パソコンの脆弱性を診断するソフト「Nessus」です。
個人使用に限り無償提供されています。
Ubuntu10.10に対応しているそうなので試してみました。
Nessus-4.4.0-ubuntu1010_i386.debをダウンロード。
その際、メールアドレスを入力して、件名 「Nessus Plugin Feed」で[activation code]の書かれたメールを受信。
メール本文に書かれているとおり、アクティベートを実行
$ sudo /opt/nessus/bin/nessus-fetch –register [activation code]
Your activation code has been registered properly – thank you.
Now fetching the newest plugin set from plugins.nessus.org…
Your Nessus installation is now up-to-date.
If auto_update is set to ‘yes’ in nessusd.conf, Nessus will
update the plugins by itself.$ /opt/nessus/sbin/nessus-update-plugins -v
nessus-update-plugins (Nessus) 4.4.0 [build M15045]
(C) 1998 – 2010 Tenable Network Security, Inc.$ sudo /opt/nessus/sbin/nessus-mkcert
——————————————————————————-
Creation of the Nessus SSL Certificate
——————————————————————————-This script will now ask you the relevant information to create the SSL
certificate of Nessus. Note that this information will *NOT* be sent to
anybody (everything stays local), but anyone with the ability to connect to your
Nessus daemon will be able to retrieve this information.CA certificate life time in days [1460]: ^C
$ sudo /opt/nessus/sbin/nessus-mkcert
——————————————————————————-
Creation of the Nessus SSL Certificate
——————————————————————————-This script will now ask you the relevant information to create the SSL
certificate of Nessus. Note that this information will *NOT* be sent to
anybody (everything stays local), but anyone with the ability to connect to your
Nessus daemon will be able to retrieve this information.CA certificate life time in days [1460]: 1460
Server certificate life time in days [365]: 365
Your country (two letter code) [US]: JP
Your state or province name [NY]: KN
Your location (e.g. town) [New York]: Kanagawa
Your organization [Nessus Users United]: 適当
This host name [marumi-desktop]:○○○○Congratulations. Your server certificate was properly created.
The following files were created :
. Certification authority :
Certificate = /opt/nessus//com/nessus/CA/cacert.pem
Private key = /opt/nessus//var/nessus/CA/cakey.pem. Nessus Server :
Certificate = /opt/nessus//com/nessus/CA/servercert.pem
Private key = /opt/nessus//var/nessus/CA/serverkey.pem
Nessus 4.4 Installation Guide
に従って、インストール。
sudo dpkg -i Nessus-4.4.0-ubuntu1010_i386.deb
未選択パッケージ nessus を選択しています。
(データベースを読み込んでいます … 現在 179550 個のファイルとディレクトリがインストールされています。)
(Nessus-4.4.0-ubuntu1010_i386.deb から) nessus を展開しています…
nessus (4.4.0) を設定しています …
Fetching the newest plugins from nessus.org…
Fetching the newest updates from nessus.org…
Done. The Nessus server will restart when its scans are finished
nessusd (Nessus) 4.4.0 [build M15045] for Linux
(C) 1998 – 2010 Tenable Network Security, Inc.Processing the Nessus plugins…
[##################################################]All plugins loaded
– You can start nessusd by typing /etc/init.d/nessusd startureadahead のトリガを処理しています …
Nessusのホームディレクトリは
/opt/nessus
ユーザー登録
$ sudo /opt/nessus/sbin/nessus-adduser
Login : ○○○○○
Login password : xxxxx
Login password (again) : xxxxx
Do you want this user to be a Nessus ‘admin’ user ? (can upload plugins, etc…) (y/n) [n]: y
User rules
———-
nessusd has a rules system which allows you to restrict the hosts
that marumi has the right to test. For instance, you may want
him to be able to scan his own host only.Please see the nessus-adduser manual for the rules syntax
Enter the rules for this user, and enter a BLANK LINE once you are done :
(the user can have an empty rules set)Login : ○○○○○
Password : xxxxx
This user will have ‘admin’ privileges within the Nessus server
Rules :
Is that ok ? (y/n) [y] y
User added
Nessus 開始は
sudo /etc/init.d/nessusd start
終了は
sudo /etc/init.d/nessusd stop
続いてWindowsパソコンにNessusクライアントをインストールします。