Nessus ÇÁ·Î±×·¥ ¼Ò°³ ¹× ¼³Ä¡

±Û : Çöâȣ climbk2@hitel.net

 

 

    <¸ñ Â÷>

    0. Nessus¶õ ¹«¾ù?
    1. ¼³Ä¡ ¼ø¼­
    2. Nessus ¼³Ä¡ ¼ø¼­¸¦ ¹Ýµå½Ã ÁöÅ°ÀÚ.
    3. Nessus ½ÇÇà
    4. Nessus »ç¿ë ¿¹
    5. tip ¹× ÁÖÀÇ»çÇ×

 

0.Nessus¶õ ¹«¾ù?

    Nessus´Â satan °ú ¸¶Âù°¡Áö·Î ÀÚ½ÅÀÇ ³×Æ®¿öÅ©ÀÇ Ãë¾àÁ¡À» ÆľÇÇØÁÙ »Ó¸¸ ¾Æ´Ï¶ó ±× ÇØ°áÃ¥µµ Á¦½ÃÇØ ÁÖ´Â ÇöÀç È°¹ßÈ÷ °³¹ßÀÌ ÁøÇàµÇ°í ÀÖ´Â linux°èÀÇ ¶Ç´Ù¸¥ º¸¾È ÇÁ·ÎÁ§Æ®ÀÌ´Ù.

    ÇѸ¶µð·Î nessus À» Ç¥ÇöÇÑ´Ù¸é

    Nessus > Satan

    ÀÌ¶ó ¸»ÇÒ ¼ö ÀÖ´Ù.

    Satan°ú ºñ±³Çغ¸¾ÒÀ» ¶§,nessus´Â ¹Ù·Î Áö±Ý ÁøÇà ÁßÀÎ ÃֽŠÇØÅ·±â¹ýÀ» »ç¿ëÇؼ­ ÀÚ½ÅÀÇ ½Ã½ºÅÛÀ» °Ë»çÇÑ´Ù´Â Á¡ÀÌ ´Ù¸£´Ù. Nessus´Â ÇÏ·ç¿¡µµ »õ·Î¿î ÇØÅ·±â¹ýÀ» »ç¿ëÇÒ ¼ö ÀÖ°Ô ÇØÁÖ´Â ½ºÅ©¸³Æ®°¡ »õ·Î º¸°­µÇ´Â »ì¾Æ ¼û½¬´Â ÇÁ·ÎÁ§Æ®¶ó ÇÒ ¼ö ÀÖ´Ù.

    Å×½ºÆ® ȯ°æ

    ¡¤ ¾ËÂ¥ ¸®´ª½º 6.0(Ä¿³Î 2.2.17),¸Þ¸ð¸® 32M,½º¿Ò 64M
    ¡¤ ¿Í¿ì ¸®´ª½º 6.2(Ä¿³Î 2.2.17),¸Þ¸ð¸® 64M,½º¿Ò 128M
    ¡¤ ÆæƼ¾ö III 500,ÆæƼ¾ö II 230

 

1. ¼³Ä¡¼ø¼­

    1.gtk ÇÁ·Î±×·¥ ¼³Ä¡µÇ¾îÀÖ´ÂÁö È®ÀÎ
    2.NmapÇÁ·Î±×·¥ ¼³Ä¡µÇ¾îÀÖ´ÂÁö È®ÀÎ
    3.Nessus ÇÁ·Î±×·¥ ¼³Ä¡

 

1) gtkÇÁ·Î±×·¥ ¼³Ä¡µÇ¾îÀÖ´ÂÁö È®ÀÎ

    NessusÀ» ÀÌ¿ëÇϱâ À§Çؼ­´Â gtkÇÁ·Î±×·¥µéÀÌ ¼³Ä¡µÇ¾îÀÖ¾î¾ß ÇÑ´Ù.

    ¼³Ä¡È®ÀÎ
     

    rpm -qa |grep gtk

     

    ¹Ýµå½Ã gtk+-devel* °ú XFree86-develÀº ¼³Ä¡µÇ¾îÀÖ¾î¾ß ÇÑ´Ù. ¿©·¯ºÐÀÇ ¸®´ª½º ¾¾µð¿¡ ¸ðµÎ ÀÖÀ¸¹Ç·Î ¼³Ä¡ÇÏ¸é µÈ´Ù. gtk ¹öÀüÀº 1.2ÀÌ»óÀ̾î¾ß ÇÑ´Ù.

 

2) Nmap ¼³Ä¡

    ÇÁ·Î±×·¥ ´Ù¿î·Îµå
     

    http://www.insecure.org/nmap/

     

    Nmap ¼³Ä¡
     

    cp nmap-2.53.tgz /usr/local/src
    cd /usr/local/src
    tar xvzf nmap-2.53.tgz
    cd nmap-2.53/
    ./configure
    make
    make install

     

    Á¦´ë·Î ¼³Ä¡µÇ¸é ¼³Ä¡ µð·ºÅ丮¿Í /usr/local/bin¿¡ ½ÇÇàÆÄÀÏ nmapµîÀÌ »ý°Ü³­´Ù. ÀÚ½ÅÀÇ ½Ã½ºÅÛ¿¡ ´ëÇØ ºü¸¥ Æ÷Æ®½ºÄµÀ¸·Î nmapÀÌ Á¦´ë·Î ÀÛµ¿ÇÏ´ÂÁö °Ë»çÇÑ´Ù.
     

    /usr/local/bin/nmap -v localhost

 

3) Nessus ÇÁ·Î±×·¥ ¼³Ä¡

    ÇÁ·Î±×·¥ ´Ù¿î·Îµå
     

    http://www.nessus.org
    ftp://ftp.au.nessus.org/pub/nessus/nessus-1.0.6/src/

     

    NessusÇÁ·Î±×·¥À» ´Ù¿î ¹ÞÀ» ¶§ ¾Æ·¡ 4°³ÀÇ ÆÄÀϵéÀ» ¸ðµÎ ´Ù¿î ¹Þ¾Æ¾ß ÇÑ´Ù.
     

    wget
    ftp://ftp.au.nessus.org/pub/nessus/nessus-1.0.6/src/libnasl-1.0.6.tar.gz

    wget
    ftp://ftp.au.nessus.org/pub/nessus/nessus-1.0.6/src/nessus-core-1.0.6.tar.gz

    wget
    ftp://ftp.au.nessus.org/pub/nessus/nessus-1.0.6/src/nessus-libraries-1.0.6.tar.gz

    wget
    ftp://ftp.au.nessus.org/pub/nessus/nessus-1.0.6/src/nessus-plugins-1.0.6.tar.gz

     

    wgetÇÁ·Î±×·¥À» »ç¿ëÇÏÁö ¾Ê´Â »ç¶÷Àº ÀÏ¹Ý ftpÇÁ·Î±×·¥À» ÀÌ¿ëÇؼ­ ¹Þ±â ¹Ù¶õ´Ù.

 

2. Nessus ¼³Ä¡¼ø¼­¸¦ ¹Ýµå½Ã ÁöÅ°ÀÚ.

    1.nessus-libraries
    2.libnasl
    3.nessus-core
    4.nessus-plugins

 

1) nessus-libraries ¼³Ä¡
  

    cp nessus-libraries-1.0.6.tar.gz /usr/local/src
    cd /usr/local/src/
    tar xvzf nessus-libraries-1.0.6.tar.gz
    cd nessus-libraries/
    ./configure
    make
    make install

 

    /usr/local/binÀÌ ÀÚ½ÅÀÇ ½ÇÇà°æ·Î¿¡ Æ÷ÇԵǾî ÀÖ´ÂÁö È®ÀÎÇÑ´Ù.
     

    echo $path <--csh°è¿­
    echo $PATH <--BASH°è¿­

     

    /etc/ld.so.conf¿¡ /usr/local/libÀÌ Æ÷ÇԵǾîÀÖ´ÂÁö È®ÀÎÇÑ´Ù.
     

    cat /etc/ld.so.conf

     

    Æ÷ÇÔ ¾ÈµÇ¾îÀÖÀ¸¸é
     

    echo "/usr/local/lib" >>/etc/ld.so.conf

     

    ·Î Æ÷ÇÔ½ÃŲ ÈÄ
     

    ldconfig -v

     

    ÇØÁØ´Ù.ÀÌ·¸°Ô ÇÔÀ¸·Î½á shared library¿¡ /usr/local/libÀ» Æ÷ÇÔ½ÃÄÑ ÁÖ°Ô µÈ´Ù.

    À§ ¹æ¹ý¸»°í ÀÚ½ÃÀÇ ¿¡µðÅÍ·Î /etc/ld.so.confÆÄÀÏ¿¡ /usr/local/libÀ» ³Ö¾îÁØ ÈÄ ldconfig -v ÇØÁ־ ¹«¹æÇÏ´Ù.

 

2) libnasl¼³Ä¡
  

    cp libnasl-1.0.6.tar.gz /usr/local/src/
    cd /usr/local/src/
    tar xvzf libnasl-1.0.6.tar.gz
    cd libnasl/
    ./configure
    make
    make install

  

3) Nessus-core ¼³Ä¡
  

    cp nessus-core-1.0.6.tar.gz /usr/local/src/
    cd /usr/local/src
    tar xvzf nessus-core-1.0.6.tar.gz
    cd nessus-core/
    ./configure
    make
    make install


    nessusd°¡ /usr/local/sbin¿¡ »ý¼ºµÈ´Ù.

 

4) Nessus-plugin ¼³Ä¡
  

    cp nessus-plugins-1.0.6.tar.gz /usr/local/src
    cd /usr/local/src/
    tar xvzf nessus-plugins-1.0.6.tar.gz
    cd nessus-plugins/
    ./configure
    make
    make install

 

    ¸ðµç NessusÇÁ·Î±×·¥ ¼³Ä¡°¡ ´ÙÀ½ µð·ºÅ丮¿¡ ¿Ï·áµÇ¾ú´Ù.

    /usr/local/bin/ <-nessus ½ÇÇàÆÄÀÏ µð·ºÅ丮
    /usr/local/sbin/ <-nessus µ¥¸óÆÄÀÏ µð·ºÅ丮
    /usr/local/var/nessus/ <-logging µð·ºÅ丮
    /usr/local/lib/nessus/ <-nessus plugins µð·ºÅ丮
    /usr/local/lib/ <-nessus shared library µð·ºÅ丮
    /usr/local/include/nessus/ <-nessus header µð·ºÅ丮
    /usr/local/etc/nessus/ <-nessus ¼³Á¤ µð·ºÅ丮
    /usr/local/man/man1/ <-nessus man ÆäÀÌÁö µð·ºÅ丮
    /usr/local/man/man8/ <-nessus man ÆäÀÌÁö µð·ºÅ丮
    /usr/local/etc/nessus/nessused.conf <--config ÆÄÀÏ

 

2. Nessus½ÇÇà(¾Æ·¡ ¼ø¼­´ë·Î ½ÇÇàÇØÁØ´Ù.)

1) Nessus ½ÇÇà
  

    /usr/local/sbin/nessusd

 

    ÀÌ ºÎºÐ¿¡¼­ ¿¡·¯ ¹ß»ý½Ã /etc/ld.so.conf¿¡ /usr/local/libÀÌ Æ÷ÇԵǾî ÀÖ´ÂÁö ´Ù½Ã Çѹø È®ÀÎÇÏ°í ldconfig ¸í·ÉÀ» ´Ù½ÃÇѹø ÇØÁØ´Ù.±×¸®°í ´Ù½Ã
     

    /usr/local/sbin/nessusd


    ÇØÁØ´Ù.

 

2) »ç¿ëÀÚ µî·Ï
  

    /usr/local/sbin/nessusd -P <user>,<password>
         /usr/local/sbin/nessusd -P test,testpasswd

 

3) Nessus µ¥¸ó ½ÇÇà
  

    /usr/local/sbin/nessusd -D

 

4) Nessus½ÇÇà
  

    /usr/local/bin/nessus

 

5) Nessus°¡ ½ÇÇàµÈ´Ù.½ÇÇàµÇ¸é »õ·Î¿î ¾ÏÈ£¸¦ ³ÖÀ¸¶ó°í ÇÒÅÙµ¥ À­ ºÎºÐÀÇ »ç¿ëÀÚ µî·Ï½Ã ³Ö¾îÁØ
   ¾ÏÈ£¸¦ ³Ö¾îÁØ´Ù.

 

6) loginÄ­¿¡ Á» Àü¿¡ ³Ö¾îÁØ »ç¿ëÀÚ À̸§À» ³Ö¾îÁØ ÈÄ Log inÇØÁÖ¸é µÈ´Ù.
 

    Login: test

 

    loginµÇ¸é ¹Ýµå½Ã PluginsºÎºÐÀÇ Denial of ServiceÀ» Off½ÃÄÑÁØ´Ù.

    Prefs ¶õ ¿¡¼­ ¾Ë¸ÂÀº °ªÀ» ¼±ÅÃÇØÁØ´Ù.±âº»ÀûÀ¸·Î ¼±ÅÃµÈ ¿É¼Ç¸¸À» »ç¿ëÇصµ ¹«¹æÇÏ´Ù.

    Scan Optons ¶õ¿¡¼­ port rangeÀÇ ±âº» °ªÀÎ 1-15000Àº Æ÷Æ® 15000±îÁö °Ë»öÇÏ°Ô ÇØÁØ´Ù.ÀÌ °ªÀ» portÃÖ´ë °ªÀÎ 65535°ªÀ¸·Î ¹Ù²Ù¾îÁÖ¸é È£½ºÆ®ÀÇ ¸ðµç Æ÷Æ®¿¡ ´ëÇØ °Ë»çÇÒ ¼ö ÀÖ´Ù.ÇÏÁö¸¸ °Ë»ö½Ã°£ÀÌ ±×¸¸Å­ ´Ã¾î³ª°Ô µÈ´Ù. Port Scanner¿¡¼­ ÀÚ½ÅÀÌ ¿øÇÏ´Â ¹æ¹ýÀ» ¼±ÅÃÇؼ­ üũÇØÁÖ¸é µÈ´Ù.¿ª½Ã ±âº» °ªÀ» »ç¿ëÇصµ ¹«¹æÇÏ´Ù.

    Target Selection ¶õ¿¡ localhost ³ª ¾Æ´Ï¸é ¿©·¯ºÐÀÌ ½ºÄµÀ» ½ÃµµÇϴ ȣ½ºÆ® À̸§À» ³Ö¾îÁÖ¸é µÈ´Ù.¿©·¯ °³ÀÇ È£½ºÆ®À» µ¿½Ã¿¡ ½ºÄµÀ» ½ÃµµÇÒ ½Ã´Â ','·Î ±¸ºÐÇؼ­ °°ÀÌ ³Ö¾îÁÖ¸é µÈ´Ù.¹°·Ð ipÁּҷεµ °¡´ÉÇÏ´Ù.
     

    Target(s): www.test.com,www.test1.com,www.test2.com

     

    Start the Scan À» Ŭ¸¯ÇÏ¸é ½ºÄµÀ» ½ÃÀÛÇÑ´Ù. ½ºÄµÀÌ ¿Ï·áµÇ¸é ÀÚµ¿ÀûÀ¸·Î È£½ºÆ®ÀÇ Ãë¾àÁ¡À» º¸¿©ÁÖ´Â »õ·Î¿î â(Nessus Report)ÀÌ »ý¼ºµÈ´Ù. ½ºÄµÀ» ¸ØÃß°í ½ÍÀ» ¶§´Â ¾ðÁ¦µçÁö Stop the whole testÀ» Ŭ¸¯ÇÏ¸é µÈ´Ù.

    °Ë»ö¿Ï·áÈÄ ÀúÀå½Ã(save as..) ¿·¿¡ º¸¸é ÀúÀå¹æ¹ý¿¡¼­ save as HTML with pie and graph·Î ÇÏ¸é ¾ÆÁÖ Ä÷¯Ç®ÇÏ°í ¸ÚÁø °Ë»ö°á°úÈ­¸éÀ» º¼ ¼ö ÀÖ´Ù.<save as...>À» Ŭ¸¯Çؼ­ ¿øÇÏ´Â µð·ºÅ丮¿¡ ¿øÇÏ´Â À̸§À¸·Î ÀúÀå½ÃŲ ´ÙÀ½ À¥ºê¶ó¿ìÀú·Î Ãâ·ÂÇغ¸¸é ÀÚ¼¼ÇÑ ¼³¸íÀ» º¼ ¼ö ÀÖ´Ù.

 

4. Nessus »ç¿ë ¿¹
 

    Warning found on port smtp (25/tcp)

    The remote SMTP server
    answers to the EXPN and/or VRFY commands.
    ...»ý·«..
    Solution : if you are using sendmail, add the
    option
    O PrivacyOptions=goaway
    in /etc/sendmail.cf.

    Risk factor : Low
    CVE : CAN-1999-0531

 

5. tip ¹× ÁÖÀÇ »çÇ×

    * ÀÚ½ÅÀÇ localhost³ª ÀÚ½ÅÀÌ °¡Áö°í ÀÖ´Â ´Ù¸¥ ÄÄÇ»ÅÍ¿¡ nessusÀ» ÀÌ¿ëÇؼ­ ½ºÄµÀ» ½Ãµµ½Ã    tail -f /var/log/messagesÀ» Çؼ­ º¸¸é syslogd°¡ ½Ç½Ã°£À¸·Î Ãâ·ÂÇس»´Â ·Î±×¸Þ½ÃÁöÀ»
       º¼ ¼ö ÀÖ´Ù. ´Ü ipchainsÀ̳ª ´Ù¸¥ ¹æÈ­º®À¸·Î ±¸¼ºÇؼ­ ½ºÄµ ½ÃµµÀ» Ãâ·ÂÇϵµ·Ï ¼³Á¤ÇÑ
       °æ¿ì¿¡ ÇÑÇؼ­´Ù.
    * scanÀÌ ´À¸®´Ù°í »ý°¢µÇ´Â »ç¶÷Àº /usr/local/etc/nessus/nessusd.conf ÆÄÀÏ¿¡¼­
       checks_read_timeout = 15 ÀÎ ±âº» °ªÀ» 5·Î ¹Ù²Ù¾îÁØ´Ù.
    * Nessus°¡ È£½ºÆ®ÀÇ Ãë¾àÁ¡À» Å×½ºÆ®Çϱâ À§ÇØ ¾î¶°ÇÑ pluginsÇÁ·Î±×·¥À» »ç¿ëÇÏ´ÂÁö¸¦
      ¾Ë±â À§Çؼ­´Â Ȩµð·ºÅ丮¿¡ ÀÚµ¿À¸·Î »ý¼ºµÇ´Â .nessusrc ÆÄÀÏÀ» »ìÆ캸¸é ¾Ë ¼ö ÀÖ´Ù.
    * ÀÚ½ÅÀÌ °ü¸®ÇÏ´Â »çÀÌÆ®°¡ ¾Æ´Ñ »çÀÌÆ®À» ½ºÄµ ÇÑ´Ù´Â °ÍÀº ÇØ´ç »çÀÌÆ® °ü¸®ÇÏ´Â
      °ü¸®ÀÚ¿¡°Ô´Â ¸Å¿ì ¹«·ÊÇÑ ÀÏÀÌ¸ç ºÒ¹ýÀÌ´Ù.ÀÚ½ÅÀÌ °ü¸®ÇÏ´Â »çÀÌÆ®¿¡ ÇÑÇؼ­ Nessus
      ÇÁ·Î±×·¥À» »ç¿ëÇϱ⠹ٶõ´Ù.




¡ã top

homeÀ¸·Î...