcp!1241!
        }

define service{
        use                             generic-service         ; Name of service template to use
        host_name                       Assessment
        service_description             Apache - Portcheck
        is_volatile                     0
        check_period                    24x7
        max_check_attempts              4
        normal_check_interval           5
        retry_check_interval            1
        contact_groups                  admins
        notification_options            w,u,c,r
        notification_interval           960
        notification_period             24x7
        check_command                   check_tcp!80!
        }

Syslog Server anbindung

12:10:05 nessus ~ [root]grep @ /etc/syslog.conf 
*.*                                                     @141.201.43.16

12:09:55 nessus ~ [root]/etc/init.d/syslog restart
Shutting down kernel logger:                               [  OK  ]
Shutting down system logger:                               [  OK  ]
Starting system logger:                                    [  OK  ]
Starting kernel logger:                                    [  OK  ]
 
nessus-allg.txt · Last modified: 2009/09/13 17:39 (external edit)
 
Except where otherwise noted, content on this wiki is licensed under the following license:CC Attribution-Noncommercial-Share Alike 3.0 Unported
Recent changes RSS feed Donate Powered by PHP Valid XHTML 1.0 Valid CSS Driven by DokuWiki