nessusでセキュリティホールをチェックする方法について。悪用厳禁(笑)。
$ sudo rpm -Uvh ftp://jpix.ftp.ne.jp/00/redhat/linux/9/en/os/i386/RedHat/RPMS/lynx-2.8.5-11.i386.rpmperl-CGIがさらに必要な場合もあるので、よしなに。
$ sudo rpm -Uvh ftp://jpix.ftp.ne.jp/00/redhat/linux/9/en/os/i386/RedHat/RPMS/perl-CGI-2.81-88.i386.rpmインストール
$ sudo lynx -source http://install.nessus.org | sh
The command 'gtk-config' was not found in your $PATH.
The nessus client will be built without its GUI...(コマンドラインで実行するならこのままでも問題なし)
Press ENTER to continue...(ここで[enter])--------------------------------------------------------------------------------
NESSUS INSTALLATION SCRIPT
--------------------------------------------------------------------------------
This script will retrieve the latest version of Nessus via CVS, and
will compile and install it on your system.
To run this script, you must know the root password of this host
and you need to be able to establish outgoing connections to port
2401/tcp or 80/tcp (through a proxy or directly)
Press a key to continue--------------------------------------------------------------------------------
Nessus installation : installation location
--------------------------------------------------------------------------------
Where do you want the whole Nessus package to be installed ?
[/usr/local] ([enter])--------------------------------------------------------------------------------
Nessus installation : download method
--------------------------------------------------------------------------------
There are two ways to download Nessus :
. From cvs, the download will be slower but you'll have the latest version
. From www, the download will be faster, but you may not get the nightly
changes. However, www is updated every 24 hours
Which download method do you want ? (cvs or www) [www] ([enter])--------------------------------------------------------------------------------
Nessus installation : final step
--------------------------------------------------------------------------------
Nessus will now be installed on this host. The packages will first be
downloaded from nessus.org, then they will be compiled and installed
Press a key to continue
Are you behind a web proxy ? [y/n] (プロキシが存在するなら[y]、なければ[n])
retrieving nessus-2.0.x.tgz
--21:20:09-- http://install.nessus.org/releases/nessus-2.0.x.tgz
=> `-'
install.nessus.org をDNSに問いあわせています... 完了しました。
install.nessus.org[206.241.31.25]:80 に接続しています... 接続しました。
HTTP による接続要求を送信しました、応答を待っています... 200 OK
長さ: 2,897,782 [application/x-tar]
100%[====================================>] 2,897,782 63.50K/s ETA 00:00
21:20:54 (63.50 KB/s) - `-' を保存しました [2897782/2897782]
creating cache ../config.cache
checking for gcc... gcc
checking whether the C compiler (gcc ) works... yes
............(延々とコンパイル)--------------------------------------------------------------------------------
Nessus installation : Finished
--------------------------------------------------------------------------------
Nessus is now installed on this host(インストール後にすべきことは以下の3つ)
. Create a certificate for nessusd using /usr/local/sbin/nessus-mkcert
. Add a user by typing /usr/local/sbin/nessus-adduser
. Then start nessusd by typing /usr/local/sbin/nessusd -D
Press a key to quitインストール後の設定
nessusのクライアント・サーバ間通信に使うSSLの証明書を発行する
$ sudo nessus-mkcert/usr/local/var/nessus/CA created
/usr/local/com/nessus/CA created
-------------------------------------------------------------------------------
Creation of the Nessus SSL Certificate
-------------------------------------------------------------------------------
This script will now ask you the relevant information to create the SSL
certificate of Nessus. Note that this information will *NOT* be sent to
anybody (everything stays local), but anyone with the ability to connect to your
Nessus daemon will be able to retrieve this information.
CA certificate life time in days [1460]: ([enter])
Server certificate life time in days [365]: ([enter])
Your country (two letter code) [FR]: JP(日本なのでJPを)
Your state or province name [none]: ([enter])
Your location (e.g. town) [Paris]: Tokyo(東京)
Your organization [Nessus Users United]: Hoge(適当に)-------------------------------------------------------------------------------
Creation of the Nessus SSL Certificate
-------------------------------------------------------------------------------
Congratulations. Your server certificate was properly created.
/usr/local/etc/nessus/nessusd.conf updated
The following files were created :
. Certification authority :
Certificate = /usr/local/com/nessus/CA/cacert.pem
Private key = /usr/local/var/nessus/CA/cakey.pem
. Nessus Server :
Certificate = /usr/local/com/nessus/CA/servercert.pem
Private key = /usr/local/var/nessus/CA/serverkey.pem
Press [ENTER] to exitnessusのユーザを追加する
$ sudo nessus-adduserUsing /var/tmp as a temporary file holder
Add a new nessusd user
----------------------
Login : nessus-admin(nessusのアカウントを入力)
Authentication (pass/cert) [pass] : pass(passwordで認証するので、pass)
Login password : pass00(パスワードを入力)
User rules
----------
nessusd has a rules system which allows you to restrict the hosts
that nessus-admin has the right to test. For instance, you may want
him to be able to scan his own host only.
Please see the nessus-adduser(8) man page for the rules syntax
Enter the rules for this user, and hit ctrl-D once you are done :
(the user can have an empty rules set)
accept 192.168.89.0/24
default deny
Login : nessus-admin
Password : pass00
DN :
Rules : (ここで入力待ちになるので、以下の2行を入力して[ctrl]+[d])
accept 192.168.89.0/24(検査する範囲を指定しておく。検査時に間違ったIPを入力しても実行しないようにするため)
default deny
Is that ok ? (y/n) [y] y(ここまで問題なければ、y)
user added.アップデートのチェック
$ sudo nessus-update-pluginsnessusサーバを起動
$ sudo nessusd -D検査したいサーバのIPアドレスのリストを作る
$ echo "192.168.89.7" > list.txt検査を実行する
$ sudo nessus -q localhost 1241 nessus-admin pass00 list.txt result.html -T htmlPlease choose your level of SSL paranoia (Hint: if you want to manage many
servers from your client, choose 2. Otherwise, choose 1, or 3, if you are
paranoid.
1(1を入力)
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 1 (0x1)
Signature Algorithm: md5WithRSAEncryption
Issuer: C=JP, L=Tokyo, O=Hoge, OU=Certification Authority for nessus.xxxxx.net, CN=nessus.xxxxx.net/emailAddress=ca@nessus.xxxxx.net
Validity
Not Before: Oct 7 12:38:12 2003 GMT
Not After : Oct 6 12:38:12 2004 GMT
Subject: C=JP, L=Tokyo, O=Hoge, OU=Server certificate for nessus.xxxxx.net, CN=nessus.xxxxx.net/emailAddress=nessusd@nessus.xxxxx.net
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public Key: (1024 bit)
Modulus (1024 bit):
00:bd:c9:ab:77:72:be:31:47:2f:04:c6:d1:37:1a:
4f:60:18:d9:a8:ce:83:18:03:68:5e:2a:d4:15:92:
d5:20:d3:be:eb:3a:b8:f3:9a:09:ae:fa:93:ce:b5:
f4:60:38:bc:96:a6:84:ee:04:93:6a:c6:f2:c9:15:
fa:a7:6c:b2:7b:f4:be:e2:ed:e0:28:4f:7f:1d:2a:
2f:e8:3f:35:71:95:c3:f0:10:6f:44:6c:e6:4a:fd:
17:7e:e5:1b:1e:66:9c:e1:93:cb:9c:f7:6c:96:51:
cf:af:86:7f:aa:fe:c0:c4:b8:90:d9:23:2a:30:0d:
24:df:a6:b3:d5:b8:46:cf:71
Exponent: 65537 (0x10001)
X509v3 extensions:
Netscape Cert Type:
SSL Server
X509v3 Key Usage:
Digital Signature, Non Repudiation, Key Encipherment
Netscape Comment:
OpenSSL Generated Certificate
X509v3 Subject Key Identifier:
B8:3A:4F:D4:89:10:78:B4:CC:C5:19:D6:77:2F:02:91:67:12:A0:40
X509v3 Authority Key Identifier:
keyid:A4:6C:5B:00:86:76:09:76:99:AB:6E:BD:A8:C9:02:1B:F3:71:49:24
DirName:/C=JP/L=Tokyo/O=Hoge/OU=Certification Authority for nessus.xxxxx.net/CN=nessus.xxxxx.net/emailAddress=ca@nessus.xxxxx.net
serial:00
X509v3 Subject Alternative Name:
email:nessusd@nessus.xxxxx.net
X509v3 Issuer Alternative Name:
<EMPTY>
Signature Algorithm: md5WithRSAEncryption
3b:50:52:3e:5c:41:51:4e:df:14:1a:97:51:fd:f2:8b:be:0c:
fb:1e:b2:a6:8c:f6:7c:03:96:8f:84:83:d7:04:7c:e0:c3:92:
34:28:62:fe:dd:4f:60:0a:b1:f0:14:73:f4:c7:31:0e:d4:75:
a1:70:e6:94:77:fc:18:d5:f5:52:9e:3c:22:b1:3b:37:ff:f7:
3d:1c:a0:c1:08:92:11:68:57:d7:2c:f9:7a:de:3d:50:c2:ec:
69:ab:84:d9:46:44:96:65:fa:e0:c4:d8:ed:10:4f:b0:fa:76:
6d:00:ef:e0:ad:00:c3:6f:6d:70:71:6b:78:9d:3b:e2:44:ad:
69:ad
Do you accept it ? (y/n) y(特に問題がなければ、y)
nessus : Remote host is not using the good version of the Nessus communication protocol (1.2) or is tcpwrappedエラーが出るので再実行
$ sudo nessus -q localhost 1241 nessus-admin pass00 list.txt result.html -T html