November 21st, 2002, 01:06 AM
Basic Help with Nessus
I run RH 7.3 and am familiar with Nmap, but found Nessus on my machine and saw a few folks out of Def Con 02 runnin' it and I would like to give it a try.
rpm -qa | grep nessus shows me that the client/server rpm are installed, and I can start the server sa r00t.
But, when I type nessus I get a setup screen, what do I need to do to get this sucker configured.
I've googled around for an answer this weekend, but I didn't find anything too helpful.
November 21st, 2002, 02:16 AM
Have you added a user to nessus yet? I had no problem installing nessus from the instructions on the nessus website. If you can tell me what part you're at, I can give you suggestions. Below is the link to the setup demo.
November 21st, 2002, 06:28 PM
I could have swore that I posted a reply to this yesterday, oh well.
If I type
I get a gui for Nessu setup with different tabs: Nessusd host, plugins, prefs., scan options, target selection, user, kb, and credits
If I try to login, I get a SSL error.
I know what SSL is, but what is this error message telling me?
November 21st, 2002, 11:56 PM
Have you run nessus-adduser?
\"Now it\'s time to erase the story of our bogus fate. Our history as it\'s portrayed is just a recipe for hate!\"
November 22nd, 2002, 03:01 AM
I believe that happens when you haven't created a user for the nessus program. You are going to have to open up a terminal and type "nessus-adduser". It will ask you for the password, cypher and something else. Once you have gone through that a user will be created and nessus will work properly.
November 22nd, 2002, 06:50 AM
I'm setting up a new user: nessus and viewing the HOWTO on this website
I created a new user for testing purposes
new user: nessus
when I log in I still get ssl error.
I have no idea what is wrong, and have googling for an answer but have found nothing that addresses this.
November 22nd, 2002, 11:16 AM
You can change wether it uses ssl or not when you compile it. As you installed it as an rpm it is maybe compiled to use ssl by default. You can start the client with nessus -x. This causes nessus not to check ssl certificates. That might solve your problem.
November 23rd, 2002, 04:44 PM
First thing, part of the problem is that this an rpm, I prefer to install from source, less problems, usually.
Second thing, i don't ever remember installing this? I wonder if this installed from an up2date or apt-get?
So I've uninstalled the rpm and installed the the following source files
And installing them in the correct order, or course.
Now when I go to install nessus-mkcert, I get the following error:
Nessusd is located /usr/loca/sbin and that is in my $PATH.
nessus: error while loading shared lbiraries: libnasl.so1: cannot open shared object file: No such file or directory
Executing nessusd failed. Make sure your library loader is configureed properly and that nessusd is in your $PATH
January 10th, 2003, 03:23 PM
I hope this helps......
I had a similar issue and here is how I solved it:
Someone had the NESSUS program installed on RH8.0 so I completely removed it.
I went to nessus.org and got the latest stable release 1.2.7 I believe is the current stable release.
I installed it according to the instructions on the site.
I created a user but chose PASS instead of CERT for authentication
I installed the latest NessusWX client on my W2K box.
I created a new session and added all the plugins and IP addresses I wanted to scan.
Under COMMUNICATIONS, I chose QUICK CONNECT.
Now, I assume this is where you hit a snag right? There is output logged on the bottom of the cosole. Can you post that output if you get stuck here.
Anyway, at this point, I provide a password and it connects to the RH box and I now can conduct my scans.
There are some other things that I do like add the NESSUSD & syntax to the RC.LOCAL file so that the deamon loads automatically at boot time, then I dump the nessus-update-plugins in CRON.DAILY so that I always have the most recent NASLs available.