Set up Nessus Scanner on AlmaLinux 8 with Best Steps

In this guide, we will walk you through the process to Set up Nessus Scanner on AlmaLinux 8. Nessus is an open-source network vulnerability scanner that leverages the Common Vulnerabilities and Exposures (CVE) architecture for seamless integration with other security tools. Nessus is a popular choice during vulnerability assessments and penetration testing, helping identify weaknesses that could be exploited by malicious actors. Essentially, Nessus checks systems for vulnerabilities that hackers could exploit.

Nessus operates by examining each port on a target system, identifying the service running on that port, and then testing the service for known vulnerabilities that could be leveraged to launch an attack.

Follow the steps below to Set up Nessus Scanner on AlmaLinux 8.

Before we begin, ensure you have the following prerequisites:

• An AlmaLinux 8 server.
• A non-root user with sudo privileges.
• A basic firewall configured. Refer to our guide on Initial Server Setup with AlmaLinux 8 for assistance with this.

1. Download Nessus for AlmaLinux 8

First, update your local package index using the following command:

sudo dnf update -y

Next, navigate to the Nessus Tenable Downloads page and download the latest installer using the curl command:

sudo curl --request GET 
  --url 'https://www.tenable.com/downloads/api/v2/pages/nessus/files/Nessus-10.5.1-es8.x86_64.rpm' 
  --output 'Nessus-10.5.1-es8.x86_64.rpm'

2. Install Nessus Tenable on AlmaLinux 8

Once the download is complete, install the Nessus scanner on your server with the following command:

sudo rpm -ivh Nessus-10.5.1-es8.x86_64.rpm

3. Manage Nessus Scanner Service

Now, start and enable the Nessus service using these commands:

# sudo systemctl start nessusd
# sudo systemctl enable nessusd

Verify that the Nessus scanner is active and running:

sudo systemctl status nessusd

Output:

● nessusd.service - The Nessus Vulnerability Scanner
   Loaded: loaded (/usr/lib/systemd/system/nessusd.service; enabled; vendor preset: disabled)
   Active: **active** (**running**) since Mon 2023-04-03 07:36:44 EDT; 14s ago
 Main PID: 48112 (nessus-service)
    Tasks: 13 (limit: 23668)
   Memory: 98.7M
   CGroup: /system.slice/nessusd.service
           └─48112 /opt/nessus/sbin/nessus-service -q
           └─48113 nessusd -q
...

4. Configure Firewall For Nessus

Assuming you have firewalld enabled, allow Nessus traffic through the firewall. Use the following command:

sudo firewall-cmd --zone=public --permanent --add-port 8834/tcp

Reload the firewall to apply the new rules:

sudo firewall-cmd --reload

5. Access Nessus Scanner Web Interface

Access the Nessus web interface by entering your server’s IP address followed by port 8834 in your web browser:

https://<server-ip>:8834

You will be greeted by the Nessus Scanner welcome page. Choose your desired Nessus product.

In this example, we’ll use Nessus Essentials – the free version designed for educators, students, and hobbyists.

Enter your information to register and receive an activation code from Nessus:

Enter the Nessus activation code you received and click continue.

Create a Nessus admin user and click submit.

Wait while Nessus prepares the files to scan your assets. Upon completion, you will see your Nessus Dashboard.

6. Create First Scan with Nessus on AlmaLinux 8

Now, let’s perform a scan of your AlmaLinux system for vulnerabilities using the Nessus web dashboard.

From your Nessus dashboard, click on My Scans and then Create a new scan.

Select a scan template. Here, we will use the Basic Network Scan template.

Enter a name and description for your scan, choose a folder for storing the scan results, and specify the target server’s IP address. Click Save to save the new scan.

From the My Scan page, you’ll see the scan you just created. Click the start button to initiate the scan.

That’s it! You have successfully performed your first scan.

Conclusion

Setting up Nessus Scanner on AlmaLinux 8 provides a valuable asset for identifying and mitigating security vulnerabilities. You have now learned how to Set up Nessus Scanner on AlmaLinux 8.

Alternative Solutions

While Nessus is a robust and widely used vulnerability scanner, other options exist. Here are two alternative solutions for vulnerability scanning on AlmaLinux 8:

1. OpenVAS (Greenbone Vulnerability Manager)

OpenVAS, now known as Greenbone Vulnerability Manager, is another powerful open-source vulnerability scanner. It offers a comprehensive suite of tools for vulnerability management, including vulnerability detection, reporting, and remediation.

Explanation:

OpenVAS is a framework of several services and tools. The core is the Greenbone Security Assistant (GSA), which provides a web interface for managing scans. The Greenbone Vulnerability Scanner (GVM) performs the actual vulnerability scans. OpenVAS uses a constantly updated feed of Network Vulnerability Tests (NVTs) to identify vulnerabilities.

Installation and Setup (Simplified):

1. Add the Greenbone repository:

   While the exact steps may vary depending on the Greenbone version, you’ll generally need to add a repository to your system. Refer to the official Greenbone documentation for the most up-to-date instructions. A common approach involves using dnf config-manager or manually creating a repository file.

2. Install OpenVAS:

   sudo dnf install openvas

3. Setup OpenVAS:

   sudo openvas-setup

   This process can take a considerable amount of time, as it downloads and configures the NVT feed.

4. Access the Web Interface:

   Once the setup is complete, access the Greenbone Security Assistant (GSA) web interface through your browser, typically on port 4000:

   https://<server-ip>:4000

5. Configure Firewall:

   sudo firewall-cmd --zone=public --permanent --add-port 4000/tcp
   sudo firewall-cmd --reload

Key Differences from Nessus:

• Open-Source Focus: OpenVAS is entirely open-source, while Nessus has a proprietary professional version with additional features.
• Community-Driven: OpenVAS relies heavily on its community for NVT updates.
• Complexity: OpenVAS can be more complex to set up and configure compared to Nessus.

2. Lynis

Lynis is a security auditing tool primarily focused on system hardening and compliance testing. While not a direct replacement for a vulnerability scanner like Nessus, it provides valuable insights into the security posture of your AlmaLinux 8 system.

Explanation:

Lynis performs a deep system audit by running numerous tests related to security best practices. It checks for vulnerable software packages, configuration issues, and other security weaknesses. It generates a detailed report with suggestions for improving system security.

Installation and Usage:

1. Install Lynis:

   sudo dnf install lynis

2. Run a System Audit:

   sudo lynis audit system

3. Review the Report:

   Lynis generates a detailed report in /var/log/lynis.log. Carefully review the report and implement the recommended security hardening measures.

Key Differences from Nessus:

• Focus: Lynis focuses on system hardening and compliance, while Nessus primarily identifies vulnerabilities in network services and applications.
• Methodology: Lynis uses a series of local checks, while Nessus performs network-based scans.
• Remediation: Lynis provides recommendations for improving security, but it doesn’t automatically remediate vulnerabilities.

Conclusion

While Nessus provides comprehensive vulnerability scanning capabilities, OpenVAS (Greenbone Vulnerability Manager) and Lynis offer alternative approaches to security assessment and hardening. OpenVAS provides a comparable open-source vulnerability scanning solution, while Lynis offers a system-centric approach to identifying security weaknesses and hardening your AlmaLinux 8 system. Choosing the right tool depends on your specific needs and security objectives. You can confidently Set up Nessus Scanner on AlmaLinux 8 using this guide.