Nessus 4.2.1分为服务端和客户端,我安装在同一台机器上,4.2.1的客户端是web Interface
(Nessus 4.2 comes with a built-in web interface which lets you start your scan and analyze the results from any system which can connect to your Nessus scanner.)
在浏览器中输入https://[server IP]:8834/,记住要用https
1.下载rpm包进行安装
我一开始装的是Nessus-4.2.1-fc10.i386.rpm和Nessus-4.2.1-fc12.i386.rpm,但是在装的的时候都是出现了
依赖性问题。后来下载了Nessus-4.2.1-fc6.i386.rpm,安装成功。
在命令行用rpm命令直接安装也可以。
接下来要注册和添加用户,大概过程如下所示(转自http://www.woniu.me/node/28)
rpm –ivh Nessus-3.2.0-es4.i386.rpm
Preparing... ########################################### [100%]
1:Nessus ########################################### [100%]
nessusd (Nessus) 3.2.0 for Linux
(C) 1998 - 2008 Tenable Network Security, Inc.
Processing the Nessus plugins...
[##################################################]
All plugins loaded
- Please run /opt/nessus/sbin/nessus-adduser to add an admin user
- Register your Nessus scanner at http://www.nessus.org/register/ to
obtain all the newest plugins
- You can start nessusd by typing /sbin/service nessusd start
2.添加nessus帐号
# /opt/nessus/sbin/nessus-adduser
Using /var/tmp as a temporary file holder
Add a new nessusd user
--------------------
Login : admin
Authentication (pass/cert) [pass]:
Login password:
Login password (again):
User rules
----------
nessusd has a rules system which allows you to restrict the hosts
that admin has the right to test. For instance, you may want
him to be able to scan his own host only.
Please see the nessus-adduser(8) man page for the rules syntax
Enter the rules for this user, and hit ctrl-D once you are done:
(the user can have an empty rules set)
Login : admin
Password : ***********
DN :
Rules :
Is that ok ? (y/n) [y]
user added.
3.启动nessus服务
# /sbin/service nessusd start
#ps -ef |grep nessus
root 5341 1 0 01:44 ? 00:00:39 nessusd: waiting for incoming connections 服务已启动
4.安装激活码
验证码通过http://www.nessus.org/register/获得,选择需要的版本,个人选择homefeed,然后填入电子邮件,会收到一封
含有注册码的邮件,其中介绍了如何注册。
# /opt/nessus/bin/nessus-fetch -–register <验证码>
然后可以通过web浏览器来访问Nessus服务器了。