CentOS Docker环境部署Nessus

操作系统版本:CentOS Linux release 7.9.2009 (Core)
Docker版本:Docker version 20.10.12, build e91ed57
Nessus版本: 8.12.1 (#253) LINUX
虚拟CPU:4 虚拟内存:5G 虚拟硬盘:50G

部署Nessus

搜索nessus相关镜像

sudo docker search nessus

pull nessus镜像

sudo docker pull heldocker233/nessus8:v2

启动docker镜像

sudo docker run -it -d -p8834:8834 --name nessus heldocker233/nessus8:v2

进入nessus容器

sudo docker exec -it nessus bash

启动nessus服务

service nessusd start

访问nessus界面

https://localhost:8834

用户名和口令内置

username:Nessus
password:Nessus

更新插件库

直接下载all-2.0.tar.gz,可直接从我发布的资源或其他资源下载nessus-plugin-202101042100nessus-plugin-202203281503

或从官方下载插件库https://plugins.nessus.org/v2/nessus.php?f=all-2.0.tar.gz&u=b7c8fd8c693142a5fea4c400762589d8&p=00f458bcdc35499653758b1bf24f5bc2

正常访问插件下载地址并获取激活码的方式详见“官方插件库和激活码”章节

从本地复制文件至Docker宿主机

scp C:\Users\Downloads\nessus-plugin-202101042100\all-2.0.tar.gz root@127.0.0.1:/usr/local

从Docker宿主机复制文件到Docker容器

sudo docker cp /usr/local/all-2.0.tar.gz nessus:/usr/local/

Docker容器中更新插件库

sudo docker exec -it nessus bash
cd /usr/local
/opt/nessus/sbin/nessuscli update all-2.0.tar.gz
root@7ab1992f41aa:/usr/local# /opt/nessus/sbin/nessuscli update all-2.0.tar.gz
[Wed Apr 13 06:43:17 2022][142.1] Warning -- could not open /usr/share/zoneinfo. Set the NESSUS_TZ_DIR env. variable

[info] Copying templates version 202101042100 to /opt/nessus/var/nessus/templates/tmp
[info] Finished copying templates.
[info] Moved new templates with version 202101042100 from plugins dir.
 * Update successful.  The changes will be automatically processed by Nessus.

重启Nessus服务

service nessusd restart

访问Nessus

https://localhost:8834

需要放置加载

dockers 部署Nexus并持久化数据 docker nessus_安全

静静等待后登录查看状态和插件库

dockers 部署Nexus并持久化数据 docker nessus_docker_02


备份plugins插件库

rm -rf /plugins
cp -r /opt/nessus/lib/nessus/plugins/ /

查看plugins插件库复制是否成功

du -h /plugins/

修改限制

nessus初始化完成后Hosts显示为"0 of 16 used”,修改其限制

docker exec -it nessus /bin/bash

查看plugins插件库复制是否成功,若不成功则重新复制

du -h /plugins/

备份plugins插件库

rm -rf /plugins
cp -r /opt/nessus/lib/nessus/plugins/ /

查看plugins插件库复制是否成功,若不成功则重新复制

du -h /plugins/
root@deb94ddc090c:~# du -h /plugins/
1.2G    /plugins/

查看plugin_feed_info.inc原内容

find / -name "plugin_feed_info.inc"
root@deb94ddc090c:~# find / -name "plugin_feed_info.inc"
/opt/nessus/lib/nessus/plugins/plugin_feed_info.inc
/opt/nessus/var/nessus/plugin_feed_info.inc
root@deb94ddc090c:~# more /opt/nessus/lib/nessus/plugins/plugin_feed_info.inc
PLUGIN_SET = "202101080839";
PLUGIN_FEED = "HomeFeed (Non-commercial use only)";
root@deb94ddc090c:~# more /opt/nessus/var/nessus/plugin_feed_info.inc
PLUGIN_SET = "202101080839";
PLUGIN_FEED = "HomeFeed (Non-commercial use only)";

备份plugin_feed_info.inc

mkdir /pluginsinc
cp /opt/nessus/lib/nessus/plugins/plugin_feed_info.inc /pluginsinc/plugin_feed_info.inc.libinc
cp /opt/nessus/var/nessus/plugin_feed_info.inc /pluginsinc/plugin_feed_info.inc.varinc

将plugin_feed_info.inc内容修改为专业版,PLUGIN_SET序号号为Policy Template Version=202101042100或其后序号

vi /pluginsinc/plugin_feed_info.inc
PLUGIN_SET = "202101080839";
PLUGIN_FEED = "ProfessionalFeed (Direct)";
PLUGIN_FEED_TRANSPORT = "Tenable Network Security Lightning";
service nessusd stop
rm -f /opt/nessus/lib/nessus/plugins/plugin_feed_info.inc
cp /pluginsinc/plugin_feed_info.inc /opt/nessus/var/nessus/plugin_feed_info.inc

重启Nessus服务

service nessusd start

查看状态

du -h /opt/nessus/lib/nessus/plugins/
more /opt/nessus/lib/nessus/plugins/plugin_feed_info.inc
more /opt/nessus/var/nessus/plugin_feed_info.inc

访问Nessus并更新规则库,此过程特慢需放置等待

https://localhost:8834

Hosts位置由0~16变为Unlimited,且保留插件库

dockers 部署Nexus并持久化数据 docker nessus_centos_03


dockers 部署Nexus并持久化数据 docker nessus_Docker_04

尝试扫描预置漏洞主机分析是否能够正常扫描漏洞

查看状态

du -h /opt/nessus/lib/nessus/plugins/
more /opt/nessus/lib/nessus/plugins/plugin_feed_info.inc
more /opt/nessus/var/nessus/plugin_feed_info.inc

若状态异常则执行以下操作

rm -rf /opt/nessus/lib/nessus/plugins/
cp -r /plugins /opt/nessus/lib/nessus/
service nessusd stop
rm -f /opt/nessus/lib/nessus/plugins/plugin_feed_info.inc
cp /pluginsinc/plugin_feed_info.inc /opt/nessus/var/nessus/plugin_feed_info.inc
service nessusd start

启动重置

因服务重启时unlimited失效,根据状态异常操作步骤重新操作,编写nessus_start.sh代替service nessusd start,因为命令执行过程较长且Nessus需要重新加载插件,启动过程慢是正常现象

vi /root/nessus_start.sh
#!/bin/bash
rm -rf /opt/nessus/lib/nessus/plugins/
cp -r /plugins /opt/nessus/lib/nessus/
service nessusd stop
rm -f /opt/nessus/lib/nessus/plugins/plugin_feed_info.inc
cp /pluginsinc/plugin_feed_info.inc /opt/nessus/var/nessus/plugin_feed_info.inc
service nessusd start
chmod +x /root/nessus_start.sh

手动执行脚本

/root/nessus_start.sh

CentOS Docker环境部署Nessus

操作系统版本:CentOS Linux release 7.9.2009 (Core)
Docker版本:Docker version 20.10.12, build e91ed57
Nessus版本: 10.1.0 (#54) LINUX
虚拟CPU:4 虚拟内存:5G 虚拟硬盘:50G

部署Nessus

搜索nessus相关镜像

sudo docker search nessus

pull nessus镜像

sudo docker pull tenableofficial/nessus

启动docker镜像,同时配置用户名和口令、不启动自动更新

sudo docker run -it -d -p8834:8834 --name nessus -e USERNAME=Nessus -e AUTO_UPDATE=no -e PASSWORD=Kf3kAXA7xNtmAF4 tenableofficial/nessus

进入nessus容器

sudo docker exec -it nessus bash

启动nessus服务

/opt/scripts/configure_scanner.py

访问nessus界面

https://localhost:8834

dockers 部署Nexus并持久化数据 docker nessus_安全_05

用户名和口令为创建nessus容器时配置的用户名和口令

username:Nessus
password:Kf3kAXA7xNtmAF4

dockers 部署Nexus并持久化数据 docker nessus_Docker_06

官方注册插件库和激活码

获取官方插件库和激活码

该子章节获取官方插件库和激活码可跳转,直接从子章节更新插件库开始

https://plugins.nessus.org/v2/offline.php

dockers 部署Nexus并持久化数据 docker nessus_安全_07


获取第一个值Challenge code

sudo docker exec -it nessus bash
/opt/nessus/sbin/nessuscli fetch --challenge

Challenge code: 3d88e6e1b11c0d9323f1bf897634944a20b825d4

root@deb94ddc090c:~# /opt/nessus/sbin/nessuscli fetch --challenge
[Wed Apr 13 06:10:19 2022][18.1] Warning -- could not open /usr/share/zoneinfo. Set the NESSUS_TZ_DIR env. variable

Challenge code: 3d88e6e1b11c0d9323f1bf897634944a20b825d4

You can copy the challenge code above and paste it alongside your
Activation Code at:
https://plugins.nessus.org/v2/offline.php

获取第二个值Activation Code

https://zh-cn.tenable.com/products/nessus/nessus-essentials?tns_redirect=true

dockers 部署Nexus并持久化数据 docker nessus_docker_08

填写邮箱接收邮件

Your activation code for Nessus Essentials is:TDH9-S7LD-493G-59VM-FB87

dockers 部署Nexus并持久化数据 docker nessus_安全_09


填写第一个值Challenge code和第二个值Activation Code

dockers 部署Nexus并持久化数据 docker nessus_docker_10

获取插件下载地址和证书内容

dockers 部署Nexus并持久化数据 docker nessus_docker_11

从官方下载插件库

https://plugins.nessus.org/v2/nessus.php?f=all-2.0.tar.gz&u=b7c8fd8c693142a5fea4c400762589d8&p=00f458bcdc35499653758b1bf24f5bc2

更新插件库

从本地复制文件至Docker宿主机

scp C:\Users\Downloads\nessus-plugin-202203281503\all-2.0.tar.gz root@127.0.0.1:/usr/local

从Docker宿主机复制文件到Docker容器

sudo docker cp /usr/local/all-2.0.tar.gz nessus:/usr/local/

Docker容器中更新插件库

sudo docker exec -it nessus /bin/bash
cd /usr/local

更新插件库

/opt/nessus/sbin/nessuscli update all-2.0.tar.gz

激活

sudo docker exec -it nessus /bin/bash
cd /usr/local
vi nessus.license
-----BEGIN TENABLE LICENSE-----

VUx1NnVIdGlyVnZmQllPazIvR1owT1lJanE5LzhQL3BEZW1mSTI5LzlOT3dDeUJTdU9zNVVsQnNk

RXpSSFFHT01JbVJLYlBJWDJpeEg0SlBFaUNLSXdQcGNOdkhNRlFYUWdIU215VFU0YmRLZVl5U0J2

b3Nxc2s4TTVSYjA3Q29BNGhCZTJHUjhjb2RUQjNyUVh6Q1ozeVlnZk1NcnNmWGNINUNMSXk2T1RB

YnZvc0NVV1I5bUxuTWd0cHFETksxTWJ5Sk52T0lTYzNDOVEzRndlSkh1dURZV3VTSjJtRDN3Q3dT

akVzMWpvbWNkSHdyMWcrU0tOWDNSQTRJa2RZeml6M1NqUjZtRXhOdGdHY00zeXgrbUIxM3VuQnR3

QkVoa0JmWXBwY0ZLc2tJYXRqcUVSbVpjRE9EMy9EQ0Ztb3JxMm4yam9QdjJiQ01UQjAwVWcrOWNv

dmtEVEhTYlZWbVI3YVlWcTc5WndPeWZPUmp3dWpuUXZCZXpxdURYUjd0VUFYemd5K1hPbERIbFRL

djgvUGNTS2NxN2p3b2ZLZlNlOVNUeTEvLzhqa3BjSVBBazVrYTJIU0EzeHlRQUV2TFdpT1pjQlpW

Z1lhMVRaMnJIQ1BCUjg5RC9zSmFEaTNpQnY3eDNtTWZKaWRrTFVvc3FFYi9KbmRmaHNuajVHMWF0

MGZxb09FOGpjRm9PeWdDRTQxRkxzT2JzeEUvOEc2a0hJUDJiUmNpWVVoa28vNm0xR2JYVkFpSlBZ

MzFoUFZXdERtbisrMzNSTHNETFpRbU11bGlQK2Z0ZHZMdHJ0QU9VaWE2emk3R2orbENtNGlLZW9U

dkMxNU1Idlpsc0lxK0FDdUFlMHZRNGhVRlZ3MURIVXYvaFNsUExzM1RMdDRERFlsQzFYVGxjSHc9

DQp7ImFjdGl2YXRpb25fY29kZSI6IlRESDktUzdMRC00OTNHLTU5Vk0tRkI4NyIsInVwZGF0ZV9w

YXNzd29yZCI6IjAwZjQ1OGJjZGMzNTQ5OTY1Mzc1OGIxYmYyNGY1YmMyIiwicGVuZG9fYXBpX2tl

eSI6ImE3YzhkNWM0LWI2YWUtNDg2Ny03ZGFiLTY5YTkyYTA4NDdlMSIsIm5hbWUiOiJOZXNzdXMg

SG9tZSIsInR5cGUiOiJob21lIiwiZXhwaXJhdGlvbl9kYXRlIjoxODA3NTEwNjc5LCJjdXN0b21l

cl9pZCI6MCwiaXBzIjoxNiwidXBkYXRlX2xvZ2luIjoiYjdjOGZkOGM2OTMxNDJhNWZlYTRjNDAw

NzYyNTg5ZDgiLCJkcm0iOiI2YzQ2ZDJmMTkwYmVkYTI2Njg3ZjJhMDk4NzhlNTllZCJ9

-----END TENABLE LICENSE-----

激活

/opt/nessus/sbin/nessuscli fetch --register-offline nessus.license

重新启动nessus服务

/opt/scripts/configure_scanner.py

等待加载插件库后访问nessus界面

https://localhost:8834

dockers 部署Nexus并持久化数据 docker nessus_安全_05


用户名和口令为创建nessus容器时配置的用户名和口令

username:Nessus
password:Kf3kAXA7xNtmAF4

dockers 部署Nexus并持久化数据 docker nessus_centos_13

修改限制

nessus初始化完成后Hosts显示为"0 of 16 used”,修改其限制

docker exec -it nessus /bin/bash

查看plugins插件库复制是否成功,若不成功则重新复制

du -h /plugins/

备份plugins插件库

rm -rf /plugins
cp -r /opt/nessus/lib/nessus/plugins/ /

查看plugins插件库复制是否成功,若不成功则重新复制

du -h /plugins/
root@deb94ddc090c:~# du -h /plugins/
1.4G    /plugins/

查看plugin_feed_info.inc原内容

find / -name "plugin_feed_info.inc"
root@deb94ddc090c:~# find / -name "plugin_feed_info.inc"
/opt/nessus/lib/nessus/plugins/plugin_feed_info.inc
/opt/nessus/var/nessus/plugin_feed_info.inc
root@deb94ddc090c:~# more /opt/nessus/lib/nessus/plugins/plugin_feed_info.inc
root@deb94ddc090c:~# more /opt/nessus/var/nessus/plugin_feed_info.inc

备份plugin_feed_info.inc

mkdir /pluginsinc
cp /opt/nessus/lib/nessus/plugins/plugin_feed_info.inc /pluginsinc/plugin_feed_info.inc.libinc
cp /opt/nessus/var/nessus/plugin_feed_info.inc /pluginsinc/plugin_feed_info.inc.varinc

将plugin_feed_info.inc内容修改为专业版,PLUGIN_SET序号号为Policy Template Version=202101042100或其后序号

vi /pluginsinc/plugin_feed_info.inc
PLUGIN_SET = "202204192003";
PLUGIN_FEED = "ProfessionalFeed (Direct)";
PLUGIN_FEED_TRANSPORT = "Tenable Network Security Lightning";

关闭Nessus服务

supervisorctl stop nessusd
rm -f /opt/nessus/lib/nessus/plugins/plugin_feed_info.inc
cp /pluginsinc/plugin_feed_info.inc /opt/nessus/var/nessus/plugin_feed_info.inc

重启Nessus服务

supervisorctl start nessusd

查看状态

du -h /opt/nessus/lib/nessus/plugins/
more /opt/nessus/lib/nessus/plugins/plugin_feed_info.inc
more /opt/nessus/var/nessus/plugin_feed_info.inc

访问Nessus并更新规则库,此过程特慢需放置等待

https://localhost:8834

Hosts位置由0~16变为Unlimited,且保留插件库

dockers 部署Nexus并持久化数据 docker nessus_docker_14

dockers 部署Nexus并持久化数据 docker nessus_Docker_15


尝试扫描预置漏洞主机分析是否能够正常扫描漏洞

查看状态

du -h /opt/nessus/lib/nessus/plugins/
more /opt/nessus/lib/nessus/plugins/plugin_feed_info.inc
more /opt/nessus/var/nessus/plugin_feed_info.inc

若状态异常则执行以下操作

rm -rf /opt/nessus/lib/nessus/plugins/
cp -r /plugins /opt/nessus/lib/nessus/
supervisorctl stop nessusd
rm -f /opt/nessus/lib/nessus/plugins/plugin_feed_info.inc
cp /pluginsinc/plugin_feed_info.inc /opt/nessus/var/nessus/plugin_feed_info.inc
supervisorctl start nessusd

启动重置

因服务重启时unlimited失效,根据状态异常操作步骤重新操作,编写nessus_start.sh代替service nessusd start,因为命令执行过程较长且Nessus需要重新加载插件,启动过程慢是正常现象

vi /root/nessus_start.sh
#!/bin/bash
rm -rf /opt/nessus/lib/nessus/plugins/
cp -r /plugins /opt/nessus/lib/nessus/
supervisorctl stop nessusd
rm -f /opt/nessus/lib/nessus/plugins/plugin_feed_info.inc
cp /pluginsinc/plugin_feed_info.inc /opt/nessus/var/nessus/plugin_feed_info.inc
supervisorctl start nessusd
chmod +x /root/nessus_start.sh

手动执行脚本

/root/nessus_start.sh