Nessus 8.1 User Guide
Total Page:16
File Type:pdf, Size:1020Kb
Nessus 8.1.x User Guide Last Updated: September 24, 2021 Table of Contents Welcome to Nessus 8.1.x 11 Get Started with Nessus 14 Navigate Nessus 15 System Requirements 16 Hardware Requirements 17 Software Requirements 21 Customize SELinux Enforcing Mode Policies 24 Licensing Requirements 25 Deployment Considerations 27 Host-Based Firewalls 28 IPv6 Support 29 Virtual Machines 30 Antivirus Software 31 Security Warnings 32 Certificates and Certificate Authorities 34 Custom SSL Server Certificates 36 Create a New Server Certificate and CA Certificate 38 Upload a Custom Server Certificate and CA Certificate 40 Trust a Custom CA 42 Create SSL Client Certificates for Login 44 Nessus Manager Certificates and Nessus Agent 47 Install Nessus 49 Copyright © 2021 Tenable, Inc. All rights reserved. Tenable, Tenable.io, Tenable Network Security, Nessus, SecurityCenter, SecurityCenter Continuous View and Log Correlation Engine are registered trade- marks of Tenable,Inc. Tenable.sc, Tenable.ot, Lumin, Indegy, Assure, and The Cyber Exposure Company are trademarks of Tenable, Inc. All other products or services are trademarks of their respective Download Nessus 50 Install Nessus 52 Install Nessus on Linux 53 Install Nessus on Windows 55 Install Nessus on Mac OS X 57 Install Nessus Agents 59 Retrieve the Linking Key 60 Install a Nessus Agent on Linux 61 Install a Nessus Agent on Windows 65 Install a Nessus Agent on Mac OS X 71 Upgrade Nessus and Nessus Agents 75 Upgrade Nessus 76 Upgrade from Evaluation 77 Upgrade Nessus on Linux 78 Upgrade Nessus on Windows 80 Upgrade Nessus on Mac OS X 82 Upgrade a Nessus Agent 83 Configure Nessus 89 Install Nessus Home, Professional, or Manager 91 Link to Tenable.io 92 Link to Nessus Manager 93 Managed by Tenable.sc 95 Manage Activation Code 96 View Activation Code 97 Copyright © 2021 Tenable, Inc. All rights reserved. Tenable, Tenable.io, Tenable Network Security, Nessus, SecurityCenter, SecurityCenter Continuous View and Log Correlation Engine are registered trade- marks of Tenable,Inc. Tenable.sc, Tenable.ot, Lumin, Indegy, Assure, and The Cyber Exposure Company are trademarks of Tenable, Inc. All other products or services are trademarks of their respective Reset Activation Code 98 Update Activation Code 99 Transfer Activation Code 101 Manage Nessus Offline 103 Install Nessus Offline 105 Generate Challenge Code 108 Generate Your License 109 Download and Copy License File (nessus.license) 110 Register Your License with Nessus 111 Download and Copy Plugins 112 Install Plugins Manually 113 Update Nessus Software Manually on an Offline system 115 Offline Update Page Details 117 Remove Nessus and Nessus Agents 118 Remove Nessus 119 Uninstall Nessus on Linux 120 Uninstall Nessus on Windows 123 Uninstall Nessus on Mac OS X 124 Remove Nessus Agent 125 Uninstall a Nessus Agent on Linux 126 Uninstall a Nessus Agent on Windows 128 Uninstall a Nessus Agent on Mac OS X 130 Scans 131 Scan and Policy Templates 133 Copyright © 2021 Tenable, Inc. All rights reserved. Tenable, Tenable.io, Tenable Network Security, Nessus, SecurityCenter, SecurityCenter Continuous View and Log Correlation Engine are registered trade- marks of Tenable,Inc. Tenable.sc, Tenable.ot, Lumin, Indegy, Assure, and The Cyber Exposure Company are trademarks of Tenable, Inc. All other products or services are trademarks of their respective Agent Templates 137 Scan and Policy Settings 139 Basic Settings for Scans 141 Basic Settings for Policies 147 Discovery Scan Settings 149 Preconfigured Discovery Scan Settings 160 Assessment Scan Settings 181 Preconfigured Assessment Scan Settings 198 Report Scan Settings 206 Advanced Scan Settings 208 Preconfigured Advanced Scan Settings 212 Credentials 219 Cloud Services 221 Database Credentials 225 Database Credentials Authentication Types 232 Host 247 SNMPv3 248 SSH 250 Windows 263 Miscellaneous 275 Mobile 281 Patch Management 284 Plaintext Authentication 294 Compliance 299 Copyright © 2021 Tenable, Inc. All rights reserved. Tenable, Tenable.io, Tenable Network Security, Nessus, SecurityCenter, SecurityCenter Continuous View and Log Correlation Engine are registered trade- marks of Tenable,Inc. Tenable.sc, Tenable.ot, Lumin, Indegy, Assure, and The Cyber Exposure Company are trademarks of Tenable, Inc. All other products or services are trademarks of their respective SCAP Settings 302 Plugins 304 Configure Dynamic Plugins 305 Special Use Templates 307 Unofficial PCI ASV Validation Scan 310 Create and Manage Scans 312 Example: Host Discovery 313 Create a Scan 315 Import a Scan 316 Create an Agent Scan 317 Export Agents 318 Modify Scan Settings 319 Configure an Audit Trail 320 Delete a Scan 321 Scan Results 322 Search and Filter Results 323 Dashboard 330 Vulnerabilities 332 View Vulnerabilities 334 Modify a Vulnerability 335 Group Vulnerabilities 337 Snooze a Vulnerability 339 Live Results 341 Enable or Disable Live Results 343 Copyright © 2021 Tenable, Inc. All rights reserved. Tenable, Tenable.io, Tenable Network Security, Nessus, SecurityCenter, SecurityCenter Continuous View and Log Correlation Engine are registered trade- marks of Tenable,Inc. Tenable.sc, Tenable.ot, Lumin, Indegy, Assure, and The Cyber Exposure Company are trademarks of Tenable, Inc. All other products or services are trademarks of their respective Remove Live Results 344 Compare Scan Results 345 Scan Folders 346 Manage Scan Folders 348 Policies 350 Create a Policy 352 Import a Policy 353 Modify Policy Settings 354 Delete a Policy 355 About Nessus Plugins 356 Create a Limited Plugin Policy 358 Install Plugins Manually 362 Plugin Rules 364 Create a Plugin Rule 365 Modify a Plugin Rule 366 Delete a Plugin Rule 367 Customized Reports 368 Customize Report Title and Logo 369 Scanners 370 Link Nessus Scanner 371 Unlink Nessus Scanner 372 Enable or Disable a Scanner 373 Remove a Scanner 374 Download Managed Scanner Logs 375 Copyright © 2021 Tenable, Inc. All rights reserved. Tenable, Tenable.io, Tenable Network Security, Nessus, SecurityCenter, SecurityCenter Continuous View and Log Correlation Engine are registered trade- marks of Tenable,Inc. Tenable.sc, Tenable.ot, Lumin, Indegy, Assure, and The Cyber Exposure Company are trademarks of Tenable, Inc. All other products or services are trademarks of their respective Agents 377 Modify Agent Settings 379 Filter Agents 380 Download Linked Agent Logs 383 Unlink an Agent 385 Agent Groups 388 Create a New Agent Group 389 Configure User Permissions for an Agent Group 390 Modify an Agent Group 392 Delete an Agent Group 395 Freeze Windows 396 Create a Blackout Window 397 Modify a Blackout Window 398 Delete a Blackout Window 399 Settings 400 About 401 Advanced Settings 403 LDAP Server 428 Configure an LDAP Server 429 Proxy Server 430 Configure a Proxy Server 431 Remote Link 432 SMTP Server 435 Configure an SMTP Server 436 Copyright © 2021 Tenable, Inc. All rights reserved. Tenable, Tenable.io, Tenable Network Security, Nessus, SecurityCenter, SecurityCenter Continuous View and Log Correlation Engine are registered trade- marks of Tenable,Inc. Tenable.sc, Tenable.ot, Lumin, Indegy, Assure, and The Cyber Exposure Company are trademarks of Tenable, Inc. All other products or services are trademarks of their respective Custom CA 437 Password Management 438 Configure Password Management 440 My Account 441 Users 443 System-wide Agent Settings 444 Accounts 445 Modify Your User Account 446 Generate an API Key 447 Create a User Account 448 Modify a User Account 449 Delete a User Account 450 Set an Encryption Password 451 Update Nessus Software 453 Create a New Setting 455 Modify a Setting 456 Delete a Setting 457 Download Logs 458 Additional Resources 459 Agent Software Footprint 460 Agent Host System Utilization 461 Amazon Web Services 462 Command Line Operations 463 Start or Stop Nessus 464 Copyright © 2021 Tenable, Inc. All rights reserved. Tenable, Tenable.io, Tenable Network Security, Nessus, SecurityCenter, SecurityCenter Continuous View and Log Correlation Engine are registered trade- marks of Tenable,Inc. Tenable.sc, Tenable.ot, Lumin, Indegy, Assure, and The Cyber Exposure Company are trademarks of Tenable, Inc. All other products or services are trademarks of their respective Start or Stop a Nessus Agent 466 Nessus-Service 468 Nessuscli 471 Nessuscli Agent 478 Update Nessus Software 486 Default Data Directories 487 Manage Logs 488 Nessus Credentialed Checks 496 Credentialed Checks on Windows 498 Prerequisites 502 Enable Windows Logins for Local and Remote Audits 503 Configure Nessus for Windows Logins 506 Credentialed Checks on Linux 507 Prerequisites 508 Enable SSH Local Security Checks 509 Configure Nessus for SSH Host-Based Checks 513 Run Nessus as Non-Privileged User 514 Run Nessus on Linux with Systemd as a Non-Privileged User 515 Run Nessus on Linux with init.d Script as a Non-Privileged User 518 Run Nessus on Mac OS X as a Non-Privileged User 521 Run Nessus on FreeBSD as a Non-Privileged User 526 Scan Targets 531 Upgrade Assistant 534 Copyright © 2021 Tenable, Inc. All rights reserved. Tenable, Tenable.io, Tenable Network Security, Nessus, SecurityCenter, SecurityCenter Continuous View and Log Correlation Engine are registered trade- marks of Tenable,Inc. Tenable.sc, Tenable.ot, Lumin, Indegy, Assure, and The Cyber Exposure Company are trademarks of Tenable, Inc. All other products or services are trademarks of their respective Chapter 3 - Pg. 11 Welcome to Nessus 8.1.x If you are new to Nessus®, see Get Started. Nessus Solutions Tenable.io Tenable.io is a subscription based license and is available