Implementing a robust vulnerability management strategy begins with deploying essential security tools. One of the industry-leading vulnerability scanners is Nessus, known for its comprehensive scanning capabilities and extensive plugin database. Getting started involves correctly installing and configuring the software on your chosen operating system. This guide walks you through the process for two popular Linux distributions, Ubuntu 18.04 and CentOS 7, setting the stage for effective security assessments.
Installing Nessus on Ubuntu 18.04
The installation process on Ubuntu 18.04 is straightforward once you have the correct Nessus package.
- First, you need to download the appropriate Nessus package file (
.deb) from the official Tenable website. Ensure you select the version compatible with your Ubuntu architecture. - Navigate to the directory where you downloaded the package using the terminal.
- Install the package using the dpkg command. This is typically done with elevated privileges:
sudo dpkg -i Nessus-*.deb
ReplaceNessus-*.debwith the actual filename of the downloaded package. - Once the installation completes, start the Nessus service:
sudo systemctl start nessusd.service - To ensure Nessus starts automatically upon system boot, enable the service:
sudo systemctl enable nessusd.service - Verify the service is running correctly by checking its status:
sudo systemctl status nessusd.service
Look for “active (running)” in the output.
Installing Nessus on CentOS 7
For CentOS 7, the procedure is similar, utilizing the standard package manager for RPM-based systems.
- Download the Nessus package file (
.rpm) from the official Tenable website, selecting the version for CentOS and your architecture. - Open your terminal and change to the download directory.
- Install the package using the rpm command. The
-ivhflags are commonly used for verbose installation with a hash progress bar:
sudo rpm -ivh Nessus-*.rpm
Again, substituteNessus-*.rpmwith the downloaded filename. - After installation, start the Nessus service:
sudo systemctl start nessusd - Enable the service for automatic startup on boot:
sudo systemctl enable nessusd - Confirm the service’s operational status:
sudo systemctl status nessusd
Confirm it shows as “active (running)”. - CentOS 7 with its default firewall (firewalld) might block access to the Nessus web interface. You’ll need to open the required port, which is typically 8834:
sudo firewall-cmd –add-port=8834/tcp –permanent
sudo firewall-cmd –reload
Initial Configuration
With Nessus installed and the service running, the final steps involve initial configuration via the web interface.
- Open a web browser and navigate to https://[YourServerIPorHostname]:8834/. You will likely encounter a certificate warning, which you can safely bypass for initial access.
- Select the desired product (e.g., Nessus Essentials, Nessus Professional, etc.) and click Continue.
- Choose how you want to register your Nessus instance (e.g., with a registration code or activation code). Enter the required information. If you don’t have a code, you can sign up for Nessus Essentials on the Tenable website to receive one.
- Click Continue and then Skip the remote scan registration if not applicable.
- Create an administrator account for logging into the Nessus web interface. Choose a secure username and password.
- Nessus will then proceed to download and compile its plugins. This step is crucial and can take a significant amount of time depending on your internet connection and server resources. Do not interrupt this process.
- Once the plugin initialization is complete, you will be presented with the Nessus dashboard, ready to configure scans and begin identifying vulnerabilities.
Following these steps ensures that your Nessus vulnerability scanner is correctly installed and ready for the initial setup on both Ubuntu 18.04 and CentOS 7, providing a solid foundation for your security scanning efforts.
Source: https://kifarunix.com/how-to-install-configure-and-use-nessus-vulnerability-scanner-on-ubuntu-18-04/
