Installing Nessus 2.0 on SuSE 9.0 Pro with KDE 3.1
Installing Nessus 2.0 on SuSE 9.0 Pro with KDE 3.1
The following is a simple how-to guide for installing the Nessus
vulnerability scanner, server daemon, and client on SuSE Linux.
The instructions do not include in depth explanations as it is
assumed that you are familiar with features and benefits of
Nessus and have a general working knowledge of Linux.
As with any software installation, your results may vary
depending on the machine. The installation steps were conducted
using the commercial version of SuSE 9.0 Professional steps were
tested on a notebook, workstation, and server to insure
accuracy. The one difference that may occur during your
installation is that of the network card and/or Internet
connection. At SiteRecon we do not use DHCP and each
installation required manual setup of NIC and IP information. If
you use DHCP, the network and Internet setup will differ from
the instructions below.
The installation process should be conducted using the "root"
account. It is strongly suggested that your install take place
on a safe non-routable network that does not have hostile
traffic. Your system will be vulnerable and could easily become
infected with a virus, worm, bomb, or hacked.
Install SuSE 9.0 Professional - Insert
Disk 1 and boot system
- Press F2 - select screen
resolution
- Use up/down arrows to select
"Installation"
- Select Language
- Select "New Installation" (Screen may not
appear depending on installation)
- "Installation
Settings" change anything needed then
- YaST2 "Start installation" (Screen
may not appear depending on installation)
- System
Reboots...
- Insert Disk 2 as requested, select
- Click "Expert Options" button and change
Encryption type to MD5
- Enter root user
password
- "Network Configuration" - change
as needed
- "Test Internet Connection"
- "User Authentication Method"
- "Add a New Local User" - uncheck "Auto Login, enter
data as desired
- "Release Notes"
- "Hardware Configuration"
- "Installation Completed"
- System boots to KDE interface
- Login
as root
- "Welcome to SuSE Linux 9.0"
- Click "Control Center" on task bar
- Click "Desktop"
- Click "Size &
Orientation"
- Select desired screen resolution,
check "Apply settings on KDE startup"
- Click "Accept Configuration"
- Close
"Size & Orientation" window
- Network Card Setup (if needed)
- Click "Control Center" on task bar
- Click "YaST2 modules"
- Click
"Network Devices"
- Click "Network card" and
setup you NIC
- SuSE Watcher
- Click
"SuSE Watcher" on task bar (round green or red icon on right)
- Click
- Click "Start
online update"
- "Welcome to YaST Online Update"
-
- Take desired
actions when prompted.
- When completed, check
"Remove Source Packages after Update", click
You now have a fully functioning and patched installation of
SuSE and are ready to install the applications required for
Nessus. It should be noted that by installing the programs
below, you are also setting up an environment to compile GCC C
programs. Additional information on GCC can be found at http://gcc.gnu.org/.
Nessus Application Requirements - Click "Control Center" on task bar
- Click "YaST2 modules"
- Click
"Software"
- Click "Install and Remove Software"
and install the following programs:
- Bison
- Flex
- Gcc
- Gcc-c++
- GTK2
- GTK2-devel
- GTK-devel
- kdepim3-time-management package
- libnet
- Make
- OpenSSL
- OpenSSL-devel
- Perl
- sharutils
- xfree86
- xfree86-compat-libs
- xfree86-devel
- Run YaST
Online Update to patch all installed programs
Download Nessus - Click "Local
Network"
- Change location to "/"
- Right click and Create New directory titled
"nessus-installer", close window
- Using browser
go to http://www.nessus.or
g/nessus_2_0.html
- From "The easy and less
dangerous way" section download "nessus-installer.sh" file
saving to the "nessus-installer" directory.
Compile Nessus - Click "Konsole" on
task bar and change directories to "nessus-installer"
- Type "sh nessus-installer.sh"
- Accept defaults by pressing (During the
compiling process you may receive warning messages for
"nessus_popen", "insert_nasl_func", and "extra tokens". These
are warning messages and the compiling process should complete
successfully.)
- When compiling process is
complete you will be prompted to press to quit.
Nessus Server Setup - Type
"nessus-mkcert" to make a server certificate
- Accept default for "CA certificate life"
- Accept default for "Server certificate life"
- Enter your 2 letter country code
- Enter your state or province code
- Enter your location
- Enter your organization name
- Certificate process completed message
- Type "nessus-adduser" to create a
user account
- Enter login name
- Accept default for authentication
- Enter password
- Press
ctrl-D to end user creation process
- "Is that
ok?" message
- Type "nessusd -D" to
start the Nessus server service (It may take several seconds for
Nessus to finish initializing. The command prompt will return
once the Nessus daemon is started).
If you wish to have the Nessus Server daemon automatically
started when the system is booted, edit the
"etc/init.d/boot.local" file and append "nessusd -D".
Nessus Setup - Type "nessus"
- Enter login
- Enter password
- Click "Log in" button
- "SSL Setup"
window will appear, click
- "Nessus" windows
asking to accept this certificate, click
- "Warning" message about plugins crashing remote
systems will appear, click
- Close "Konsole"
window
KAlarm - Click "Start Applications"
on task bar and select "Utilities", "Time", then "KAlarm"
- In the KAlarm window click "Actions", then New
- Check "Command" and enter "nessus-update-plugins" as
the command line
- Check "Any time" check box
- Check "Recur" for Repetition, then select the
"Recurrence" Tab
- Enter "01:00" for "Recurr
every" field
- Select button, then
- Close "Kalarm" window (Kalarm by default is
automatically stated upon boot.)
Firewall
KDE provides built-in firewall protection. Vulnerability
scanners such as Nessus do not normally function well with
software firewalls in place. To remove the firewall:
- Click "Control Center" on task bar
- Click "YaST2 modules"
- Click
"Security and Users"
- Click "Firewall"
- Check "Stop Firewall and Remove from Boot Process"
- "Firewall configuration - deactivate
firewall", click
- "The firewall is now
turned off"
General Information
Uninstall executable: /usr/local/sbin/uninstall-nessus
Configuration file: /usr/local/etc/nessus/nessusd.conf
Certificate Authority: /usr/local/com/nessus/CA/cacert.pem
Certificate Authority - Private:
/usr/local/var/nessus/CA/cakey.pem
Nessus Server Certificate file:
/usr/local/com/nessus/CA/servercert.pem
Nessus Server - Private Key file:
/usr/local/var/nessus/CA/serverkey.pem
Nessus uses port 1241 to communicate
You now have a fully functioning Nessus server daemon and client
installed on SuSE using the KDE desktop environment. Kalarm is
setup to automatically update Nessus plugins once per hour to
insure you have the latest vulnerability tests. Nessus is now
fully operational to help with your security needs.