• No results found

Nessus Training Session 2 - Scanning and Reporting

N/A
N/A
Info
Download
Protected

Academic year: 2021

Share "Nessus Training Session 2 - Scanning and Reporting"

Copied!
7
0
0

Loading.... (view fulltext now)

Download now ( 7 Page )

Full text

(1)

Nessus Training

Session 2 - Scanning and Reporting

Prepared by Ramsey Dow <[email protected]> for NWACC

Contents

Configuring Ubuntu for Authenticated Scanning Configuring Windows for Authenticated Scanning

Configuring Ubuntu for Authenticated Scanning

Install OpenSSH server

Nessus will perform authenticated checks over an SSH connection, so you must be running sshd.

sudo apt-get -y install openssh-server

Now let’s update the SSH server’s configuration. Specifically, we are going to disable remote root logins and enable authorized key files for public key login.

sudo vim /etc/ssh/sshd_config

The following regular expressions will change a specific yes to a no and uncomment the line that begins with #AuthorizedKeysFiles. If typing regular expressions is too painful for you, feel free to use the arrow keys to move to the specific lines and make the changes yourself.

:%s/RootLogin yes/RootLogin no :%s/^#Authorized/Authorized

Write the file back to disk and exit. :wq

(2)

Restart the SSH server.

sudo service ssh restart Create Nessus user

sudo adduser --shell /bin/bash --gecos Nessus --home /home/nessus nessus

sudo usermod -a -G staff,sudo nessus

sudo chmod 0770 /home/nessus

sudo visudo

Add the following line to the User privilege specification: nessus ALL=(ALL:ALL) ALL

Our nessus user needs the same level of privileges as the root user. Save the file to disk and exit.

:wq

Logout of your user account. Now login as the nessus user. Create the .ssh directory.

mkdir .ssh chmod 0700 .ssh

Create an SSH key pair for the nessus user.

cd .ssh

(3)

Be sure to supply a strong password to protect the private key from theft.

Copy the public key to ~/.ssh/authorized_keys to permit logins over the network.

cp nessus_rsa.pub authorized_keys chmod 0600 authorized_keys

You need to copy both keys, public and private, to your Nessus server. I show how to do this in the Scanning handout.

You can log out of the nessus account now.

Testing ssh with your public key

You might wish to test out ssh using your new public key. I tend to do this when setting up new servers to ensure that everything is working as expected. When failures occur I like to have already ruled out as many common cases as possible.

First, change your working path to your .ssh directory: cd ~/.ssh

If you don’t have a ~/.ssh directory then create it manually: mkdir ~/.ssh

chmod 0700 ~/.ssh

Once you’ve changed your working directory to ~/.ssh you can download your keys from the remote Nessus server. Fetch the public key first:

scp nessus@NESSUS_SERVER:.ssh/nessus_rsa.pub .

Replace NESSUS_SERVER with the address of the Nessus scan server. Enter your password when prompted. Now fetch the private key. We’ll use a shell trick to save some typing:

(4)

^.pub^

This simply takes the previous command, removes the .pub from the end, and executes the rest. It’s as if we typed scp user@remote_host:.ssh/nessus_rsa.

Now that you have downloaded your keys you can test them out. ssh -i ~/.ssh/nessus_rsa [email protected] id

With any luck you will be prompted for the nessus password. Once that’s been successfully entered you should see the user and group names and numeric ID associated with the

nessus account, e.g.:

uid=1001(nessus) gid=1001(nessus) groups=1001(nessus),27(sudo),50(staff)

Configuring Windows for Authenticated Scanning

Create Nessus user

These steps illustrate how to create a standalone user for Nessus auditing. In a domain environment you will want to create a domain user instead. Instructions for this process are documented under “Configuring a Domain Account for Authenticated Scanning” in the Nessus Credential Checks for Unix and Windows guide.

Click Start > Administrative Tools Double-click Computer Management Expand Local Users and Groups Select Users

Right-click and select New User… Enter Nessus as the User name

Enter Nessus auditing account as the Description Enter a strong password

Uncheck the User must change password at next logon checkbox Click the Create button

(5)

Right-click on the Nessus user and select Properties Click on the Member Of tab

Enter administrators in the text field and click the Check Names button Click the OK button

Verify System Configuration

This is set by default in Server 2012 R2, but it is important that this be configured

appropriately. So we will check it as a matter of course. Run the Group Policy Object Editor. Type Windows-R to bring up the Run dialog

Enter gpedit.msc and click the OK button

Expand Windows Settings under Computer Configuration Expand Security Settings

Expand Local Policies Select Security Options

Verify that Network access: Sharing and security model for local accounts is set to Classic -Local users authenticate as themselves.

The next steps apply to Windows versions from Vista onward.

First, we must enable File and Printer Sharing under Windows Firewall. Click Start > Control Panel

Double-click on Windows Firewall

Click on Allow an app or feature through Windows Firewall Click the File and Printer Sharing checkbox

Click the OK button

Next we need to make some additional configuration changes using the Group Policy Object Editor.

Type Windows-R to bring up the Run dialog Enter gpedit.msc and click the OK button

Expand Administrative Templates under Computer Configuration Expand Network

Expand Network Connections Expand Windows Firewall Select Standard Profile

(6)

Click on the Enabled radio button to enable this setting Click the OK button

Let’s check one more setting while still in the Group Policy Object Editor. Select Administrative Templates > Network > Network Connections

Verify that Prohibit use of Internet connection firewall on your DNS domain is either Disabled or Not Configured.

The Remote Registry service must be enabled. It is set to Automatic by default in Server 2012 R2. Authenticated scanning require it to be set to either Automatic or Manual, not Disabled.

Click Start > Administrative Tools Double-click Services

Verify that Remote Registry is not set to Disabled If it is set it to either Automatic or Manual

If set to Manual, Nessus can enable the service just for the duration of the scan using plugin IDs 42897 and 42898. For Server 2012 R2 we can leave the default setting as is.

Finally, we need to address UAC. You can disable it, but that is not recommended, Instead we need a way to manage it in the context of remote logins. Luckily, Microsoft has provided a solution for us.

Type Windows-R to bring up the Run dialog Enter regedit and click the OK button

Navigate to

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\system Create a new REG_DWORD key with the name LocalAccountTokenFilterPolicy Set its value to decimal 1

Basically, we are toggling UAC for local accounts. Refer to UAC and Remote logon

http://blogs.msdn.com/b/vistacompatteam/archive/2006/09/22/766945.aspx for additional details.

(7)

Configure Scan Policy with Windows Credentials

Login to your Nessus server using an administrator account and follow these steps to add Windows credentials to a scan policy.

Click on the Policies button

Click on the policy you wish to add credentials to Click on the Credentials tab

Windows credentials come up as the default view

Enter the user name and password in the SMB account and SMB password fields, respectively

Click the Update button and you should be good to go

Now scans run using this policy will be able to execute commands directly on the remote server.

References

Download now ( PDF - 7 Page - 80.32 KB )

Related documents

Patch Management Integration

Because Nessus scans do not rely on the system being managed by SCCM to report patch management issues, credentials for the target systems do not need to be used in the scan

Depression and disordered gaming: does culture matter?

Conversely, research has suggested that excessive internet gaming behavior places gamers at higher risk for real-life dysfunction (e.g., the loss of one’s job) that would in

LANGSTON N V S Y LANGSTON OKLAHOMA CITY

The objective of this course is to acquaint students with economic and business needs and opportunities in the state of Oklahoma. Microeconomics will survey theories of

Humayun Bakht School of Computing and Mathematical Sciences Liverpool John Moores University

• In comparison with geographical positioning systems, mobile ad-hoc networks can support the built-in geographical location by using an extremely accurate form of triangulation.

Modelling and mapping forest fire ignition risk in North-West Morocco (Chefchaouen-Ouazzane Region)

l’élaboration de la carte de la pression annuelle de mise à feu (PAMF) et à la génération de la carte de la probabilité d’éclosion dans la zone d’étude. Les résultats du

Fire Risk Assessment Of Terminal LPG Semarang

The process are involving performing Hazard and Operability (HAZOP) based on Terminal System P&amp;ID, Frequency analysis such as Fault Tree Analysis and Event Tree Analysis, and

Betulinic acid induces a novel cell death pathway that depends on cardiolipin modification

As a result of the enhanced CL saturation mitochondria of cancer cells, but not normal cells that do not depend on de novo FA synthesis, undergo ultrastructural changes,

Vulnerability Assessment Report Format Data Model

XSL Generate transformations Scanning report: Nessus v2.x XML Network Vulnerability assessment tool ( ( ( ( ( ( ( ( ( ( Nessus Server (nessusd) ( ( Nessus client Parser VARF XML XSL: