Nessus Training Session 2 - Scanning and Reporting



Similar documents
Management Utilities Configuration for UAC Environments

Using SSH Secure Shell Client for FTP

Use the below instructions to configure your wireless settings to connect to the secure wireless network using Microsoft Windows Vista/7.

Windows Firewall Configuration with Group Policy for SyAM System Client Installation

IBM WebSphere Application Server Version 7.0

Integrating LANGuardian with Active Directory

Tool Tip. SyAM Management Utilities and Non-Admin Domain Users

User Manual - Help Utility Download MMPCT. (Mission Mode Project Commercial Taxes) User Manual Help-Utility

Installing and Configuring SQL Express 2008 R2 for Supply Chain Guru

QUANTIFY INSTALLATION GUIDE

Windows Firewall must be enabled on each host to allow Remote Administration. This option is not enabled by default

Freshservice Discovery Probe User Guide

Alpha High Level Description

Secret Server Installation Windows 8 / 8.1 and Windows Server 2012 / R2

Laboration 3 - Administration

How to Connect to Berkeley College Virtual Lab Using Windows

pcanywhere Advanced Configuration Guide

Fiery EX4112/4127. Printing from Windows

STATISTICA VERSION 10 STATISTICA ENTERPRISE SERVER INSTALLATION INSTRUCTIONS

Guide to the Configuration and Use of SFTP Clients for Uploading Digital Treatment Planning Data to IROC RI

Installing Windows Server Update Services (WSUS) on Windows Server 2012 R2 Essentials

SAS 9.3 Foundation for Microsoft Windows

Xerox EX Print Server, Powered by Fiery, for the Xerox 700 Digital Color Press. Printing from Windows

ATTENTION: End users should take note that Main Line Health has not verified within a Citrix

Windows XP Exchange Client Installation Instructions

Configuring WMI on Windows Vista and Windows Server 2008 for Application Performance Monitor

Scan to SMB(PC) Set up Guide

Windows Clients and GoPrint Print Queues

Guide to the Configuration and Use of SFTP Clients for Uploading Digital Treatment Planning Data to ITC

Outlook Plugin. What is MangoApps for Outlook?

SSH with private/public key authentication

Creating Home Directories for Windows and Macintosh Computers

Video Administration Backup and Restore Procedures

Troubleshooting Guide

Migrating MSDE to Microsoft SQL 2008 R2 Express

Application Note. ShoreTel 9: Active Directory Integration. Integration checklist. AN June 2009

Autograph 3.3 Network Installation

Setup non-admin user to query Domain Controller event log for Windows2003

TestElite - Troubleshooting

Windows 7 Hula POS Server Installation Guide

Step One: Installing Rsnapshot and Configuring SSH Keys

ProjectWise Mobile Access Server, Product Preview v1.1

Secret Server Installation Windows Server 2008 R2

ECA IIS Instructions. January 2005

Advanced Event Viewer Manual

Creating and Issuing the Workstation Authentication Certificate Template on the Certification Authority

EVENT LOG MANAGEMENT...

MATLAB on EC2 Instructions Guide

Configuration of Microsoft Time Server

Copyright 2011 DataNet Quality Systems. All rights reserved. Printed in U.S.A. WinSPC is a registered trademarks of DataNet Quality Systems.

Team Foundation Server 2013 Installation Guide

Appendix E. Captioning Manager system requirements. Installing the Captioning Manager

2 Working with a Desktop GeoDatabase

5.6.3 Lab: Registry Backup and Recovery in Windows XP

XStream Remote Control: Configuring DCOM Connectivity

VPS Remote Computing. Connecting to a Windows Server for the first time. 1 Your Server has been installed. 2 Finding the login details for your Server

IIS, FTP Server and Windows

Unifying Information Security. Implementing TLS on the CLEARSWIFT SECURE Gateway

Secure Shell. The Protocol

ms-help://ms.technet.2005mar.1033/security/tnoffline/security/smbiz/winxp/fwgrppol...

Aspera Connect User Guide

AT&T Global Network Client v6.8.0 and Passport IP Setup Instructions for Broadband VPN Access

JMC Next Generation Web-based Server Install and Setup

2. Using Notepad, create a file called c:\demote.txt containing the following information:

Contents. VPN Instructions. VPN Instructions... 1

ACTIVE DIRECTORY DEPLOYMENT

TAMUS Terminal Server Setup BPP SQL/Alva

Installation Instruction STATISTICA Enterprise Server

DriveLock Quick Start Guide

AzMERIT Secure Browser Installation Manual For Technology Coordinators

CONFIGURING TARGET ACTIVE DIRECTORY DOMAIN FOR AUDIT BY NETWRIX AUDITOR

1. Navigate to Control Panel and click on User Accounts and Family Safety. 2. Click on User Accounts

NovaBACKUP xsp Version 12.2 Upgrade Guide

SSH. Introduction. SSH Private Key

Connecting to Delta College Exchange services off-campus

NetBeat NAC Version 9.2 Build 4 Release Notes

Centralized Mac Home Directories On Windows Servers: Using Windows To Serve The Mac

Sophos Anti-Virus for NetApp Storage Systems startup guide

Clearswift Information Governance

Installation Logon Recording Basis. By AD Logon Name AD Logon Name(recommended) By Windows Logon Name IP Address

VERITAS Backup Exec 9.1 for Windows Servers Quick Installation Guide

Web Sites, Virtual Machines, Service Management Portal and Service Management API Beta Installation Guide

If you prefer to use your own SSH client, configure NG Admin with the path to the executable:

1. Set Daylight Savings Time Create Migrator Account Assign Migrator Account to Administrator group... 4

Linux Development Environment Description Based on VirtualBox Structure

Secure Agent Quick Start for Windows

STATISTICA VERSION 9 STATISTICA ENTERPRISE INSTALLATION INSTRUCTIONS FOR USE WITH TERMINAL SERVER

Using etoken for Securing s Using Outlook and Outlook Express

How To Upgrade Your Microsoft SQL Server for Accounting CS Version

DESLock+ Basic Setup Guide Version 1.20, rev: June 9th 2014

Enabling Backups for Windows and MAC OS X

TSM for Windows Installation Instructions: Download the latest TSM Client Using the following link:

Installing and Configuring WhatsUp Gold

Server Installation: ServerTools

Citrix Client Installation

Important Notes for WinConnect Server VS Software Installation:

Core Protection for Virtual Machines 1

Remote Terminal Service (RTS) User Guide (Version 2.1)

SQL Server Setup for Assistant/Pro applications Compliance Information Systems

NetWrix Password Manager. Quick Start Guide

Transcription:

Nessus Training Session 2 - Scanning and Reporting Prepared by Ramsey Dow <ramsey@casaba.com> for NWACC Contents Configuring Ubuntu for Authenticated Scanning Configuring Windows for Authenticated Scanning Configuring Ubuntu for Authenticated Scanning Install OpenSSH server Nessus will perform authenticated checks over an SSH connection, so you must be running sshd. sudo apt-get -y install openssh-server Now let s update the SSH server s configuration. Specifically, we are going to disable remote root logins and enable authorized key files for public key login. sudo vim /etc/ssh/sshd_config The following regular expressions will change a specific yes to a no and uncomment the line that begins with #AuthorizedKeysFiles. If typing regular expressions is too painful for you, feel free to use the arrow keys to move to the specific lines and make the changes yourself. :%s/rootlogin yes/rootlogin no :%s/^#authorized/authorized Write the file back to disk and exit. :wq

Restart the SSH server. sudo service ssh restart Create Nessus user sudo adduser --shell /bin/bash --gecos Nessus --home /home/nessus nessus sudo usermod -a -G staff,sudo nessus sudo chmod 0770 /home/nessus sudo visudo Add the following line to the User privilege specification: nessus ALL=(ALL:ALL) ALL Our nessus user needs the same level of privileges as the root user. Save the file to disk and exit. :wq Logout of your user account. Now login as the nessus user. Create the.ssh directory. mkdir.ssh chmod 0700.ssh Create an SSH key pair for the nessus user. cd.ssh ssh-keygen -C 'Nessus auditing key' -t rsa -b 2048 -f nessus_rsa

Be sure to supply a strong password to protect the private key from theft. Copy the public key to ~/.ssh/authorized_keys to permit logins over the network. cp nessus_rsa.pub authorized_keys chmod 0600 authorized_keys You need to copy both keys, public and private, to your Nessus server. I show how to do this in the Scanning handout. You can log out of the nessus account now. Testing ssh with your public key You might wish to test out ssh using your new public key. I tend to do this when setting up new servers to ensure that everything is working as expected. When failures occur I like to have already ruled out as many common cases as possible. First, change your working path to your.ssh directory: cd ~/.ssh If you don t have a ~/.ssh directory then create it manually: mkdir ~/.ssh chmod 0700 ~/.ssh Once you ve changed your working directory to ~/.ssh you can download your keys from the remote Nessus server. Fetch the public key first: scp nessus@nessus_server:.ssh/nessus_rsa.pub. Replace NESSUS_SERVER with the address of the Nessus scan server. Enter your password when prompted. Now fetch the private key. We ll use a shell trick to save some typing:

^.pub^ This simply takes the previous command, removes the.pub from the end, and executes the rest. It s as if we typed scp user@remote_host:.ssh/nessus_rsa. Now that you have downloaded your keys you can test them out. ssh -i ~/.ssh/nessus_rsa nessus@10.0.1.125 id With any luck you will be prompted for the nessus password. Once that s been successfully entered you should see the user and group names and numeric ID associated with the nessus account, e.g.: uid=1001(nessus) gid=1001(nessus) groups=1001(nessus),27(sudo),50(staff) Configuring Windows for Authenticated Scanning Create Nessus user These steps illustrate how to create a standalone user for Nessus auditing. In a domain environment you will want to create a domain user instead. Instructions for this process are documented under Configuring a Domain Account for Authenticated Scanning in the Nessus Credential Checks for Unix and Windows guide. Click Start > Administrative Tools Double-click Computer Management Expand Local Users and Groups Select Users Right-click and select New User Enter Nessus as the User name Enter Nessus auditing account as the Description Enter a strong password Uncheck the User must change password at next logon checkbox Click the Create button Now you need to add the Nessus user to the Local Administrators group.

Right-click on the Nessus user and select Properties Click on the Member Of tab Enter administrators in the text field and click the Check Names button Click the OK button Verify System Configuration This is set by default in Server 2012 R2, but it is important that this be configured appropriately. So we will check it as a matter of course. Run the Group Policy Object Editor. Type Windows-R to bring up the Run dialog Enter gpedit.msc and click the OK button Expand Windows Settings under Computer Configuration Expand Security Settings Expand Local Policies Select Security Options Verify that Network access: Sharing and security model for local accounts is set to Classic - Local users authenticate as themselves. The next steps apply to Windows versions from Vista onward. First, we must enable File and Printer Sharing under Windows Firewall. Click Start > Control Panel Double-click on Windows Firewall Click on Allow an app or feature through Windows Firewall Click the File and Printer Sharing checkbox Click the OK button Next we need to make some additional configuration changes using the Group Policy Object Editor. Type Windows-R to bring up the Run dialog Enter gpedit.msc and click the OK button Expand Administrative Templates under Computer Configuration Expand Network Expand Network Connections Expand Windows Firewall Select Standard Profile Double-click on Windows Firewall : Allow inbound file and printer exception

Click on the Enabled radio button to enable this setting Click the OK button Let s check one more setting while still in the Group Policy Object Editor. Select Administrative Templates > Network > Network Connections Verify that Prohibit use of Internet connection firewall on your DNS domain is either Disabled or Not Configured. The Remote Registry service must be enabled. It is set to Automatic by default in Server 2012 R2. Authenticated scanning require it to be set to either Automatic or Manual, not Disabled. Click Start > Administrative Tools Double-click Services Verify that Remote Registry is not set to Disabled If it is set it to either Automatic or Manual If set to Manual, Nessus can enable the service just for the duration of the scan using plugin IDs 42897 and 42898. For Server 2012 R2 we can leave the default setting as is. Finally, we need to address UAC. You can disable it, but that is not recommended, Instead we need a way to manage it in the context of remote logins. Luckily, Microsoft has provided a solution for us. Type Windows-R to bring up the Run dialog Enter regedit and click the OK button Navigate to HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\system Create a new REG_DWORD key with the name LocalAccountTokenFilterPolicy Set its value to decimal 1 Basically, we are toggling UAC for local accounts. Refer to UAC and Remote logon http://blogs.msdn.com/b/vistacompatteam/archive/2006/09/22/766945.aspx for additional details.

Configure Scan Policy with Windows Credentials Login to your Nessus server using an administrator account and follow these steps to add Windows credentials to a scan policy. Click on the Policies button Click on the policy you wish to add credentials to Click on the Credentials tab Windows credentials come up as the default view Enter the user name and password in the SMB account and SMB password fields, respectively Click the Update button and you should be good to go Now scans run using this policy will be able to execute commands directly on the remote server.

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information