インターネットに接続するのであれば、最低限フリーの脆弱性検査ツール Nessus で問題ないことを確認しておこう。
ダウンロード
$ cd src/ $ wget "http://www.nessus.org/download/fget.php?file=nessus-plugins-2.2.8.tar.gz&licence_accept=yes" -O nessus-plugins-2.2.8.tar.gz $ wget "http://www.nessus.org/download/fget.php?file=libnasl-2.2.8.tar.gz&licence_accept=yes" -O libnasl-2.2.8.tar.gz $ wget "http://www.nessus.org/download/fget.php?file=nessus-core-2.2.8.tar.gz&licence_accept=yes" -O nessus-core-2.2.8.tar.gz $ wget "http://www.nessus.org/download/fget.php?file=nessus-libraries-2.2.8.tar.gz&licence_accept=yes" -O nessus-libraries-2.2.8.tar.gz $ wget "http://www.nessus.org/download/MD5.asc" -O nessus-2.2.8-MD5.asc
MD5 ファイルがイレギュラーなので、ファイルの整合性確認は、目視でw
$ grep "2.2.8.tar.gz" nessus-2.2.8-MD5.asc $ md5sum libnasl-2.2.8.tar.gz $ md5sum nessus-core-2.2.8.tar.gz $ md5sum nessus-libraries-2.2.8.tar.gz $ md5sum nessus-plugins-2.2.8.tar.gz
MD5 (libnasl-2.2.8.tar.gz) = 07e8d9f06862cb240ede348713cfe31b MD5 (nessus-core-2.2.8.tar.gz) = 7580ed539c38b6514d1a3cdf62cbe346 MD5 (nessus-libraries-2.2.8.tar.gz) = 257048b54b767f54f224bd9440d2b215 MD5 (nessus-plugins-2.2.8.tar.gz) = 642a62ef5034e51b1e65349fe959e793 07e8d9f06862cb240ede348713cfe31b libnasl-2.2.8.tar.gz 7580ed539c38b6514d1a3cdf62cbe346 nessus-core-2.2.8.tar.gz 257048b54b767f54f224bd9440d2b215 nessus-libraries-2.2.8.tar.gz 642a62ef5034e51b1e65349fe959e793 nessus-plugins-2.2.8.tar.gz
PATH とか,,,
$ PATH=/opt/SUNWspro/bin:/usr/local/bin:/usr/sfw/bin:/usr/bin:/bin:/usr/ucb:/usr/ccs/bin:/etc:. $ CC=/opt/SUNWspro/bin/cc $ CXX=/opt/SUNWspro/bin/CC $ F77=/opt/SUNWspro/bin/f77 $ export PATH CC CXX F77 $ sudo crle -c /var/ld/ld.config -l /usr/local/lib:/usr/sfw/lib:/usr/lib:/usr/ucblib:/lib
nessus-libraries
$ gtar zxvf nessus-libraries-2.2.8.tar.gz $ cd nessus-libraries/ $ ./configure --prefix=/usr/local/nessus-2.2.8 --with-ssl=/usr/sfw $ make $ sudo make install $ export LD_LIBRARY_PATH=/usr/local/nessus-2.2.8/lib $ cd ../
libnasl
$ gtar zxvf libnasl-2.2.8.tar.gz $ cd libnasl/ $ ./configure --prefix=/usr/local/nessus-2.2.8 --with-ssl=/usr/sfw $ make $ sudo make install $ export PATH=/usr/local/nessus-2.2.8/bin:$PATH $ cd ../
nessus-core
$ gtar zxvf nessus-core-2.2.8.tar.gz $ cd nessus-core/ $ ./configure --prefix=/usr/local/nessus-2.2.8 --with-ssl=/usr/sfw $ make $ sudo make install $ export PATH=/usr/local/nessus-2.2.8/sbin:$PATH $ cd ../
nessus-plugins
$ gtar zxvf nessus-plugins-2.2.8.tar.gz $ cd nessus-plugins/ $ ./configure --prefix=/usr/local/nessus-2.2.8 --with-ssl=/usr/sfw $ make $ sudo make install $ cd ../
nmap.nasl
$ wget "http://www.nessus.org/documentation/nmap.nasl" -O nmap.nasl $ sudo install -c -m 444 nmap.nasl /usr/local/nessus-2.2.8/lib/nessus/plugins/
ld.config
$ sudo crle -c /var/ld/ld.config -l /usr/local/nessus-2.2.8/lib:/usr/local/lib:/usr/sfw/lib:/usr/lib:/usr/ucblib:/lib
証明書の作成
$ sudo nessus-mkcert
/usr/local/nessus-2.2.8/var/nessus/CA created/usr/local/nessus-2.2.8/com/nessus/CA created------------------------------------------------------------------------------- Creation of the Nessus SSL Certificate------------------------------------------------------------------------------- This script will now ask you the relevant information to create the SSLcertificate of Nessus. Note that this information will *NOT* be sent toanybody (everything stays local), but anyone with the ability to connect to yourNessus daemon will be able to retrieve this information. CA certificate life time in days [1460]: [Enter] Server certificate life time in days [365]: [Enter] Your country (two letter code) [FR]: JP Your state or province name [none]: [Enter] Your location (e.g. town) [Paris]: Tokyo Your organization [Nessus Users United]: [Enter]------------------------------------------------------------------------------- Creation of the Nessus SSL Certificate------------------------------------------------------------------------------- Congratulations. Your server certificate was properly created. /usr/local/nessus-2.2.8/etc/nessus/nessusd.conf updated The following files were created : . Certification authority : Certificate = /usr/local/nessus-2.2.8/com/nessus/CA/cacert.pem Private key = /usr/local/nessus-2.2.8/var/nessus/CA/cakey.pem . Nessus Server : Certificate = /usr/local/nessus-2.2.8/com/nessus/CA/servercert.pem Private key = /usr/local/nessus-2.2.8/var/nessus/CA/serverkey.pem Press [ENTER] to exit[Enter]
ユーザーの作成
$ sudo nessus-adduser
Using /var/tmp as a temporary file holder Add a new nessusd user---------------------- Login : natsuAuthentication (pass/cert) [pass] : [Enter]Login password : [Password]Login password (again) : [Password] User rules----------nessusd has a rules system which allows you to restrict the hoststhat natsu has the right to test. For instance, you may wanthim to be able to scan his own host only. Please see the nessus-adduser(8) man page for the rules syntax Enter the rules for this user, and hit ctrl-D once you are done :(the user can have an empty rules set)[Ctrl+D] Login : natsuPassword : ***********DN :Rules : Is that ok ? (y/n) [y] [Enter]user added.
アクティベーション
プラグインをアップデートするためにアクティベーションが必要。
アクティベーションコードは、Nessus – Register で無償で取得できる。
ただし、無償の場合は1週間遅れでの提供となる。最新版が欲しければ、有償登録が必要。
$ sudo /usr/local/nessus-2.2.8/bin/nessus-fetch --register XXXX-XXXX-XXXX-XXXX-XXXX
Your activation code has been registered properly - thank you.Now fetching the newest plugin set from plugins.nessus.org...Your Nessus installation is now up-to-date.Make sure to call regularly use the command 'nessus-update-plugins' to stay up-to-dateTo automate the update process, please visit <http://www.nessus.org/documentation/index.php?doc=cron>
Nessus の起動と検査の実施
サーバーの起動。時間がかかる,,,
$ sudo nessusd -D
All plugins loaded
今回はとりあえず、ローカルホストを検査したいので、127.0.0.1 をターゲットファイルにぶっこむ。
$ echo "127.0.0.1" > localhost.lst$ nessus -q 127.0.0.1 1241 natsu password localhost.lst localhost.nbe
「nessus -q」でコマンドライン制御。「127.0.0.1 1241」は、ローカルホストのポート 1241 に接続。「natsu password」は、先ほど作ったユーザー名とパスワード。「localhost.lst」は、ターゲットリストの任意のファイル名。「localhost.nbe」は、結果出力ファイル.出力ファイル形式 (nbe フォーマット)。
初めて (.nessusrc がないとき) 接続するときは、証明書の確認が出てくる。
Please choose your level of SSL paranoia (Hint: if you want to manage manyservers from your client, choose 2. Otherwise, choose 1, or 3, if you areparanoid.2The plugins that have the ability to crash remote services or hostshave been disabled. You should activate them if you want your securityaudit to be complete
しばらくすると結果が localhost.nbe に出てくるので,,,
$ less localhost.nbe
反省しよう,,,
検査が終わったら終了させておこう。
$ ps -ef | grep "nessusd -D"
root 6139 1 0 00:53:36 ? 0:00 nessusd -D
$ sudo kill 6139
プラグインのアップデート
通常はこんなカンジ,,,
$ sudo /usr/local/nessus-2.2.8/sbin/nessus-update-plugins
でもこれだとアップデートされてんのか、されてないのかわからんので、
$ sudo /usr/local/nessus-2.2.8/sbin/nessus-update-plugins -v
とする。「-v」オプションでアップデートの結果を表示してくれる。