酷米网(kmw.com),专注高端域名快速交易!

  1. 当前位置: 
  2. 首页 > 
  3. 域名资讯  > Nessus简介
服务器时间:2018-07-19 17:45:24 (CST +08:00)

Nessus简介

2017-12-17 16:58:58     浏览量: 65

Nessus 简介(转载)

2007-03-21 11:13

一、Nessus 简介

Nessus 是一个功能强大而又易于使用的远程安全扫描器,它不仅免费而且更新极快。安全扫描器的功能是对指定网络进行安全检查,找出该网络是否存在有导致对手攻击的安全漏洞。该系统被设计为client/sever模式,服务器端负责进行安全检查,客户端用来配置管理服务器端。在服务端还采用了plug-in 的体系,允许用户加入执行特定功能的插件,这插件可以进行更快速和更复杂的安全检查。在Nessus 中还采用了一个共享的信息接口,称之知识库,其中保存了前面进行检查的结果。检查的结果可以HTML 、纯文本、LaTeX (一种文本文件格式)等几种格式保存。

在未来的新版本中,Nessus 将会支持快速更快的安全检查,而且这种检查将会占用更少的带宽,其中可能会用到集群的技术以提高系统的运行效率。 Nessus 的优点在于:

1、 其采用了基于多种安全漏洞的扫描,避免了扫描不完整的情况。

2、 它是免费的,比起商业的安全扫描工具如ISS 具有价格优势。

3、 在Nmap 用户参与的一次关于最喜欢的安全工具问卷调查中(评选结果附后),在与众多商用系统及开放源代码的系统竞争中,Nessus 名列榜首。群众的眼睛是雪亮的:)。

4、 Nessus 扩展性强、容易使用、功能强大,可以扫描出多种安全漏洞。

Nessus 的安全检查完全是由plug-ins 的插件完成的。到本文完成时为止,Nessus 提供的安全检查插件已达18类705个,而且这个数量以后还会增加。比如:在“useless services”类中,“Echo port open”和”Chargen”插件用来测试主机是否易受到已知的echo-chargen 攻击。在“backdoors”类中,”pc anywhere”插件用来检查主机是否运行了BO 、PcAnywhere 等后台程序,可喜的是其中包括了最近肆虐一时的CodeRed 及其变种的检测。 在Nessus 主页中不但详细介绍了各种插件的功能,还提供了解决问题的相关方案。有关plug-in 的详细说明,请看

[url]http://cgi.nessus.org/plugins/dump.php3?viewby=family[/url]

除了这些插件外,Nessus 还为用户提供了描述攻击类型的脚本语言,来进行附加的安全测试,这种语言称为Nessus 攻击脚本语言(NSSL ),用它来完成插件的编写。

在客户端,用户可以指定运行Nessus 服务的机器、使用的端口扫描器及测试的内容及测试的IP 地址范围。Nessus 本身是工作在多线程基础上的,所以用户还可以设置系统同时工作的线程数。这样用户在远端就可以设置Nessus 的工作配置了。安全检测完成后,服务端将检测结果返回到客户端,客户端生成直观的报告。在这个过程当中,由于服务器向客户端传送的内容是系统的安全弱点,为了防止通信内容受到监听,其传输过程还可以选择加密。

二、安装Nessus

前面讲到,Nessus 由客户端和服务器端两部分组成。我们先来看服务器端的安装。

1、 下载与安装

你可以到[url]http://www.nessus.org/download.html[/url]去下载nessus 的最新版本。Nessus 分为服务器端和客户端两部分,而服务器端又分为稳定版和实验版两种版本,建议你下载稳定的版本,如果你不是太急于看到实验版本中的新功能的话。

同样,nessus 的客户端有两个版本,JAVA 版本及C 版本,JAVA 版本的可以在多个平台中运行,C 版本的支持Windows ,有了这两个客户端的版本你就可以在局域网的任何的一台机器上进行安全检查了。

下面我们来看看服务器端的安装。服务器端共有四个安装包组成:

· nessus-libraries-x.x.tar.gz

· libnasl-x.x.tar.gz

· nessus-core.x.x.tar.gz

· nessus-plugins.x.x.tar.gz

一定要按照以上的顺序安装各个软件包。首先用tar –xzvf nessus-* 将这四个软件包解开。第一个先安装nessus 的lib 库:

cd nessus-libaries

./configure

make

,

以root 身份执行make install。

然后以同样的方法按照上面的顺序安装其它三个软件包。

在安装完毕后,确认在/etc/ld.so.conf文件加入安装已安装库文件的路径:/usr/local/lib。如果没有,你只需在该文件中加入这个路径,然后执行ldconfig ,这样nessus 运行的时候就可以找着运行库了。

2、 创建一个用户

Nessus 服务端有自己的用户资料库,其中对每个用户都做了约束。用户可以在整个网络范围内通过nessusd 服务端进行安全扫描。

创建用户的方法如下:

$ nessus-adduser

Addition of a new nessusd user

------------------------------

Login : admin //输入用户名

Pass : secret //用户口令

Authentification type (cipher or plaintext) [cipher] : cipher //选择认证过程是否加密,

Now enter the rules for this user, and hit ctrl-D once you are done :

(the user can have an empty rule set)

^D

Login : admin

Pssword : secret

Authentification : cipher

Rules :

Is that ok (y/n) ? [y] y

user added.

Nessus-adduser 是Nessusd 的附带工具,安装完毕后,在安装目录下会产生这个程序。

3、 配置Nessus 服务端程序Nessusd

它的配置文件为nessusd.conf ,位于/usr/local/etc/nessus/目录下。一般情况下,不建议你改动其中的内容,除非你确实有需要。

4、 启动nessusd

在上面的准备工作完成后,以root 用户的身份用下面的命令启动服务端:nessusd –D

三、进行安全扫描

按照上面的方法启动Nessus 的服务进程后,就可以执行客户端程序进行安全扫描了。

上面就是启动界面了。首先提示你登录到nessus 服务器,在Nessus Host后面输入Nessus 服务器所在的Linux 机器IP 地址,端口号及加密方式不需要做改动。下面输入用户名,点击Log in登录。一旦登录成功,Log in的按钮会变为Log out,对话框的旁边还会有connected 的提示。

好了,下面我们通过选择Plug-in 插件来进行相应的安全扫描:

,

如上图所示,在上半部分的是插件选择,下面是插件所能检查的攻击方法,点击每个攻击方法会弹出一个对话框介绍它的危害性及解决方法,如下图所示:

建议选择全部的插件以增加安全扫描的完整性。

下面选择扫描的目标主机,点击“target selection”

在窗口中输入目标地址,如上面所输入的:192.168.6.26,这里作者用的是一个内部地址,你还可以用192.168.6.26/24的方式指定扫描

192.168.6.1-192.168.6.255整个网段,抑或用x.y.z 及选中下面的Perform a DNS zone transfer选项一起通过域名系统查找目标的IP ,

最后还有一个可选项是用户规则,规则是用来对用户所做的扫描操作进行约束,比如我想对除了192.168.6.4这个地址以外的所有192.168.6网段主机进行扫描,那就可以在规则设置中输入:

reject 192.168.6.4

default accept

这一切都OK 后,点击start 开始进行扫描。

四、扫描结果

当扫描结束后,会生成如下形式的报表:

在窗口的左边列出了所有被扫描的主机,只要用鼠标点击主机名称,在窗口右边就列出了经扫描发现的该主机的安全漏洞。再点击安全漏洞的小图标会列出该问题的严重等级及问题的产生原因及解决方法。

最后,你还可以将扫描结果以多种格式存盘,做为参考资料供以后使用

附:排名前50的网络安全工具

在2000年的五、六月间,由nmap-hacker 邮件列表中的1200名Nmap 用户发起了最佳安全工具的评选活动,每个用户最多可以选出5个最佳工具。 最后,评选出以下50个最佳的网络安全工具。对那些在网络安全领域刚入门的用户来说,这个投票结果对选取何种网络安全工具有相当的参考价值。

二、安装nessusd

In this "How To" I'll attempt to guide you through how to uninstall nessus 2.2.8 and install the latest version in the 2.2.x branch. This how to is provided mainly for users who are less familiar with Linux. I do encourage you to read the whole procedure to make sure you understand what you're about to do. If you have the ability to test this in a lab environment, please do so. I'd hate to see you mess up your production server(s).

Update Nessus from 2.2.8 to the latest version in the 2.2.x series.

At the time of this writing, the Nessus 2.2.x branch is version 2.2.11.

I kept running into problems with Nessus freezing when scanning a large number of hosts or a subnet. After many hours of troubleshooting this problem as well as countless Google searches I decided that an upgrade of nessus was in order. I've read many reports that upgrading the latest version will fix it. I'm happy to report that

,

nessus no longer freezes up on me when scanning large subnets. w00t!

I was unable to locate any third party apt repositories that had the latest version of nessus. We'll have to resort to installing from source. I'll do my best to keep all the files in the same locations as the Debian installer. As far as I can tell, there is no easy way to use the nessus installer and change the locations of the various components.

This how to is tested in a freshly installed OSSIM vmware install using the 1.0.4 ISO installer. Immediately following the install, apt-get update && apt-get dist-upgrade was run. A reboot to get to the newly installed kernel was in order. The OSSIM update script was also run to get the installer to the latest version 1.0.5p1

1. Backup the nessusd init script which is provided by debian.

cp /etc/init.d/nessusd /root/nessusd.init

2. Stop and remove the old version of nessus

/etc/init.d/nessusd stop

apt-get --purge remove libnasl2 libnessus2 nessus nessusd nessus-plugins

3. In order to compile source code, we'll have to install some tools. We can remove these later after we're done with our install. Removing them later is optional but recommended.

apt-get install build-essential sharutils flex bison libssl-dev

4. Go to and download the latest source for the 2.2.x branch.

Download all of the following components. Save them to some temp directory on your server.

libnasl-2.2.11.tar.gz (359 KB)

nessus-core-2.2.11.tar.gz (664 KB)

nessus-libraries-2.2.11.tar.gz (418 KB)

nessus-plugins-2.2.11.tar.gz (7468 KB)

nessus-plugins-GPL-2.2.11.tar.gz (1071 KB)

Unless you have a direct feed, be sure to register for the delayed plugins. You'll need it later.

5. Extract the nessus-libraries and change to that directory.

tar xof nessus-libraries-2.2.11.tar.gz && cd nessus-libraries

,

6. Configure, make and make install the libraries.

./configure --prefix=/usr --sysconfdir=/etc --localstatedir=/var/lib --sharedstatedir=/var/lib && make && make install

7. Extract the libnasl and change to that directory.

tar xof libnasl-2.2.11.tar.gz && cd libnasl

8. Configure, make and make install the libnasl.

./configure --prefix=/usr --sysconfdir=/etc --localstatedir=/var/lib --sharedstatedir=/var/lib && make && make install

9. Extract the nessus-core and change to that directory.

tar xof nessus-core-2.2.11.tar.gz && cd nessus-core

10. Configure the nessus core without gtk, make and make install nessus-core

./configure --prefix=/usr --sysconfdir=/etc --localstatedir=/var/lib --sharedstatedir=/var/lib --libdir=/var/lib --disable-gtk && make && make install

11. Extract the nessus-plugins and change to that directory.

tar xof nessus-plugins-2.2.11.tar.gz

tar xof nessus-plugins-GPL-2.2.11.tar.gz && cd nessus-plugins

12. Configure the nessus-plugins

./configure --prefix=/usr --sysconfdir=/etc

--sharedstatedir=/var/lib --libdir=/var/lib --localstatedir=/var/lib

13. Edit the makefile in order to avoid an error when you run make install Edit Makefile line 26

for scripts in scripts/*.nasl scripts/*.nbin; do

for scripts in scripts/*.nasl; do

If you don't edit the Makefile, you'll receive the following error when running make install.

/usr/bin/install: cannot stat `scripts/*.nbin': No such file or directory make: *** [install-nasl] Error 1

14. make && make install the nessus-plugins

make && make install

15. Add /usr/lib to ld.so.conf

echo "/usr/lib" >> /etc/ld.so.conf

ldconfig

16. Register nessus to get the latest plugins.

/usr/bin/nessus-fetch --register S0M3-C0D3-FR0M-T3NA-BL3!

,

17. Create a nessusd certifcate.

/usr/sbin/nessus-mkcert

You can take the defaults or fill in the blanks. Your choice.

18. Remove the old ossim user that is left over from the previous install. /usr/sbin/nessus-rmuser

ossim

19. Create a nessus userid and password for ossim to use.

/usr/sbin/nessus-adduser

Name the user ossim and set a password.

Note: You may want to use the password in the /etc/ossim/ossim_setup.conf file. If you run the reconfigure script, the nessus user password will be overwritten.

20. Update the OSSIM configuration via the web interface

Configuration --> Main --> Nessus

Update the nessus_user and nessus_pass with the values from the previous step if you decided to change the password.

21. Copy the backup nessusd init.d script back

cp /root/nessusd.init /etc/init.d/nessusd

22. Edit /etc/init.d/nessusd file to update a couple of paths

I couldn't get all of the files to install in the exact location as before. I've spent too much time on trying to get all of the files back to their original location than if I would just edit a couple of lines in the init file.

Change

PIDFILE=/var/run/nessusd.pid to

PIDFILE=/var/lib/nessus/nessusd.pid

PRIVCERTDIR=/var/lib/nessus/private/CA/ to

PRIVCERTDIR=/var/lib/nessus/CA/

23. Start nessusd

/etc/init.d/nessusd start

24. Update OSSIM's database with the latest nessus plugin IDs.

/usr/share/ossim/scripts/update_nessus_ids.pl

25. If you no longer need the packages we installed earlier, remove them. apt-get remove build-essential sharutils flex bison libssl-dev

,

26. If you are using the delayed feed like me, it's not a bad idea to set an entry in cron to download the latest plugins. You'll also want to have it run the update_nessus_ids script after nessus has loaded the new plugins. I do this on a weekly basis. For more information on how to use cron, please see the following site. Of course you could also check out your local cron man page.

I was able to successfully follow these instructions in both a lab environment and in my production environment too.