Installing nessus

# lynx -source | sh


This script will retrieve the latest version of Nessus via CVS, and
will compile and install it on your system.

To run this script, you must know the root password of this host
and you need to be able to establish outgoing connections to port
2401/tcp or 80/tcp (through a proxy or directly)

Press a key to continue <ENTER>

Nessus installation : installation location

Where do you want the whole Nessus package to be installed ?
[/usr/local] <ENTER>

Nessus installation : branch selection

Nessus is currently made up of two branches:
– the STABLE branch is Nessus 2.0.x. It is now considered as being

– the DEVEL branch is Nessus 2.1x. It is considered as a being in
developement, and therefore may prove to be unstable.

Which branch do you wish to install (STABLE or DEVEL) ?

Nessus installation : download method

There are two ways to download Nessus :
. From cvs, the download will be slower but you’ll have the latest version
. From www, the download will be faster, but you may not get the nightly
changes. However, www is updated every 24 hours

Which download method do you want ? (cvs or www) [www] <ENTER>

Nessus installation : final step

Nessus will now be installed on this host. The packages will first be
downloaded from, then they will be compiled and installed

Press a key to continue <ENTER>

Are you behind a web proxy ? [y/n] n <ENTER>

– Now it downloads and install the software

Nessus installation : Finished

Nessus is now installed on this host
. Create a certificate for nessusd using /usr/local/sbin/nessus-mkcert
. Add a user by typing /usr/local/sbin/nessus-adduser
. Then start nessusd by typing /usr/local/sbin/nessusd -D

. Remember to invoke ‘nessus-update-plugins’ periodically to update your plugins

Press a key to quit <ENTER>

Then run : /usr/local/sbin/nessus-mkcert

Creation of the Nessus SSL Certificate

This script will now ask you the relevant information to create the SSL
certificate of Nessus. Note that this information will *NOT* be sent to
anybody (everything stays local), but anyone with the ability to connect to your
Nessus daemon will be able to retrieve this information.

CA certificate life time in days [1460]:
Server certificate life time in days [365]:
Your country (two letter code) [FR]: DK
Your state or province name [none]: Denmark
Your location (e.g. town) [Paris]: Stoholm
Your organization [Nessus Users United]: Unifix Security

Creation of the Nessus SSL Certificate

Congratulations. Your server certificate was properly created.

/usr/local/etc/nessus/nessusd.conf updated

The following files were created :

. Certification authority :
Certificate = /usr/local/com/nessus/CA/cacert.pem
Private key = /usr/local/var/nessus/CA/cakey.pem

. Nessus Server :
Certificate = /usr/local/com/nessus/CA/servercert.pem
Private key = /usr/local/var/nessus/CA/serverkey.pem

Press [ENTER] to exit

– Create as many users as needed!

localhost root # /usr/local/sbin/nessus-adduser
Using /var/tmp as a temporary file holder

Add a new nessusd user

Login : mike
Authentication (pass/cert) [pass] : <enter>
Login password : <password>
Login password (again) : <password>

User rules
nessusd has a rules system which allows you to restrict the hosts
that mike has the right to test. For instance, you may want
him to be able to scan his own host only.

Please see the nessus-adduser(8) man page for the rules syntax

Enter the rules for this user, and hit ctrl-D once you are done :
(the user can have an empty rules set)

Login : mike
Password : ********
DN :
Rules :

Is that ok ? (y/n) [y] y
user added.

Finally start the deamon:
localhost root # /usr/local/sbin/nessusd -D

And then run nessus from some host and connect it up to the deamon!

Dette indlæg blev udgivet i Knowledge Base, Linux, Old Base, Security. Bogmærk permalinket.

Skriv et svar