Backtrack 4 is a Linux distribution and “Live CD “ (a bootable operating system on CD or DVD) that is designed for penetration testers. It contains a wide array of tools for performing penetration tests, web application assessments and reverse engineering. It is a simple process to get the latest version of Nessus installed and running on Backtrack 4.
There are two ways to create a Backtrack 4 bootable drive: create the partitions manually or run the install.sh program. I highly recommend running the install.sh program to perform a full installation of Backtrack 4. While you can boot the distribution from a manually partitioned CD or USB thumb drive, the file system is only temporary and you will lose changes on certain partitions. To avoid having to install Nessus each time you boot, you can install Backtrack 4 on any device, hard drive or USB thumb drive, and have a completely writable file system. You will need to boot Backtrack 4 and click on the "install.sh" icon on the desktop:
The screenshot above shows Backtrack 4 being installed onto a USB thumb drive. While this example shows a 4GB drive being used as the target, it is recommended that you use 8GB or more for the installation. Once Backtrack 4 has been installed, it will boot and run just like any other Ubuntu 8.10 distribution, the difference being the Backtrack 4 team controls and runs the software repositories. You will then need to visit the Nessus homepage or the Tenable Support Portal (for ProfessionalFeed customers), download the following two Nessus packages and upload them to your new installation:
The packages can then be installed using the following command:
|[email protected]:~# dpkg -i Nessus-4.0.1-ubuntu810_i386.deb NessusClient-4.0.1-ubuntu810_i386.deb|
Backtrack 4 contains all of the prerequisite packages required for a Nessus server and client installation. Next we will need to add a user:
Login : paulda
Authentication (pass/cert) : [pass]
Login password :
Login password (again) :
Do you want this user to be a Nessus 'admin' user ? (can upload plugins, etc...) (y/n) [n]: y
nessusd has a rules system which allows you to restrict the hosts
that paulda has the right to test. For instance, you may want
him to be able to scan his own host only.
Please see the nessus-adduser manual for the rules syntax
Enter the rules for this user, and enter a BLANK LINE once you are done :
Login : paul
Nessus then requires registration of the plugin feed:
|[email protected]:~# /opt/nessus/bin/nessus-fetch --register XXXX-XXXX-XXXX-XXXX|
Your activation code has been registered properly - thank you.
Now fetching the newest plugin set from plugins.nessus.org...
Your Nessus installation is now up-to-date.
If auto_update is set to 'yes' in nessusd.conf, Nessus will
update the plugins by itself.
Once the plugin feed has been successfully registered we can start the server with the following command:
|[email protected]BT4:~# /etc/init.d/nessusd start|
Starting Nessus : .
From this point you can use the NessuClient just as you would on any other system. All of your changes, including subsequent plugin updates, will be preserved across reboots.
[UPDATE: Please note that Backtrack 4 is not an officially supported
platform. If you run into problems with the Backtrack 4 installation or
the USB setup please refer to http://forums.remote-exploit.org]
You now have a portable Linux distribution that you can take with you and boot on various computers to run Nessus. This can come in handy, especially if you are investigating a possible security incident where you cannot trust the integrity of local system tools that may have been compromised. I also use this method if I am going to a security conference and want to perform Nessus scans so I don't have to expose my laptop operating system to a potentially hostile network. Putting it on a bootable distribution allows me to run it, then take the removable media back to my network and just strip the data off of it for analysis without having to even boot up the OS. While this installation works with all current Nessus software and feeds, ProfessionalFeed customers can take advantage of several features, including SCADA checks, configuration auditing for UNIX and Windows, PCI DSS auditing, sensitive data document searching and SQL database auditing.