Nessus is the market leading Vulnerability assessment tool which is available in multiple packaging options which includes Professional, Managed and Cloud.
Nessus is basically a remote scanning tool which runs scanning on your remote sever within your network and Identifies in case of any vulnerabilities found which a malicious hacker could use in order to gain access to your servers. It has it’s predefined 1000’s of check which identifies potential threat on your Infrastructure.
Nessus is not ment for protecting your servers from the attack but it is a tool which can help you to Identify the security related loop holes for your infrastructures. It provides a detailed report of the Vulnerabilities refering to which you as an system administrator can fix and protect your servers from hackers and malwares in order to keep your environment secure.
To know more about Nessus tool, you can have a look at the official documentation
Let’s start with the Installation process of Nessus. Login to the Server and execute below commands.
# sudo apt update -y // for ubuntu # sudo yum update -y // For redhat/centos
Download package for your OS from the link below,
https://www.tenable.com/downloads/nessus
Once package has been downloaded, Install it using the command below.
For Ubuntu $ sudo dpkg -i Nessus-8.9.0-ubuntu910_amd64.deb For CentOS/Rhel $ sudo rpm -ivh Nessus-8.9.0-es6.x86_64.rpm
Now start the nessus daemon. Nessus runs on port number 8834, so make sure this port is open in your firewall.
$ sudo /etc/init.d/nessusd start
Once service is started, get the IP Address and access nessus UI from the URL. make sure to use https://IP:8834. you will see the nessus welcome page as shown in the screenshot below.
Select Nessus Essential and Click on Continue. You can also use nessus professional for the free trial Now provide your first and last name along with the email ID and Click Email. This will send you the activation code on your email ID, using which you can use nessus for 7 days of trial period.
Once you click on email, you will get the activation code on your email, just enter that activation code and Click on Continue.
Provide the Admin Username and Password for your nessus account. Once you create the username and password then nessus will download the required packages/files/plugin to setup your environment. This Initialization process may take long time to finish. After this your nessus environment will be ready.
Note: Alternatively you can also request for activation key from the nessus website.
So once the the required plugins and files are Installed, your nessus console is ready for creating the new Scan.
Just Incase If you want to reset the User password then you can use the below command.
# /opt/nessus/sbin/nessuscli chpasswd
Reference Articles
Unable to Download Nessus Scan Report as a PDF Report File
Vulnerability Assessment of Linux/Unix Servers Using Nessus Tool Scan.