# lynx -source http://install.nessus.org | sh
——————————————————————————–
NESSUS INSTALLATION SCRIPT
——————————————————————————–
This script will retrieve the latest version of Nessus via CVS, and
will compile and install it on your system.
To run this script, you must know the root password of this host
and you need to be able to establish outgoing connections to port
2401/tcp or 80/tcp (through a proxy or directly)
Press a key to continue <ENTER>
——————————————————————————–
Nessus installation : installation location
——————————————————————————–
Where do you want the whole Nessus package to be installed ?
[/usr/local] <ENTER>
——————————————————————————–
Nessus installation : branch selection
——————————————————————————–
Nessus is currently made up of two branches:
– the STABLE branch is Nessus 2.0.x. It is now considered as being
bug-free.
– the DEVEL branch is Nessus 2.1x. It is considered as a being in
developement, and therefore may prove to be unstable.
Which branch do you wish to install (STABLE or DEVEL) ?
[STABLE] <ENTER>
——————————————————————————–
Nessus installation : download method
——————————————————————————–
There are two ways to download Nessus :
. From cvs, the download will be slower but you’ll have the latest version
. From www, the download will be faster, but you may not get the nightly
changes. However, www is updated every 24 hours
Which download method do you want ? (cvs or www) [www] <ENTER>
——————————————————————————–
Nessus installation : final step
——————————————————————————–
Nessus will now be installed on this host. The packages will first be
downloaded from nessus.org, then they will be compiled and installed
Press a key to continue <ENTER>
Are you behind a web proxy ? [y/n] n <ENTER>
– Now it downloads and install the software
——————————————————————————–
Nessus installation : Finished
——————————————————————————–
Nessus is now installed on this host
. Create a certificate for nessusd using /usr/local/sbin/nessus-mkcert
. Add a user by typing /usr/local/sbin/nessus-adduser
. Then start nessusd by typing /usr/local/sbin/nessusd -D
. Remember to invoke ‘nessus-update-plugins’ periodically to update your plugins
Press a key to quit <ENTER>
Then run : /usr/local/sbin/nessus-mkcert
——————————————————————————-
Creation of the Nessus SSL Certificate
——————————————————————————-
This script will now ask you the relevant information to create the SSL
certificate of Nessus. Note that this information will *NOT* be sent to
anybody (everything stays local), but anyone with the ability to connect to your
Nessus daemon will be able to retrieve this information.
CA certificate life time in days [1460]:
Server certificate life time in days [365]:
Your country (two letter code) [FR]: DK
Your state or province name [none]: Denmark
Your location (e.g. town) [Paris]: Stoholm
Your organization [Nessus Users United]: Unifix Security
——————————————————————————-
Creation of the Nessus SSL Certificate
——————————————————————————-
Congratulations. Your server certificate was properly created.
/usr/local/etc/nessus/nessusd.conf updated
The following files were created :
. Certification authority :
Certificate = /usr/local/com/nessus/CA/cacert.pem
Private key = /usr/local/var/nessus/CA/cakey.pem
. Nessus Server :
Certificate = /usr/local/com/nessus/CA/servercert.pem
Private key = /usr/local/var/nessus/CA/serverkey.pem
Press [ENTER] to exit
– Create as many users as needed!
localhost root # /usr/local/sbin/nessus-adduser
Using /var/tmp as a temporary file holder
Add a new nessusd user
———————-
Login : mike
Authentication (pass/cert) [pass] : <enter>
Login password : <password>
Login password (again) : <password>
User rules
———-
nessusd has a rules system which allows you to restrict the hosts
that mike has the right to test. For instance, you may want
him to be able to scan his own host only.
Please see the nessus-adduser(8) man page for the rules syntax
Enter the rules for this user, and hit ctrl-D once you are done :
(the user can have an empty rules set)
<CTRL-D>
Login : mike
Password : ********
DN :
Rules :
Is that ok ? (y/n) [y] y
user added.
Finally start the deamon:
localhost root # /usr/local/sbin/nessusd -D
And then run nessus from some host and connect it up to the deamon!