GNU/Linux Desktop Survival Guide
by Graham Williams
Checking Security with Nessus
The nessus package is an excellent package for checking known security problems. Install on one machine both nessus (the client) and nessusd (the server).
For nessusd you need to create a user account using nessusd-adduser. One suggestion is to simply create a user with the same name as your user account (e.g., kayon). Then start the daemon (server) with:
# nessusd -D
Note that this daemon is not automatically run within the /etc/init.d framework.
As a user start up the nessus client and login with your user name. Go to the Target selection tab and type in a list of hosts you wish to check, comma separated. If you want to test all machine on your network, try something like 188.8.131.52/24.
After you click Start the scan the checking is initiated. Eventually a report will be presented. You can save the report in various formats, including LATEX.
The testing is extensive and the report provides suggestions for eliminating security holes.
Copyright © 1995-2006 Graham.Williams@togaware.com