Lab 1 - Installing Nessus

Due: Wednesday at 5:00pm
This lab is worth 10 points.

In this lab, we will be installing a Slackware VMware Player image to use for the vulnerability scanner Nessus. We will be using an older, open-source version of Nessus.

First, download the SlackwareBasic image from http://pegasus.cs.csubak.edu/~mdanfor/cs216/vm/vmware/welcome.html. Unzip the file to a directory on the D: drive (data on the C: drive is erased during nightly reboots and we will need this image for the next several labs). Start VMware Player and select this image to run. Log in to the console as root using the password listed on the above website.

Second, install X11 in the Slackware image. FTP the following file to the machine:

slackware.osuosl.org/pub/slackware/slackware-10.2/slackware/x/x11-6.8.2-i486-3.tgz
Once the FTP has completed, issue the command 'installpkg x11-6.8.2-i486-3' as root. This will install the X11 packages. It is not necessary to start X11, but the package needs to be installed in order for Nessus to compile.

Third, use FTP or sftp from within the virtual machine to log in to Helios. Change to the directory /usr/users/mdanfor/open/. Download the following files:

libnasl-2.0.5.tar.gz
nessus-core-2.0.5.tar.gz
nessus-libraries-2.0.5.tar.gz
nessus-plugins-2.0.5.tar.gz

Now extract all the nessus archives using 'tar xvzf <filename>'. This will create four subdirectories, one for each tarball.

Fourth, compile and install each component. For each directory, you will issue the commands './configure', 'make' and 'make install'. You need to do this for each directory in the following order:

nessus-libraries
libnasl
nessus-core
nessus-plugins

You may need to run 'ldconfig' after installing nessus-libraries and libnasl to update the shared library cache before compiling nessus-core and nessus-plugins.

Finally, you need to configure Nessus. Use the command 'nessus-adduser' to create a user account (this user will run the vulnerability scans). Use the command 'nessus-mkcert' to create a certificate for the server. You can then start the daemon with the command '/usr/local/sbin/nessusd'.

Lab Write-Up

Write one paragraph summarizing what you did to install the Nessus scanner. Email the write-up to me before the due date.