nessus

nessusでセキュリティホールをチェックする方法について。悪用厳禁(笑)。

$ sudo rpm -Uvh ftp://jpix.ftp.ne.jp/00/redhat/linux/9/en/os/i386/RedHat/RPMS/lynx-2.8.5-11.i386.rpm

perl-CGIがさらに必要な場合もあるので、よしなに。

$ sudo rpm -Uvh ftp://jpix.ftp.ne.jp/00/redhat/linux/9/en/os/i386/RedHat/RPMS/perl-CGI-2.81-88.i386.rpm

インストール

$ sudo lynx -source http://install.nessus.org | sh
The command 'gtk-config' was not found in your $PATH.
The nessus client will be built without its GUI...(コマンドラインで実行するならこのままでも問題なし)
Press ENTER to continue...(ここで[enter])
--------------------------------------------------------------------------------
                             NESSUS INSTALLATION SCRIPT      
--------------------------------------------------------------------------------



This script will retrieve the latest version of Nessus via CVS, and 
will compile and install it on your system.

To run this script, you must know the root password of this host 
and you need to be able to establish outgoing connections to port 
2401/tcp or 80/tcp (through a proxy or directly)


Press a key to continue
--------------------------------------------------------------------------------
                     Nessus installation : installation location
--------------------------------------------------------------------------------


Where do you want the whole Nessus package to be installed ? 
[/usr/local] ([enter])
--------------------------------------------------------------------------------
                     Nessus installation : download method
--------------------------------------------------------------------------------

There are two ways to download Nessus :
  . From cvs, the download will be slower but you'll have the latest version
  . From www, the download will be faster, but you may not get the nightly
    changes. However, www is updated every 24 hours

Which download method do you want ? (cvs or www) [www] ([enter])
--------------------------------------------------------------------------------
                     Nessus installation : final step
--------------------------------------------------------------------------------


Nessus will now be installed on this host. The packages will first be
downloaded from nessus.org, then they will be compiled and installed


Press a key to continue

Are you behind a web proxy ? [y/n] (プロキシが存在するなら[y]、なければ[n])
retrieving nessus-2.0.x.tgz
--21:20:09--  http://install.nessus.org/releases/nessus-2.0.x.tgz
           => `-'
install.nessus.org をDNSに問いあわせています... 完了しました。
install.nessus.org[206.241.31.25]:80 に接続しています... 接続しました。
HTTP による接続要求を送信しました、応答を待っています... 200 OK
長さ: 2,897,782 [application/x-tar]

100%[====================================>] 2,897,782     63.50K/s    ETA 00:00

21:20:54 (63.50 KB/s) - `-' を保存しました [2897782/2897782]

creating cache ../config.cache
checking for gcc... gcc
checking whether the C compiler (gcc  ) works... yes
............(延々とコンパイル)
--------------------------------------------------------------------------------
                     Nessus installation : Finished
--------------------------------------------------------------------------------


Nessus is now installed on this host(インストール後にすべきことは以下の3つ)
. Create a certificate for nessusd using /usr/local/sbin/nessus-mkcert
. Add a user by typing /usr/local/sbin/nessus-adduser
. Then start nessusd by typing /usr/local/sbin/nessusd -D


Press a key to quit

インストール後の設定

nessusのクライアント・サーバ間通信に使うSSLの証明書を発行する

$ sudo nessus-mkcert
/usr/local/var/nessus/CA created
/usr/local/com/nessus/CA created
-------------------------------------------------------------------------------
                        Creation of the Nessus SSL Certificate
-------------------------------------------------------------------------------

This script will now ask you the relevant information to create the SSL
certificate of Nessus. Note that this information will *NOT* be sent to
anybody (everything stays local), but anyone with the ability to connect to your
Nessus daemon will be able to retrieve this information.


CA certificate life time in days [1460]: ([enter])
Server certificate life time in days [365]: ([enter])
Your country (two letter code) [FR]: JP(日本なのでJPを)
Your state or province name [none]: ([enter])
Your location (e.g. town) [Paris]: Tokyo(東京)
Your organization [Nessus Users United]: Hoge(適当に)
-------------------------------------------------------------------------------
                        Creation of the Nessus SSL Certificate
-------------------------------------------------------------------------------

Congratulations. Your server certificate was properly created.

/usr/local/etc/nessus/nessusd.conf updated
 
The following files were created : 

. Certification authority : 
   Certificate = /usr/local/com/nessus/CA/cacert.pem
   Private key = /usr/local/var/nessus/CA/cakey.pem

. Nessus Server : 
    Certificate = /usr/local/com/nessus/CA/servercert.pem
    Private key = /usr/local/var/nessus/CA/serverkey.pem

Press [ENTER] to exit

nessusのユーザを追加する

$ sudo nessus-adduser
Using /var/tmp as a temporary file holder

Add a new nessusd user
----------------------


Login : nessus-admin(nessusのアカウントを入力)
Authentication (pass/cert) [pass] : pass(passwordで認証するので、pass)
Login password : pass00(パスワードを入力)

User rules
----------
nessusd has a rules system which allows you to restrict the hosts
that nessus-admin has the right to test. For instance, you may want
him to be able to scan his own host only.

Please see the nessus-adduser(8) man page for the rules syntax

Enter the rules for this user, and hit ctrl-D once you are done : 
(the user can have an empty rules set)
accept 192.168.89.0/24
default deny


Login             : nessus-admin
Password          : pass00
DN                : 
Rules             : (ここで入力待ちになるので、以下の2行を入力して[ctrl]+[d])
accept 192.168.89.0/24(検査する範囲を指定しておく。検査時に間違ったIPを入力しても実行しないようにするため)
default deny


Is that ok ? (y/n) [y] y(ここまで問題なければ、y)
user added.

アップデートのチェック

$ sudo nessus-update-plugins

nessusサーバを起動

$ sudo nessusd -D

検査したいサーバのIPアドレスのリストを作る

$ echo "192.168.89.7" > list.txt

検査を実行する

$ sudo nessus -q localhost 1241 nessus-admin pass00 list.txt result.html -T html
Please choose your level of SSL paranoia (Hint: if you want to manage many
servers from your client, choose 2. Otherwise, choose 1, or 3, if you are 
paranoid.
1(1を入力)
Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 1 (0x1)
        Signature Algorithm: md5WithRSAEncryption
        Issuer: C=JP, L=Tokyo, O=Hoge, OU=Certification Authority for nessus.xxxxx.net, CN=nessus.xxxxx.net/emailAddress=ca@nessus.xxxxx.net
        Validity
            Not Before: Oct  7 12:38:12 2003 GMT
            Not After : Oct  6 12:38:12 2004 GMT
        Subject: C=JP, L=Tokyo, O=Hoge, OU=Server certificate for nessus.xxxxx.net, CN=nessus.xxxxx.net/emailAddress=nessusd@nessus.xxxxx.net
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
            RSA Public Key: (1024 bit)
                Modulus (1024 bit):
                    00:bd:c9:ab:77:72:be:31:47:2f:04:c6:d1:37:1a:
                    4f:60:18:d9:a8:ce:83:18:03:68:5e:2a:d4:15:92:
                    d5:20:d3:be:eb:3a:b8:f3:9a:09:ae:fa:93:ce:b5:
                    f4:60:38:bc:96:a6:84:ee:04:93:6a:c6:f2:c9:15:
                    fa:a7:6c:b2:7b:f4:be:e2:ed:e0:28:4f:7f:1d:2a:
                    2f:e8:3f:35:71:95:c3:f0:10:6f:44:6c:e6:4a:fd:
                    17:7e:e5:1b:1e:66:9c:e1:93:cb:9c:f7:6c:96:51:
                    cf:af:86:7f:aa:fe:c0:c4:b8:90:d9:23:2a:30:0d:
                    24:df:a6:b3:d5:b8:46:cf:71
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            Netscape Cert Type: 
            SSL Server
            X509v3 Key Usage: 
            Digital Signature, Non Repudiation, Key Encipherment
            Netscape Comment: 
            OpenSSL Generated Certificate
            X509v3 Subject Key Identifier: 
            B8:3A:4F:D4:89:10:78:B4:CC:C5:19:D6:77:2F:02:91:67:12:A0:40
            X509v3 Authority Key Identifier: 
            keyid:A4:6C:5B:00:86:76:09:76:99:AB:6E:BD:A8:C9:02:1B:F3:71:49:24
            DirName:/C=JP/L=Tokyo/O=Hoge/OU=Certification Authority for nessus.xxxxx.net/CN=nessus.xxxxx.net/emailAddress=ca@nessus.xxxxx.net
            serial:00

            X509v3 Subject Alternative Name: 
            email:nessusd@nessus.xxxxx.net
            X509v3 Issuer Alternative Name: 
            <EMPTY>

    Signature Algorithm: md5WithRSAEncryption
        3b:50:52:3e:5c:41:51:4e:df:14:1a:97:51:fd:f2:8b:be:0c:
        fb:1e:b2:a6:8c:f6:7c:03:96:8f:84:83:d7:04:7c:e0:c3:92:
        34:28:62:fe:dd:4f:60:0a:b1:f0:14:73:f4:c7:31:0e:d4:75:
        a1:70:e6:94:77:fc:18:d5:f5:52:9e:3c:22:b1:3b:37:ff:f7:
        3d:1c:a0:c1:08:92:11:68:57:d7:2c:f9:7a:de:3d:50:c2:ec:
        69:ab:84:d9:46:44:96:65:fa:e0:c4:d8:ed:10:4f:b0:fa:76:
        6d:00:ef:e0:ad:00:c3:6f:6d:70:71:6b:78:9d:3b:e2:44:ad:
        69:ad

Do you accept it ? (y/n) y(特に問題がなければ、y)
nessus : Remote host is not using the good version of the Nessus communication protocol (1.2) or is tcpwrapped

エラーが出るので再実行

$ sudo nessus -q localhost 1241 nessus-admin pass00 list.txt result.html -T html