Solaris8安装Nessus软件详细过程

软件简介
Nessus是一款可以运行在Linux、BSD、Solaris以及其他一些系统上的远程安全扫描软件。它是多线程、基于插入式的软件，拥有很好的GTK界面，能够完成超过1200项的远程安全检查，具有强大的报告输出能力，可以产生HTML、XML、LaTeX和ASCII文本等格式的安全报告，并且会为每一个发现的安全问题提出解决建议。

本人声明如需转载请保留如下信息：
作者：??SOLARIS小兵
MAIL：?solarisxb@hotmail.com
FROM:?WWW.CHINAUNIX.NET?
一、系统环境：
1、系统硬件：SUN F280 solaris8
2、操作系统：＃uname －a
　SunOS db1 5.8 Generic_117350-02 sun4u sparc SUNW,Sun-Fire-280R
二、 Solaris必须下载安装的软件：  
glib-1.2.10-sol8-sparc-local
gtk+-1.2.10-sol8-sparc-local
gtk-2.2.4-sol8-sparc-local      
nessus-installer.sh
atk-1.2.4-sol8-sparc-local      
libgcc-3.4.1-sol8-sparc-local   
nessus-libraries-2.1.2.tar
bash-3.0-sol8-sparc-local       
libiconv-1.8-sol8-sparc-local   
nessus-plugins-2.1.2.tar
bison-1.875d-sol8-sparc-local              
egcs-20000306-sol8-sparc-local  
m4-1.4.2-sol8-sparc-local       
flex-2.5.31-sol8-sparc-local    
make-3.80-sol8-sparc-local      
openssl-0.9.7d-sol8-sparc-local
gcc-3.4.1-sol8-sparc-local      
md5-6142000-sol8-sparc-local    
pango-1.2.5-sol8-sparc-local
说明：上面的软件包一定要装全。
下载地址：http://www.sunfreeware.com/
安装命令：pkgadd –d
三、 Nessus软件包
1、 软件下载：
软件最新版本：nessus-2.1.2
下载地址http://ftp.nessus.org/nessus/nessus-2.1.2/src
2、 软件自动安装脚本：
 自动安装脚本：nessus-installer.sh
   http://ftp.nessus.org/nessus/nessus-2.1.2/nessus-installer/nessus-installer.sh
nessus-installer.sh?,非常非常容易安装失败！还是安装四个.gz的文件，自己编译吧！
3、 软件包介绍：
nessus-core-2.1.2.tar.gz      
nessus-plugins-2.1.2.tar.gz
libnasl-2.1.2.tar.gz          
nessus-libraries-2.1.2.tar.gz
 3、软件库更新：
  all-2.0.tar     
  下载地址：http://www.nessus.org/nasl/all-2.0.tar.gz
  解压到目录：/usr/local/lib/nessus/plugins
四、Nessus软件安装：
注意：
1） 安装软件包必须用下面的顺序来编译安装。
2） 环境变量一定要设置,很重要：vi /etc/profile
PATH=$ORACLE_HOME/bin:/usr/bin:/etc:/usr/local/bin:/usr/ccs/bin:/usr/openwin/bin:/usr/sbin:$PATH
export PATH
LD_LIBRARY_PATH=$LD_LIBRARY_PATH:/usr/local/lib:/usr/local/ssl/lib/:.
export LD_LIBRARY_PATH
1. nessus-libraries软件
1) 安装命令：./configure  && make && make install
2) 成功标志
--------------------------------------------------------------
 nessus-libraries has been sucessfully installed.
 Make sure that /usr/local/bin is in your PATH before you
 continue
 --------------------------------------------------------------
2. 安装libnasl-0.99.1.tar.gz
1） 安装命令：./configure  && make && make install
2） 成功标志
--------------------------------------------------------------
 libnasl has been sucessfully installed.
 Make sure that /usr/local/bin is in your PATH before you
 continue
 --------------------------------------------------------------
3） 报错问题解决:
-lrpcsvc  `/usr/local/bin/nessus-config --libs`
未定义                  文件中的
 符号                       在文件中
pcap_parse                          /usr/local/lib/libpcap-nessus.so
ld: 致命的: 符号参照错误. 没有输出被写入nasl
collect2: ld returned 1 exit status
make[1]: *** [nasl] Error 1
make[1]: Leaving directory `/export/home/soft/nessus/libnasl/nasl'
make: *** [all] Error 2
报错原因：
系统编译时没有安装flexl软件，报错后，安装以后编译，问题还是存在。必须重新编译nessus-libraries以后，在编译libnasl-0.99.1成功。
3. 安装nessus-core-0.99.1.tar.gz
1） 安装命令：./configure  && make && make install
2） 成功标志
--------------------------------------------------------------
 nessus-core has been sucessfully installed.
 Make sure that /usr/local/bin and /usr/local/sbin are in your PATH before
 you continue.
 nessusd has been installed into /usr/local/sbin
 --------------------------------------------------------------

3） 报错问题解决
  make[1]: *** [xstuff.o] Error 1
make[1]: Leaving directory `/export/home/soft/nessus/nessus-core/nessus'
make: *** [client] Error 2
解决办法：
卸载glib-2.2.3-sol8-sparc-local，SMCglib包，必须安装glib-1.2.10-sol8-sparc-local是因为gtk+-1.2.10-sol8-sparc-local.gz必须需要。
4. nessus-plugins-2.1.2.tar
1） 安装命令：./configure  && make && make install
2） 成功标志
    ./install-sh -c -m 755 pf/nessus-build /usr/local/bin/

 Nessus软件的安装结束。
五、Nessus软件使用：
 1、创建用户：
  # /usr/local/sbin/nessus-adduser
  用户名：1234 密码：root
　　2、软件配置文件：
　　 配置文件：/usr/local/etc/nessus/nessusd.conf
　　 注意：最好不要手动修改这个配置文件
　　3、软件启动
　　 启动服务端：nessusd –D
　　 
　　可能出现的报错信息:
　　 # nessusd -D
　　# *** 'ca_file' is not set - did you run nessus-mkcert ?
　　解决方法：
　　# nessus-mkcert -q
　　/usr/local/var/nessus/CA created
　　/usr/local/com/nessus/CA created
 4、软件使用
  在solaris启动图形界面
  /usr/local/bin/nessus &
启动界面如下:

确定扫描目标:

配置选择Plug-in插件来进行相应的安全扫描：插件不宜选择太多，占用资源很厉害！

开始扫描：下图可以看出扫描的进度。

扫描结果可以多种格式的文件：

六、问题：
　　1、nessus软件的客户端软件没有试验成功，现在只能在sun 服务器上运行，比较麻烦。
　　2、nessus-update-plugins软件现在不能实现自动更新。
　　对于以上问题希望有人能够补充一下。
七、Nessus扫描结果分析。
 扫描结果分析：
 1、2个安全漏洞被发现
  关于oracle 1521 ，已经给出详细的解决方法。
 2、5个安全warnings被发现：
　　安全警告：telnet 23、http 80、msg 1421（本扫描软件）、X11 6000、xdmcp (177/udp)
　　给出一定的解决方法！
 3、系统基本服务信息：

Nessus Scan Report
This report gives details on hosts that were tested and issues that were found. Please follow the recommended steps and procedures to eradicate these threats.

Scan Details
Hosts which were alive and responding during test
1
Number of security holes found
2
Number of security warnings found
5

Host List
Host(s)
Possible Issue
10.10.10.2
Security hole(s) found

Analysis of Host
Address of Host
Port/Service
Issue regarding Port
10.10.10.2
ftp (21/tcp)
Security notes found
10.10.10.2
ssh (22/tcp)
Security notes found
10.10.10.2
telnet (23/tcp)
Security warning(s) found
10.10.10.2
http (80/tcp)
Security warning(s) found
10.10.10.2
sunrpc (111/tcp)
No Information
10.10.10.2
msg (1241/tcp)
Security warning(s) found
10.10.10.2
ncube-lm (1521/tcp)
Security hole found
10.10.10.2
unknown (2481/tcp)
No Information
10.10.10.2
X11 (6000/tcp)
Security warning(s) found
10.10.10.2
xdmcp (177/udp)
Security warning(s) found
10.10.10.2
general/tcp
Security notes found

Security Issues and Fixes: 10.10.10.2
Type
Port
Issue and Fix
Informational
ftp (21/tcp)
An FTP server is running on this port.
Here is its banner :
220 node-db1 FTP server (SunOS 5.8) ready.
Nessus ID : 10330
Informational
ftp (21/tcp)
Remote FTP server banner :
220 node-db1 FTP server (SunOS 5.8) ready.
Nessus ID : 10092
Informational
ftp (21/tcp)
Remote FTP server banner :
220 node-db1 FTP server (SunOS 5.8) ready.
Nessus ID : 10092
Informational
ssh (22/tcp)
An unknown service is running on this port.
It is usually reserved for SSH
Nessus ID : 10330
Informational
ssh (22/tcp)
Remote SSH version : SSH-2.0-3.2.5 SSH Secure Shell (non-commercial)

Nessus ID : 10267
Informational
ssh (22/tcp)
The remote SSH daemon supports the following versions of the
SSH protocol :
. 1.99
. 2.0
SSHv2 host key fingerprint : d4:1d:8c:d9:8f:00:b2:04:e9:80:09:98:ec:f8:42:7e
Nessus ID : 10881
Informational
ssh (22/tcp)
An unknown service runs on this port.
It is sometimes opened by this/these Trojan horse(s):
Adore sshd
Shaft
Unless you know for sure what is behind it, you'd better
check your system
*** Anyway, don't panic, Nessus only found an open port. It may
*** have been dynamically allocated to some service (RPC...)
Solution: if a trojan horse is running, run a good antivirus scanner
Risk factor : Low
Nessus ID : 11157
Warning
telnet (23/tcp)
The Telnet service is running.
This service is dangerous in the sense that it is not ciphered - that is,
everyone can sniff the data that passes between the telnet client
and the telnet server. This includes logins and passwords.
Solution:
If you are running a Unix-type system, OpenSSH can be used instead of telnet.
For Unix systems, you can comment out the 'telnet' line in /etc/inetd.conf.
For Unix systems which use xinetd, you will need to modify the telnet services
file in the /etc/xinetd.d folder. After making any changes to xinetd or
inetd configuration files, you must restart the service in order for the
changes to take affect.
In addition, many different router and switch manufacturers support SSH as a
telnet replacement. You should contact your vendor for a solution which uses
an encrypted session.
Risk factor : Low
CVE : CAN-1999-0619
Nessus ID : 10280
Informational
telnet (23/tcp)
A telnet server seems to be running on this port
Nessus ID : 10330
Informational
telnet (23/tcp)
Remote telnet banner :
SunOS 5.8
Nessus ID : 10281
Warning
http (80/tcp)
Your webserver supports the TRACE and/or TRACK methods. TRACE and TRACK
are HTTP methods which are used to debug web server connections.
It has been shown that servers supporting this method are subject
to cross-site-scripting attacks, dubbed XST for
"Cross-Site-Tracing", when used in conjunction with
various weaknesses in browsers.
An attacker may use this flaw to trick your
legitimate web users to give him their
credentials.
Solution: Disable these methods.
If you are using Apache, add the following lines for each virtual
host in your configuration file :

RewriteEngine on
RewriteCond % ^(TRACE|TRACK)
RewriteRule .* - [F]
If you are using Microsoft IIS, use the URLScan tool to deny HTTP TRACE
requests or to permit only the methods needed to meet site requirements
and policy.
If you are using Sun ONE Web Server releases 6.0 SP2 and later, add the
following to the default object section in obj.conf:
<Client method="TRACE">
AuthTrans fn="set-variable"
remove-headers="transfer-encoding"
set-headers="content-length: -1"
error="501"
</Client>
If you are using Sun ONE Web Server releases 6.0 SP2 or below, compile
the NSAPI plugin located at:
http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert%2F50603
See http://www.whitehatsec.com/press_releases/WH-PR-20030120.pdf
http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0035.html
http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert%2F50603
http://www.kb.cert.org/vuls/id/867593
Risk factor : Medium
Nessus ID : 11213
Informational
http (80/tcp)
A web server is running on this port
Nessus ID : 10330
Informational
http (80/tcp)
The following directories were discovered:
/help, /images
While this is not, in and of itself, a bug, you should manually inspect
these directories to ensure that they are in compliance with company
security standards
Nessus ID : 11032
Informational
http (80/tcp)
The remote web server type is :
WebLogic XMLX Module 8.1 SP1 Fri Jun 20 23:06:40 PDT 2003 271009 with
Solution : We recommend that you configure (if possible) your web server to return
a bogus Server header in order to not leak information.
Nessus ID : 10107
Warning
msg (1241/tcp)
A Nessus Daemon is listening on this port.
Nessus ID : 10147
Informational
msg (1241/tcp)
A TLSv1 server answered on this port
Nessus ID : 10330
Informational
msg (1241/tcp)
Here is the TLSv1 server certificate:
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 1 (0x1)
Signature Algorithm: md5WithRSAEncryption
Issuer: C=FR, ST=none, L=Paris, O=Nessus Users United, OU=Certification Authority for node-db1, CN=node-db1/emailAddress=ca@node-db1
Validity
Not Before: Sep 21 03:58:51 2004 GMT
Not After : Sep 21 03:58:51 2005 GMT
Subject: C=FR, ST=none, L=Paris, O=Nessus Users United, OU=Server certificate for node-db1, CN=node-db1/emailAddress=nessusd@node-db1
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public Key: (1024 bit)
Modulus (1024 bit):
00:b7:bd:8f:cd:f4:9c:4a:b1:46:18:1c:40:03:0c:
8a:56:d5:a1:4c:6b:a3:b2:ba:20:0b:d8:71:2c:7a:
0c:51:cd:ef:36:19:e8:56:92:a0:d8:70:ad:0a:ec:
ef:04:f1:c6:a6:6e:a5:60:43:5e:ae:a6:f5:d9:4b:
95:58:3e:19:a2:79:a6:25:62:75:c6:cb:6f:4d:ef:
39:20:e9:8e:a9:17:31:f6:07:1b:7a:98:89:a9:69:
9b:2b:37:af:1e:e2:0d:ec:cc:4e:88:06:b9:f5:70:
42:70:d9:2c:52:7f:cf:12:00:9d:03:f9:2e:30:4d:
14:c0:77:c0:2b:5b:0b:89:eb
Exponent: 65537 (0x10001)
X509v3 extensions:
Netscape Cert Type:
SSL Server
X509v3 Key Usage:
Digital Signature, Non Repudiation, Key Encipherment
Netscape Comment:
OpenSSL Generated Certificate
X509v3 Subject Key Identifier:
F0:F1:9F:6D:D6:AF:3C:94:2F:D8:55:4A:4A:59:BA:69:2A:6E:34:C3
X509v3 Authority Key Identifier:
keyid:BC:11:21:9C:3F:41:2A:38:21:B2:4A:17:83:86:F2:64:C8:08:0E:99
DirName:/C=FR/ST=none/L=Paris/O=Nessus Users United/OU=Certification Authority for node-db1/CN=node-db1/emailAddress=ca@node-db1
serial:00
X509v3 Subject Alternative Name:
email:nessusd@node-db1
X509v3 Issuer Alternative Name:
<EMPTY>
Signature Algorithm: md5WithRSAEncryption
4d:fe:be:86:c0:54:58:8b:c4:ac:14:a7:77:63:da:c0:b4:94:
d1:ee:54:82:47:14:83:24:d5:43:80:a1:7e:43:b0:a0:71:48:
8c:ad:eb:df:93:37:69:66:53:67:ff:5b:7b:e4:fe:4a:ee:a0:
95:6d:28:ea:56:7c:1e:e2:6e:26:ef:6e:d5:1e:87:6b:86:ef:
ad:09:91:c4:a6:4f:24:c1:c0:4a:2e:2f:13:dd:49:63:e6:83:
91:7c:c2:e1:9d:c3:b9:59:39:69:2c:28:93:0f:6a:ff:61:23:
d6:65:10:24:6c:84:5a:5b:09:3d:81:f1:fb:12:9d:e2:be:b6:
98:e5
This TLSv1 server does not accept SSLv2 connections.
This TLSv1 server does not accept SSLv3 connections.

Nessus ID : 10863
Vulnerability
ncube-lm (1521/tcp)

The remote Oracle Database, according to its version number,
is vulnerable to a buffer overflow in the query CREATE DATABASE LINK.

An attacker with a database account may use this flaw to gain the control
on the whole database, or even to obtain a shell on this host.

Solution : See http://otn.oracle.com/deploy/security/pdf/2003alert54.pdf
Risk Factor : High
CVE : CAN-2003-0222
BID : 7453
Nessus ID : 11563
Vulnerability
ncube-lm (1521/tcp)
The remote Oracle tnslsnr has no password assigned.
An attacker may use this fact to shut it down arbitrarily,
thus preventing legitimate users from using it properly.

Solution: use the lsnrctrl SET PASSWORD command to assign a password to, the tnslsnr.
Risk factor : Serious
Nessus ID : 10660
Informational
ncube-lm (1521/tcp)
This host is running the Oracle tnslsnr: TNSLSNR for Solaris: Version 8.1.7.0.0 - Production
TNS for Solaris: Version 8.1.7.0.0 - Production
Oracle Bequeath NT Protocol Adapter for Solaris: Version 8.1.7.0.0 - Production
Unix Domain Socket IPC NT Protocol Adaptor for Solaris: Version 8.1.7.0.0 - Production
TCP/IP NT Protocol Adapter for Solaris: Version 8.1.7.0.0 - Production,,
CVE : CVE-2000-0818
BID : 1853
Nessus ID : 10658
Warning
X11 (6000/tcp)
This X server does *not* allow any client to connect to it
however it is recommended that you filter incoming connections
to this port as attacker may send garbage data and slow down
your X session or even kill the server.

Here is the server version : 11.0
Here is the message we received : Client is not authorized

Solution : filter incoming connections to ports 6000-6009
Risk factor : Low
CVE : CVE-1999-0526
Nessus ID : 10407
Warning
xdmcp (177/udp)

The remote host is running XDMCP.

This protocol is used to provide X display connections for
X terminals. XDMCP is completely insecure, since the traffic and
passwords are not encrypted.

An attacker may use this flaw to capture all the keystrokes of
the users using this host through their X terminal, including
passwords.

Risk factor : Medium
Solution : Disable XDMCP
Nessus ID : 10891
Informational
general/tcp
10.10.10.2 resolves as node-db1.
Nessus ID : 12053