Results 1 to 9 of 9

Thread: Basic Help with Nessus

  1. #1

    Basic Help with Nessus

    I run RH 7.3 and am familiar with Nmap, but found Nessus on my machine and saw a few folks out of Def Con 02 runnin' it and I would like to give it a try.

    rpm -qa | grep nessus shows me that the client/server rpm are installed, and I can start the server sa r00t.

    But, when I type nessus I get a setup screen, what do I need to do to get this sucker configured.

    I've googled around for an answer this weekend, but I didn't find anything too helpful.

    thanks

    -Chris

  2. #2
    Senior Member
    Join Date
    Jul 2002
    Posts
    167
    Have you added a user to nessus yet? I had no problem installing nessus from the instructions on the nessus website. If you can tell me what part you're at, I can give you suggestions. Below is the link to the setup demo.

    http://nessus.org/demo/first.html

  3. #3
    I could have swore that I posted a reply to this yesterday, oh well.

    If I type

    Code:
    nessus
    I get a gui for Nessu setup with different tabs: Nessusd host, plugins, prefs., scan options, target selection, user, kb, and credits

    If I try to login, I get a SSL error.

    I know what SSL is, but what is this error message telling me?

    thanks

    -Chris

  4. #4
    Senior Member
    Join Date
    Jul 2002
    Posts
    225
    Have you run nessus-adduser?
    \"Now it\'s time to erase the story of our bogus fate. Our history as it\'s portrayed is just a recipe for hate!\"
    -Bad Religion

  5. #5
    Senior Member
    Join Date
    Jul 2002
    Posts
    167
    I believe that happens when you haven't created a user for the nessus program. You are going to have to open up a terminal and type "nessus-adduser". It will ask you for the password, cypher and something else. Once you have gone through that a user will be created and nessus will work properly.

  6. #6
    I'm setting up a new user: nessus and viewing the HOWTO on this website

    http://www.nessus.org/demo/first.html

    I created a new user for testing purposes
    new user: nessus
    passwd: nessus

    when I log in I still get ssl error.

    I have no idea what is wrong, and have googling for an answer but have found nothing that addresses this.

    thanks

    -Chris

  7. #7
    You can change wether it uses ssl or not when you compile it. As you installed it as an rpm it is maybe compiled to use ssl by default. You can start the client with nessus -x. This causes nessus not to check ssl certificates. That might solve your problem.

  8. #8
    First thing, part of the problem is that this an rpm, I prefer to install from source, less problems, usually.

    Second thing, i don't ever remember installing this? I wonder if this installed from an up2date or apt-get?

    So I've uninstalled the rpm and installed the the following source files

    Code:
    libnasl
    nessus-core
    nessus-libraries 
    nessus-plugins
    And installing them in the correct order, or course.

    Now when I go to install nessus-mkcert, I get the following error:

    Code:
    nessus:  error while loading shared lbiraries:  libnasl.so1:  cannot open shared object file:  No such file or directory 
    Executing nessusd failed.  Make sure your library loader is configureed properly and that nessusd is in your $PATH
    Nessusd is located /usr/loca/sbin and that is in my $PATH.

    Please advise

    thaks

    -Chris

  9. #9
    Master-Jedi-Pimps0r & Moderator thehorse13's Avatar
    Join Date
    Dec 2002
    Location
    Washington D.C. area
    Posts
    2,885
    I hope this helps......

    I had a similar issue and here is how I solved it:

    Someone had the NESSUS program installed on RH8.0 so I completely removed it.
    I went to nessus.org and got the latest stable release 1.2.7 I believe is the current stable release.

    I installed it according to the instructions on the site.
    I created a user but chose PASS instead of CERT for authentication
    I installed the latest NessusWX client on my W2K box.
    I created a new session and added all the plugins and IP addresses I wanted to scan.
    Under COMMUNICATIONS, I chose QUICK CONNECT.

    Now, I assume this is where you hit a snag right? There is output logged on the bottom of the cosole. Can you post that output if you get stuck here.

    Anyway, at this point, I provide a password and it connects to the RH box and I now can conduct my scans.

    There are some other things that I do like add the NESSUSD & syntax to the RC.LOCAL file so that the deamon loads automatically at boot time, then I dump the nessus-update-plugins in CRON.DAILY so that I always have the most recent NASLs available.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •