This doument discusses in detail on how to set up a nessus scanner using Cent OS 7. There are two paths for setup depending on your level of comfort. The first path is to install using a Minimal ISO install of Cent OS 7. The second path is setting up a using via gnome desktop. The second path is for those that are intimidated by CLI.
Personally I prefer using a minimal based CLI install of Cent OS. Along with being less resource intensive it will lower your threat surface risk. A good question is why Cent OS? I like Cent OS for two reasons.
-
Longivity of the OS and its strict adherance to stable updates.
-
Firewall is on by default and the ability to choose a security hardening baseline on install.
- To download the minimal install ISO for Cent OS you will need to go to the following website:
-
Select the minimal install ISO link
-
In Hyper-V select New >> Virtual Machine
-
Select Next
-
Specify the name and location. Click on Next.
-
Select Generation 1 for the virtual machine (Cent OS 7 does support Generation 2 but for simiplicity choose Gen 1.
-
Assign 4096 MB memory and uncheck use dynamic memory for this virtual machine. This will ensure the VM does not go over it's allocated memory size.
-
Choose a hyper-v connection that has internet access and click on next.
- Refer to the following documentation for creating hyper-v switches with internet connections:
- (Insert Document Link Here)
-
Take the default on creating a virtual hard disk and select next.
-
Navigate to the ISO you saved from step 2 on the installation options screen and select next.
-
Click on Finish to the summary.
-
Start up your Cent OS Virtual Machine. Select Install from the bootup menu.
- Choose what language you would like to use.
- Get into the network and host name settings.
- Turn the ethernet card to the "on" position. Click on Done to this screen.
- Go into the date and time menu next.
- Ensure that NTP is set to the "on" position and select your regional time zone you are on.
- Go to the installation destination from selection on the menu.
- Make sure automatically configure partitioning is selected and ensure encrypt my data is checkmarked. Its important to encrypt this VM as it will contain vulnerability data about your lab network. Those assets and data should be protected when you have the VM in a powered off mode to save on memory and cpu resources.
- Create a secure disk encryption passphrase. If you need help with this I would recommend a password manager such as:
- KeepassX https://www.keepassx.org/
- Read Diceware's page on creating secure passphrases http://world.std.com/~reinhold/diceware.html
- At this point you should be able to select "Begin Installation" from the menu
- At this screen you will need to create a root password and a user for the Cent OS system.
- Once the install is complete click on the reboot button
- Login with the user name and password that you did in step 22.
- Use the command "su" to get into the root account. Don't worry we will fix this later. As a best security practice you should never do this and disable the root login account geom being used.
- Next we are going to install the nano editor because VI really sucks and you will be confused on how to exit :) Issue the command "yum install nano" as shown in the screenshot.
- Hit "y" to complete the installation of nano.
- Issue the command: nano /etc/sudoers
-
You should notice in the above file about midway though it the %wheel group to run all commands is not commented out. There is nothing to do in the sudoers file so hit "ctrl x" to exit out of it. This verification is to serve as a check on how to modify this file should the wheel group be commented out.
-
Issue the following command to add a user to the Wheel group. In this example I add my account "rootsecdev" to the wheel group.
- At this point issue the command "reboot" to reboot the server. Once rebooted log back into your user account.
- Next we are going to edit the passwd file using nano. This is so we can disable the root account from getting logged into. This is equivalent to disabling the local administrative account on a windows machine.
- You will notice the root account has access to /bin/bash
- Change to root account over to /sbin/nologin
-
At this point doing a ctrl x to save the file. At this point you should not be able to log directly into the root account.
-
Next use nano to modify the sshd_config file
- uncomment the "permitrootlogin" and set it to no. The screenshot below illustrates this.
-
Do a ctrl x to save the file. This setting change will not permit root logins over SSH.
-
This is the last step in configuring the Cent OS server install before we proceed with doing the nessus installation. Update the cent os system by issuing the following command:
sudo yum update
- At this point the Cent OS portion of your configuration has been completed.
-
On a host machine with internet access go to the following URL: https://www.tenable.com/downloads/nessus
-
Select the RPM File for Red Hat 7/Cent OS 7/Oracle Linux 7
-
On a host maching with internet access go to the following URL: https://winscp.net/eng/index.php
-
Download WinSCP and install it. SCP will allow you to pass your file to your CentOS server.
- Power off your Cent OS machine by issuing the following command to the device
sudo poweroff
- Confirm your machine is on