users-manual.lyx

linux平台下的多系统漏洞扫描工具客户端

#LyX 1.3 created this file. For more info see http://www.lyx.org/
\lyxformat 221
\textclass article
\begin_preamble
\usepackage{times}[12pt]
\end_preamble
\language english
\inputencoding auto
\fontscheme default
\graphics default
\paperfontsize default
\spacing single 
\papersize Default
\paperpackage a4
\use_geometry 0
\use_amsmath 0
\use_natbib 0
\use_numerical_citations 0
\paperorientation portrait
\secnumdepth 3
\tocdepth 3
\paragraph_separation indent
\defskip medskip
\quotes_language english
\quotes_times 2
\papercolumns 1
\papersides 1
\paperpagestyle default

\layout Standard
\added_space_bottom bigskip \align center 

\series bold 
\size largest 
NessusClient User's Manual
\layout Standard
\added_space_bottom bigskip \align center 

\begin_inset Graphics
	filename nessus-logo.png
	keepAspectRatio
	clip

\end_inset 


\layout Standard
\added_space_bottom bigskip \align center 

\series bold 
\size large 
$Date: 2005/10/18 13:09:13 $
\layout Standard
\added_space_bottom bigskip \align center 

\series bold 
\size large 
Renaud Deraison <renaud@nessus.org>
\layout Standard
\added_space_bottom vfill \align center 

\series bold 
\size large 
Jan-Oliver Wagner <jan@intevation.de>
\layout Standard


\begin_inset LatexCommand \tableofcontents{}

\end_inset 


\layout Section*

About This Document
\layout Standard

This document describe how to use a Nessus Server via the GTK+ GUI 
\begin_inset Quotes eld
\end_inset 

NessusClient
\begin_inset Quotes erd
\end_inset 

.
 This may not cover the whole functionality of the Nessus Server nor does
 it claim to be complete.
 However, the text should be up-to-date and refers to the NessusClient 1.0
 release.
\layout Section

General Overview
\layout Standard

The 
\begin_inset Quotes eld
\end_inset 

Nessus
\begin_inset Quotes erd
\end_inset 

 Project provides powerful, up-to-date and easy to use remote security scanner
 as Free Software under GNU General Public License (GNU GPL).
 Nessus will allow you to audit remotely a given network and determine whether
 bad guys (aka 'crackers') may break into it, or misuse it in some way.
\layout Paragraph

Intelligent Scanning
\layout Standard

Unlike many other security scanners, Nessus does not take anything for granted.
 That is, it will not consider that a given service is running on a fixed
 port - that is, if you run your web server on port 1234, Nessus will detect
 it and test its security.
 It will also not determine a security vulnerability is present by just
 regarding the version number of the remote service, but will really attempt
 to exploit the vulnerability.
 
\layout Paragraph

Modular Architecture
\layout Standard

The client/server arquitecture allows you flexibility to deploy the scanner
 (server) and the GUI (client) in multiple configurations reducing management
 costs (one server can be used by multiple clients) Some other features
 of the Nessus Security Scanner are:
\layout Paragraph
\noindent 
CVE compatible
\layout Standard
\noindent 
Each plugin links to CVE for administrators to retrieve further information
 on published vulnerabilities.
 They also includes references to 
\series bold 
CERT, Bugtraq
\series default 
, and vendor security alerts.
\layout Paragraph
\noindent 
Plug-in architecture
\layout Standard
\noindent 
Each security test is written as an external plugin.
 This way, you can easily add your own tests without having to read the
 code of the Nessus Server engine 
\family typewriter 
nessusd
\family default 
.
 The complete list of the Nessus plugins is available at http://cgi.nessus.org/plu
gins.
\layout Paragraph
\noindent 
NASL
\layout Standard
\noindent 
The Nessus Security Scanner includes NASL, (Nessus Attack Scripting Language)
 a language designed to write security test easily and quickly.
 (security checks can also be written in C)
\layout Paragraph
\noindent 
Up-to-date security vulnerability database
\layout Standard
\noindent 
We mostly focus on the development of security checks for recent security
 holes.
 Our security checks database is updated on a daily basis, and all the newest
 security checks are available at http://www.nessus.org/scripts.php and on
 the FTP servers and mirrors.
 
\layout Paragraph
\noindent 
Can test an unlimited amount of hosts at the same time
\layout Standard
\noindent 
Depending of the power of the station you run the Nessus Server onto, you
 can test two, ten or forty hosts at the same time.
\layout Paragraph
\noindent 
Smart service recognition
\layout Standard
\noindent 
Nessus does not believe that the target hosts will respect the IANA assigned
 port numbers.
 This means that it will recognize a FTP server running on a non-standard
 port (31337 say), or a web server running on port 8080.
\layout Paragraph
\noindent 
Multiples services
\layout Standard
\noindent 
Imagine that you run two web servers (or more) on your host, one on port
 80 and another on port 8080.
 When it will come to testing their security, Nessus will test both of them.
\layout Paragraph
\noindent 
Tests cooperation
\layout Standard
\noindent 
The security tests performed by Nessus cooperate so that nothing useless
 is made.
 If your FTP server does not offer anonymous logins, then anonymous-related
 security checks will not be performed.
\layout Paragraph
\noindent 
Complete reports
\layout Standard
\noindent 
Nessus will not only tell you what's wrong on your network, but will, most
 of the time, tell you how to prevent crackers from exploiting the security
 holes found and will give you the risk level of each problem found (from
 Low to Very High)
\layout Paragraph
\noindent 
Exportable reports
\layout Standard
\noindent 
The Unix client can export Nessus reports as XML, HTML, text, LaTeX, PDF
 and an easy-to-parse file format.
\layout Paragraph
\noindent 
Full SSL support
\layout Standard
\noindent 
Nessus has the ability to test SSLized services such as https, smtps, imaps,
 and more.
 You can even supply Nessus with a certificate so that it can integrates
 into a PKI-fied environement.
\layout Paragraph
\noindent 
Smart plugins (optional)
\layout Standard
\noindent 
Nessus will determine which plugins should or should not be launched against
 the remote host (for instance, this prevents the testing of Sendmail vulnerabil
ities against Postfix).
 This option is called "optimizations".
\layout Paragraph
\noindent 
Non-destructive (optional)
\layout Standard
\noindent 
If you don't want to take the risk to bring down services on your network,
 you can enable the "safe checks" option of Nessus, which will make Nessus
 rely on banners rather than exploiting real flaws to determine if a vulnerabili
ty is present.
\layout Paragraph
\noindent 
Independent developers
\layout Standard
\noindent 
The Nessus developers are independent from the rest of the world, so we
 will not hide a security vulnerability in the program XYZ because we have
 a contract with them.
\layout Paragraph
\noindent 
Easy-to-reach developers
\layout Standard
\noindent 
You feel that there is a missing feature? Just contact ushttp://www.nessus.org/con
tact/ or use the Nessus mailing lists.
 We reply and implement what makes sense.
\layout Paragraph
\noindent 
Open bug tracking system.
\layout Standard
\noindent 
Found a bug? Report it here: http://bugs.nessus.org.
\layout Paragraph
\noindent 
Huge number of tests
\layout Standard
\noindent 
There are more than 7000 nessus tests (and constantly growing!) which are
 divided into 23 different families:
\layout Itemize

Backdoors
\layout Itemize

CGI abuses
\layout Itemize

CISCO
\layout Itemize

Denial of Service
\layout Itemize

Finger abuses
\layout Itemize

Firewalls
\layout Itemize

FTP
\layout Itemize

Gain a shell remotely
\layout Itemize

Gain root remotely
\layout Itemize

General
\layout Itemize

Misc.
\layout Itemize

Netware
\layout Itemize

NIS
\layout Itemize

Port scanners
\layout Itemize

Remote file access
\layout Itemize

RPC
\layout Itemize

Settings
\layout Itemize

SMTP problems
\layout Itemize

SNMP
\layout Itemize

Untested
\layout Itemize

Useless services
\layout Itemize

Windows
\layout Section

Installation
\layout Standard

Note that only the source is what the Nessus developer team primarily tests
 in depth.
 Binary installation packages are likely to be available for most standard
 operating systems but not necessarily be tested by the Nessus development
 team.
\layout Standard

Operating systems not listed here may offer well-maintained packages as
 well.
 
\layout Subsection

From Source
\layout Standard

The usual way of installing from scratch is to get a current CVS snapshot
 or a source tar-ball of the module 
\begin_inset Quotes eld
\end_inset 

NessusClient
\begin_inset Quotes erd
\end_inset 

 and perform the usual sequence 
\begin_inset Quotes eld
\end_inset 

./configure ; make ; make install
\begin_inset Quotes erd
\end_inset 

.
 Please also as usual read the files about installation and configuration
 options in the packages first.
\layout Subsection

Debian GNU/Linux
\layout Standard

Please refer to the Debian documentation on how to install standard Debian
 packages.
 Debian actively support Nessus packages.
\layout Subsubsection

Debian 
\begin_inset Quotes eld
\end_inset 

Woody
\begin_inset Quotes erd
\end_inset 

 3.0
\layout Standard

The official version of Nessus for Woody is 1.0.10.
 This is by far outdated, you should neither use Nessus Server nor Client
 as shipped with Woody! 
\layout Standard

The build- and run-dependencies of NessusClient are conservative so that
 you do not need to backport any other package for backporting NessusClient.
 Thus it might work to create a so-called 
\begin_inset Quotes eld
\end_inset 

backport
\begin_inset Quotes erd
\end_inset 

 for Woody from a newer Debian source package of NessusClient.
\layout Subsubsection

Debian 
\begin_inset Quotes eld
\end_inset 

Sarge
\begin_inset Quotes erd
\end_inset 

 3.1
\layout Standard

The official version of Nessus for Sarge is 2.2.3.
 NessusClient is compatible with this Nessus Server, but it is recommended
 to update the Nessus Server to get the newest bug-fixes.
\layout Standard

The build- and run-dependencies of NessusClient are conservative so that
 you do not need to backport any other package for backporting NessusClient.
 Thus it might work to create a so-called 
\begin_inset Quotes eld
\end_inset 

backport
\begin_inset Quotes erd
\end_inset 

 for Sarge from a newer Debian source package of NessusClient.
\layout Subsubsection

Debian 
\begin_inset Quotes eld
\end_inset 

Etch
\begin_inset Quotes erd
\end_inset 


\layout Standard

At time of writing, Etch is the current Testing version of Debian and thus
 in flux.
 At least Nessus 2.2.5 is included.
 It is expected that NessusClient packages will appear, once NessusClient
 is released.
\layout Subsection

RedHat Linux
\layout Subsubsection

Fedora Core 3 and 4
\layout Standard

This distribution actively maintains Nessus packages.
 In case you need a newer version than shipped, you may find backports.
 Backports for RPM packages maybe found via rpmfind.net or similar services.
\layout Standard

The build- and run-dependencies of NessusClient are conservative so that
 you do not need to backport any other package for backporting NessusClient.
 It might even work to install newer packages directly.
\layout Subsection

SUSE Linux
\layout Subsubsection

SUSE Linux 9.2
\layout Standard

Nessus is part of this distribution with the latest 2.0 release.
 It is highly recommended you update Nessus Server.
 Backports for RPM packages maybe found via rpmfind.net or similar services.
\layout Standard

The build- and run-dependencies of NessusClient are conservative so that
 you do not need to backport any other package for backporting NessusClient.
 It might even work to install newer packages directly.
\layout Subsection

MS Windows
\layout Subsubsection

Windows XP SP2