Gentoo Forums
Gentoo Forums
Gentoo Forums
Quick Search: in
HOWTO: Nessus version 3 (Nessus3) installation with FC5 RPM
View unanswered posts
View posts from last 24 hours

 
Reply to topic    Gentoo Forums Forum Index Documentation, Tips & Tricks
View previous topic :: View next topic  
Author Message
texas1emt
Guru
Guru


Joined: 27 Oct 2003
Posts: 351
Location: San Antonio, TX

PostPosted: Thu Jul 06, 2006 3:07 am    Post subject: HOWTO: Nessus version 3 (Nessus3) installation with FC5 RPM Reply with quote

HOWTO: Install Nessus 3 RPM on Gentoo

The goal of this HOWTO is to take an RPM (Red Hat Package Manager) binary file and install it on Gentoo. So, why oh why would someone rather install a non-GPL binary rather than the older GPL'd 2.x versions of nessus? Efficiency. Through multiple tests of my own, I've found that Nessus 3 is much more efficient. It's able to do more with less resources. Also, my boss said I had to use Nessus 3 :)

This howto uses the app-arch/rpm2targz scripts rather than using the basic app-arch/rpm installer application. My reason for avoiding the app-arch/rpm package is that it takes a while to emerge and has more dependencies than rpm2targz.

Step 1: Get the files you need
    As said previously, Nessus is now a binary in version 3. I can't put a direct download from here, so you'll need to go to their download area here: Nessus Download Link

    You'll have to register with them - aggravating, I know - but it's the only way to get Nessus 3.

    IMPORTANT: If you want the simplest possible install, choose the Fedora Core 5 RPM (it has 'fc5' in the filename). It's the closest library match-up to an updated Gentoo system. Once you have the file downloaded, you will need the app-arch/rpm2targz package to turn the RPM into a more manageable tar.gz file. There's nothing to compile, so it will merge quickly.
    Code:
    # emerge app-arch/rpm2targz


    Now you're ready to install Nessus.

Step 2: Nessus Installation
    Change into the directory where you placed your RPM file. Run rpm2targz on it. This takes about 90 seconds on my P3 with very slow storage.
    Code:
    # rpm2targz Nessus-3.0.3-fc5.i386.rpm
    found gzip magic bytes
      trying to decompress with gzip...  OK


    Now un-tar.gz it.
    Code:
    # tar xvzf Nessus-3.0.3-fc5.i386.tar.gz


    You should now have two directories, etc and opt. The opt directory has all of the Nessus application files and libraries and etc has a horribly RedHat-ified init script that we have to replace. Change into the opt directory (not /opt, but the opt directory that came out of the tar.gz) and move the nessus directory to /opt. You will need to add two folders to your $PATH variable: /opt/nessus/bin/ and /opt/nessus/sbin/.

    Move the nessus directory that is inside the opt directory that came from the tar.gz into the actual /opt/ folder on your system.
    Code:
    # cd opt
    # ls
    nessus
    # mv nessus /opt/

Step 3: Installing Libraries
    You'll immediately see a problem if you try to run the registration command that Tenable provides in the e-mail they sent when you downloaded the software:
    Code:
    # /opt/nessus/bin/nessus-fetch --register ****-****-****-****-****
    /opt/nessus/bin/nessus-fetch: error while loading shared libraries: libnessus.so.3: cannot open shared object file: No such file or directory


    Okay, we have to link up these libraries before we can start any of the Nessus services. It's a pretty quick process. First, we need to explain to Gentoo (via environment variables) where these new libraries are. Open up your /etc/env.d/00basic file and add /opt/nessus/lib/ to your LDPATH variable like so:
    Code:
    LDPATH="/usr/local/lib:/opt/nessus/lib"


    Save the file, exit, and run env-update. Now, if you try to run the nessus-fetch command again, you'll find a new problem:
    Code:
    # env-update
    >>> Regenerating /etc/ld.so.cache...
    # /opt/nessus/bin/nessus-fetch --register ****-****-****-****-****
    /opt/nessus/bin/nessus-fetch: error while loading shared libraries: libssl.so.6: cannot open shared object file: No such file or directory


    Don't worry - you have the libssl libraries, but they're not called the same as they would be if this was a Fedora Core 5 system. Just make a symbolic link from the library you have to the one that the Nessus binary is searching for:
    Code:
    # ls -al /usr/lib/libssl*
    -rw-r--r-- 1 root root 305960 Jul  5 20:12 /usr/lib/libssl.a
    lrwxrwxrwx 1 root root     11 Jul  5 20:12 /usr/lib/libssl.so -> libssl.so.0
    lrwxrwxrwx 1 root root     15 Jul  5 20:12 /usr/lib/libssl.so.0 -> libssl.so.0.9.7
    -r-xr-xr-x 1 root root 201328 Jul  5 20:12 /usr/lib/libssl.so.0.9.7
    # ln -s /usr/lib/libssl.so /usr/lib/libssl.so.6


    Try the command again and we're short one last library:
    Code:
    # /opt/nessus/bin/nessus-fetch --register ****-****-****-****-****
    /opt/nessus/bin/nessus-fetch: error while loading shared libraries: libcrypto.so.6: cannot open shared object file: No such file or directory


    Now, just make a symbolic link from your libcrypto library to the library that Nessus is searching for:
    Code:
    # ls -al /usr/lib/libcrypto*
    -rw-r--r-- 1 root root 2031486 Jul  5 20:12 /usr/lib/libcrypto.a
    lrwxrwxrwx 1 root root      14 Jul  5 20:12 /usr/lib/libcrypto.so -> libcrypto.so.0
    lrwxrwxrwx 1 root root      18 Jul  5 20:12 /usr/lib/libcrypto.so.0 -> libcrypto.so.0.9.7
    -r-xr-xr-x 1 root root 1107852 Jul  5 20:12 /usr/lib/libcrypto.so.0.9.7
    # ln -s /usr/lib/libcrypto.so /usr/lib/libcrypto.so.6

Step 4: Registration, configuration and plugin download
    Okay, the libraries are done. Unfortunately, Nessus expects to find gzip in /usr/bin/, but Gentoo has it in /bin/ instead. Another symbolic link will fix it all up, and then you can run your registration command:
    Code:
    # /opt/nessus/bin/nessus-fetch --register ****-****-****-****-****
    Your activation code has been registered properly - thank you.
    Now fetching the newest plugin set from plugins.nessus.org...
    /opt/nessus/etc/nessus/nessusd.conf does not exist!
    Do you have the nessus daemon installed?
    An error occured while fetching the plugins. Your Nessus installation may not be up-to-date.


    Don't worry about the error. The configuration file is missing because we haven't run nessusd before. That will end up remedying itself in just a moment. We need to make a certificate for Nessus to use now. Run nessus-mkcert. I usually just press enter on the options because I don't have much use for the certificate since I only talk to Nessus over the localhost anyways. Once that's finished, run nessus-add-first-user. The options are pretty self-explanatory, but ignore the last line telling to to start Nessus.

    Here's an init script that I wrote for Nessus. Save this as /etc/init.d/nessusd:
    Code:
    #!/sbin/runscript

    PIDFILE=/opt/nessus/var/nessus/nessusd.pid

    depend() {
            need net
    }

    start() {
            ebegin "Starting Nessus"
            start-stop-daemon --start --verbose --nicelevel -10 \
                     --exec /opt/nessus/sbin/nessusd -- -Dq
            eend $?
    }

    stop() {
            ebegin "Stopping Nessus"
            start-stop-daemon --stop --retry 10 --pidfile ${PIDFILE}
            eend $?
    }


    Save the file as /etc/init.d/nessusd. Make it executable and give it a run. Keep in mind - this will take a WHILE the first time you start this, or when you start it after a reboot. All of the plugins have to be read off the drive and cached.
    Code:
    # /etc/init.d/nessusd start
     * Caching service dependencies ...                             [ ok ]
     * Starting Nessus ...
    Starting /opt/nessus/sbin/nessusd...                            [ ok ]


    And, if you want it to run when your computer boots up:
    Code:
    # rc-update add nessusd default


    WATCH OUT! Setting Nessus to start on boot-up will drastically increase the amount of time your system will take to boot. This is mainly due to plugin caching.

    Now, just update your plugins (I like verbose output):
    Code:
    # nessus-update-plugins -vvv


You're all set to go! You can use GUI Nessus clients on Linux, OS X and Windows desktops now, or you can use nessus on the command line. If you have any problems, please let me know!
_________________
M. Hayden - San Antonio, TX


Last edited by texas1emt on Mon Oct 16, 2006 5:26 pm; edited 4 times in total
Back to top
View user's profile Send private message
Uipe
n00b
n00b


Joined: 19 Jun 2003
Posts: 9

PostPosted: Thu Jul 06, 2006 3:10 pm    Post subject: Reply with quote

:oops: I fallowed your guide but I still have problems with the libraries
Code:
 ls -al /usr/lib/libssl*
-rw-r--r-- 1 root root 368534 Jun 19 20:32 /usr/lib/libssl.a
lrwxrwxrwx 1 root root     11 Jun 19 20:32 /usr/lib/libssl.so -> libssl.so.0
lrwxrwxrwx 1 root root     15 Jun 19 20:32 /usr/lib/libssl.so.0 -> libssl.so.0.9.7
-r-xr-xr-x 1 root root 203208 Jun 19 20:32 /usr/lib/libssl.so.0.9.7
lrwxrwxrwx 1 root root     18 Jul  6 16:04 /usr/lib/libssl.so.6 -> /usr/lib/libssl.so

Code:
/opt/nessus/bin/nessus-fetch --register *-*-*-*-*
/opt/nessus/bin/nessus-fetch: error while loading shared libraries: libssl.so.6: cannot open shared object file: No such file or directory


here is my edited /etc/env.d/00basic
Code:
# /etc/env.d/00basic

PATH="/opt/bin:/opt/nessus/bin/:/opt/nessus/sbin/"
ROOTPATH="/opt/bin"
LDPATH="/usr/local/lib:/opt/nessus/lib"
MANPATH="/usr/local/share/man:/usr/share/man"
INFOPATH="/usr/share/info"
CVS_RSH="ssh"
PAGER="/usr/bin/less"
LESSOPEN="|lesspipe.sh %s"


thanks for the guide and sorry if this question is really noob
_________________
Why can t my clock just stop...
I don t want to move so why not stop
dont push me please wait a bit
maybe... just maybe I will move
from here to there
just moving not changing

by Filipe Felisberto
Back to top
View user's profile Send private message
texas1emt
Guru
Guru


Joined: 27 Oct 2003
Posts: 351
Location: San Antonio, TX

PostPosted: Thu Jul 06, 2006 4:05 pm    Post subject: Reply with quote

Hey there Uipe, I think you may need to run an additional env-update after you made those symlinks. I didn't have to, but your system may be different. So, as root, just run:
Code:
# env-update


Once you do that, try running the nessus registration command again and let me know what happens!
_________________
M. Hayden - San Antonio, TX
Back to top
View user's profile Send private message
Uipe
n00b
n00b


Joined: 19 Jun 2003
Posts: 9

PostPosted: Thu Jul 06, 2006 6:39 pm    Post subject: Reply with quote

I don't know I must be doing something wrong becase I have rebooted my system and still no go.
_________________
Why can t my clock just stop...
I don t want to move so why not stop
dont push me please wait a bit
maybe... just maybe I will move
from here to there
just moving not changing

by Filipe Felisberto
Back to top
View user's profile Send private message
texas1emt
Guru
Guru


Joined: 27 Oct 2003
Posts: 351
Location: San Antonio, TX

PostPosted: Sat Jul 08, 2006 9:20 pm    Post subject: Reply with quote

Uipe, i wish there was something else I could do to help, but I'm at a loss.

This is my /etc/env.d/00basic (which is almost identical to yours):
Code:
# /etc/env.d/00basic

PATH="/opt/bin"
ROOTPATH="/opt/bin"
LDPATH="/usr/local/lib:/opt/nessus/lib"
MANPATH="/usr/local/share/man:/usr/share/man"
INFOPATH="/usr/share/info"
CVS_RSH="ssh"
PAGER="/usr/bin/less"
LESSOPEN="|lesspipe.sh %s"


And here's the symbolic links for my libraries:
Code:
$ ls -al /usr/lib/libssl* /usr/lib/libcrypto*
-rw-r--r-- 1 root root 2031486 Jul  5 20:12 /usr/lib/libcrypto.a
lrwxrwxrwx 1 root root      14 Jul  5 20:12 /usr/lib/libcrypto.so -> libcrypto.so.0
lrwxrwxrwx 1 root root      18 Jul  5 20:12 /usr/lib/libcrypto.so.0 -> libcrypto.so.0.9.7
-r-xr-xr-x 1 root root 1107852 Jul  5 20:12 /usr/lib/libcrypto.so.0.9.7
lrwxrwxrwx 1 root root      21 Jul  5 21:11 /usr/lib/libcrypto.so.6 -> /usr/lib/libcrypto.so
-rw-r--r-- 1 root root  305960 Jul  5 20:12 /usr/lib/libssl.a
lrwxrwxrwx 1 root root      11 Jul  5 20:12 /usr/lib/libssl.so -> libssl.so.0
lrwxrwxrwx 1 root root      15 Jul  5 20:12 /usr/lib/libssl.so.0 -> libssl.so.0.9.7
-r-xr-xr-x 1 root root  201328 Jul  5 20:12 /usr/lib/libssl.so.0.9.7
lrwxrwxrwx 1 root root      18 Jul  5 21:09 /usr/lib/libssl.so.6 -> /usr/lib/libssl.so


Yours seem to match everything I have. Are all of the Nessus libraries from the original RPM in /opt/nessus/lib ? Also, make sure your ldconfig output looks like this:
Code:
# ldconfig -p | grep -i ssl       
        libssl.so.0.9.7 (libc6) => /usr/lib/libssl.so.0.9.7
        libssl.so (libc6) => /usr/lib/libssl.so
# ldconfig -p | grep -i crypto
        libcrypto.so.0.9.7 (libc6) => /usr/lib/libcrypto.so.0.9.7
        libcrypto.so (libc6) => /usr/lib/libcrypto.so

_________________
M. Hayden - San Antonio, TX
Back to top
View user's profile Send private message
Uipe
n00b
n00b


Joined: 19 Jun 2003
Posts: 9

PostPosted: Sun Jul 09, 2006 10:27 pm    Post subject: Reply with quote

Quote:
You will need to add two folders to your $PATH variable: /opt/nessus/bin/ and /opt/nessus/sbin/.

Could you explain me I do I do this?

And here is the resul of:
Code:
nuke lib # ldconfig -p | grep -i ssl
        libssl3.so.11 (libc6,x86-64) => /usr/lib64/nss/libssl3.so.11
        libssl3.so (libc6,x86-64) => /usr/lib64/nss/libssl3.so
        libssl.so.0.9.7 (libc6,x86-64) => /usr/lib/libssl.so.0.9.7
        libssl.so.0.9.7 (libc6) => /emul/linux/x86/usr/lib/libssl.so.0.9.7
        libssl.so (libc6,x86-64) => /usr/lib/libssl.so
        libssl.so (libc6) => /emul/linux/x86/usr/lib/libssl.so
        libgnutls-openssl.so.12 (libc6,x86-64) => /usr/lib/libgnutls-openssl.so.12
        libgnutls-openssl.so (libc6,x86-64) => /usr/lib/libgnutls-openssl.so
nuke lib # ldconfig -p | grep -i crypto
        libcrypto.so.0.9.7 (libc6,x86-64) => /usr/lib/libcrypto.so.0.9.7
        libcrypto.so.0.9.7 (libc6) => /emul/linux/x86/usr/lib/libcrypto.so.0.9.7        libcrypto.so (libc6,x86-64) => /usr/lib/libcrypto.so
        libcrypto.so (libc6) => /emul/linux/x86/usr/lib/libcrypto.so


Sorry for the late reply but I have been studing for my exams ;)
_________________
Why can t my clock just stop...
I don t want to move so why not stop
dont push me please wait a bit
maybe... just maybe I will move
from here to there
just moving not changing

by Filipe Felisberto
Back to top
View user's profile Send private message
texas1emt
Guru
Guru


Joined: 27 Oct 2003
Posts: 351
Location: San Antonio, TX

PostPosted: Mon Jul 10, 2006 1:34 am    Post subject: Reply with quote

Uipe, I think it might be an issue with 64-bit chips. The binaries that Tenable makes available are for 32-bit chips only. AFAIK, they haven't written a binary for 64-bit processors yet. If you're able to find information about 64-bit builds, let me know - I haven't found any. :(
_________________
M. Hayden - San Antonio, TX
Back to top
View user's profile Send private message
Uipe
n00b
n00b


Joined: 19 Jun 2003
Posts: 9

PostPosted: Tue Jul 11, 2006 1:53 pm    Post subject: Reply with quote

:( oki thanks I will try to find info about it. I tougth it would be possible to emulate it like I do with the other programs. thanks anyway
_________________
Why can t my clock just stop...
I don t want to move so why not stop
dont push me please wait a bit
maybe... just maybe I will move
from here to there
just moving not changing

by Filipe Felisberto
Back to top
View user's profile Send private message
Kvetch
Guru
Guru


Joined: 29 Apr 2004
Posts: 318
Location: /dev/null, VA

PostPosted: Thu Aug 24, 2006 1:47 am    Post subject: Reply with quote

Great post texas1emt. I have been beating my head on getting Nessus 3 on my AMD64 machine for the exact same reasons. Nessus is installed and working great. Thanks.

Uipe - this worked for me on my AMD64 machine
Code:
# ln -s /emul/linux/x86/usr/lib/libssl.so /usr/lib/libssl.so.6
# ln -s /emul/linux/x86/usr/lib/libcrypto.so /usr/lib/libcrypto.so.6
# /opt/nessus/bin/nessus-fetch --register XXXX-XXXX-XXXX-XXXX-XXXX
Your activation code has been registered properly - thank you.
Now fetching the newest plugin set from plugins.nessus.org...
gzip is not installed on your system
Aborting
/opt/nessus/etc/nessus/nessusd.conf does not exist!
Do you have the nessus daemon installed?
An error occured while fetching the plugins. Your Nessus installation may not be up-to-date.


Last edited by Kvetch on Thu Mar 01, 2007 1:34 pm; edited 1 time in total
Back to top
View user's profile Send private message
radulucian
Apprentice
Apprentice


Joined: 05 Jan 2004
Posts: 151
Location: Bucharest Romania

PostPosted: Sat Nov 25, 2006 10:47 am    Post subject: so... you need this Reply with quote

good pointer Kvetch, however, if you never used the emulation before on your system, you will need to:
Code:

 emerge emul-linux-x86-baselibs


in order to get the stuff you pointed out in /emul/

i just did, i will have to see now if my installation works, especially because i had a problem with libz.so.1
Back to top
View user's profile Send private message
elvar
n00b
n00b


Joined: 29 Oct 2004
Posts: 5

PostPosted: Tue Feb 05, 2008 4:38 am    Post subject: Thanks! This worked perfectly! Reply with quote

Thank you so much for taking the time to write this, it definitely saved me.



Kind regards,
Elvar
Back to top
View user's profile Send private message
Display posts from previous:   
Reply to topic    Gentoo Forums Forum Index Documentation, Tips & Tricks All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum