Identifying vulnerabilities is the first step towards securing your environment. Nessus is the de-facto industry standard vulnerability assessment solution. It helps to easily identify and fix vulnerabilities – including software flaws, missing patches, malware, and misconfigurations across a variety of operating systems, devices and applications.
In this tutorial, we are going to learn how to install, setup and use Nessus Professional Vulnerability on Ubuntu 18.04 LTS as well as on CentOS 7 server.
Note that Nessus is a commercial solution and in this tutorial, we are going to use a free trial version.
Download and Install Nessus
Nessus installation package can be downloaded from here. Once the download completes, run the installation as follows.
On Ubuntu 18.04
# dpkg -i Nessus-7.2.1-ubuntu1110_amd64.deb
If the installation is successful, you should see an output shown below;
...output snipped... Unpacking Nessus Scanner Core Components... - You can start Nessus Scanner by typing /etc/init.d/nessusd start - Then go to https://<your-hostname>:8834/ to configure your scanner ...snipped...
For CentOS 7
# yum localinstall Nessus-7.2.1-es7.x86_64.rpm
...output snipped... Installing : Nessus-7.2.1-es7.x86_64 1/1 Unpacking Nessus Core Components... - You can start Nessus by typing /bin/systemctl start nessusd.service - Then go to https://<your-hostname>:8834/ to configure your scanner ...output snipped...
Where <your-hostname> is the hostname of your machine.
Allow Nessus through Firewall
If firewall is running, you need to open Nessus port 8834 to access the web User Interface.
For Ubuntu and simillar derivatives
# ufw allow 8834 # ufw reload
For CentOS and simillar derivatives;
# firewall-cmd --add-port=8834/tcp --permanent # firewall-cmd --reload
Start Nessus Deamon
After the installation is complete, you can start Nessus deamon by running the command below as shown in the installation output.
# /etc/init.d/nessusd start
or you can simply use the command below.
# systemctl start nessusd
To enable Nessus to start on system reboot, run the command below;
# systemctl enable nessusd
Set up and Activate Nessus
After initial installation you are required to set up and activate Nessus. Login to UI, using the link as shown in the installation output: https://<your-hostname>:8834/. When you enter that link, add the SSL error that displays as an exception and proceed.
Create Nessus Administrator Account
Next, you are required to create an admin account.
You may also create a new Nessus user from Nessus CLI using the command below;
# /opt/nessus/sbin/nessuscli adduser
Register Nessus Scanner
Note that you need an activation code for you to register Nessus. To obtain the trail activation code, you need to register here if you have not done so.
Choose the Scanner Type and enter the activation code. Once the Nessus setup is complete, it will start to initialize by downloading and compiling the plugins needed for scanning. This may take a while though.
Once initialization is complete, the Nessus dashboard is launched that looks like the one below;
The installation and setup is now complete and you can now embark on hunting vulnerabilities in your systems.
Learn how to scan assets/hosts using Nessus by following the link below;