How to run a basic vulnerability scan on your data center Linux servers with Nessus

2 years ago 365

Are you definite your Linux servers successful your information halfway are escaped from vulnerabilities? If not, you request to scan them immediately. Jack Wallen shows you however with Nessus.

Man and pistillate moving astatine information center

Nessus is 1 of those tools each network, strategy and information admin should person astatine the ready. Once up and running, you tin easy acceptable up scans to cheque your information halfway servers to marque definite everything is connected the up and up. And knowing whether oregon not your systems endure from vulnerabilities is 1 of the much challenging aspects of your job.

Fortunately, Nessus scans are incredibly casual to run. They bash instrumentality immoderate clip to complete, but the process of launching a scan should instrumentality you nary time.

You bash person to person Nessus installed and working. I've covered that process successful How to instal the Nessus vulnerability scanner connected Rocky Linux. So marque definite you travel that howto, truthful you person an lawsuit of Nessus acceptable to go.

Let's get to scanning.

SEE: Kubernetes: A cheat expanse (free PDF) (TechRepublic)

How to acceptable up a scan successful Nessus

Log into your lawsuit of Nessus. We're going to archetypal tally a basal web scan. Click New Scan successful the apical close country of the window. In the resulting surface (Figure A), prime Basic Network Scan.

Figure A

In the adjacent model (Figure B), you request to archetypal springiness the scan a sanction (which tin beryllium immoderate human-readable name) and a people (either an IP code oregon FQDN).

Figure B

Since this is simply a basal scan, you won't request to acceptable up credentials, truthful conscionable click Save and your scan is acceptable to run.

How to tally the caller scan successful Nessus

You should find yourself connected the saved scan list. Click the tally fastener (right-pointing arrow) associated with the scan you conscionable created (Figure C).

Figure C

Launch the scan and either beryllium backmost and hold for the results oregon instrumentality disconnected to different task. The basal scan should instrumentality anyplace from 5-20 minutes to complete. Once it finishes, you tin click connected it to presumption each of the vulnerabilities it has discovered (Figure D).

Figure D

After moving the scan connected an updated Ubuntu Server 20.04, Nessus came backmost to study zero vulnerabilities of concern. However, moving Nessus connected my Pop!_OS 21.04 desktop came backmost with a somewhat antithetic communicative (Figure E).

Figure E

A scan of Rocky Linux came backmost with a brace of captious vulnerabilities and respective precocious vulnerabilities (Figure F).

Figure F

If you spot a statement marked Mixed, marque definite to click connected it truthful it volition show each of the antithetic vulnerabilities associated with that peculiar package. And should Nessus observe immoderate vulnerabilities, marque definite to code them immediately, different your information halfway servers are astatine risk. If you bash tally an upgrade connected the server hosting Nessus, you mightiness suffer transportation to the scanning platform. Should that occur, you'll request to restart the Nessus daemon with the command:

sudo systemctl restart nessusd

And that's each determination is to moving a basal vulnerability scan with Nessus. Next clip astir we'll dive into immoderate much analyzable scans. Until then, support checking those information halfway servers for vulnerabilities. Make this a habit, otherwise, those vulnerabilities tin creep successful and permission your systems wide unfastened for attack.

Data Center Trends Newsletter

DevOps, virtualization, the hybrid cloud, storage, and operational ratio are conscionable immoderate of the information halfway topics we'll highlight. Delivered Mondays and Wednesdays