Christian WellsNessus is an open-source network vulnerability scanner that is widely used for vulnerability assessments, penetration testing, and ethical hacking. It is known for its comprehensive scanning capabilities and utilizes the Common Vulnerabilities and Exposures (CVE) architecture. With Nessus, you can conduct network vulnerability scans, identify misconfigurations, and detect Denial of Service (DoS) vulnerabilities.
In this article, we will guide you through the step-by-step process of installing and using Nessus Security Scanner on Rocky Linux. We will cover the prerequisites, installation via .rpm file, setting up Firewalld, basic configuration of Nessus, setting up Nessus CLI, and creating your first scan with Nessus.
Prerequisites
Before getting started, make sure you have the following prerequisites in place:
- A Rocky Linux server (e.g., ‘nessus-server’) with a non-root user having sudo/root administration privileges.
- SELinux set to ‘permissive’ mode.
Installing Nessus via .rpm File
To install Nessus on Rocky Linux, we will download the Nessus package .rpm file and install it manually using the ‘rpm’ command.
First, install curl by running the following command:
sudo dnf install curl
Next, download the Nessus .rpm file with the following curl command:
sudo curl --request GET --url 'https://www.tenable.com/downloads/api/v2/pages/nessus/files/Nessus-10.4.1-es8.x86_64.rpm' --output'Nessus-10.4.1-es8.x86_64.rpm'
Once the download is complete, you will find the file ‘Nessus-10.4.1-es8.x86_64.rpm’ in your current working directory.
Now, install the Nessus package using the following command:
sudo rpm -Uvh Nessus-10.4.1-es8.x86_64.rpm
After the installation is finished, start and enable the Nessus service by running the following commands:
sudo systemctl start nessusd sudo systemctl enable nessusd
To verify that the Nessus service is enabled and running, use the following commands:
sudo systemctl is-enabled nessusd
sudo systemctl status nessusd
Setting up Firewalld
After installing Nessus, you need to set up Firewalld and open the Nessus port (8834/tcp). Firewalld is enabled by default on Rocky Linux.
To add port 8834/tcp to Firewalld, execute the following command:
sudo firewall-cmd --add-port=8834/tcp --permanent
Reload Firewalld to apply the new rules:
sudo firewall-cmd --reload
To verify the list of open ports on Firewalld, use the following command:
sudo firewall-cmd --list-all
You should see port 8834/tcp added to the list.
Nessus Basic Configuration
Now that Nessus is installed and Firewalld is configured, it’s time to perform the basic configuration of Nessus. We will be using the Nessus Essentials version, which is the free vulnerability scanner.
To start the configuration, open your web browser and enter the IP address of your server followed by port 8834 (e.g., https://192.168.5.100:8834/). This will take you to the Nessus installation page.
On the installation page, select the version of Nessus you want to install. For the free version, choose ‘Nessus Essentials’ and click ‘Continue’.
Provide your name and email address to receive the Nessus activation code, and click ‘Email’. Make sure to use a valid email address.
After receiving the Nessus activation code, enter it on the page and click ‘Continue’.
Once the activation code is verified, you will be prompted to create an admin user for Nessus. Enter the admin username and password, then click ‘Submit’.
The installation process will begin, including the compilation and installation of Nessus plugins. This may take some time to complete.
After the installation is finished, you will be directed to the Nessus dashboard, where you will be logged in as the admin user.
Setting up Nessus CLI
Nessus is installed in the ‘/opt/nessus’ directory, which contains the configuration files in ‘/opt/nessus/etc’ and the binary files in ‘/opt/nessus/bin’ and ‘/opt/nessus/sbin’.
To set up Nessus CLI, we need to add the Nessus binary paths to the system’s $PATH environment variable.
First, verify the list of directories inside the Nessus installation directory:
ls /opt/nessus
Next, run the following command to add the Nessus binary paths to the $PATH variable. This command appends a new configuration to the ~/.bashrc file, which will be loaded upon login.
echo'export PATH="$PATH:/opt/nessus/bin:/opt/nessus/sbin"' >> ~/.bashrc
Reload the ~/.bashrc config file in the current session:
source ~/.bashrc
Verify that the Nessus binary paths have been added to the $PATH variable:
echo $PATH
You should see ‘/opt/nessus/bin’ and ‘/opt/nessus/sbin’ in the output, indicating that the paths have been successfully added.
Now you can run the Nessus CLI by typing the following command:
nessuscli help
This will display the help page for the ‘nessuscli’ command.
Creating Your First Scan with Nessus
To create your first scan with Nessus, go to the Nessus user dashboard and click on the ‘Create a new scan’ link.
Select the desired scan template, such as ‘Basic network scan’, and provide the necessary information, including the scan name, description, folder to save the scan, and the target host. Click ‘Save’ to confirm and add the scan.
You will see the new scan listed under the ‘My Scans’ folder. Click the play button to start the scan.
Monitor the progress of the scan on the dashboard. Once the scan is complete, click on the scan name to view the detailed results.
The ‘Vulnerabilities’ tab provides detailed information about the vulnerabilities detected by Nessus.
Conclusion
Congratulations! You have successfully installed Nessus Security Scanner on your Rocky Linux server. You have also learned how to configure Nessus, set up the Nessus CLI, and create your first scan.
Nessus is a powerful tool that helps you identify security vulnerabilities and provides valuable recommendations for improving the security of your network.
Remember to regularly run scans using Nessus to ensure the ongoing security of your systems.
For more information about secure and reliable cloud hosting solutions, visit Shape.host. Shape.host offers Cloud VPS services to empower your business with efficient and scalable hosting solutions.
