In this tutorial, we will learn, the steps to install and configure the Nessus scanner on Ubuntu 20.04 LTS server to scan vulnerabilities.
Nessus is a modularly expandable vulnerability scanner that examines various operating systems and servers for a large number of security holes. The reports can be output in various formats. Nessus uses plug-ins written in the NASL scripting language. The suite is client-server-oriented, the scan engine can be operated from any remote system with a separate GUI.
It is available in both premium and free versions, the free one has a limitation of 16 IPs scanning. Thus, Nessus free edition is ideal for personal usage, a small startup, educators, and individuals starting their careers in Cyber Security.
To activate it, however, a valid email address is required. Professional users must purchase a license that costs $ $2,990 for 1 year.
Install Nessus Scanner on Ubuntu 20.04 LTS server
The steps given here will be the same for Ubuntu 14.04/18.04/19.10, Kali Linux and Debian Linux as well…
1. Download Nessus Scanner Deb package
Tenable offers the Nessus scanner via Deb binary, which the user needs to download from its official website to install it. So, visit the Nessus Download page and scroll to find your Linux operating system and its corresponding version.
2. Command to Install Nessus on Ubuntu 20.04
We already have downloaded the Debian binary to set up Nessus on Linux, now whatever we download from the browser goes into the Downloads folder, so switch to that first.
Now, use the APT package to install the file.
sudo apt install ./Nessus*_amd64.deb
3. Enable & Start Scanner services
Once the installation is completed, let’s enable its service to run automatically with Ubuntu boot, and also start the same for the current session.
sudo systemctl enable --now nessusd
To check the status, type-
sudo systemctl status nessusd
To exit- press Ctrl + C
4. Allow Nessus Port through the firewall
The Nessus runs on port number 8834, thus to access its web interface remotely using the browser, we need to open this port in our Ubuntu 20.04 firewall.
sudo ufw allow 8834
5. Access Web Interface
Now, open a browser on a system that can access the Ip-address of the server where you have installed the Nessus scanner instance. And point to that along with a port number.
Replace server-ip-address with the real IP of your Ubuntu 20.04.
Note: don’t use HTTP otherwise you will haver an error:
Bad Request Your browser sent a request that this server could not understand. Reason: You're speaking plain HTTP to an SSL-enabled server port. Instead, please use the HTTPS scheme to access this URL.
If you get an SSL certificate error then click on Advance and proceed unsafely.
6. Choose how you want to deploy Nessus – setup on Ubuntu 20.04
The initial web page of the Nessus will ask you to select the product which you want to install. Here, the first product option you get is free to use where the rest are paid but available with a trial period.
Nessus Essentials – The free version for educators, students, and hobbyists
Nessus Professional– The de-facto industry standard vulnerability assessment solution of security practitioners.
Nessus Manager – The enterprise solution for managing Nessus Agent at scale.
Managed Scanner – Link your scanner to another Tenable solution such as Tenable.io and Tenable.sc.
7. Get Activation code
Enter your email address and other details to get the activation code, so that we can activate the product to use it further. The best way to get the code is to visit the Registration page, register for a Professional or free version to get Activation one.
After that click on the Skip button and add the code you got on your email.
8. Create User
When the system asks you to create a Nessus Admin user, create that by setting a username and corresponding password. After that, you will have the working Nessus on your system.
9. Add NessusCLI command to the system path
By default, to access the Nessus command line, we have to define the whole path for nessuscli tool on our Ubuntu 20.04 system’s terminal. To remove this, we just need to add its CLI tool folder to our system path. Know more about its command line at the official Doc page.
Run the below command in the Ubuntu 20.04 Terminal:
sudo -i export PATH=$PATH:/opt/nessus/sbin/ source ~/.bashrc
Usage: nessuscli <command> [<options>] Usage: nessuscli <command> help Bug Reporting Commands: bug-report-generator bug-report-generator --quiet [--full] [--scrub] User Commands: rmuser [username] chpasswd [username] adduser [username] lsuser Dump Commands: dump --plugins Link Commands: managed link --key=<key> --cloud or --host=<host> --port=<port> [optional parameters] managed unlink [--force] managed status Fetch Commands: fetch --register <serial> fetch --register-offline <license.file> fetch --check fetch --code-in-use fetch --challenge fetch --security-center fetch --scanner-health-stats Node Commands: node link --key=<key> --host=<host> --port=<port> node unlink node status Fix Commands: fix [--secure] --list fix [--secure] --set <name=value> fix [--secure] --get <name> fix [--secure] --delete <name> fix --show fix --show <name> fix --list-interfaces fix --reset Certificate Commands: import-certs mkcert-client mkcert [-q] Backup Tool: backup --create <backup file filename> backup --restore <backup file path> Analyze Commands: analyze scan <uuid> Software Update Commands: update update --all update --plugins-only update <plugin archive>
Install WPScan WordPress Security Scanner on Ubuntu 20.04 LTS
Install latest Linux Kernel on Ubuntu 20.04 Focal Fossa via PPA
MongoDB Compass GUI in Ubuntu 20.04 LTS Linux
How to install Adobe Photoshop CS6 on Ubuntu 20.04
Install Graylog on Ubuntu 20.04 LTS