How to install and configure Nessus


How to install and configure Nessus

If you've been around the information security profession for any length of time, you probably have at least a passing familiarity with the Nessus vulnerability scanner. In this, the first of a series of three Nessus tips, we'll provide you with an introduction to this popular security tool and give you the information you need to install and configure your own Nessus deployment.

Nessus is a member of the family of security tools known as vulnerability scanners. As the name implies, these products scan the network for potential security risks and provide detailed reporting that enables you to remediate gaps in your security posture. These scans run using a client/server architecture, so let's discuss both pieces of that architecture.

The scan engine is available for Linux/Unix systems only (sorry Microsoft fans!). Installation is actually quite simple. If you have the Lynx HTTP browser on your system, simply run the command:

prompt$ lynx –source | sh

This command downloads the Nessus installation script and executes it on your system. Note that the "prompt$" prompt indicates that you should run this command from a normal user account and not with root privileges. If you'd like, you may

Continue Reading This Article

Enjoy this article as well as all of our content, including E-Guides, news, tips and more.

By submitting your email address, you agree to receive emails regarding relevant topic offers from TechTarget and its partners. You can withdraw your consent at any time. Contact TechTarget at 275 Grove Street, Newton, MA.

You also agree that your personal information may be transferred and processed in the United States, and that you have read and agree to the Terms of Use and the Privacy Policy.

Safe Harbor

review the script before executing it on your system. Alternatively, you may build and compile Nessus manually by downloading the source code and compiling it.

Once you've completed the installation, you need to complete three steps to get up and running:

  1. Start the Nessus scan server by running the command "nessusd&"
  2. Add a Nessus user to your system by executing "nessus –adduser"
  3. Start the Nessus client and explore away!

If you'd like to run the Nessus client on a system other than the one you installed the server on, you're free to do so. You may download the NessusClient GUI for Unix systems or the NessusWX client for Windows systems from the Nessus download page. Once you've installed your client, simply point it at the IP address of your Nessus server and connect using the username and password you created in step two above.

The Nessus project began as an open-source community project more than seven years ago. While the basic Unix/Linux scanner is still freely available, many elements of the Nessus line are going commercial. Tenable Security, the current custodians of Nessus, also produce NeWT, a Windows version that uses the wizard-based installation and GUI familiar to Windows users. A free version (limited to scanning hosts on the same Class C subnet as the scanning system) is available for download from Tenable.

One last word of wisdom: the Nessus plug-ins (the scripts that provide the scanning functionality of Nessus) change frequently. Be sure to update your plug-ins from the official site on a regular basis using the "nessus-update-plugins" command on the Nessus server.

Our next tip will explore using Nessus to conduct vulnerability scans, and we'll wrap up the series with a look at deploying Nessus as part of an enterprise vulnerability scanning program.


  Introduction: What is Nessus?
  How to install and configure Nessus
  How to run a system scan
  How to build an enterprise scanning program
  Nessus: Managing data
  How to simplify security scans
  How to use Nessus with the SANS Top 20

Mike Chapple, CISSP is an IT Security Professional with the University of Notre Dame. He previously served as an information security researcher with the National Security Agency and the U.S. Air Force. Mike is a frequent contributor to SearchSecurity, a technical editor for Information Security magazine and the author of several information security titles including the CISSP Prep Guide and Information Security Illuminated.

This was first published in January 2006

Disclaimer: Our Tips Exchange is a forum for you to share technical advice and expertise with your peers and to learn from other enterprise IT professionals. TechTarget provides the infrastructure to facilitate this sharing of information. However, we cannot guarantee the accuracy or validity of the material submitted. You agree that your use of the Ask The Expert services and your reliance on any questions, answers, information or other materials received through this Web site is at your own risk.