Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

Installing Nessus on Backtrack 4

Backtrack 4 is a Linux distribution and “Live CD “ (a bootable operating system on CD or DVD) that is designed for penetration testers. It contains a wide array of tools for performing penetration tests, web application assessments and reverse engineering. It is a simple process to get the latest version of Nessus installed and running on Backtrack 4.

There are two ways to create a Backtrack 4 bootable drive: create the partitions manually or run the install.sh program. I highly recommend running the install.sh program to perform a full installation of Backtrack 4. While you can boot the distribution from a manually partitioned CD or USB thumb drive, the file system is only temporary and you will lose changes on certain partitions. To avoid having to install Nessus each time you boot, you can install Backtrack 4 on any device, hard drive or USB thumb drive, and have a completely writable file system. You will need to boot Backtrack 4 and click on the "install.sh" icon on the desktop:


BT4-Install.png

The screenshot above shows Backtrack 4 being installed onto a USB thumb drive. While this example shows a 4GB drive being used as the target, it is recommended that you use 8GB or more for the installation. Once Backtrack 4 has been installed, it will boot and run just like any other Ubuntu 8.10 distribution, the difference being the Backtrack 4 team controls and runs the software repositories. You will then need to visit the Nessus homepage or the Tenable Support Portal (for ProfessionalFeed customers), download the following two Nessus packages and upload them to your new installation:

  • Nessus-4.0.1-ubuntu810_i386.deb
  • NessusClient-4.0.1-ubuntu810_i386.deb

The packages can then be installed using the following command:

[email protected]:~# dpkg -i Nessus-4.0.1-ubuntu810_i386.deb NessusClient-4.0.1-ubuntu810_i386.deb

Backtrack 4 contains all of the prerequisite packages required for a Nessus server and client installation. Next we will need to add a user:

# /opt/nessus/sbin/nessus-adduser
Login : paulda
Authentication (pass/cert) : [pass]
Login password :
Login password (again) :
Do you want this user to be a Nessus 'admin' user ? (can upload plugins, etc...) (y/n) [n]: y
User rules
----------
nessusd has a rules system which allows you to restrict the hosts
that paulda has the right to test. For instance, you may want
him to be able to scan his own host only.

Please see the nessus-adduser manual for the rules syntax

Enter the rules for this user, and enter a BLANK LINE once you are done :

(the user can have an empty rules set)

Login : paul

Password : ***********

This user will have 'admin' privileges within the Nessus server

Rules :

Is that ok ? (y/n) [y]

User added

Nessus then requires registration of the plugin feed:

[email protected]:~# /opt/nessus/bin/nessus-fetch --register XXXX-XXXX-XXXX-XXXX
Your activation code has been registered properly - thank you.
Now fetching the newest plugin set from plugins.nessus.org...
Your Nessus installation is now up-to-date.
If auto_update is set to 'yes' in nessusd.conf, Nessus will
update the plugins by itself.

Once the plugin feed has been successfully registered we can start the server with the following command:

[email protected]:~# /etc/init.d/nessusd start
Starting Nessus : .

From this point you can use the NessuClient just as you would on any other system. All of your changes, including subsequent plugin updates, will be preserved across reboots.

[UPDATE: Please note that Backtrack 4 is not an officially supported
platform. If you run into problems with the Backtrack 4 installation or
the USB setup please refer to http://forums.remote-exploit.org]

Conclusion

You now have a portable Linux distribution that you can take with you and boot on various computers to run Nessus. This can come in handy, especially if you are investigating a possible security incident where you cannot trust the integrity of local system tools that may have been compromised. I also use this method if I am going to a security conference and want to perform Nessus scans so I don't have to expose my laptop operating system to a potentially hostile network. Putting it on a bootable distribution allows me to run it, then take the removable media back to my network and just strip the data off of it for analysis without having to even boot up the OS. While this installation works with all current Nessus software and feeds, ProfessionalFeed customers can take advantage of several features, including SCADA checks, configuration auditing for UNIX and Windows, PCI DSS auditing, sensitive data document searching and SQL database auditing.