Installing Nessus on Solaris

In this example, I install Nessus 2.0.5 from packages for Solaris 8.

1. Download and install the nessus,openssl, libgcc, and wget packages from Sunfreeware.
ftp://mirrors.secsup.org/pub/solaris/freeware/sparc/8/nessus-2.0.5-sol8-sparc-local.gz
ftp://mirrors.secsup.org/pub/solaris/freeware/sparc/8/openssl-0.9.7b-sol8-sparc-local.gz
ftp://mirrors.secsup.org/pub/solaris/freeware/sparc/8/libgcc-3.3-sol8-sparc-local.gz
ftp://mirrors.secsup.org/pub/solaris/freeware/sparc/8/wget-1.8.2-sol8-sparc-local.gz

2. Download and install ANDIrand to create entropy for the nessus-mkcert program.
http://www.cosy.sbg.ac.at/~andi/SUNrand/pkg/ANDIrand-0.7-5.8-sparc-1.pkg

If there is not suffient entropy when running nessus-mkcert, you may receive error messages such as:

warning, not much extra random data, consider using the -rand option
Generating RSA private key, 1024 bit long modulus
29556:error:24064064:random number generator:SSLEAY_RAND_BYTES:PRNG not seeded:md_rand.c:503:You need to read the OpenSSL FAQ, http://www.openssl.org/support/faq.html
29556:error:04069003:rsa routines:RSA_generate_key:BN lib:rsa_gen.c:182:
unable to load Private Key
29557:error:0906D06C:PEM routines:PEM_read_bio:no start line:pem_lib.c:632:Expecting: ANY PRIVATE KEY
warning, not much extra random data, consider using the -rand option
Generating RSA private key, 1024 bit long modulus
29559:error:24064064:random number generator:SSLEAY_RAND_BYTES:PRNG not seeded:md_rand.c:503:You need to read the OpenSSL FAQ, http://www.openssl.org/support/faq.html
29559:error:04069003:rsa routines:RSA_generate_key:BN lib:rsa_gen.c:182:
unable to load Private Key
29560:error:0906D06C:PEM routines:PEM_read_bio:no start line:pem_lib.c:632:Expecting: ANY PRIVATE KEY
Using configuration from /tmp/nessus-mkcert.29539/std.cnf
unable to load 'random state'
This means that the random number generator has not been seeded
with much random data.
unable to load CA private key
29562:error:0906D06C:PEM routines:PEM_read_bio:no start line:pem_lib.c:632:Expecting: ANY PRIVATE KEY

3. Run nessus-mkcert to create a Nessus server certificate.
/usr/local/sbin/nessus-mkcert

4. Create local user(s) with nessus-adduser
/usr/local/sbin/nessus-adduser

5. Update the Nessus plugs with nessus-update-plugins
/usr/local/sbin/nessus-update-plugins

Note: Solaris 8 users may encounter the following error when running nessus-update-plugins:
tar: directory checksum error
Something went wrong when installing the plugins - uncompressing the plugins archive failed

This is because nessus-update-plugins has a hard-coded gzip location of /usr/local/bin instead of /usr/bin. Edit /usr/local/sbin/nessus-update-plugins.

Change:
gzip=/usr/local/bin/gzip

To:
gzip=/usr/bin/gzip

You may want to run /usr/local/sbin/nessus-update-plugins every day via the cron facility.

# crontab -l > /tmp/root_crontab
# echo "0 3 * * * /usr/local/sbin/nessus-update-plugins >/dev/null 2>&1" >> /tmp
/root_crontab
# crontab /tmp/root_crontab
# rm /tmp/root_crontab

6. Create a Nessus startup/shutdown script.

vi /etc/init.d/nessusd

Add:
#!/sbin/sh

case "$1" in
'start')
        /usr/local/sbin/nessusd -D
        ;;

'stop')
        kill `ps -ef | grep [/]usr/local/sbin/nessusd | awk '{print $2}'`
        ;;

*)
        echo "Usage: $0 { start | stop }"
        exit 1
        ;;
esac

chmod 744 /etc/init.d/nessusd
ln -s /etc/init.d/nessusd /etc/rc2.d/S99nessusd
ln -s /etc/init.d/nessusd /etc/rc1.d/K99nessusd

7. Start Nessus.
/etc/init.d/nessusd start

Back to brandonhutchinson.com.
Last modified: 08/26/2003