The following article describes how to install;
These instructions are taken from an email I sent a colleague, I will be updating it with screenshots in the very near future...
Step 1. Download the RPM from Tenable's website
Step 2. Logon as Root, Nessus in the 3.0 tree needs to install the service, and run with administrative privleges in order to provide raw packet writing access required by its security checks.
Logon to your Linux install as
Root, then go to
Nessus.org > Download
Nessus 3.0.3 for Linux > Accept > Fill in the Registration
Check the "Internal Use" box... > Check - Do not contact me (or whatever you prefer)
For you click the link next to "Fedora Core 5" this will give you an RPM package to install in Linux
Download the file, probably it will go to your Desktop
Look for the Download Link at the top left of the page, click it
Now under downloads, select NessusClient 1.0.0RC5 Client for Nessusd
Accept, select the one next to Fedora Core 5 and it should give you another rpm file
When these finishes downloading, open a Terminal (Linux Command Prompt)
usually Windows command prompt starts in C:, in Linux if you are logged on as Root it will start in the 'Root's' Home directory, inside that directory is a 'Desktop' folder, just like Windows users each have their own Desktop folder.
type 'ls' without the quotes, this gives you a 'listing' of your Root's Home folder like typing DIR in Windows
One of the things in your listing should be 'Desktop'
type 'cd Desktop' this like in Windows 'changes the directory' to Desktop
type 'ls' to get a listing of things on the 'Desktop' one of them should be;
type 'rpm -i Nessus-3.0.3-fc5.i386.rpm'
This runs the RPM program to 'Install' the Nessus package, follow the prompts and answer all the questions, the defaults are usually fine, setup a nessus user
I'll use 'auditor' here, but anything can work
In choosing the type of authentication for the Nessus server, Certificates are fine, but I like to use passwords, which is the default. Defaults are always presented in Brackets [ ] to the right, if you're okay with password based authentication just hit Enter. Type a password for the user, and retype the password to make sure the you didn't mistype it, the adduser script doesn't give you any asteriks as feedback when you type.
Here you define any rules for the user, some users might not need to be able to scan every IP in your network, or you might not trust the junior admin with the right to use 'destructive testing' on your production network. If you don't want to set any rules hit Ctrl-D and we're done.
You'll need to register Nessus, they will send the registration link to the email you register with, there should be commands for registering the Nessus server, registering is important because you can't get updated plugins for the scanner without a registered feed.
When you run the registration, Nessus should pull the latest updates, and tell you that Nessus will pull its own updates every 24 hours from now on.
Nessus installs as a service and runs in the background now, so Nessus should always be running, if you look closely at the service start up on your next boot, you might see Nessus starting up and loading plugins.
To update plugins manually;
type '/opt/nessus/sbin/nessus-update-plugins' and hit enter
This will run for a few minutes and won't give you any feedback until it is done, there should be some network activity, and when it is complete you should have a fully up to date install of Nessus.
type 'rpm -i NessusClient-1.0.0.RC5-fc5.i386.rpm' this Installs the NessusClient, the GUI you will run your scans from.
type 'NessusClient &'
The GUI looks like this
Click File > Scan Assistant
Task is just a name use the Client/Company's name if that's easier to track for you
Scope is an easy place to break down internal scans from external scans, or servers from workstations
Targets is individual IPs, ranges of IPs, or a text file with the IPs in it, you can connect multiple IPs or ranges with a comma.
Execute brings you to the logon screen
The first two blanks Hostname and Port should be Localhost and 1241, login and password should be those for the nessus user you created earlier, click Ok to logon to the Nessus server
If you have never logged into this server before, you have to configure your SSL Security Level.
You will be presented with a Security Certificate from the Nessus Server
Click Yes if you accept.
The Client recieves all the plugins from the Nessus Server.
The scan should start immediately after that, and you can see the Portscan bar progress, this is like an Nmap scan going on, then the vulnerability checks will occur. By default Nessus runs all of the safe checks it has for any of the open ports that it found, this is a pretty smart default, and you'll have to learn more about Nessus to really use much more.
The default scan is fine for many purposes, we'll go into more configuration details and how to interpret scan results in other articles.
When the scan completes you will be back in the GUI with a report under your Scope, and results pane over on the right.