Hi there I am now taking a security course and will be happy if you could give me some guidance on how to update the Nessus tool. Refer question & my answer below
I noticed that the web site does not include the untar command if a person wishes to download the 4 tar balls, he will need the command to do so. Unfortunately for me, I choose the easier way of using the installer script which worked very well >From the posted article, it did mention that one could update nessus with this command: lynx -source http://install.nessus.org | sh "The above command should also be used periodically to upgrade Nessus as new versions are regularly released" Could I also update nessus with this command: sh nessus-installer.sh There are 2 parts to the question below, one I need to identify the steps + commands to update nessus itself and the next is to update the plugins. Would really appreciate if anyone could please help with correcting any errors, comments etc Regards Question 3: NESSUS Nessus, a network-based vulnerability scanner tool which allows you to perform vulnerability scanning on hosts which you've identified. Detail the steps you would take to automatically update the nessus tool, listing all the commands which one would need to automatically update the signatures within Nessus. (Approximately 1 page answer) 3.1. Summary: Funtions of NESSUS http://www.nessus.org/documentation.html * Free and powerful remote security scanner. Audit a given network and test the security vulnerability. * It will test any services running on any ports. It is able to test unlimited hosts and multiple services at the same time * The client/server architecture allows flexibility to deploy the scanner (server) and the GUI (client) in multiple configurations * The Unix client can export Nessus reports as ASCII text, LaTeX, HTML, "spiffy" HTML (with pies and graphs) and an easy-to-parse file format. 3.2. Upgrading NESUS in Linux The server portion will run on most any flavor of Unix. It even runs on MAC OS X and IBM/AIX. Clients are available for both Windows and Unix. The Nessus server performs the actual testing while the client provides configuration and reporting functionality. 1) If you did not download the installer script when installing nessus, go to: http://www.nessus.org/nessus_2_0.html to download the installer script. This script will also upgrade the Nessus tool 2) To execute the script: sh nessus-installer.sh 3.3. nessus signatures * Before a scan is done, the plug-ins should be updated. Each plug-in is written to test for a specific vulnerability. Plug-ins can be written in almost any language but usually are written in the Nessus Attack Scripting Language (NASL). * A list of latest plugins can be obtained via this site: http://www.nessus.org/scripts.php 3.3.1. Steps to update the nessus signatures 1) Login as root into the Linux machine. 2) Go to the directory where you have installed nessus, example, to go to nessus directory: cd nessus 3) Updating plug-ins from the maintained list with command: nessus-update-plugins _______________________________________________ Nessus mailing list [EMAIL PROTECTED] http://mail.nessus.org/mailman/listinfo/nessus
