View previous topic :: View next topic |
Author |
Message |
texas1emt Guru
Joined: 27 Oct 2003 Posts: 352 Location: San Antonio, TX
|
Posted: Thu Jul 06, 2006 3:07 am Post subject: HOWTO: Nessus version 3 (Nessus3) installation with FC5 RPM |
|
|
HOWTO: Install Nessus 3 RPM on Gentoo
The goal of this HOWTO is to take an RPM (Red Hat Package Manager) binary file and install it on Gentoo. So, why oh why would someone rather install a non-GPL binary rather than the older GPL'd 2.x versions of nessus? Efficiency. Through multiple tests of my own, I've found that Nessus 3 is much more efficient. It's able to do more with less resources. Also, my boss said I had to use Nessus 3
This howto uses the app-arch/rpm2targz scripts rather than using the basic app-arch/rpm installer application. My reason for avoiding the app-arch/rpm package is that it takes a while to emerge and has more dependencies than rpm2targz.
Step 1: Get the files you need
As said previously, Nessus is now a binary in version 3. I can't put a direct download from here, so you'll need to go to their download area here: Nessus Download Link
You'll have to register with them - aggravating, I know - but it's the only way to get Nessus 3.
IMPORTANT: If you want the simplest possible install, choose the Fedora Core 5 RPM (it has 'fc5' in the filename). It's the closest library match-up to an updated Gentoo system. Once you have the file downloaded, you will need the app-arch/rpm2targz package to turn the RPM into a more manageable tar.gz file. There's nothing to compile, so it will merge quickly.
Code: | # emerge app-arch/rpm2targz |
Now you're ready to install Nessus.
Step 2: Nessus Installation
Change into the directory where you placed your RPM file. Run rpm2targz on it. This takes about 90 seconds on my P3 with very slow storage.
Code: | # rpm2targz Nessus-3.0.3-fc5.i386.rpm
found gzip magic bytes
trying to decompress with gzip... OK |
Now un-tar.gz it.
Code: | # tar xvzf Nessus-3.0.3-fc5.i386.tar.gz |
You should now have two directories, etc and opt. The opt directory has all of the Nessus application files and libraries and etc has a horribly RedHat-ified init script that we have to replace. Change into the opt directory (not /opt, but the opt directory that came out of the tar.gz) and move the nessus directory to /opt. You will need to add two folders to your $PATH variable: /opt/nessus/bin/ and /opt/nessus/sbin/.
Move the nessus directory that is inside the opt directory that came from the tar.gz into the actual /opt/ folder on your system.
Code: | # cd opt
# ls
nessus
# mv nessus /opt/ |
Step 3: Installing Libraries
You'll immediately see a problem if you try to run the registration command that Tenable provides in the e-mail they sent when you downloaded the software:
Code: | # /opt/nessus/bin/nessus-fetch --register ****-****-****-****-****
/opt/nessus/bin/nessus-fetch: error while loading shared libraries: libnessus.so.3: cannot open shared object file: No such file or directory |
Okay, we have to link up these libraries before we can start any of the Nessus services. It's a pretty quick process. First, we need to explain to Gentoo (via environment variables) where these new libraries are. Open up your /etc/env.d/00basic file and add /opt/nessus/lib/ to your LDPATH variable like so:
Code: | LDPATH="/usr/local/lib:/opt/nessus/lib" |
Save the file, exit, and run env-update. Now, if you try to run the nessus-fetch command again, you'll find a new problem:
Code: | # env-update
>>> Regenerating /etc/ld.so.cache...
# /opt/nessus/bin/nessus-fetch --register ****-****-****-****-****
/opt/nessus/bin/nessus-fetch: error while loading shared libraries: libssl.so.6: cannot open shared object file: No such file or directory |
Don't worry - you have the libssl libraries, but they're not called the same as they would be if this was a Fedora Core 5 system. Just make a symbolic link from the library you have to the one that the Nessus binary is searching for:
Code: | # ls -al /usr/lib/libssl*
-rw-r--r-- 1 root root 305960 Jul 5 20:12 /usr/lib/libssl.a
lrwxrwxrwx 1 root root 11 Jul 5 20:12 /usr/lib/libssl.so -> libssl.so.0
lrwxrwxrwx 1 root root 15 Jul 5 20:12 /usr/lib/libssl.so.0 -> libssl.so.0.9.7
-r-xr-xr-x 1 root root 201328 Jul 5 20:12 /usr/lib/libssl.so.0.9.7
# ln -s /usr/lib/libssl.so /usr/lib/libssl.so.6 |
Try the command again and we're short one last library:
Code: | # /opt/nessus/bin/nessus-fetch --register ****-****-****-****-****
/opt/nessus/bin/nessus-fetch: error while loading shared libraries: libcrypto.so.6: cannot open shared object file: No such file or directory |
Now, just make a symbolic link from your libcrypto library to the library that Nessus is searching for:
Code: | # ls -al /usr/lib/libcrypto*
-rw-r--r-- 1 root root 2031486 Jul 5 20:12 /usr/lib/libcrypto.a
lrwxrwxrwx 1 root root 14 Jul 5 20:12 /usr/lib/libcrypto.so -> libcrypto.so.0
lrwxrwxrwx 1 root root 18 Jul 5 20:12 /usr/lib/libcrypto.so.0 -> libcrypto.so.0.9.7
-r-xr-xr-x 1 root root 1107852 Jul 5 20:12 /usr/lib/libcrypto.so.0.9.7
# ln -s /usr/lib/libcrypto.so /usr/lib/libcrypto.so.6 |
Step 4: Registration, configuration and plugin download
Okay, the libraries are done. Unfortunately, Nessus expects to find gzip in /usr/bin/, but Gentoo has it in /bin/ instead. Another symbolic link will fix it all up, and then you can run your registration command:
Code: | # /opt/nessus/bin/nessus-fetch --register ****-****-****-****-****
Your activation code has been registered properly - thank you.
Now fetching the newest plugin set from plugins.nessus.org...
/opt/nessus/etc/nessus/nessusd.conf does not exist!
Do you have the nessus daemon installed?
An error occured while fetching the plugins. Your Nessus installation may not be up-to-date. |
Don't worry about the error. The configuration file is missing because we haven't run nessusd before. That will end up remedying itself in just a moment. We need to make a certificate for Nessus to use now. Run nessus-mkcert. I usually just press enter on the options because I don't have much use for the certificate since I only talk to Nessus over the localhost anyways. Once that's finished, run nessus-add-first-user. The options are pretty self-explanatory, but ignore the last line telling to to start Nessus.
Here's an init script that I wrote for Nessus. Save this as /etc/init.d/nessusd:
Code: | #!/sbin/runscript
PIDFILE=/opt/nessus/var/nessus/nessusd.pid
depend() {
need net
}
start() {
ebegin "Starting Nessus"
start-stop-daemon --start --verbose --nicelevel -10 \
--exec /opt/nessus/sbin/nessusd -- -Dq
eend $?
}
stop() {
ebegin "Stopping Nessus"
start-stop-daemon --stop --retry 10 --pidfile ${PIDFILE}
eend $?
} |
Save the file as /etc/init.d/nessusd. Make it executable and give it a run. Keep in mind - this will take a WHILE the first time you start this, or when you start it after a reboot. All of the plugins have to be read off the drive and cached.
Code: | # /etc/init.d/nessusd start
* Caching service dependencies ... [ ok ]
* Starting Nessus ...
Starting /opt/nessus/sbin/nessusd... [ ok ] |
And, if you want it to run when your computer boots up:
Code: | # rc-update add nessusd default |
WATCH OUT! Setting Nessus to start on boot-up will drastically increase the amount of time your system will take to boot. This is mainly due to plugin caching.
Now, just update your plugins (I like verbose output):
Code: | # nessus-update-plugins -vvv |
You're all set to go! You can use GUI Nessus clients on Linux, OS X and Windows desktops now, or you can use nessus on the command line. If you have any problems, please let me know! _________________ M. Hayden - San Antonio, TX
Last edited by texas1emt on Mon Oct 16, 2006 5:26 pm; edited 4 times in total |
|
Back to top |
|
|
Uipe n00b
Joined: 19 Jun 2003 Posts: 9
|
Posted: Thu Jul 06, 2006 3:10 pm Post subject: |
|
|
I fallowed your guide but I still have problems with the libraries
Code: | ls -al /usr/lib/libssl*
-rw-r--r-- 1 root root 368534 Jun 19 20:32 /usr/lib/libssl.a
lrwxrwxrwx 1 root root 11 Jun 19 20:32 /usr/lib/libssl.so -> libssl.so.0
lrwxrwxrwx 1 root root 15 Jun 19 20:32 /usr/lib/libssl.so.0 -> libssl.so.0.9.7
-r-xr-xr-x 1 root root 203208 Jun 19 20:32 /usr/lib/libssl.so.0.9.7
lrwxrwxrwx 1 root root 18 Jul 6 16:04 /usr/lib/libssl.so.6 -> /usr/lib/libssl.so
|
Code: | /opt/nessus/bin/nessus-fetch --register *-*-*-*-*
/opt/nessus/bin/nessus-fetch: error while loading shared libraries: libssl.so.6: cannot open shared object file: No such file or directory
|
here is my edited /etc/env.d/00basic
Code: | # /etc/env.d/00basic
PATH="/opt/bin:/opt/nessus/bin/:/opt/nessus/sbin/"
ROOTPATH="/opt/bin"
LDPATH="/usr/local/lib:/opt/nessus/lib"
MANPATH="/usr/local/share/man:/usr/share/man"
INFOPATH="/usr/share/info"
CVS_RSH="ssh"
PAGER="/usr/bin/less"
LESSOPEN="|lesspipe.sh %s" |
thanks for the guide and sorry if this question is really noob _________________ Why can t my clock just stop...
I don t want to move so why not stop
dont push me please wait a bit
maybe... just maybe I will move
from here to there
just moving not changing
by Filipe Felisberto |
|
Back to top |
|
|
texas1emt Guru
Joined: 27 Oct 2003 Posts: 352 Location: San Antonio, TX
|
Posted: Thu Jul 06, 2006 4:05 pm Post subject: |
|
|
Hey there Uipe, I think you may need to run an additional env-update after you made those symlinks. I didn't have to, but your system may be different. So, as root, just run:
Once you do that, try running the nessus registration command again and let me know what happens! _________________ M. Hayden - San Antonio, TX |
|
Back to top |
|
|
Uipe n00b
Joined: 19 Jun 2003 Posts: 9
|
Posted: Thu Jul 06, 2006 6:39 pm Post subject: |
|
|
I don't know I must be doing something wrong becase I have rebooted my system and still no go. _________________ Why can t my clock just stop...
I don t want to move so why not stop
dont push me please wait a bit
maybe... just maybe I will move
from here to there
just moving not changing
by Filipe Felisberto |
|
Back to top |
|
|
texas1emt Guru
Joined: 27 Oct 2003 Posts: 352 Location: San Antonio, TX
|
Posted: Sat Jul 08, 2006 9:20 pm Post subject: |
|
|
Uipe, i wish there was something else I could do to help, but I'm at a loss.
This is my /etc/env.d/00basic (which is almost identical to yours):
Code: | # /etc/env.d/00basic
PATH="/opt/bin"
ROOTPATH="/opt/bin"
LDPATH="/usr/local/lib:/opt/nessus/lib"
MANPATH="/usr/local/share/man:/usr/share/man"
INFOPATH="/usr/share/info"
CVS_RSH="ssh"
PAGER="/usr/bin/less"
LESSOPEN="|lesspipe.sh %s" |
And here's the symbolic links for my libraries:
Code: | $ ls -al /usr/lib/libssl* /usr/lib/libcrypto*
-rw-r--r-- 1 root root 2031486 Jul 5 20:12 /usr/lib/libcrypto.a
lrwxrwxrwx 1 root root 14 Jul 5 20:12 /usr/lib/libcrypto.so -> libcrypto.so.0
lrwxrwxrwx 1 root root 18 Jul 5 20:12 /usr/lib/libcrypto.so.0 -> libcrypto.so.0.9.7
-r-xr-xr-x 1 root root 1107852 Jul 5 20:12 /usr/lib/libcrypto.so.0.9.7
lrwxrwxrwx 1 root root 21 Jul 5 21:11 /usr/lib/libcrypto.so.6 -> /usr/lib/libcrypto.so
-rw-r--r-- 1 root root 305960 Jul 5 20:12 /usr/lib/libssl.a
lrwxrwxrwx 1 root root 11 Jul 5 20:12 /usr/lib/libssl.so -> libssl.so.0
lrwxrwxrwx 1 root root 15 Jul 5 20:12 /usr/lib/libssl.so.0 -> libssl.so.0.9.7
-r-xr-xr-x 1 root root 201328 Jul 5 20:12 /usr/lib/libssl.so.0.9.7
lrwxrwxrwx 1 root root 18 Jul 5 21:09 /usr/lib/libssl.so.6 -> /usr/lib/libssl.so |
Yours seem to match everything I have. Are all of the Nessus libraries from the original RPM in /opt/nessus/lib ? Also, make sure your ldconfig output looks like this:
Code: | # ldconfig -p | grep -i ssl
libssl.so.0.9.7 (libc6) => /usr/lib/libssl.so.0.9.7
libssl.so (libc6) => /usr/lib/libssl.so
# ldconfig -p | grep -i crypto
libcrypto.so.0.9.7 (libc6) => /usr/lib/libcrypto.so.0.9.7
libcrypto.so (libc6) => /usr/lib/libcrypto.so |
_________________ M. Hayden - San Antonio, TX |
|
Back to top |
|
|
Uipe n00b
Joined: 19 Jun 2003 Posts: 9
|
Posted: Sun Jul 09, 2006 10:27 pm Post subject: |
|
|
Quote: | You will need to add two folders to your $PATH variable: /opt/nessus/bin/ and /opt/nessus/sbin/. |
Could you explain me I do I do this?
And here is the resul of:
Code: | nuke lib # ldconfig -p | grep -i ssl
libssl3.so.11 (libc6,x86-64) => /usr/lib64/nss/libssl3.so.11
libssl3.so (libc6,x86-64) => /usr/lib64/nss/libssl3.so
libssl.so.0.9.7 (libc6,x86-64) => /usr/lib/libssl.so.0.9.7
libssl.so.0.9.7 (libc6) => /emul/linux/x86/usr/lib/libssl.so.0.9.7
libssl.so (libc6,x86-64) => /usr/lib/libssl.so
libssl.so (libc6) => /emul/linux/x86/usr/lib/libssl.so
libgnutls-openssl.so.12 (libc6,x86-64) => /usr/lib/libgnutls-openssl.so.12
libgnutls-openssl.so (libc6,x86-64) => /usr/lib/libgnutls-openssl.so
nuke lib # ldconfig -p | grep -i crypto
libcrypto.so.0.9.7 (libc6,x86-64) => /usr/lib/libcrypto.so.0.9.7
libcrypto.so.0.9.7 (libc6) => /emul/linux/x86/usr/lib/libcrypto.so.0.9.7 libcrypto.so (libc6,x86-64) => /usr/lib/libcrypto.so
libcrypto.so (libc6) => /emul/linux/x86/usr/lib/libcrypto.so |
Sorry for the late reply but I have been studing for my exams _________________ Why can t my clock just stop...
I don t want to move so why not stop
dont push me please wait a bit
maybe... just maybe I will move
from here to there
just moving not changing
by Filipe Felisberto |
|
Back to top |
|
|
texas1emt Guru
Joined: 27 Oct 2003 Posts: 352 Location: San Antonio, TX
|
Posted: Mon Jul 10, 2006 1:34 am Post subject: |
|
|
Uipe, I think it might be an issue with 64-bit chips. The binaries that Tenable makes available are for 32-bit chips only. AFAIK, they haven't written a binary for 64-bit processors yet. If you're able to find information about 64-bit builds, let me know - I haven't found any. _________________ M. Hayden - San Antonio, TX |
|
Back to top |
|
|
Uipe n00b
Joined: 19 Jun 2003 Posts: 9
|
Posted: Tue Jul 11, 2006 1:53 pm Post subject: |
|
|
oki thanks I will try to find info about it. I tougth it would be possible to emulate it like I do with the other programs. thanks anyway _________________ Why can t my clock just stop...
I don t want to move so why not stop
dont push me please wait a bit
maybe... just maybe I will move
from here to there
just moving not changing
by Filipe Felisberto |
|
Back to top |
|
|
Kvetch Guru
Joined: 29 Apr 2004 Posts: 318 Location: /dev/null, VA
|
Posted: Thu Aug 24, 2006 1:47 am Post subject: |
|
|
Great post texas1emt. I have been beating my head on getting Nessus 3 on my AMD64 machine for the exact same reasons. Nessus is installed and working great. Thanks.
Uipe - this worked for me on my AMD64 machine
Code: | # ln -s /emul/linux/x86/usr/lib/libssl.so /usr/lib/libssl.so.6
# ln -s /emul/linux/x86/usr/lib/libcrypto.so /usr/lib/libcrypto.so.6
# /opt/nessus/bin/nessus-fetch --register XXXX-XXXX-XXXX-XXXX-XXXX
Your activation code has been registered properly - thank you.
Now fetching the newest plugin set from plugins.nessus.org...
gzip is not installed on your system
Aborting
/opt/nessus/etc/nessus/nessusd.conf does not exist!
Do you have the nessus daemon installed?
An error occured while fetching the plugins. Your Nessus installation may not be up-to-date. |
Last edited by Kvetch on Thu Mar 01, 2007 1:34 pm; edited 1 time in total |
|
Back to top |
|
|
radulucian Apprentice
Joined: 05 Jan 2004 Posts: 151 Location: Bucharest Romania
|
Posted: Sat Nov 25, 2006 10:47 am Post subject: so... you need this |
|
|
good pointer Kvetch, however, if you never used the emulation before on your system, you will need to:
Code: |
emerge emul-linux-x86-baselibs
|
in order to get the stuff you pointed out in /emul/
i just did, i will have to see now if my installation works, especially because i had a problem with libz.so.1 |
|
Back to top |
|
|
elvar n00b
Joined: 29 Oct 2004 Posts: 5
|
Posted: Tue Feb 05, 2008 4:38 am Post subject: Thanks! This worked perfectly! |
|
|
Thank you so much for taking the time to write this, it definitely saved me.
Kind regards,
Elvar |
|
Back to top |
|
|
|
|
You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum You cannot vote in polls in this forum
|
|