perform vulnerability scanning as part of your job or anywhere outside your personal network, you need to purchase the ProfessionalFeed activation code. You must pick your activation code based on the operating system that the Nessus service will be running on. For this book, you are using a 32-bit virtual machine of BackTrack 5 that is based on Ubuntu (version 10.04 at the time of this writing). Once you’ve selected the correct operating system version, your activation code will be emailed to you. Keep this email in a safe place, as you will need the activation code in the upcoming Nessus configuration steps. A quick rundown of the installation process for Nessus is described in the following steps. 1. Save the Nessus installer (.deb file for BackTrack) in the root directory 2. Open a terminal and run the ls command and note the.deb file is in the root directory 3. Run the dpkg –i Nessus-5.0.3-ubuntu910_i386.deb command to install Nessus
Alert dpkg is a package manager for Debian Linux to install and manage individual packages. You may have downloaded a different version of the Nessus installer, so please take note of the exact name of the Nessus installer that you downloaded. If you’re unsure what version of Nessus you need, you can run the lsb:release -a command in a BackTrack terminal to retrieve the operating system version details. You can then pick the appropriate Nessus installer to match and then use that.deb file in the dkpg command to install Nessus.
Configuring Nessus Once you have installed Nessus, you must start the service before using the tool. You will only have to issue the /etc/init.d/nessusd start command in a terminal once and then Nessus will run as a persistent service on your system. Once the service is running, the following steps introduce how to configure Nessus. 1. In a browser, go to https://127.0.0.1:8834/ to start the Nessus configuration procedure. 2. When prompted, create a Nessus administrator user. For this book, we will create the root user with a password of toor. 3. Enter the activation code for the HomeFeed from your email. 4. Log in as the root user after the configuration completes.
Alert ■ You must use https in the URL to access the Nessus server as it mandates a secure connection. ■ The Nessus server is running on the localhost (127.0.0.1) and port 8834; therefore, you must include the: 8834 as part of the URL. ■ The downloading of Nessus plug-ins and initial configuration will take 5-6 min depending on your hardware configuration. Have no fear; Nessus will load much quicker during future uses!