I have already answered it, but need some help to "proof-read" the answer
Question 3: NESSUS
Nessus, a network-based vulnerability scanner tool which allows you to
perform vulnerability scanning on hosts which you?ve identified.
Detail the steps you would take to automatically update the nessus
tool, listing all the commands which one would need to automatically
update the signatures within Nessus. (Approximately 1 page answer)
3.1. Summary: Funtions of NESSUS
http://www.nessus.org/documentation.html
· Free and powerful remote security scanner. Audit a given network and
test the security vulnerability.
· It will test any services running on any ports. It is able to test
unlimited hosts and multiple services at the same time
· The client/server architecture allows flexibility to deploy the
scanner (server) and the GUI (client) in multiple configurations
· The Unix client can export Nessus reports as ASCII text, LaTeX,
HTML, "spiffy" HTML (with pies and graphs) and an easy-to-parse file
format.
3.2. Installing and Upgrading NESUS in Linux
The server portion will run on most any flavor of Unix. It even runs
on MAC OS X and IBM/AIX. Clients are available for both Windows and
Unix. The Nessus server performs the actual testing while the client
provides configuration and reporting functionality.
1) Prior installation of several external programs is recommended:
NMAP is the industry standard for port scanners, Hydra is a weak
password tester and Nikto is a cgi/.script checker.
2) Download and install nessus. Simplest way to install nessus is to
download the script nessus-installer.sh. There are a lot of mirror
sites to download this script, eg
(http://ftp.nessus.org/nessus/nessus-2.0.10a/nessus-installer/). To
install, type: sh nessus-installer.sh. The above command should also
be used periodically to upgrade Nessus as new versions are regularly
released
3) Create a user and supply these details:
a) userid
b) Authentication method (password/certification)
c) Password
d) Enter a set of rules (optional), eg
deny 10.163.153.1
accept 10.163.156.0/24
e) System will prompt ?Is that okay (Y/N)?. Check your selections and
answer ?Y? to accept the values
f) Generate a certification which will be used to encrypt the traffic
between the client and server using command: nessus-mkcert
g) Configure the daemon using file /usr/local/etc/nessus/nessud.conf.
nessus will create the nessusd.conf file if one is not available
3.3. nessus signatures
· Before a scan is done, the plug-ins should be updated. Each plug-in
is written to test for a specific vulnerability. Plug-ins can be
written in almost any language but usually are written in the Nessus
Attack Scripting Language (NASL).
3.3.1. Steps to update the nessus signatures
a) Login as root into the Linux machine
b) Updating plug-ins from the maintained list with command:
nessus-update-plugins |
Clarification of Question by
sisp-ga
on
17 May 2004 23:11 PDT
NO, i will deal with the language, spelling & format.
1) Go thru the answer and correct any wrong commands, wrong steps,
missing steps, missing commands
2) Comment on whether there shld include some more explanation (if
everything is correct)
You may also want to include your own answer and explanation of where i go wrong
The Q had 2 parts a) Updating Nessus b) Updating the Nessus
signatures. It asked for a list of commands/steps to automate the
above. (it doesnt asked for steps to install), so i really dont know
whether how much of installation i should include
|
