A Brief Nessus How-To

What is Nessus? Here's how Nessus describes itself, at http://www.nessus.org:

The 'Nessus' Project aims to provide to the internet community a free, powerful, up-to-date and easy to use remote security scanner. A security scanner is a software which will audit remotely a given network and determine whether bad guys (aka 'crackers') may break into it, or misuse it in some way.

I describe it this way: it's an essential security tool that you should have in your arsenal. It runs on Linux, Mac OS X, and Windows. It's free and open source.

Nessus runs both a server AND a client on the same machine: yours.

Here's how to install and run it.

Compile Nessus (as root, of course). Answer any questions it asks you. Defaults are usually fine.

Then add a user: you. Do this as root with the following command:


Note that the path may be different on a non-Linux system!

Then generate your security cert as root for Nessus:


Then start the Nessus daemon, again as root:

/usr/local/sbin/nessusd &

Then start Nessus as you (non-root):

nessus &

On the first tab is a box for your login & password which you created above. Enter those and click the 'Log in' button.

Go to the Plugins tab & click the 'Enable all but dangerous plugins' button.

Go to the 'Target selection' tab & enter the IP or DNS of the machine/block/network you wish to scan. Check the 'Save this session' checkbox. Click 'Start the scan' and wait.

When it's done, review the report. Save it in a variety of formats. Follow its advice.

WebSanity Top Secret