#SecureSenses --verbose

Nessus can scan a range of Linux flavours. As of writing these are: CentOS Debian Fedora Gentoo Red Hat Slackware SuSE Ubuntu There are two types of scans Nessus can run against Linux hosts:  Patch audit Compliance audit Patch audit - the plugin families are "[distro name] Local Security Checks". Nessus will audit targets and report on missing security patches based on advisories  released  by respective distributions. Nessus requires credentials in order to preform this type of scan as this are local checks. Tenable recommends that root level  credentials are used, though  I have been able to successfully scan Linux hosts with a "standard" account.  This however depends on distribution and how hardened it is. On Red Hat distros Nessus executes the following commands which work with non-root accounts: $rpm -qa $uname -a Nessus then compares its database with versions of kernel and installed packages.    Compliance audit  - Ten

To use this feature you need to be a Nessus professional feed subscriber. Tebnable provides a  number of audit policy files. They are available for download from support portal.  You can download CIS benchmark for both IOS devices and ASA firewalls as well as DISA switch and perimeter router audit files. Setting up a policy is straight forward. It requires that plugin 46689 "Cisco IOS Compliance Checks" is enabled. I generally keep scans separate for sake of report clarity so I enable only this plugin.  I normally enable SYN & UDP scans on all ports as well. As always with UDP, it makes scans much longer. On top of that I find that Nessus UDP scanner is not as reliable as NMAP.  Next we configure credentials. We configure user/pass in "SSH Settings" on "Credentials" tab. Nessus supports only SSH for Cisco audits and requires a user with privileges sufficient to get a full output of "show running-config" or "show startup-c

Nessus is a great tool. However, out of the box it's kind of unclear how to go about scanning. There are over 40.000 plugins to choose from. Starting with 4.x default install comes with 4 predefined policies which give some kind of idea. I considered making the policies (.audit files) available but decided not to. They would get out-dated as new plug-ins are released. Instead I'll step through creating them in a series of posts. We should be aware that new plugins are not autmatically enabled. This means that if you create a policy and enable whole "Windows" family, you will have to go back and enable new plugins as they are released. There are a number of good youtube clips from Tenable on Nessus. http://www.youtube.com/user/tenablesecurity/videos?query=nessus

There are a few caveats to scanning Cisco switches with Nessus. First: I recommend scanning only specific management IP addresses of devices rather than network ranges. The reason for that is that someone could set up a rogue SSH server and intercept the credential you use for scanning. You  can export to the list of IPs from CiscoWorks or use NMAP scan and import result to Nessus. Second: Nessus supports only SSH authentication for Cisco devices.  Third: our policy will include checks for IOS, CatOS and Linksys devices. Fourth: Probably the most important one. You may be running version of IOS that has known vulnerabilities but your device may not be vulnerable. For example if there is a vulnerability in http server but your device doesn't have it enabled you are not vulnerable. Furthermore there are different feature sets of the same IOS version. You may be running "IP Base" set  which doesn't support MPLS but Nessus will show MPLS vulnerability. To perfor

To reset Nessus user password: 1. launch CMD 2. CD to Nessus installation directory (by default %systemdirve%\Program Files\Tenable\Nessus) 3. execute "nessus-chpasswd.ext [username]"  C:\Program Files\Tenable\Nessus>nessus-chpasswd.exe test Authentication (pass/cert) : [pass] Login password : Login password (again) : password changed for test