Ubuntu 16.04安装使用Nessus漏洞扫描工具
Nessus是目前全世界最多人使用的远程系统漏洞扫描与分析软件。它在计算机上执行1200多中检查,试图检测出系统漏洞。
引用官方的介绍:
Nessus is the most trusted vulnerability scanning platform for auditors and security analysts. Users can schedule scans across multiple scanners, use wizards to easily and quickly create policies, schedule scans and send results via email. Nessus supports more technologies than any other vendor, including operating systems, network devices, hypervisors, databases, tablets/phones, web servers and critical infrastructure.
Nessus有免费版,也有收费版:(下载页面)
Nessus
我安装使用Home版,首先注册一个激活码:
Nessus
下载Nessus,选择对应的系统:
Screen Shot 2016-04-21 at 09.02.24
我使用Ubuntu,下载对应的deb包,然后执行安装命令:
$ sudo dpkg -i Nessus-6.6.1-ubuntu1110_amd64.deb
1
$ sudo dpkg -i Nessus-6.6.1-ubuntu1110_amd64.deb
Nessus
Nessus安装到了/opt目录中。
启动Nessus服务:
$ sudo systemctl enable nessusd.service
$ sudo systemctl start nessusd.service
1
2
$ sudo systemctl enable nessusd.service
$ sudo systemctl start nessusd.service
Nessus使用8834端口;配置防火墙:
$ sudo ufw allow 8834/tcp
1
$ sudo ufw allow 8834/tcp
打开浏览器访问Nessus:
https://your_server_domain_or_ip:8834/
1
https://your_server_domain_or_ip:8834/
安装Nessus
点击Continue开始设置账户、注册、下载最新的插件。
安装Nessus
安装Nessus
安装Nessus
设置完成之后登录Nessus管理页面:
Nessus
Nessus
从模版中添加新的Scan:
Nessus