Bài Tập Thực Hành – NESSUS: Lesson 2 Install Nessus on BackTrack 5R1/2

{ Install Nessus on BackTrack 5R1/2 }

Section 0. Background Information
  1. What is NESSUS?
    • Tenable Network Security provides enterprise-class solutions for continuous monitoring and visibility of vulnerabilities, configurations, user activity and system events that impact security and compliance.

    • Nessus features high-speed discovery, configuration auditing, asset profiling, sensitive data discovery and vulnerability analysis of your security posture
  2. Pre-Requisite
  3. Lab Notes
    • In this lab we will do the following:
      1. Install Nessus.
      2. Start the Nessus service
      3. Configure Nessus certificate
      4. Login Nessus
  4. Legal Disclaimer – Đào Tạo An Toàn Thông Tin (Www.AnToanThongTin.Edu.Vn)

Section 1. Login to BackTrack
  1. Start Up VMWare Player
    • Instructions:
      1. Click the Start Button
      2. Type Vmplayer in the search box
      3. Click on Vmplayer
  2. Open a Virtual Machine
    • Instructions:
      1. Click on Open a Virtual Machine
  3. Open the BackTrack5R1 VM
    • Instructions:
      1. Navigate to where the BackTrack5R1 VM is located
      2. Click on on the BackTrack5R1 VM
      3. Click on the Open Button
  4. Edit the BackTrack5R1 VM
    • Instructions:
      1. Select BackTrack5R1 VM
      2. Click Edit virtual machine settings
  5. Edit Virtual Machine Settings
    • Instructions:
      1. Click on Network Adapter
      2. Click on the Bridged Radio button
      3. Click on the OK Button
  6. Play the BackTrack5R1 VM
    • Instructions:
      1. Click on the BackTrack5R1 VM
      2. Click on Play virtual machine
  7. Login to BackTrack
    • Instructions:
      1. Login: root
      2. Password: toor or <whatever you changed it to>.
  8. Bring up the GNOME
    • Instructions:
      1. Type startx
Section 2. Bring up a console terminal
  1. Start up a terminal window
    • Instructions:
      1. Click on the Terminal Window
  2. Obtain the IP Address
    • Instructions:
      1. ifconfig -a
    • Note(FYI):
      • My IP address 192.168.1.111.
      • In your case, it will probably be different.
Section 3. Download Nessus
  1. Start Firefox
    • Instructions:
      1. Applications –> Internet –> Firefox Web Browser

     

  2. Navigate to Tenable Download
  3. Subscription Agreement
    • Instructions
      1. Click on Agree
  4. Would you like to save this file?
    • Instructions
      1. Click Save File
  5. Save File
    • Instructions
      1. Click on the root folder
      2. Click the Save Button
  6. Close Downloads
    • Instructions
      1. Click the “X” to close.

Section 4. Install Nessus
  1. Search for nessus
    • Instructions
      1. cd /root
      2. ls -l Nessus*
      3. dpkg -i Nessus*
    • Notes
      • For steps #2 and #3 I am using a the wildcard(*) just encase the version changes.

Section 5. Obtain Nessus Activation Code
  1. Start Firefox
    • Instructions:
      1. Applications –> Internet –> Firefox Web Browser

     

  2. Obtain Registration Code

Section 6. Register Nessus
  1. Register Nessus
    • Instructions:
      1. /opt/nessus/bin/nessus-fetch –register xxxx-xxxx-xxxx-xxxx
    • Note(FYI):
      • Replace “xxxx-xxxx-xxxx-xxxx” with the activation code sent to your inbox from Tenable.
      • My activation code is x’ed out on purpose.
      • This might take 5 to 10 minutes.

Section 7. Create Nessus User
  1. Add Nessus User
    • Instructions:
      1. /opt/nessus/sbin/nessus-adduser
        • Login: admin
        • Login password: <Supply Password>
        • Login password: (again): <Supply Password>
      2. Do you want this user to be an admin user? y
      3. Enter the rules: Just Press Enter
      4. Is that ok ?: y

Section 8. Start the Nessus Service
  1. Start Nessus Service
    • Instructions:
      1. /etc/init.d/nessusd start
      2. ps -eaf | grep nessus | grep -v grep
        • ps -eaf: Show me all processes
        • | grep  nessus: Only show me nessus processes.
        • | grep -v grep: Do not show my actual grep process.

Section 9. Configure Certificate
  1. Certificate Exception
    • Instructions:
      1. Place the following URL in the Firefox Browser.
      2. Click on I Understand the Risks
      3. Click on the Add Exception Button
  2. Add Security Exception
    • Instructions:
      1. Click the “Permanently store this exception” checkbox
      2. Click the “Confirm Security Exception” button
  3. Nessus Initialization
    • Note(FYI):
      1. The initialization could take anywhere from 5 to 15 minutes.

Section 10. Login to Nessus
  1. Logging into Nessus
    • Instructions:
      1. Username: admin
      2. Password: <Whatever you set it too>
  2. Welcome to Nessus
    • Note(FYI):
      1. Do not click Sign Out until you complete the proof of lab.

Section 12. Proof of Lab
  1. Proof of Lab
    • Instructions
      1. netstat -nao | grep 8834 | grep -v grep
      2. echo “Your Name”
        • Put in your actual name in place of “Your Name”
        • e.g., echo “John Gray”
      3. date
    • Proof Of Lab Instructions:
      1. Press the PrtScn key
      2. Paste into a word document
      3. Upload to website Www.AnToanThongTin.Edu.Vn
  2. Logout of Nessus
    • Instructions:
      1. Click the “Sign Out” link.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s