Training Curriculum for Nessus

by: Mark Lachniet (mark@lachniet.com) 1/27/2004

The following Tasks have been defined.

1. Identify package dependencies and download/install

2. Install Nessus via "tarball"

3. Export library path for Nessus and run ldconfig

4. Install Nessus via unsafe Internet script

5. Add Nessus users

6. Configure Nessus user restrictions

7. Manually configure nessusrc files

8. Run Nessus jobs via. the command line interface

9. Use KB Saving features of Nessus

10. Use the detatched scan feature of Nessus

11. Run Nessus jobs via. the GUI X-Windows interfact

12. Install and configure NessusWX for Win32 users

13. Determine if Nessus is running via. netstat and ps

14. Run individual .nasl files from the command line

15. Understand portscan options in nessus (range, speed, etc.)

16. Configure Nessus jobs without the 'ping' command for "stealth" hosts

17. Troubleshoot Nessus encryption key issues

18. Use certificate based authentication

19. Update NASL library with nessus-update-plugins

20. Configure the 'check_reads_timeout' parameter for slow hosts

21. Identify false positives through analysis of nasl script and manual testing

22. Perform differential scans using Nessus

23. Configure Nessus NIDS evasion features

24. Configure target IPs and netmasks with the GUI interface

25. Configure target IPs and netmasks in a text file

26. Understand and configure Nessus "safe checks"

27. Configure Nessus plugins to run (All, Non-DoS, user specified)

28. Understand how to use client certificates with a Nessus scan

29. Configure usernames and passwords for various services

30. Configure SMTP parameters (from, to, third party domain)

31. Understand file locations of Nessus components

32. Analyze the nessusd.messages file for scanning history

33. Understand Nessus scan file formats (NSR, NBE, etc.)

34. Understand Nessus report formats and options

35. Export Nessus scan information into a MySQL database

36. Find and use the Nessus list serve for tech support and q/a