Shulou(Shulou.com)06/01 Report--

Introduction to the installation and use of Nessus 5.2.0 under Bt5 R3

1. Download nessus. Download URL: http://www.tenable.com/products/nessus/select-your-operating-system#download, select Agress from this URL and you will go to the download interface. Download the appropriate version according to the operating system in the download interface: Ubuntu 10.04 (32 bits).

2. Install the downloaded .deb file. Use the dpkg command.

3. Create users. At the terminal, enter the directory opt/nessus/sbin/ through the cd command, and then enter the command: nessus-adduser to create a user, all the way yes.

4. Go to the official website to register and get the serial number to activate the installed nessus. The official website address for registration is: http://www.tenable.com/products/nessus-home. After entering the website, select "Using Nessus at Home" to get the serial number of the free home version. After entering, fill in the correct email address, the serial number will be sent to your mailbox.

5. Activate nessus according to the obtained serial number. Type: / opt/nessus/bin/nessus-fetch-register "your serial number" under the terminal, and then wait a while.

6. Start nessus. Enter the command: / etc/init.d/nessusd start at the terminal to start.

Through the above steps, nessus has been successfully installed. Enter: https://loaclhost:8834 in the browser to successfully access nessus (see, it is https protocol, http can not access), enter the user name and password created in step 3, you can enter.

II. The use of nessus

The official reference book used by nessus is http://static.tenable.com/documentation/nessus_5.0_user_guide.pdf.

Nessus is the most popular vulnerability scanner in the world, which consists of a server that performs tasks and a client that configures the control server. Type https://localhost:8834/ in the browser to open the configurator. When the configuration is completed and the scan starts, the configuration side can be closed without affecting the scan.

It is necessary to know the following four default policies before using them. Click "Policies" to see:

Web App Tests-ability to find known and unknown vulnerabilities including xss,sql injection, command injection, etc.

Prepare for PCI DSS audit-compare the results with the PCI standard using the built-in data security standard

Internal Network Scan-scan for embedded systems containing a large number of hosts, service network devices and similar printers the CGI Abuse plug-in is not available, the standard scan port is not 65535

External Network Scan- scan external host plug-ins containing a small number of services scan all 65535 ports with known web vulnerabilities (CGI Abuses & CGI Abuse)

The interface is described as follows:

1. "Configuration is used for settings such as network proxy.

2. "Users" is used to add and delete users.

3. "Policies" is used to set the scanning policy.

4. "Scans" is used to add scan objects. Click the Add tab to add a scan.

5. "Mobie" is used to set the mobile devices in the network.

6. "Report" is used to view and upload scan reports.

Instructions for use: when scanning a task, click "Scans" and add the scanning task, then click "Launch" to scan. Click "Report" after scanning to view the scan report.

Attachment: http://down.51cto.com/data/2364635

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.