001. Nessus Installation on CentOS 5.7

OS: CentOS 5.7 32bit
Hardware: Virtual Machine (VirtualBox 4.1.8)
Nessus: 4.4.1

About

Nessus is a vulnerability network scanner. Nessus let you scan your network for vulnerabilities and create a report based on your network status.

Nessus Installation

  • Download Nessus
mkdir /usr/local/src/nessus
cd /usr/local/src/nessus
wget "http://downloads.nessus.org/nessus3dl.php?file=Nessus-4.4.1-es5.i386.rpm&licence_accept=yes&t=05a5e71c02e574b66e0f558865246dca" -O nessus.rpm
  • Install Nessus package
rpm -ihv nessus.rpm
  • Activate your Nessus account with your activation code
/opt/nessus/bin/nessus-fetch --register XXXX-XXXX-XXXX-XXXX-XXXX
ENTER
Your activation code has been registered properly - thank you.
Now fetching the newest plugin set from plugins.nessus.org...
Your Nessus installation is now up-to-date.
If auto_update is set to 'yes' in nessusd.conf, Nessus will
update the plugins by itself.
  • Start Nessus server
service nessusd start
  • Create new user for Nessus
/opt/nessus/sbin/nessus-adduser
Login : admin
ENTER 
Login password : type a password ENTER
Login password (again) : type again the previous password ENTER
Do you want this user to be a Nessus 'admin' user ? (can upload plugins, etc...) (y/n) [n]: y
ENTER
User rules
----------
nessusd has a rules system which allows you to restrict the hosts
that admin has the right to test. For instance, you may want
him to be able to scan his own host only.

Please see the nessus-adduser manual for the rules syntax

Enter the rules for this user, and enter a BLANK LINE once you are done :
(the user can have an empty rules set)
ENTER
Login             : admin
Password         : ***********
This user will have 'admin' privileges within the Nessus server
Rules             :
Is that ok ? (y/n) [y]
ENTER
User added
  • Connect to Nessus server
    • Using a web browser browse to https://nessus_server_IP:8834
    • Continue on the security certificate alert
    • Log in using your created username and password
    • Create your first scan and run it

That’s it. Nessus server installation completed. You can create new scans on your network and schdule them to run frequently

For more information on Nessus visit http://www.nessus.org