Nessus 3.2 beta - Automated Nessus Program Updates
If you are a Nessus user, you are no doubt familiar with the process to subscribe your Nessus scanner to the Direct Feed or Registered Feed to automatically receive new vulnerability plugins produced by Tenable's research group.
With Nessus 3.2 (currently in beta and available for download as Nessus 3.1.5) a similar process is available to upgrade the Nessus scanner itself. This blog entry will show how users who have installed one of the Nessus 3.1.x beta releases of Nessus 3.2 can automatically upgrade.
To update the release of Nessus, the scanner must be subscribed to either the Direct to Registered plugin feeds. If your Nessus scanner is automatically receiving plugins then you will be able to upgrade when new releases are available.
The update process is run from the command line with the new command 'nessus-update' which is located in the ~/sbin installation directory. While in the ~/sbin directory, you can check your version of Nessus by invoking the Nessus daemon with the -v command:
[root@cosmic sbin]# ./nessusd -v
nessusd (Nessus) 3.1.3. [build A567] for Linux
(C) 1998 - 2007 Tenable Network Security, Inc.
To check for a new build of Nessus, and to install it, simply run the 'nessus-update' command:
[root@cosmic sbin]# ./nessus-update
Nessus 3.1.5 is available. Do you want to upgrade to this version ? [y]
The program checks to make sure that Nessus is subscribed to either a Direct or Registered feed and that a new build is indeed available. If both of these conditions are met, the package will be downloaded and installed.
The update download is signed and the signature of the update is checked against the nessus.org public key that is in place.
If your Nessus scanner is set to also update its plugins, a plugin update will be invoked right after an upgrade is completed.
Current Nessus 3.2 Beta Status
The latest release of the Nessus 3.2 beta is version 3.1.5 and is available for download from the Nessus web site. Nessus 3.2 beta downloads are available for Linux, FreeBSD and Solaris. Windows and OS X versions are currently in development. The Nessus 3.2 beta supports IPv6 scanning, a library to write custom WMI queries and also a command line program to initiate a complete vulnerability scan.
If you have also started to use the NessusClient 3.0 to manage your scans, if you connect to a Nessus 3.2 beta scanner, you will notice two new things. First, the login process is much faster. And second, during a scan, you now have an option to pause an on-going scan, as shown below: