Him to be able to scan his own host only. Nessusd has a rules system which allows you to restrict the hosts Should this user be an administrator? (y/n) : y This script will now ask you for information to create SSL client certificates.ĭo you want to add admin to the Nessus serverĪs soon as their certificate is created? (y/n) : ~]# /opt/nessus/sbin/nessuscli mkcert-clientĬreation of the Nessus SSL Client Certificates Private key = /opt/nessus/var/nessus/CA/serverkey.pem Private key = /opt/nessus/var/nessus/CA/cakey.pemĬertificate = /opt/nessus/com/nessus/CA/servercert.pem Your server certificate was properly created.Ĭertificate = /opt/nessus/com/nessus/CA/cacert.pem Server certificate life time in days: 365Ĭongratulations. Your Nessus daemon will be able to retrieve this information. (everything stays local), but anyone with the ability to connect to Note that this information will *NOT* be sent to anybody This script will now ask you for information to create the SSL certificateįor Nessus. You’ll need to provide some information about the certificate along the way, in this example I simply accept the defaults. Now we need to create the key pair on the Nessus scanner server by running the below commands. Successfully set 'force_pubkey_auth' to 'yes'. ~]# /opt/nessus/sbin/nessuscli fix -set force_pubkey_auth=yes Next we need to tell Nessus that it should use public key authentication, as by default it will be using the standard password authentication which we don’t want. firewall-cmd -permanent -add-port=8834/tcpįor further information see our guide on firewalld which includes how to use rich rules to specify source and destination IP addresses. As we’re using CentOS 7 here our example below shows you how to open this port up in firewalld. yum install Nessus-6.8.1-es7.x86_64.rpm -yĮnsure Securit圜enter can connect to the Nessus scanner on TCP 8834, which is its default port. You can download the RPM through the Tenable website after you log in. This guide will show you how to add a Nessus scanner into Tenable’s Securit圜enter using certificate based authentication, rather than standard username and password authentication.įirst we need to install Nessus on the server that will act as our Nessus scanner.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |