---------- Forwarded message ----------
From: XIE WEN-MFK346 <wenxie at motorola.com>
Date: 2008/8/28
Subject: nessus安装截图
To: xiewenxiewen at gmail.com
nessus是世界上最好用的安全扫描工具之一,而且对个人用户是免费的
1.下载nessus
访问网址 http://www.nessus.org/download/
下载nessus安装程序
不用填个人信息,直接点"Click Here to Download Nessus Directly"
服务器是redhat es4 64位的,要下载对应的版本,用es4.i386的就行
2. 申请注册号
http://www.nessus.org/plugins/?view=register-info
选"Register a HomeFeed"
输入邮件地址
等一会,注册号会发到你的邮箱
3. 安装
rpm -Uvh Nessus-3.2.1-es4.i386.rpm
4.注册
访问网址 https://plugins.nessus.org/offline.php
按提示运行 /opt/nessus/bin/nessus-fetch --challenge 获取口令
输入口令和注册号
显示
记住第一个url地址
http://plugins.nessus.org/get.php?f=all-2.0.tar.gz&u=34a15dd5903bb80755a35dc1eedb56ac&p=a37a58daefcd003abccdeefc5dae2166
以后手工下载插件还会用到
然后点击第二个链接,下载 nessus-fetch.rc,url地址是:
http://plugins.nessus.org/mkconfig.php?ac=注册号&c=口令
如
https://plugins.nessus.org/mkconfig.php?ac=F7B4-D650-0C92-3B97-5373&c=4b3302bf5896ffc9555c53768352f5342c9ba479
把nessus-fetch.rc拷到/opt/nessus/etc/nessus/下
cat /opt/nessus/etc/nessus/nessus-fetch.rc
5.下载安装最新插件
修改配置文件/opt/nessus/etc/nessus/nessusd.conf,禁止自动升级
grep auto_update /opt/nessus/etc/nessus/nessusd.conf
a.如果服务器可以连接互联网,那么运行
/opt/nessus/sbin/nessus-update-plugins
自动下载最新插件
b.也可以手工下载,下载地址就是第4步得到的地址
然后解压
tar -C /opt/nessus/lib/nessus/plugins/ -zxf all-2.0.tar.gz
重建插件数据库 /opt/nessus/var/nessus/plugins-code.db,运行
/opt/nessus/sbin/nessusd -Q 或 /opt/nessus/sbin/nessusd -R
6.创建用户
运行 /opt/nessus/sbin/nessus-adduser
创建一个用户并设置用户登录权限
用户名:admin
认证方式:pass
密码:admin
规则:只允许本机访问
accept
127.0.0.1/32
default
deny
7. 启动nessusd服务
运行
/sbin/service nessusd start
nessus服务器安装完成。
然后就可以用bin/nessus扫描服务器漏洞了,这是命令行模式的,最好再装个图形界面的NessusClient
8. 安装NessusClient
下载地址http://www.nessus.org/download/
安装
rpm -Uvh NessusClient-3.2.1-es4.i386.rpm
9.运行NessusClient
/opt/nessus/bin/NessusClient
点"Connect...",选"localhost", 点"Edit..."
改成正确的用户名和密码
点"Save"保存
选"localhost",点"Connect"
连接nessus服务
如果是第一次连接,会出现确认框,选"Yes"
连上后
10. 增加扫描策略
点右边的"+",
按需编辑各种选项
点"Save"保存
选中"my_policy",点菜单"File"->"Export Policy...",保存到文件my_policy.nessusrc
(不过好像只能export,不能import, import菜单永远是灰的???)
11. 增加扫描目标
按需增加要扫描的地址
点"Save"
12. 保存配置
选菜单"File"->"Save As...",保存配置好了的目标和策略到文件my.nessus
.nessus文件是xml格式的
比如:
....
nohostname192.168.11.16
nohostname192.168.11.15
nohostname192.168.11.10
nohostname192.168.11.12
norange10.194.132.24010.194.132.255
yesrange192.168.11.0192.168.16.255
yesnetwork192.168.30.0255.255.255.0
yesnetwork192.168.50.0255.255.255.0
yesnetwork10.194.132.0255.255.255.0
....
13. 扫描
可以点"Scan Now"在图形界面扫描,也可以在字符界面用命令扫描
运行
/opt/nessus/bin/nessus -V -x --dot-nessus /root/my.nessus --policy-name "my_policy" 127.0.0.1
1241 admin admin /root/my_report.nessus >/root/my_nessus.log 2>&1
生成html格式的报表
/opt/nessus/bin/nessus -V -x --dot-nessus /root/my_report.nessus \
-i "`/opt/nessus/bin/nessus -V -x --dot-nessus /root/my_report.nessus --list-reports|/usr/bin/tail -1|/bin/cut -c4-|/bin/sed 's/.$//g'`" \
-o /root/my_report.html
观看报表
elinks /root/my_report.html
14.定期运行脚本
[root@MGT scripts]# cat nessus.sh
#!/bin/bash
usage ()
{
cat <
Usage: $0 {help=n|y} target={sendmail=y|n}
Examples:
$0 help=y
$0
target=test
EOF
}
if [ $# -lt 1 ]; then
usage
exit 1
fi
for f; do eval $f; done
if [ x$help = xy ]; then
usage
exit 0
fi
PD=`/usr/bin/dirname $0`
WD=`(cd $PD/..;pwd)`
#NPATH=/data/nessus
NPATH=$WD
LPATH=$NPATH/logs
RPATH=$NPATH/reports
SPATH=$NPATH/scripts
P=`/bin/basename $0|/bin/cut -d. -f1`
N=${target:-test}
D=`/bin/date '+%Y%m%d'`
LOG=$LPATH/${P}_${N}_${D}.log
UMASK=`umask`
umask 0077
exec 3>&1 4>&2
exec >>$LOG 2>&1
echo "Begin at `/bin/date '+%Y%m%d%H%M%S'`"
NESSUS=/opt/nessus/bin/nessus
CFG=$SPATH/${N}.nessus
NRPT=$LPATH/report_${N}_${D}.nessus
RPT=$RPATH/report_${N}_${D}.html
PARAM="-V -x"
NSERVER="localhost 1241 admin admin"
$NESSUS $PARAM --dot-nessus $CFG --policy-name "my_policy" $NSERVER $NRPT
$NESSUS --dot-nessus $NRPT --list-reports
RPTNAME="`$NESSUS --dot-nessus $NRPT --list-reports|/usr/bin/tail -1|/bin/cut -c4-|/bin/sed 's/.$//g'`"
$NESSUS $PARAM --dot-nessus $NRPT -i "$RPTNAME" -o $RPT
if [ x$sendmail != xn ]; then
ADDR="wenxie@motorola.com"
/usr/sbin/sendmail -v $ADDR <
To: $ADDR
Subject:
Nessus Scan Report for $N - $D
Content-Type: text/html; charset="iso-8859-1"
`cat $RPT`
EOF
fi
echo "End at `/bin/date '+%Y%m%d%H%M%S'`"
echo ""
exec 1>&3 2>&4 3>&- 4>&-
umask $UMASK
[root@MGT scripts]#
[root@MGT ~]# crontab -l |grep ness
#0 2 * * * /data/nessus/scripts/nessus.sh target=wjlab sendmail=n
[root@MGT ~]#
Xie wen(谢文)
Network & Operations,
Mobile Software Solutions (MDB)
MOTOROLA Inc.
No. 108 Jian Guo Road, Chao Yang District, Beijing
100022 P. R. China
e-mail wenxie at motorola.com
-fin-
Blog Archive
-
▼
2008
(27)
-
▼
August
(7)
- nessus installation snapshots - nessus安装截图
- how to determine oracle block size - 如何查看oracle块大小
- setup ssh for netapp filer - 配置netapp filer文件存储系统的...
- ssh tunnel - ssh 隧道
- recover from cold backup of control files - 恢复冷备份的...
- escaping special characters in Oracle - 转义Oracle的特殊字符
- generate sequence numbers - 用SQL语句生成序号
-
▼
August
(7)
Thursday, August 28, 2008
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment