Nessus - Beginner

Aku try scan server aku dr luar guna Nmap & result dia aku kurang puas hati.. Mungkin skill Nmap aku xder, so result dia hampeh ler...

So try cari solution lain...Pendek kata, software yg default install tapi bleh grab result yg aku mahukan..So aku try another solution menggunakan Nessus Scanner..

Camner nk install?
Since aku pkai Ubuntu, so guide ni akan focus pada Ubuntu jer..Tapi kebanyakan sama jer ngn distro2 lain..Dua software yg diperlukan iaitu ::

- Nessus-4.0.2-ubuntu810_i386.deb (Server Utk Nessus)
- NessusClient-4.0.2-ubuntu810_i386.deb(Client Utk Nessus)

Kedua-dua client & server nie aku install kat pc yg sama. Cara nk setup utk server ngn client nie seperti kat bawah ::

Setup server

- Download package *.deb utk server (i386) dan unpack guna Gdebi Package Installer atau guna command line ::
# dpkg -i Nessus-4.x.x –ubuntu810_i386.deb

- Start nessus server guna command ::
#/etc/init.d/nessusd atau :: #service nessusd start

- Lokasi installation folder nessus adalah di ::

Root dir = /opt/nessus/
Config file = /opt/nessus/etc/nessus/
User Knowledgebase = /opt/nessus/var/nessus/users/kbs/

Create User
- Taip command :: # /opt/nessus/sbin/nessus-adduser
- Pastu letak username :: Login : apit
- Kemudian masukkan [pass] utk authentication :: Authentication (pass/cert) : pass
- Masukkan password utk user tadi :: Password :: ********
- User pertama yg di create ini akan menjadi admin

User Rules
- Rules digunakan utk control sama ada user tersebut boleh scan atau tidak.
- By default, jika tiada rules di set, user tersebut boleh scan semua range ip.
- Semua file rules disimpan di "nessud.rules" file.
- Contoh create rules utk restrict user scan range ip 172.20.0.0/16 ::

Do you want this user to be a Nessus 'admin' user ? (can upload plugins,
etc...) (y/n) [n]: y
User rules
----------
nessusd has a rules system which allows you to restrict the hosts
that restricteduser has the right to test. For instance, you may want
him to be able to scan his own host only.
Please see the nessus-adduser(8) man page for the rules syntax
Enter the rules for this user, and enter a BLANK LINE once you are done :
(the user can have an empty rules set)

# accept 172.20.0.0/16
# default deny

Activate Nessus
- Selepas pemasangan nessus, perlu di aktifkan pemasangan tersebut dengan register secara online di website nessus. Kemudian anda akan menerima email dr nessus seperti di bawah ::

Your activation code for the Nessus plugin feed is 0EAE-0EAE-0EAE-0EAE-0EAE
On Linux, to activate your account, simply execute the following command :
/opt/nessus/bin/nessus-fetch --register 0EAE-0EAE-0EAE-0EAE-0EAE
If your Nessus installation can not reach the internet directly,
you can use your activation code at the following URL :

http://plugins.nessus.org/offline.php

Ok..Untuk server banyak lagi sebenarnya..ada bab "configure nessus daemon", "Configuring SSL Certificates","Plugins Update" dan lain-lain. Refer Server Documentation untuk maklumat lanjut.

Setup Client

- Download package *.deb utk NessusClient (i386) dan unpack guna Gdebi Package Installer atau guna command line ::
# dpkg -i NessusClient-4.x.x –ubuntu810_i386.deb

Remove Client
- Tentukan version nessus
# dpkg –l | grep –i nessus
- Remove package tersebut
# dpkg -r
- Remove keseluruhan package
# rm -rf /opt/nessus

Running Client
- Dari shell promt, issue command di bawah :
# /opt/nessus/bin/NessusClient
- Klik connect & masukkan info seperti hostname (localhost), port (1241), login(apit) & password(***)
- Pastu klik save
- Klik tanda "+" pada bahagian "Network To Scan" dan masukkan info yg diperlukan & tekan save.
- Klik tanda "+" pada bahagian "Select Scan Policy" dan masukkan info yg diperlukan & tekan save.
- Kemudian tekan "Scan Now" dan tunggu result yg akan dipaparkan pada bahagian report.

That all....

Reference ::
Server Documentation
Client Documentation