Lab 2 - Running Nessus

Due: Wednesday at 5:00pm
This lab is worth 10 points.

Download the Windows Nessus client from http://nessuswx.nessus.org/archive/nessuswx-1.4.5d.zip. Unzip the file to a directory on the D: drive.

Create a new directory on the D: drive to store the VMware image for the machine we will be scanning. Copy all the current SlackwareBasic files to this new directory. You'll now have two copies of SlackwareBasic: one to run the Nessus scanner and one to be scanned. You can rename the second copy if you desire to make it more easy to distinguish the two virtual machines.

Start the virtual machine that contains the Nessus server (what we installed last week). Once it it running, log in as root and start the Nessus server with the command /usr/local/sbin/nessusd -D. Switch to the second terminal with the command ALT-F2 and log in as root. Get the IP address for your Nessus server with the command ifconfig eth0. Note the IP address for later use.

Start the second copy of SlackwareBasic. This will be our target machine for the Nessus scans. Once the machine is running, log in as root and give the command ifconfig eth0 to find the IP address of the target machine.

Start the Nessus Windows client and connect to your Nessus server using this tutorial as a guide. In Step 3, add a single host target using the target machine's IP address. For the options, use Safe Checks. Execute the scan and note what the report says.

Now try different options on your target machine. Enable various services such as SSHd or HTTPd. Rerun the scans after enabling the services and note the diffences in the reports. Try several different combinations, noting what services you enabled and what data you saw in the report.

Next, run tcpdump -p -n -XX on the target machine and try running a scan again. If there is too much chatter from other machines (-p should prevent promiscuous mode, but Windows machines are known for having broadcast chatter), you can restrict tcpdump to just your machine's IP using the "host <IP>" option to tcpdump. Note what you see from tcpdump during the scans.

Next try enabling the firewall on the target machine with the following commands:

iptables -P INPUT DROP
iptables -P OUTPUT ACCEPT
iptables -A INPUT -i eth0 -m state --state ESTABLISHED,RELATED -j ACCEPT
Rerun the scan and note the changes in the report.

Lab Write-up

Write a summary of what you have done in this lab. Give the combination of services that you tried running and a summary of the reports that went along with those combinations. Say what you noted when running tcpdump and how the scans changed when you enabled the firewall. Your write-up should be several paragraphs long. Email your write-up to me in either plain text or PDF format.