To stay up to date, remember to subscribe to our YouTube channel!
SUBSCRIBE ON YOUTUBE
Although we know that Linux distributions are much more secure than some other systems, there is always the risk that some file or malware is present on the network and affects user data, installed applications and even the operating system itself, which is why As administrators and advanced users we must be alert to any threat that puts privacy at risk..
To help us mitigate the impact of a threat, but above all to prevent them, we have Nessus, this is a utility that has been created in order to identify and carry out an evaluation of failures and vulnerabilities in networks, applications and the system itself. independent system whatever the distribution.
Nessus integrates several practical tools to identify and correct entry points that attackers can exploit to carry out their purposes..
To use Nessus to its full functionality, the following hardware is required:
- RAM memory of at least 4 GB
Among the main functions and features of Nessus we find:
- You can generate analysis reports in HTML, PDF, XML and CSV formats
- Integrates configuration auditing
- Can analyze web applications
- Performs vulnerability scanning tasks including IPv4/IPv6/hybrid networks
- Scanning with credentials that allow system improvement and missing patches
- Can perform analysis on network devices such as firewalls, routers, and switches
- Nessus meets PCI DSS requirements for vulnerability scanning tasks
- Nessus is compatible with virtualization systems such as VMware ESX, ESXi, vSphere, vCenter, Microsoft, Hyper-V, Citrix Xen server and more
- Compatible with Windows, OS X, Linux, Solaris, FreeBSD, Cisco iOS and IBM iSeries operating systems
- Can detect viruses, malware, backdoors, host and more current threats
- Complies with FFIEC, FISMA, CyberScope, GLBA, HIPAA/HITECH, NERC, SCAP, SOX audit levels
- Supports remote and credentialless scanning
- Allows you to create and configure policies
- It is compatible with RESTful API to integrate Nessus with other programs and thus increase its performance capacity
- Analysis of online and offline systems and devices
Now TechnoWikis will explain how you can install Nessus on Linux and thus improve the security of the system.
How to install Nessus on Linux
To start, we open the terminal, there we are going to download the most recent version of Nessus with the following command:
curl --request GET \ --url 'https://www.tenable.com/downloads/api/v2/pages/nessus/files/Nessus-10.6.1-ubuntu1404_amd64.deb' \ --output 'Nessus-10.6 .1-ubuntu1404_amd64.deb'
Once downloaded, we extract this file by executing the following syntax:
sudo dpkg -i file.deb
At the end of this process we will see the following:
Once we do this, we are going to start the Nessus service:
sudo systemctl start nessusd
Now, we enable Nessus with system boot:
sudo systemctl is-enabled nessusd
We check the status of the Nessus service:
sudo systemctl status nessusd
In order for us to have functional access to Nessus, we must make some configurations in the Firewall, first of all, we add the OpenSSH service in case an external connection will be made, we execute:
sudo ufw allow "OpenSSH"
Then, we add the port required by Nessus and the TCP protocol:
sudo ufw allow 8834/tcp
We enable the Firewall with the command:
sudo ufw enable
Let's check that everything has been configured correctly, to do this we execute:
sudo ufw status
We can execute the “ip a” command to find out the IP address of our system:
Now, knowing the IP address, we open a browser and enter the following:
When we see this error, we click on “Advanced” and then click on “Accept the risk and continue”:
By clicking there we access the Nessus console:
We click on “Continue” and now we must select the product to use, in this case we activate the “Register Nessus Essentials” box. We click on “Continue” and select the different aspects requested to configure the account.
Once the plugins are finally downloaded, the console will open. Here we are going to wait for the plugins to be compiled in the console, without this we will not be able to carry out any activity in Nessus.
Now, we click on “Settings”, there we have some options to use, for example it will be possible to see a brief summary of the application:
Then, in “Software update” it will be possible to configure the update frequency and whether it will be done automatically or manually:
In the “Advanced” section we can see all the global parameters of Nessus. We can see various tabs to navigate in each one and see its configuration.
In the “Proxy server” section we have the possibility of creating and configuring, if required, the proxy server:
If the use of mail servers is required, we can configure SMTP in the respective section:
In the “Password Mgmt” section we will have the opportunity to configure the password with criteria such as:
- Minimum and maximum number of attempts, etc.
In “Scanner Health” we can have real-time access to the status of the system at a global level:
Once the plugins have been loaded, we go to “Scan” and we will see the following:
There we enter the IP address of the device to be analyzed, click on “Submit” and once it is detected, we select the device:
We click on “Run Scan” so that we can see the status of the scan in the console:
In the “Vulnerabilities” tab it will be possible to see the threats for that device. It is possible to click on any of them to have more complete information about the threat. Nessus graphically displays the vulnerabilities by type of impact, high, critical, low, etc.:
One of the great advantages of Nessus is the integration of templates, these will be available based on the plan we use, when we click on “New Scan” we will see the following:
There it will be possible to choose the type of template from options such as:
When a template is selected, we must enter basic data for its use:
We can choose a range of IP addresses to search the entire local network:
In Linux we find the possibility of using the terminal to manage Nessus, if we want this method, we first check the Nessus directory:
Now, we add the Nessus bin directories to the system path using the ~/.bashrc configuration file, run:
echo 'export PATH="$PATH:/opt/nessus/bin:/opt/nessus/sbin"' >> ~/.bashrc
Now we reload this file and check the path:
source ~/.bashrc echo $PATH
Then we check the client configuration:
Finally, we can access the help of this command:
We can see how Nessus becomes a strategic ally to help us optimize the security of our Linux distribution, keeping in mind that threats will always be the order of the day but we must always be one step ahead of these situations..