脆弱性検査ツール Nessus の導入

  Unix

※こっちの文書は古いです。新しい修正版のほうを参照してください。
>> 脆弱性検査ツール Nessus の導入 修正版

インターネットに接続するのであれば、最低限フリーの脆弱性検査ツール Nessus で問題ないことを確認しておこう。

ダウンロード

$ cd src/
$ wget "http://www.nessus.org/download/fget.php?file=nessus-plugins-2.2.8.tar.gz&licence_accept=yes" -O nessus-plugins-2.2.8.tar.gz
$ wget "http://www.nessus.org/download/fget.php?file=libnasl-2.2.8.tar.gz&licence_accept=yes" -O libnasl-2.2.8.tar.gz
$ wget "http://www.nessus.org/download/fget.php?file=nessus-core-2.2.8.tar.gz&licence_accept=yes" -O nessus-core-2.2.8.tar.gz
$ wget "http://www.nessus.org/download/fget.php?file=nessus-libraries-2.2.8.tar.gz&licence_accept=yes" -O nessus-libraries-2.2.8.tar.gz
$ wget "http://www.nessus.org/download/MD5.asc" -O nessus-2.2.8-MD5.asc

MD5 ファイルがイレギュラーなので、ファイルの整合性確認は、目視でw

$ grep "2.2.8.tar.gz" nessus-2.2.8-MD5.asc
$ md5sum libnasl-2.2.8.tar.gz
$ md5sum nessus-core-2.2.8.tar.gz
$ md5sum nessus-libraries-2.2.8.tar.gz
$ md5sum nessus-plugins-2.2.8.tar.gz

MD5 (libnasl-2.2.8.tar.gz) = 07e8d9f06862cb240ede348713cfe31b
MD5 (nessus-core-2.2.8.tar.gz) = 7580ed539c38b6514d1a3cdf62cbe346
MD5 (nessus-libraries-2.2.8.tar.gz) = 257048b54b767f54f224bd9440d2b215
MD5 (nessus-plugins-2.2.8.tar.gz) = 642a62ef5034e51b1e65349fe959e793

07e8d9f06862cb240ede348713cfe31b libnasl-2.2.8.tar.gz
7580ed539c38b6514d1a3cdf62cbe346 nessus-core-2.2.8.tar.gz
257048b54b767f54f224bd9440d2b215 nessus-libraries-2.2.8.tar.gz
642a62ef5034e51b1e65349fe959e793 nessus-plugins-2.2.8.tar.gz

PATH とか,,,

$ PATH=/opt/SUNWspro/bin:/usr/local/bin:/usr/sfw/bin:/usr/bin:/bin:/usr/ucb:/usr/ccs/bin:/etc:.
$ CC=/opt/SUNWspro/bin/cc
$ CXX=/opt/SUNWspro/bin/CC
$ F77=/opt/SUNWspro/bin/f77
$ export PATH CC CXX F77
$ sudo crle -c /var/ld/ld.config -l /usr/local/ssl/lib:/usr/local/lib:/usr/lib:/usr/ucblib:/lib

nessus-libraries

$ tar zxvf nessus-libraries-2.2.8.tar.gz
$ cd nessus-libraries/
$ ./configure --prefix=/usr/local/nessus-2.2.8
$ make
$ sudo make install
$ export LD_LIBRARY_PATH=/usr/local/nessus-2.2.8/lib
$ cd ../

libnasl

$ tar zxvf libnasl-2.2.8.tar.gz
$ cd libnasl/
$ ./configure --prefix=/usr/local/nessus-2.2.8
$ make
$ sudo make install
$ export PATH=/usr/local/nessus-2.2.8/bin:$PATH
$ cd ../

nessus-core

$ tar zxvf nessus-core-2.2.8.tar.gz
$ cd nessus-core/
$ ./configure --prefix=/usr/local/nessus-2.2.8
$ make
$ sudo make install
$ export PATH=/usr/local/nessus-2.2.8/sbin:$PATH
$ cd ../

nessus-plugins

$ tar zxvf nessus-plugins-2.2.8.tar.gz
$ cd nessus-plugins/
$ ./configure --prefix=/usr/local/nessus-2.2.8
$ make
$ sudo make install
$ cd ../

nmap.nasl

$ wget "http://www.nessus.org/documentation/nmap.nasl" -O nmap.nasl
$ sudo install -c -m 444 nmap.nasl /usr/local/nessus-2.2.8/lib/nessus/plugins/

ld.config

# crle -c /var/ld/ld.config -l /usr/local/nessus-2.2.8/lib:/usr/local/ssl/lib:/usr/local/lib:/usr/lib:/usr/ucblib:/lib

証明書の作成

$ sudo nessus-mkcert

/usr/local/nessus-2.2.8/var/nessus/CA created
/usr/local/nessus-2.2.8/com/nessus/CA created
-------------------------------------------------------------------------------
Creation of the Nessus SSL Certificate
-------------------------------------------------------------------------------

This script will now ask you the relevant information to create the SSL
certificate of Nessus. Note that this information will *NOT* be sent to
anybody (everything stays local), but anyone with the ability to connect to your
Nessus daemon will be able to retrieve this information.


CA certificate life time in days [1460]: [Enter]
Server certificate life time in days [365]: [Enter]
Your country (two letter code) [FR]: JP
Your state or province name [none]: [Enter]
Your location (e.g. town) [Paris]: Tokyo
Your organization [Nessus Users United]: [Enter]
-------------------------------------------------------------------------------
Creation of the Nessus SSL Certificate
-------------------------------------------------------------------------------

Congratulations. Your server certificate was properly created.

/usr/local/nessus-2.2.8/etc/nessus/nessusd.conf updated

The following files were created :

. Certification authority :
Certificate = /usr/local/nessus-2.2.8/com/nessus/CA/cacert.pem
Private key = /usr/local/nessus-2.2.8/var/nessus/CA/cakey.pem

. Nessus Server :
Certificate = /usr/local/nessus-2.2.8/com/nessus/CA/servercert.pem
Private key = /usr/local/nessus-2.2.8/var/nessus/CA/serverkey.pem

Press [ENTER] to exit
[Enter]

ユーザーの作成

$ sudo nessus-adduser

Using /var/tmp as a temporary file holder

Add a new nessusd user
----------------------


Login : natsu
Authentication (pass/cert) [pass] : [Enter]
Login password : [Password]
Login password (again) : [Password]

User rules
----------
nessusd has a rules system which allows you to restrict the hosts
that natsu has the right to test. For instance, you may want
him to be able to scan his own host only.

Please see the nessus-adduser(8) man page for the rules syntax

Enter the rules for this user, and hit ctrl-D once you are done :
(the user can have an empty rules set)
[Ctrl+D]

Login : natsu
Password : ***********
DN :
Rules :


Is that ok ? (y/n) [y] [Enter]
user added.

アクティベーション

プラグインをアップデートするためにアクティベーションが必要。
アクティベーションコードは、Nessus – Register で無償で取得できる。
ただし、無償の場合は1週間遅れでの提供となる。最新版が欲しければ、有償登録が必要。

$ sudo /usr/local/nessus-2.2.8/bin/nessus-fetch --register XXXX-XXXX-XXXX-XXXX-XXXX

Your activation code has been registered properly - thank you.
Now fetching the newest plugin set from plugins.nessus.org...
Your Nessus installation is now up-to-date.
Make sure to call regularly use the command 'nessus-update-plugins' to stay up-to-date
To automate the update process, please visit <http://www.nessus.org/documentation/index.php?doc=cron>

Nessus の起動と検査の実施

サーバーの起動。時間がかかる,,,

# nessusd -D

All plugins loaded

今回はとりあえず、ローカ
ルホストを検査したいので、127.0.0.1 をターゲットファイルにぶっこむ。

$ echo "127.0.0.1" > localhost.lst
$ nessus -q 127.0.0.1 1241 natsu password localhost.lst localhost.nbe

「nessus -q」でコマンドライン制御。「127.0.0.1 1241」は、ローカルホストのポート 1241 に接続。「natsu password」は、先ほど作ったユーザー名とパスワード。「localhost.lst」は、ターゲットリストの任意のファイル名。「localhost.nbe」は、結果出力ファイル.出力ファイル形式 (nbe フォーマット)。

初めて (.nessusrc がないとき) 接続するときは、証明書の確認が出てくる。

Please choose your level of SSL paranoia (Hint: if you want to manage many
servers from your client, choose 2. Otherwise, choose 1, or 3, if you are
paranoid.
2
The plugins that have the ability to crash remote services or hosts
have been disabled. You should activate them if you want your security
audit to be complete

しばらくすると結果が localhost.nbe に出てくるので,,,

$ less localhost.nbe

反省しよう,,,

検査が終わったら終了させておこう。

$ ps -ef | grep "nessusd -D"

    root  6139     1   0 00:53:36 ?           0:00 nessusd -D

$ sudo kill 6139

プラグインのアップデート

通常はこんなカンジ,,,

$ sudo /usr/local/nessus-2.2.8/sbin/nessus-update-plugins

でもこれだとアップデートされてんのか、されてないのかわからんので、

$ sudo /usr/local/nessus-2.2.8/sbin/nessus-update-plugins -v

とする。「-v」オプションでアップデートの結果を表示してくれる。