There are a number of security scanners out there. Most of them are vendor specific, and each boasts a number of vulnerability checks to determine what is secure on your system and what is not. So what if you are a hardcore open source paranoid like myself who wouldn't think to spend a dime on the latest commercial security scanner from CyberSlueths or CrackerCops? Well there is a superior alternative that is regularly updated, free, and open source. It's called Nessus, and it is by far the best scanner available. The first time I encountered Nessus was when I was looking into what crackers use to scan for vulnerabilities of systems that they plan to exploit. The logic here is that by first scanning yourself using their tool of choice, you are taking the initative in preventing the exploitation, since you are aware of what they are looking for and have already taken steps to prevent it. That is the beauty of Nessus. It is an incredibly versitile and extremely efficient application that not only identifies nasty vulnerabilities that could be exploited, but tells you how to prevent hackers from taking advantage of your system, and even gives you a risk level for each vulnerability it discovers. There are many tricks and tweeks that that can used within Nessus, including its own scripting language, the Nessus Attack Scripting Language (NASL), which you can use to write your own security tests. But those subjects are beyond the scope of this article.

At first, I intended just to download and install Nessus, do a quick scan of my systems, and be on my merry way, safer and a little more secure, just like I would do with Nmap, the excellent port scanner from insecure.org. But what happened was a little more complicated. Nessus is composed of two parts: a client and a server. The server is in charge of the attacks, whereas the client is the front end, so that you can perform scans of your whole network via your local work station. So there is a little more to setting it up than your typical application.

 That is what this article covers. I'll show you how to get Nessus onto your machine as quickly and painlessly as possible, without having to spend hours fiddling with it or pulling out your hair due to the fact that you missed one little thing. I began with a fresh installation of Red Hat 7.0. Make sure when you install that you select the custom option and choose the development load so that you'll have all the necessary libraries and compilers. Then follow these instructions step by step in order to get Nessus up and running.
 

1.  Make sure /usr/local/bin is in your path. To check, at the command line, type echo $PATH If it is not in your path, add usr/local/bin to the /etc/profile file. Remember: If you have to add this to your path, you have to log out and log back in for the change to take effect, or you can type:
export PATH=$PATH:/usr/local/bin
2. Add /usr/local/lib to the /etc/ld.so.conf file. Then go to /sbin and type: ./ldconfig

3.  Nessus uses Nmap for port scans so you'll want to go to www.insecure.org and download the Nmap tarball and untar it.

tar -zxvf nmap-VERSION
cd nmap
./configure
make su (to super user)
make install
To make sure that it is properly installed, type nmap at the command line and you should get a list of options and flags. This shows you that it has been properly installed.
 

4. In your home directory, create a new sub-directory 'mkdir Nessus'
 

5.  Download the Nessus tarballs into your new Nessus directory.
 

6.  In the Nessus directory, you should have four tarballs. You absolutely must have all four for Nessus to work. You want to untar, configure, make, and make install in this order exactly.

su (into superuser) tar -zxvf nessus-libraries-VERSION cd nessus-libraries

./configure
make
make install

After you finish the make install of the libraries, you get a prompt to make sure that you have /usr/local/lib in the /etc/ld.so.conf file, and to type ldconfig. But since we already covered this in step two, all you need to do is go back to /sbin and run ./ldconfig again.
 

7.  Go back to the Nessus directory, and just like in step six, untar, configure, make, and make install the other three downloaded files in this order.

libnasl
nessus-core
nessus-plugins

8.  At this time go back to /sbin and run ./ldconfig again.
 

9. Go to /usr/local/sbin and, as superuser, type: ./nessus-adduser

This runs a script that starts by generating some primes. Then you should see a prompt that asks you to add a user. You will get another prompt for Authentication method, cipher or plaintext. The default is cipher, so just hit Enter. It should then ask you if your user name is a local user. Type y and hit enter. It then tells you that it is treating your user name as a local user.

After this, the add-user program prompts you to add rules such as where you can or cannot scan. I leave this blank since I am the only one using my machine and I want to scan everything in my network. And since this is a quick start guide, we don't want to complicate things.

Then hit Ctrl - d, and the program will ask you if your selections are correct. If they are, type y and hit Enter.

Once more the program generates some primes. Now you will be asked for a passphrase and you will be prompted to repeat it twice more. Then you will get a confirmation that the user was added and you will be returned to a shell prompt.
 

10.  To run Nessus the Nessus daemon must be running. In the /user/local/sbin type ./nessusd which will start the daemon. (It will continue to run while you are using the scanner. When you finish using the scanner, kill it by typing Ctrl - c). If you choose to have the daemon running in the background all the time type ./nessusd -D and then you can close that terminal window without killing the process.
 

11.  Return to your home directory as a normal user and not superuser. Type: nessus and the nessus program begins with a password prompt. Your login name should be the same user name that you entered in the nessus-adduser program.

Then click the login button and you are ready to go.


 

You then see different option tabs that you can click through: Nessusd host, Plugins, Preferences, Scan options, Target selection, User, and Credits. These options are generally preconfigured so that while you are getting aquainted with Nessus you don't have to worry about changing the settings.There is one exception: if you are planning to run a scan against your own local host where you have Nessus running, you must only use the Nmap TCP scan and disable the other five. According to the man pages, there is a bug that will prevent them from working properly.

There you have it. A quick and easy step-by-step guide to getting Nessus up and running on your system. As I mentioned earlier, Nessus is extemely versatile and there are an infinite number of ways that it can be configured and utilized. In no way is this article a substitute for the man pages, README files or the online instructions found at the nessus.org site. I strongly encourage you to read all availible documentation so that you'll have a better understanding of the scanner itself since such a powerful and diverse tool can be used just as easily to exploit systems as to secure them.
 

Resources:

Nessus Homepage   https://www.tenable.com/
Nmap Homepage     www.insecure.org  

Author Bio:

Paul Christensen currently works for Penguin Computing as a Linux Support Specialist. He is a regular contributor to "Best of Technical Support" in the Linux Journal and spends the rest of his free time working with Open Source security applications.