+ -

Pages

Saturday, October 25, 2014

Cryptolocker - why your security software won't stop it

It's not how much you've spent on security products and what you've deployed that really matters when it comes down to threats like Cryptolocker. It's HOW you've spent the money and HOW you've deployed these security products.

I have come across a few companies that have been hit by this nuisance. Some have been lucky enough to have backups while others haven't. Some were able to get back on their feet in a matter of hours, some took days and some couldn't. One common thing that I noted was - all of them had a LOT of security products.

Security products, are generally mass-developed for millions of users, all around the world by security software companies. They are, in most cases, off-the-shelf products that anyone can buy and then deploy in their network(s). Once its up and running, the day-to-day management of it is the owner's role and responsibility. This is where things start going downhill.

Every network is different. And this is why every network has different security needs. One product, in this industry, simply put, never fits all. You could buy the best security solution out there but you still need to make sure that it is, one, deployed the right way on your network and, two, it is managed correctly,  every day. This is where you will fail. Guaranteed. Not today, not tomorrow but one day you will. Why? Simple - it is not your job to do ALL of that! There are people who do that for a living and are really good at that because it's their job. That's all they do.

You need to get people who specialize in security architecture and auditing on your side. You need these guys to setup your security infra-structure and then keep an eye on it. At the end of the day, you could have a really great security setup but if your staff is not educated on a regular basis on how to keep security in mind, all the time, it's only a matter of time before one of them plugs in that USB.

To wrap it up, I think the very important thing to know here is that all security products today, be it firewalls, AVs, IPSs etc, come with great features and are on top of most things malicious BUT we need to tweak, modify or downright change a few things around in order to best utilise them for our network. Once that is done, we need to make sure people in our organisation are aware of what's happening around them and make sure they be careful at all times.
5 RakshaTec: 2014 It's not how much you've spent on security products and what you've deployed that really matters when it comes down to threats l...

Monday, August 25, 2014

Junos OS Basics

Junos OS Basics

Robust
Modular
Scalable

Based on FreeBSD Kernel

Planes

1. Control Plane
2. Forwarding OR Data plane
Control Plane – controls routing and switching, consists of the Routing Engine (RE)
Data Plane – forwards frames, packets etc, consists of the Packet Forwarding Engine (PFE)
These two planes combined give Junos:
1. Reliability
2. Performance


Routing Engine (RE)

1. Routing tables
2. Bridging tables
3. Primary forwarding table
RE connects to the PFE via internal link

Packet forwarding engine (PFE)

1. Rate limiting
2. CoS
3. Stateless filtering for firewalls

HA features

1. GRES – Graceful Routing Engine Switchover
2. NSR – Nonstop Active Routing
3. ISSU – In-Service Software Upgrades

Transit Traffic

ALL Traffic coming in to Ingress port

EXCEPTION Traffic

Ping, Telnet, Traceroute etc

5 RakshaTec: 2014 Junos OS Basics • Robust • Modular • Scalable Based on FreeBSD Kernel Planes 1. Control Plane 2. Forwarding OR Dat...

Thursday, June 19, 2014

Nessus::Changing the activation code to 'SecurityCenter'

If you have been running Nessus on a stand-alone Activation Code and now you have installed Security Center and want the Nessus scanner to be used via SecurityCenter, you need to change the activation code to 'SecurityCenter'.
Since the scanner is already registered, when you try to change the activation code to 'SecurityCenter' it will give you an error. Something like "The provided Activation Code (SecurityCenter) was refused by the remote server".
Here's how to handle that:
From the console, run this cmd:

[root@vishal bin]# ./nessus-fetch --security-center

That's it. Solved.


5 RakshaTec: 2014 If you have been running Nessus on a stand-alone Activation Code and now you have installed Security Center and want the Nessus scanner to b...

Wednesday, May 21, 2014

NESSUS: OFFLINE PLUGIN UPDATE ON WINDOWS

1. Generate a challenge code by running the following command:
C:\Program Files\Tenable\Nessus>nessus-fetch --challenge

2. Go to https://plugins.nessus.org/offline.php and paste the challenge code, as well as the Activation Code into the appropriate text boxes.

3. After entering the challenge and activation code, the website will produce a link to download the latest Nessus plugin feed, as well as a link to download nessus-fetch.rc at the bottom of the screen. Be sure to save this link as it will be needed each time you want to update your plugins.

4. Copy the nessus-fetch.rc to the following directory: C:\Program Files\Tenable\Nessus\conf

This will only need to be copied this one time, and not each time you download the plugins.

5. To register your scanner in offline mode, run the following command:
C:\Program Files\Tenable\Nessus>nessus-fetch --register-offline C:\Program Files\Tenable\Nessus\conf\nessus-fetch.rc

(Syntax is nessus-fetch --register-offline <file.rc> )

6. Next, copy the all-2.0.tar.gz file downloaded from the website to the C:\Program Files\Tenable\Nessus directory, and run the following command:
C:\Program Files\Tenable\Nessus>nessus-update-plugins all-2.0.tar.gz

7. Once the plugins are installed please rebuild plugins database:
C:\Program Files\Tenable\Nessus\nessusd -R


8. Finally, restart the Nessus Server
5 RakshaTec: 2014 1. Generate a challenge code by running the following command: C:\Program Files\Tenable\Nessus>nessus-fetch --challenge 2. Go to h...

Nessus :: updating/setting proxy through cli

WIN:
“\Program Files”\Tenable\Nessus\nessus-fix --secure --set proxy=%IP or Hostname of Proxy%
“\Program Files”\Tenable\Nessus\nessus-fix --secure --set proxy_port=%Port of Proxy%
“\Program Files”\Tenable\Nessus\nessus-fix --secure --set proxy_username=%Username of Proxy%
 “\Program Files”\Tenable\Nessus\nessus-fix --secure --set proxy_password=%Password of Proxy%

LIN:
same cmds from #/opt/nessus/sbin/
5 RakshaTec: 2014 WIN: “\Program Files”\Tenable\Nessus\nessus-fix --secure --set proxy=%IP or Hostname of Proxy% “\Program Files”\Tenable\Nessus\nessus-fix ...

Monday, May 5, 2014

Five 'Truths' About PCI Compliance and Cybersecurity

A must-read for anyone that is involved or interested in PCI -


Five 'Truths' About PCI Compliance and Cybersecurity

5 RakshaTec: 2014 A must-read for anyone that is involved or interested in PCI - Five 'Truths' About PCI Compliance and Cybersecurity

Tuesday, April 22, 2014

Nessus and Name Resolution

For those of you who like having a name displayed in the results that you export as PDF and send them off to the boss, instead of the IP addresses, there is a way of doing that through Nessus.

All you need to do is look for plugin 12053 results. Obviously, you need to have it enabled before you launch the scan. Once you have the results back, look for the results of this plugin and you’ll see all the names of the targets that have been scanned. Filter the results accordingly and you’re the star!
5 RakshaTec: 2014 For those of you who like having a name displayed in the results that you export as PDF and send them off to the boss, instead of the IP ad...

Thursday, April 17, 2014

Managing Disk Space on Appliance for SecurityCenter


There are two things you can do here, your choice but both are 'good to know':
1. Increase the disk space (latest version of appliance supports this feature). I have attached a doc on how to accomplish this - please see page 53.

2. Change the settings related to data expiration. This is the best way of deleting data from SC automatically. Please have a quick look at these options below and set them up according to your needs/setup on SC. This will help you bring down disk usage drastically.

Please have a look here and change the number of days by logging in as admin -> configuration -> expiration

Active: Active scanning data is stored in a repository from Nessus scans ( :/opt/sc4/repositories/<repoID>/hdb.* ) Example:  :/opt/sc4/repositories/1/hdb.*

Passive: Does this apply to you?
FYI PVS data is stored in the "active" repository /opt/sc4/repositories/<repoID>/hdb* ) Example:  :/opt/sc4/repositories/1/hdb.*

Compliance: Data derived from an .audit file plugin id 1,000,000 or higher stored in the "active" repository /opt/sc4/repositories/<repoID>/hdb* )  :Example: /opt/sc4/repositories/1/hdb.*

Mitigated: Separate data store from active repository ( :/opt/sc4/repositories/<repoID>/hdb-Patched.* ) Example: :/opt/sc4/repositories/1/hdb-Patched.*

Vulnerability Trending data: This setting can consume a lot of disk on the SC console.
This item creates daily snapshot of the active repository These files can be found here on the filesystem:  :/opt/sc4/repositories/<repoID>/VDB/<date>/ Example:  :/opt/sc4/repositories/1/VDB/2012-06-12/
for items that use trending data reports and such these files are not compressed for performance purposes.

Closed Tickets: Are you using SC4 for ticketing?
Scan results: Individual scan results. Once a scan is imported SC does no processing of that scan data unless told to so by the user.

Individual scan results can be found here on the file system:  :/opt/sc4/orgs/<orgID>/VDB/<date>/scanid* Example:  :/opt/sc4/orgs/1/VDB/2012-06-12/43522*
It can be useful time to time to see what the single scan found on that day vs the data of the repository.

Report results: Reports that an Individual may run are not deleted automatically unless with this setting.
A users report files can be found here on the file system  :/opt/sc4/orgs/<orgID>/users/<userID>/reports Example:  :/opt/sc4/orgs/1/users/1/reports


 - Trending data is what generally grows the most. This can be controlled by adjusting the number of days retention logged in as admin under System-> Configuration->Data Expiration->Vulnerability Trending Data value; after changing this to a lower value, data older than X days will be removed during the next nightlyCleanup job.
 - You can also disable trending per repository by going to Repositories->Repositories, selecting the repository you want to disable trending on, click Edit, then uncheck "Trending". If trending was enabled before, the old trending data will still be saved until the data expiration threshold value is reached then it will gradually be removed with each passing day until it is finally all gone.
5 RakshaTec: 2014 There are two things you can do here, your choice but both are 'good to know': 1. Increase the disk space (latest version of appli...

Thursday, April 10, 2014

The heart that bleeds... heartbleed and Nessus


The Heartbleed bug has caused some serious grief. Hard.
Not knowing is always worse than knowing what the damage is. In this case, its the 'not knowing'. The bug has existed for a couple of years. Could have been used for ManInTheMiddle type attacks. Not sure if was deliberate or by accident..
Tenable, as always, has done a great job - came out with great plugins in record time.
Renaud has posted a great article on how to use these and there's also a great post on the Tenable Blog by Ken.


5 RakshaTec: 2014 The Heartbleed bug has caused some serious grief. Hard. Not knowing is always worse than knowing what the damage is. In this case, its t...

Monday, April 7, 2014

Types of Access Control

Types of Access Control


Non-discretionary access control

Access is set and controlled by the overall security administrator.
Users do not have the capability to change, modify or set the ownership/access to objects

Mandatory access control

The system owner sets the access levels and users are put into different categories with different access levels.
Famous example: SELinux

Discretionary Access Control – DAC

Owner of the object decides the level of privilege that a user can have

RSBAC – rule-set based access control

Ø  Linux-based.
Ø  Exists since 1996, active development since 2000
Ø  Works at kernel level
Ø  Based on GFAC – generalized framework for access control
Several modules:
·        MAC – Mandatory access control
·        PM – Primary module
·        FC – Function control module
·        FF – File flag module
·        MS – Malware scan module
·        RC – Role compatibility module  
·        SIM – Security information modification module
·        Auth – Authentication module
·        ACL – Access control list module

RBAC – role based access control

Access is based on the role that a certain user has – access level to which is decided by the owner

 

 

CUI – constrained user interface

Ø  The user is only shown the options that he is allowed access to.
Ø  Similar to VBAC – view-based access control.
The user is only shown a view that displays options available at his access-level

CDAC – content dependent access control

Ø  Based on GFAC
Ø  Access is granted or denied based on the content and its level of secrecy or sensitivity.

CBAC – context-based access control

Ø  Works on context, or sequence of events that are detectable.
Ø  Mostly used in Firewalls.
Ø  Could be used to deny access based on how many requests are being sent in for access to a certain object. Or what sequence the requests are coming in.

TRBAC – Temporal role based access control

Ø  Time-based and Roles based.
Ø  The role is based on time that has been decided by the owner.
Ø  Could be a certain time-zone or a certain time-based window that the access is based upon.


5 RakshaTec: 2014 Types of Access Control Non-discretionary access control Access is set and controlled by the overall security administrator. Users ...

Sunday, March 30, 2014

Increase Scanner timeout from SecurityCenter CLI

Increasing your Time Out for the scanners (OS command line):
-----------------------------------------------------------------------------------
# /opt/sc4/support/bin/sqlite3 /opt/sc4/application.db "select * from Configuration where name='ScannerStatusTimeout'"
This will show the value (it should be 120 seconds by default) 

To increase it, run following command:
# /opt/sc4/support/bin/sqlite3 /opt/sc4/application.db "Update Configuration set value='300' where name='ScannerStatusTimeout'"

Now refresh scanner status and let it run for at least 20 minutes.
-----------------------------------------------------------------------------------
5 RakshaTec: 2014 Increasing your Time Out for the scanners (OS command line): -------------------------------------------------------------------------------...

Thursday, March 27, 2014

What is the Most Annoying Security Request You Have Ever Received


Had to share this with you guys. First saw this on Major Hayden's Blog. 

5 RakshaTec: 2014 Had to share this with you guys. First saw this on Major Hayden's Blog. 

Monday, March 17, 2014

Tenable SecurityCenter::Updating plugins via CLI

Most of us do this for Nessus on a regular basis but not many try doing this for SecurityCenter. But then, not many (nowhere near as many as Nessus users) of us have SC!

curl -k -G -L https://plugins-customers.nessus.org/get.php --data "f=sc-plugins-diff.tar.gz&u=[username]&p=[password]" -o sc-plugins-diff.tar.gz

 
5 RakshaTec: 2014 Most of us do this for Nessus on a regular basis but not many try doing this for SecurityCenter. But then, not many (nowhere near as many as...

Thursday, March 13, 2014

RedHat::Root access without password

Its quite interesting and somewhat funny at the same time.
I see people who have been using Linux for quite some time in some capacity or other and seem to come across as Linux-experts. When I ask them a very simple question like 'How do you login to a RedHat server when you do not have the credentials but have physical access?. Most people do not know the answer. To me, it seems quite strange. This should be one of the first things that you learn on Linux, the OS of the curious, adventurous and the hacking-types. They start talking about stuff that has nothing to do with changing runlevels. Zero-day BS is mentioned. All you Kon-booters, it is not needed and doesnt work on UEFI-enabled systems (which is available on all systems now a days).
Thought I'd explain the process (most serious Linux guys would know this, I'm sure, and agree with most of the above) for those who dont know.

1. Start the system
2. Hit 'e' to edit
3. Select the kernel (line with vmlinuz) and hit 'e' to edit.
4. Type 'init 1' at the end
5. Hit 'b' to boot.

You'll be logged into the console with root access.

Obviously, if you are serious about security, you will have disabled this feature on your system or have the system in a locked, authorized engineers only server-room.
5 RakshaTec: 2014 Its quite interesting and somewhat funny at the same time. I see people who have been using Linux for quite some time in some capacity or o...

Saturday, February 8, 2014

Openstack::Three services you better start before installing openstack on Redhat/CentOS

Hey guys!
Thought I better share this personal experience with all of you.

Now, I'm not entirely sure that this needs to be done but I did find that having these three services 'on' or 'started' before the installation helps.

1. httpd
2. mysqld
3. sshd

Have all these daemons running before starting the install process.
Please note that I'm talking about the RDO version of Openstack - from the good folks at Redhat.

Also, be aware that it takes a while to complete the process after you run the 'packstack --allinone' cmd.

5 RakshaTec: 2014 Hey guys! Thought I better share this personal experience with all of you. Now, I'm not entirely sure that this needs to be done but ...

Redhat and CentOS join forces!

Redhat and CentOS have officially joined forces 'to foster rapid innovation beyond the platform into the next generation of emerging technologies'.

This is great news guys!
Read the full announcement here:
Redhat and CentOS join forces.

5 RakshaTec: 2014 Redhat and CentOS have officially joined forces 'to foster rapid innovation beyond the platform into the next generation of emerging tec...

Linux::User Management

There are three important and essential commands:
1.      useradd: add a new user
2.      usermod: modify and existing user
3.      userdel: delete and existing user

To set a password for a user:
#passwd – use this cmd
Switches:
-l :          locks the account
-u :         unlocks the account
-S:          shows the status of the account
-e:          forces the user to change passwd on next login
Important files:
/etc/passwd:     contains account info, including passwd
/etc/shadow:    contains account and password info, but encrypted
vipw:                    use to edit the passwd file
pwck:                   use to check the integrity of the passwd file

SUID:                    sets the user id of a file/dir  – used to allow users with non-root privs to change files that require root privs.
SGUI:                   sets the group ID of a file/dir – same purpose as SUID, but for groups.
Sticky Bit:            once set, this prevents a file being deleted by users even if they have the privs to modify the file.

SUID:                                                  4                                           u+s
GUID:                                                 2                                           g+s
Sticky                                                  1                                           +t
5 RakshaTec: 2014 There are three important and essential commands: 1.       useradd : add a new user 2.       usermod : modify and existing user 3.   ...

Friday, February 7, 2014

Tenable SecurityCenter::Admin login goes to config

Please try these steps:
-SSH to the Security Center host
- Stop Security Center
# service SecurityCenter stop
-back up the /opt/sc4/application.db file
# cd /opt/sc4
# cp application.db applicaiton.db.orig
-run the following command:
# /opt/sc4/support/bin/sqlite3 /opt/sc4/application.db "UPDATE Configuration SET value = 'no' WHERE name = 'FreshInstall' AND type = 64"
-start Security Center
# service SecurityCenter start

Please log into the Security Center, first as Org Head, then as admin. Please confirm that all settings are correct in the administrator account, that you can change the password, and that you can create other administrative accounts.




5 RakshaTec: 2014 Please try these steps: -SSH to the Security Center host - Stop Security Center # service SecurityCenter stop -back up the /opt/sc4/applicat...

Nessus::Proxy and plugin update troubles

If you have a firewall on your network, you must allow outgoing access from the scanner to the following addresses via TCP port 443/https:

plugins.nessus.org (4.59.136.208)
plugins-us.nessus.org (4.59.136.208)

Run your command line as administrator 

cd c:\program files\tenable\nessus net stop "Tenable Nessus"
nessus-fix --reset
y

Set your proxy if you have one (if not, skip these steps):
nessus-fix --secure --set proxy=%IP or Hostname of Proxy% 
nessus-fix --secure --set proxy_port=%Port of Proxy% 
nessus-fix --secure --set proxy_username=%Username of Proxy% 
nessus-fix --secure --set proxy_password=%Password of Proxy%

Nessus-fetch --register <activation code> 

After it finishes updating the plugins run this:
Nessusd -R
Net start "Tenable Nessus"
5 RakshaTec: 2014 If you have a firewall on your network, you must allow outgoing access from the scanner to the following addresses via TCP port 443/https: ...

Tuesday, February 4, 2014

New CentOS - New Website

Just a quick one - CentOS has a new look: new website and a new version.

Have a look!


5 RakshaTec: 2014 Just a quick one - CentOS has a new look: new website and a new version. Have a look!

Redhat 7 :: what's new?

Long-awaited (they always are!) new version of RHEL is finally out as RHEL 7 beta and it's got a lot of new stuff (they always do)!

A quick look at some of the stuff that got me excited:

1. Linux Containers : this is huge - don't know what or how this will affect future dev regarding SELinux or if it will at all, at this time. Guess we'll have to stay tuned to Dan Walsh's Blog.

2. GNOME 3: havent tried it yet but from what I hear, it'll be, well, good to to look at!

3. Anaconda kickstart - Active Directory integration: not sure at what point I'll actually use this feature (depends on the systems environment and business needs, I guess) but I'm sure a lot of admins out there would'e wanted this for a long time.

4. OpemLMI: its very important this is not mistaken as a replacement for those devops apps like Chef or Puppet. Not much exists in terms of documentation or production experience regarding OpenLMI at this time.

5. XFS and BTRFS: both of these filesystems are now supported.

6. Dynamic Firewall: this has to be the most important new feature for me. It allows you to change rules on the fly - no need to stop and restart firewall. Well and truly 'firewalld'!

There are a lot of other new features and you can have a look at all of them at the link below. This post just gives you an idea of what's happening and of course, I've picked up what interests me here so do have a look at the official Redhat doc at:

What's new in RHEL 7?

Nothing new on KVM!
5 RakshaTec: 2014 Long-awaited (they always are!) new version of RHEL is finally out as RHEL 7 beta and it's got a lot of new stuff (they always do)! A ...

Thursday, January 30, 2014

RedHat::VirtualBox guest additions error "unable to find the sources of your current Linux kernel"

I just cannot have an instance of Redhat (or anything, for that matter) running on VBox and NOT have guest additions installed!

Now, if you're doing it for the first time, chances are you'll come across this:

*** Error: unable to find the sources of your current Linux kernel. Specify KERN_DIR=<directory> and run Make again.  Stop.


Here's what you can do to fix it:

You need to install a few packages - you can do this by:

#yum update kernel-headers

this cmd will update your headers, if needed. You need to have a valid RedHat subscription for this to work. On other OSs like CentOS, it'll simply work.

Then, run this:

#yum install kernel*

this cmd will install something like four packages (depends on what you have and dont have already). Most important package in this list would be kernel-debug.

If you need to create a local repo or simply use the DVD, you can have a look at this - http://www.projectvnux.com/2013/09/creating-custom-repositories.html

Now, you can install the VBox Guest Additions - should work without errors.

Reboot. Enjoy fullscreen!
5 RakshaTec: 2014 I just cannot have an instance of Redhat (or anything, for that matter) running on VBox and NOT have guest additions installed! Now, if yo...

Saturday, January 25, 2014

PHP:: Stay on the same page after login or logout

Hey guys, working on a PHP project for quite some time now, thought I'll start sharing some tips and tricks as and when time allows!

This one is for that situation where you want the user to login from a page (say pageA.php) and after the credentials have been verified, you want the session to start but the user should stay on the same page.

First of all, you'll need to start the session in your php code - which, if you are using session-based authentication, should already exist in your code.

Something like:

<?php
session_start();

Now, to this you could add something like this:

$_SESSION['url'] = $_SERVER['REQUEST_URI'];

What this does is, sets the URI in the session using the php variable $_SERVER, as the current URL. This URL is the one that we will redirect to in our login.php (or whatever you've named that file) if the authentication has been successful. 

So, in all pages on your website, you'll need to start with something like:

<?php session_start();
ob_start();
$_SESSION['url'] = $_SERVER['REQUEST_URI'];
?>

Again, this could simply be included in a header file so you dont have to manually add these lines in all pages.

Once this has been done, in your login.php, simply add the following lines after the statement that checks for authentication:

if(isset($_SESSION['url'])) 
   $url = $_SESSION['url']; 
else 
   $url = "whatever page you want the user to be redirected to if the session wasnt able to capture the URL"; 
header("location: $url"); //this will redirect the user to previous URL, if set in the session

Hope this is useful in some way!
Cheers!
5 RakshaTec: 2014 Hey guys, working on a PHP project for quite some time now, thought I'll start sharing some tips and tricks as and when time allows! T...

Nessus: Offline Plugin update on Linux


Offline Plugins Linux:
1. Generate a challenge code by running the following command:
/opt/nessus/bin/nessus-fetch --challenge

2. Go to https://plugins.nessus.org/offline.php and paste the challenge code, as well as the Activation Code into the appropriate text boxes.

3. After entering the challenge and activation code, the website will produce a link to download the latest Nessus plugin feed, as well as a link to download nessus-fetch.rc at the bottom of the screen. Be sure to save this link as it will be needed each time you want to update your plugins.

4. Copy the nessus-fetch.rc to the following directory: /opt/nessus/etc/nessus/

This will only need to be copied this one time, and not each time you download the plugins.

5. To register your scanner in offline mode, run the following command:
/opt/nessus/bin/nessus-fetch --register-offline /opt/nessus/etc/nessus/nessus-fetch.rc

(Syntax is nessus-fetch --register-offline <file.rc> )

6. Next, copy the all-2.0.tar.gz file downloaded from the website to the Nessus sbin directory, and run the following command:
# /opt/nessus/sbin/nessus-update-plugins all-2.0.tar.gz

7. Once the plugins are installed please rebuild plugins database:
# /opt/nessus/sbin/nessusd -R

8. Finally, restart the Nessus Server which can be done by running the following two commands:

# service nessusd restart
5 RakshaTec: 2014 Offline Plugins Linux: 1. Generate a challenge code by running the following command: /opt/nessus/bin/nessus-fetch --challenge 2. ...

Nessus: update plugins from CLI

Has to be done as Admin and has to be done in the sequence laid out below:


cd "C:\Program Files\Tenable\Nessus"

net stop "Tenable Nessus"

nessus-fix --reset

nessus-fetch --register YOUR-ACTIVATION-CODE

nessus-update-plugins -f

nessusd -R

net start "Tenable Nessus"
5 RakshaTec: 2014 Has to be done as Admin and has to be done in the sequence laid out below: cd "C:\Program Files\Tenable\Nessus" net stop "Te...

Nessus: Migration

NESSUS MIGRATION

When migrating Nessus from one machine to another, please make sure that the versions are same - at least the major version should be the same. 


In Nessus, the bit version (32bit or 64 bit) will not affect

Step One: Backup

On Windows:
1.      Install Nessus on the new drive or host.
2.      Do not run any scans or create any policies with the new copy of Nessus. Stop your Nessus
3.      Copy OLD_DRIVE:\\Program files\\Tenable\\Nessus\\nessus\\master.key to CURRENT_DRIVE:\\Program Files\\Tenable\\Nessus\\nessus\\master.key
4.      Copy OLD_DRIVE:\\Program files\\Tenable\\Nessus\\nessus\\users to CURRENT_DRIVE:\\Program Files\\Tenable\\Nessus\\nessus\\users
5.      Copy OLD_DRIVE:\\Program files\\Tenable\\Nessus\\nessus\\policies.db to CURRENT_DRIVE:\\Program Files\\Tenable\\Nessus\\nessus\\policies.db
6.      Start Nessus on the new system.
      Note: The path is C:\Documents and Settings\All Users\Application Data\Tenable\Nessus\nessus for WindowsXP users and programdata for windows vista/7 users
On *nix:
1.      Install Nessus on the new drive or host.
2.      Do not run any scans or create any policies with the new copy of Nessus. Stop your Nessus
3.      Copy OLD_DRIVE /opt/nessus/var/nessus/master.key to CURRENT_DRIVE /opt/nessus/var/nessus/master.key
4.      Copy OLD_DRIVE /opt/nessus/var/nessus/users to CURRENT_DRIVE /opt/nessus/var/nessus/users
5.      Copy OLD_DRIVE /opt/nessus/var/nessus/policies.db to CURRENT_DRIVE /opt/nessus/var/nessus/policies.db
6.      Start Nessus on the new system.
On Mac OS X:
1.      Install Nessus on the new drive or host.
2.      Do not run any scans or create any policies with the new copy of Nessus.
3.      Copy OLD_DRIVE /Library/Nessus/run/var/nessus/master.key to CURRENT_DRIVE /Library/Nessus/run/var/nessus/master.key
4.      Copy OLD_DRIVE /Library/Nessus/run/var/nessus/users to CURRENT_DRIVE /Library/Nessus/run/var/nessus/users
5.      Copy OLD_DRIVE /Library/Nessus/run/var/nessus/policies.db to CURRENT_DRIVE /Library/Nessus/run/var/nessus/policies.db
6.      Start Nessus on the new system.

Step Two: Reset the Activation code through portal

To reset your code you will need to log into the Support portal ( https://support.tenable.com ) then select Activation Codes then select the ‘+’ symbol beside “Nessus after the section is expanded select the feed you want reset and then click on the X next to the code to reset it. Reset codes have a 10 day waiting period before you can reset your code again. You can use the code immediately after it is reset.

Please be aware that our plugin download ip address is: 4.59.136.208 and, you may need to update your firewall rules to allow plugin downloads over port 443 for that IP address.

Three: reset the code in Nessus through command line

You can use the following to activate your Nessus. First you will need to reset the code on the support portal before running the commands listed below.


Unix Systems: (login as root user)

# service nessusd stop
# /opt/nessus/sbin/nessus-fix --reset

Set your proxy if you have one (if not skip these steps): Please note that nessus-fetch.db is needed for the proxy set up and this file will not exist in a fresh installation until the plugins get updated.

nessus-fix --secure --set proxy=%IP or Hostname of Proxy% 
nessus-fix --secure --set proxy_port=%Port of Proxy% 
nessus-fix --secure --set proxy_username=%Username of Proxy% 
nessus-fix --secure --set proxy_password=%Password of Proxy%

Register your code:
# /opt/nessus/bin/nessus-fetch --register ACTIVATIONCODE
# /opt/nessus/sbin/nessusd -R
# service nessusd start

Please replace the ACTIVATIONCODE with your own one

Windows system: ( you will need to run CMD as administrator) 

NET STOP “Tenable Nessus”
“\Program Files”\Tenable\Nessus\nessus-fix --reset

Register your code:
“\Program Files”\Tenable\Nessus\nessus-fetch --register ACTIVATIONCODE
“\Program Files”\Tenable\Nessus\nessusd –R
NET START “Tenable Nessus”

Please replace the ACTIVATIONCODE with your own one

Mac OSX system: 

# launchctl unload -w /Library/LaunchDaemons/com.tenablesecurity.nessusd.plist
# /Library/Nessus/run/sbin/nessus-fix --reset

Register your code:
# /Library/Nessus/run/bin/nessus-fetch --register ACTIVATIONCODE
# /Library/Nessus/run/sbin/nessusd -R
# launchctl load -w /Library/LaunchDaemons/com.tenablesecurity.nessusd.plist

Please replace the ACTIVATIONCODE with your own. 
5 RakshaTec: 2014 NESSUS MIGRATION When migrating Nessus from one machine to another, please make sure that the versions are same - at least the major vers...

Tenable Nessus: Proxy and plugin update troubles

If you have a firewall on your network, you must allow outgoing access from the scanner to the following addresses via TCP port 443/https:

plugins.nessus.org (4.59.136.208)
plugins-us.nessus.org (4.59.136.208)

Run your command line as administrator 

cd c:\program files\tenable\nessus net stop "Tenable Nessus"
nessus-fix --reset
y

Set your proxy if you have one (if not skip these steps):
nessus-fix --secure --set proxy=%IP or Hostname of Proxy% 
nessus-fix --secure --set proxy_port=%Port of Proxy% 
nessus-fix --secure --set proxy_username=%Username of Proxy% 
nessus-fix --secure --set proxy_password=%Password of Proxy%

Nessus-fetch --register <activation code> 

After it finishes updating the plugins run this:
Nessusd -R
Net start "Tenable Nessus"
5 RakshaTec: 2014 If you have a firewall on your network, you must allow outgoing access from the scanner to the following addresses via TCP port 443/https: ...
< >