users-manual.lyx

linux平台下的多系统漏洞扫描工具客户端

\layout Standard

For Windows a regular setup package is available for NessusClient, usually
 called 
\shape italic 
NessusClientN.N.N-setup-en.exe 
\shape default 
(for an english version) or
\shape italic 
 NessusClientN.N.N-setup-de.exe
\shape default 
 (for a german version).
 Either execute it directly or use this in the Windows Manager for Software.
 This is also the tool where you can easily and cleanly deinstall NessusClient
 again.
 N.N.N defines the version of Nessus, e.g.
 1.0.0.
\layout Subsection

Migrating Nessus GTK Client from version 2.2
\layout Standard

NessusClient has a new way to store session data locally compared to the
 GTK client that was included in Nessus 2.2.
 In fact, the whole concept of tasks, scopes and reports is new since then.
\layout Standard

The main difference is that Nessus GTK Clients upto 2.2 consider a single
 file 
\begin_inset Quotes eld
\end_inset 

.nessusrc
\begin_inset Quotes erd
\end_inset 

 in the users home directory.
 The newer versions use a directory structure with the main directory 
\begin_inset Quotes eld
\end_inset 

.nessus
\begin_inset Quotes erd
\end_inset 

 in the users home directory.
 
\layout Standard

Nonetheless, there will be no conflict when running the new version because
 the new version uses the .nessusrc file as the reference for the global
 setting (see below).
 In other words, the configuration of your Nessus GTK Client 2.2 will be
 the default configuration for NessusClient.
\layout Standard

It is even possible to run a Nessus GTK Client 2.2 after a newer version
 has been launched.
 Version 2.2 will simply use the same file 
\begin_inset Quotes eld
\end_inset 

.nessusrc
\begin_inset Quotes erd
\end_inset 

, the new version uses for the global settings.
 
\layout Section

The First Report
\layout Standard

This section is intended to lead a novice user quickly through a first security
 scan with Nessus.
 After a successful first scan it is recommended to proceed with the chapter
 on the general usage of NessusClient.
\layout Subsection

Invoking NessusClient
\layout Standard

On any unixoid system you can simply type 
\begin_inset Quotes eld
\end_inset 

NessusClient
\begin_inset Quotes erd
\end_inset 

 in a command shell.
 Of course you should have X running.
\layout Standard

For Debian GNU/Linux, SUSE Linux, ReadHat/Fedora and MS Windows you will
 additionally find a menu entry for NessusClient if installed with one of
 the above explained install packages.
\layout Subsection

The Nessus Scan Assistant
\layout Standard

If you are new to Nessus and NessusClient you may want to use the Nessus
 Scan Assistant to perform you first scan.
 The intention of this assistant is summarize the core parameters you need
 to enter for a scan and to be self-explanatory.
\layout Standard

However, 
\series bold 
you should note
\series default 
 that the scan performed through the Assistant will be based on the global
 settings.
 If you have switched on some dangerous options already in the global settings,
 these will be inherited! 
\layout Section

General Usage of NessusClient
\layout Standard

This section is intended to explain all general elements of NessusClient
 and how to use it in a standard way.
 A later chapter will then address more specific features suitable for advanced
 users.
\layout Subsection

The Main Window
\layout Standard

The main window of NessusClient is separated into two major sections: On
 the left-hand side the treelist with an overview of the locally stored
 tasks, scopes and reports.
 On the right-hand side there is a notebook with pages for comments, options
 and reports.
 That is the place where a security scan is to be configured, commented
 upon and the result reviewed.
\layout Standard
\align center 

\begin_inset Graphics
	filename images/mainwindow-en.png

\end_inset 


\layout Standard

At the first start of NessusClient, you will see only one entry in the list:
 Global Settings.
 These settings are defaults coming with NessusClient.
 They are not covering a specific selection of plugins since a connection
 to a Nessus Server is required for that.
 You can establish a connection with a server and specify the global defaults
 for a plugin selection.
\layout Subsubsection

Tasks
\layout Standard

Tasks are intended to cover all activities of a major topic.
 E.g., a task could be 
\begin_inset Quotes eld
\end_inset 

Test the maschines of our headquarter
\begin_inset Quotes erd
\end_inset 

 or 
\begin_inset Quotes eld
\end_inset 

Customer XYZ Inc.
\begin_inset Quotes erd
\end_inset 

.
\layout Standard

A task can contain a comment that explains the task in more detail.
 Also any type of additional info or reminder can be entered in the comment
 area, e.g.
 when to run the next series of scans or based on which contract the scans
 are performed.
\layout Standard

A task has neither options nor a report.
 It just contains a number of scopes.
\layout Standard

Possible operations for tasks are:
\layout Paragraph

New
\layout Standard

Adds a new task entitled 
\begin_inset Quotes eld
\end_inset 

unnamed
\begin_inset Quotes erd
\end_inset 

.
\layout Paragraph

Rename
\layout Standard

Allows to edit the title right in the treelist either by clicking on the
 title or by selecting the corresponding menu item.
\layout Paragraph

Remove
\layout Standard

This means the removal of all associated scopes and thus the removal action
 prompts for an additional confirmation.
\layout Subsubsection

Scopes
\layout Standard

A scope can be seen as a sub-task.
 It defines a certain security scan.
 The title should indicate the scope of this scan, e.g.
 
\begin_inset Quotes eld
\end_inset 

Careful scan of web server production system
\begin_inset Quotes erd
\end_inset 

, 
\begin_inset Quotes eld
\end_inset 

Aggressive scan of web server alpha test sytem
\begin_inset Quotes erd
\end_inset 

 or 
\begin_inset Quotes eld
\end_inset 

All Sun workstations
\begin_inset Quotes erd
\end_inset 

.
\layout Standard

Comments can also be specified for each scope and may explain the scope
 in more detail as well as contain any other helpful hint regarding the
 respective scope.
\layout Standard

The scope is associated with a full set of options for the security scan.
 Creating a new scope, the general preferences are copied.
 The scan options are explained in detail in a later chapter.
 However, for each scope a connection to a Nessus Server can be established.
 Has this been done, the actual selection of the plugins being a part of
 the options can be performed (a plug icon right-hand of the title indicates
 the active connection).
 The reason is that each Nessus Server may contain its own set of plugins
 and thus with establishing a connection, NessusClient retrieves the list
 of available plugins.
\layout Standard

Next, a scope may contain a number of reports.
 Whenever a scope is successfully executed, the resulting report is added
 in its list of reports.
 Also, importing a report from a file or from a Nessus Server will add the
 report to the currently selected scope.
\layout Standard

Possible operations for scopes are: 
\layout Paragraph

Execute
\layout Standard

A security scan is executed with the currently specified options issueing
 the currently connected Nessus Server.
\layout Paragraph

New
\layout Standard

Adds a new scope entitled 
\begin_inset Quotes eld
\end_inset 

unnamed
\begin_inset Quotes erd
\end_inset 

 as part of the currently selected task.
 As a default the global settings are copied.
\layout Paragraph

Rename
\layout Standard

Allows to edit the title right in the treelist either by clicking on the
 title or by selecting the corresponding menu item.
\layout Paragraph

Remove
\layout Standard

This means the removal of all associated reports and thus the removal action
 prompts for an additional confirmation.
\layout Paragraph

Move to task
\layout Standard

It is possible to move a scope with all of its reports from one task to
 another.
 This menu item has subitems which represent the other tasks.
 Select one of them and the scope will be moved.
\layout Paragraph

Open
\layout Standard

You can load a scope file and add it to the current task with this menu
 command.
 Note that here only the parameter sets are covered but not the reports
 which are represented by files of their own.
 So, opening and saving (see below) scopes is a method to transfer you settings
 to someone else or to create a copy of the current scope for yourself.
\layout Paragraph

Save As
\layout Standard

Saves the current scope to a file (which is of nessusrc type).
 Note that only the parameter sets are stored but not the reports.
 See above the description of 
\begin_inset Quotes eld
\end_inset 

Open
\begin_inset Quotes erd
\end_inset 

 for more hints.
 
\layout Subsubsection

Reports
\layout Standard

A report is the result of a security scan.
 It contains the results of the executed plugins associated with the correspondi
ng subnet, host, port and severity.
\layout Standard

Managed within NessusClient, additionally a comment and, if available, the
 scan options leading to the report, are stored.
 These additional information are not contained in the plain Nessus report
 files and thus get lost when being exported.
 This also means that imported reports have no comments or scan options
 associated.
\layout Standard

Possible operations for reports are:
\layout Paragraph

Remove
\layout Standard

Deletes the report and, if associated, its comments and options.
 The user is prompted to confirm the removal.
\layout Paragraph

Import
\layout Standard

Allows to import a report from a file.
 The standard exchange format is NBE (files suffixed 
\begin_inset Quotes eld
\end_inset 

.nbe
\begin_inset Quotes erd
\end_inset 

).
 Older releases of Nessus used the format NSR (files suffixed 
\begin_inset Quotes eld
\end_inset 

.nsr
\begin_inset Quotes erd
\end_inset 

).
 It is recommended to use NBE format only.
 The file selection dialog allows to select the desired report file.
 A error hint will be displayed if the file format was not NBE.
 Else, the report is added to the currently selected scope.
 Neither comments nor options will be there for a report imported from a
 NBE file.
\layout Paragraph

Export
\layout Standard

Allows to export the currently selected report either in a re-importable
 format (NBE or the deprecated NSR) or in a format for further processing
 or presentation (XML, old deprecated XML, HTML, HTML with Pies and Graphs,
 LaTeX, ASCII Text and PDF).
 It is recommended to use NBE if re-importing is planned and to use PDF
 for creating simple report documents that need no further editing.
 Use one of the other if you want to further process the report or integrate
 it into your own document style.
\layout Paragraph

Print
\layout Standard

Selecting the Print command will issue the creation of a PDF report and
 run a PDF Viewer installed on your system.
 A number of well-known PDF Viewers is tried.
 If you think you have one installed but it still does not work, please
 check whether the executable file is covered by the search paths.
 
\layout Subsection

Authentication
\layout Standard

NessusClient needs to connect to a Nessus Server in order to retrieve the
 available plugins and to actually execute a security scan.
\layout Standard

NessusClient can handle mutiple connections to different servers.
 Each scope has a connection of its own.
 Additionally, the Global Settings can be connected to a Nessus Server to
 define default plugin selections and plugin parameters.
\layout Standard
\align center 

\begin_inset Graphics
	filename images/authentication-dlg-en.png
	scale 90

\end_inset 


\layout Standard

The connection status is indicated with a icon in the tasks/scopes/reports
 treelist next to the title of the global settings or a scope.
 Only scopes are connected with Nessus Server.
\layout Standard

More information on the connection status is shown in the statusbar at the
 bottom of the main window.
 There, the actual connection information is displayed, ie.
 
\begin_inset Quotes eld
\end_inset 

Connection: username@host.test.example
\begin_inset Quotes erd
\end_inset 

.
 At bottom right there is an icon indicating whether the connection is encrypted
 or not, just like most web browsers indicate this.
\layout Standard

The connection dialog allows to specify the following data for establishing
 a connection to a Nessus Server:
\layout Paragraph

Host
\layout Standard

The domain name or IP of the server where a Nessus Server is running.
\layout Paragraph

Port
\layout Standard

The port where the Nessus Server waits for connections.
 Older Nessus Servers used 3001, but the official port now is 1241.
 With the default button you can always return to this default quickly.
\layout Paragraph

Login
\layout Standard

Your username at the selected host.
 To use a Nessus Server you have to have an account for the Nessus Server.
 The administrator of the server should create one for you.
\layout Paragraph

Password
\layout Standard