jbreed Posted July 4, 2019 Posted July 4, 2019 (edited) Application Name: Nessus Application Site: tenable.com Docker Hub: https://hub.docker.com/r/jbreed/nessus Github: https://github.com/jbreed/nessus UnRaid XML Template: https://github.com/jbreed/docker-templates/blob/master/nessus/nessus.xml Please post any questions/issues relating to this docker you have in this thread. Note: The initial deployment will require the user to complete the registration process. You can obtain a free license by clicking on the Nessus Essential component and it will send a license you can use for a small home network. Feel free to submit pull requests on my GitHub, or discuss improvements in this forums as seen fit. Edited July 11, 2019 by jbreed Modified note due to implementing volume mappings 5 Quote
PSYCHOPATHiO Posted July 5, 2019 Posted July 5, 2019 Thank you so much for this docker, it is exactly what I was looking for to assess my network & server setup Quote
jbreed Posted July 11, 2019 Author Posted July 11, 2019 UPDATE: * Volume mapping to /config is completed * User permissions set based on environment variables is completed Tested multiple times on my home environment and configurations appear to be persistent. If no issues arise, the only future updates will be for security patches and/or major Nessus updates. As patches for plugins are handled within Nessus there is no need for continuous patching. 1 Quote
jbreed Posted July 12, 2019 Author Posted July 12, 2019 35 minutes ago, Tuumke said: I guess compiling plugins takes a long time? Yes, the first time Nessus loads and configures it takes some time. After that initial setup with the volume mapped it won't be bad afterwards. If rebooted it takes a little bit for Nessus to start up, but not nearly as long. Quote
Tuumke Posted July 15, 2019 Posted July 15, 2019 (edited) I also have configured letsencrypt reverse proxy for subdomain nessus.subdomain.conf Note1: include /config/nginx/auth.conf points towards my Organizr setup. You might not want to use this server { listen 443 ssl; listen [::]:443 ssl; server_name nessus.*; include /config/nginx/ssl.conf; client_max_body_size 0; include /config/nginx/auth-location.conf; location / { include /config/nginx/auth.conf; include /config/nginx/proxy.conf; resolver 127.0.0.11 valid=30s; set $upstream_nessus w.x.y.z; ## Change to IP of HOST proxy_pass https://$upstream_nessus:8834; } } Edited July 15, 2019 by Tuumke 2 Quote
manfat Posted July 15, 2019 Posted July 15, 2019 (edited) Many thanks for providing this truly excellent resource, very much appreciated. I can't recommend this container enough to all unRAID users who aren't completely confident regarding their local network security. First scan here found 58 vulnerabilities just on my unRAID host, one rated HIGH that was an open SMB share which I'd accidentally put some files on that I shouldn't have. Anyway, this was really easy to set up, just takes a fair while on first use. [EDIT] Update: Found another interesting vulnerability in mDNS UDP port 5353 on my PS4 games console that is now blocked at firewall! IMPORTANT NOTE: My best advice to other new users of this is to set the advanced option to restrict the CPU affinity on the container, otherwise it can hammer your system at 100% CPU usage for a short while during the initial install at the plug in compilation process. I only noticed when my system fans suddenly went into full spin Edited July 15, 2019 by manfat Added update on new net vulnerability found 1 Quote
jbreed Posted July 15, 2019 Author Posted July 15, 2019 4 minutes ago, manfat said: Many thanks for providing this truly excellent resource, very much appreciated. I can't recommend this container enough to all unRAID users who aren't completely confident regarding their local network security. First scan here found 58 vulnerabilities just on my unRAID host, one rated HIGH that was an open SMB share which I'd accidentally put some files on that I shouldn't have. Anyway, this was really easy to set up, just takes a fair while on first use. IMPORTANT NOTE: My best advice to other new users of this is to set the advanced option to restrict the CPU affinity on the container, otherwise it can hammer your system at 100% CPU usage for a short while during the initial install at the plug in compilation process. I only noticed when my system fans suddenly went into full spin Valid point, I have mine pinned as well. Maybe I can see if I can make this a default config to use half the CPU cores. I'll have to look into that. One thing to note: Please be mindful of items flagged and don't just go making major changes. This can cause other Dockers, virtual machines, etc to become inoperable if that component was required for operation. An example may be IP forwarding being enabled, etc. Quote
gurulee Posted August 1, 2019 Posted August 1, 2019 (edited) Good morning all! When I attempted to start this docker today, it would not start with this error in the logs: Quote Setting user permissions... Modifying ID for nobody. Modifying ID for the users group. Adding nameservers to /etc/resolv.conf... Extracting packaged nessus debian package: Nessus 8.5.1... dpkg-deb: error: failed to read archive '/tmp/Nessus-8.5.1-ubuntu1110_amd64.deb': No such file or directory Removing docker/image and reinstalling it fixed it for now. But is this going to come back? I generally leave the docker stopped and only run it when I'm doing scans. Edited August 1, 2019 by guruleenyc Quote
jbreed Posted August 1, 2019 Author Posted August 1, 2019 2 hours ago, guruleenyc said: Good morning all! When I attempted to start this docker today, it would not start with this error in the logs: Removing docker/image and reinstalling it fixed it for now. But is this going to come back? I generally leave the docker stopped and only run it when I'm doing scans. Thanks for the heads up, yes this is a bug. I should have it patched today. 1 Quote
jbreed Posted August 1, 2019 Author Posted August 1, 2019 2 hours ago, guruleenyc said: Good morning all! When I attempted to start this docker today, it would not start with this error in the logs: Removing docker/image and reinstalling it fixed it for now. But is this going to come back? I generally leave the docker stopped and only run it when I'm doing scans. Update pushed. If for some reason it doesn't show the update available, add this to your 'Template repositories:' section and 'check for updates' https://github.com/jbreed/docker-templates 1 Quote
Tuumke Posted November 6, 2019 Posted November 6, 2019 (edited) I also created a docker-compose file for use with Traefik (old traefik) for use on my VPS (not unraid system): note: i have environment variables set in /etc/environment for ${USERDIR}, ${DOMAINNAME} you might want to replace those nessus: image: jbreed/nessus container_name: nessus hostname: nessus restart: unless-stopped networks: - traefik_proxy volumes: - ${USERDIR}/docker/nessus:/config - "/etc/localtime:/etc/localtime:ro" - ${USERDIR}/docker/shared:/shared environment: PUID: ${PUID} PGID: ${PGID} TZ: ${TZ} labels: traefik.enable: "true" traefik.backend: nessus traefik.protocol: https traefik.port: 8834 traefik.frontend.rule: Host:nessus.${DOMAINNAME} traefik.frontend.headers.SSLHost: nessus.${DOMAINNAME} traefik.docker.network: traefik_proxy traefik.frontend.passHostHeader: "true" traefik.frontend.headers.SSLForceHost: "true" traefik.frontend.headers.SSLRedirect: "true" traefik.frontend.headers.browserXSSFilter: "true" traefik.frontend.headers.contentTypeNosniff: "true" traefik.frontend.headers.forceSTSHeader: "true" traefik.frontend.headers.STSSeconds: 315360000 traefik.frontend.headers.STSIncludeSubdomains: "true" traefik.frontend.headers.STSPreload: "true" traefik.frontend.headers.customResponseHeaders: X-Robots-Tag:noindex,nofollow,nosnippet,noarchive,notranslate,noimageindex traefik.frontend.headers.frameDeny: "true" traefik.frontend.headers.customFrameOptionsValue: 'allow-from https:${DOMAINNAME}' depends_on: - traefik Edited November 6, 2019 by Tuumke Quote
atcusb Posted January 1, 2020 Posted January 1, 2020 Hi, great container. qq, what I am doing wrong when trying to assign a specific ip on a bridged network? Every time I change it and save, the restart errors with invalid ip. The address is definitely valid for the network and free. Don't want to whitelist my unraid server to everything ideally. Quote
jbreed Posted January 17, 2020 Author Posted January 17, 2020 On 1/1/2020 at 5:19 AM, atcusb said: Hi, great container. qq, what I am doing wrong when trying to assign a specific ip on a bridged network? Every time I change it and save, the restart errors with invalid ip. The address is definitely valid for the network and free. Don't want to whitelist my unraid server to everything ideally. Good question, I haven't attempted to set a bridge and I imagine it wouldn't have any issues. I'll have to test this myself to see what I can find out. Quote
talonserver Posted February 5, 2020 Posted February 5, 2020 So, this is weird. Downloaded the docker, and it took some time to configure. Came to the registration page, entered my email, and then I entered the activation code I was sent. I tried one of the scanners, and then it kicked me out, can't remember the error I got, but anyway, I can't log back in. I've restarted the docker a couple times. It keeps giving me invalid login credentials, and I'm not sure how to get back into the docker with the address I used as no matter how I try, it won't send me a "forgot password email." How do I reset the password for the Nessus Essentials account I created? I've tried this page to get a new password, but it's been 30 minute and I haven't received a password reset link: https://login.tenable.com Quote
jbreed Posted April 22, 2020 Author Posted April 22, 2020 On 2/4/2020 at 9:42 PM, aidenpryde said: So, this is weird. Downloaded the docker, and it took some time to configure. Came to the registration page, entered my email, and then I entered the activation code I was sent. I tried one of the scanners, and then it kicked me out, can't remember the error I got, but anyway, I can't log back in. I've restarted the docker a couple times. It keeps giving me invalid login credentials, and I'm not sure how to get back into the docker with the address I used as no matter how I try, it won't send me a "forgot password email." How do I reset the password for the Nessus Essentials account I created? I've tried this page to get a new password, but it's been 30 minute and I haven't received a password reset link: https://login.tenable.com Sorry for the late response, i've been pulled between multiple projects and need to revisit and update this. Upon initial setup, this does take some time as it has to pull all the latest plugins for scanning and such. I initially looked at if I could add all of these into the image so it shrunk the time and only added the new ones, but had some issues so I just left it as is (given it works, but takes some time on the first setup). After this initial setup it will be pretty quick to spin up compared to that first time. For login, (if I recall) you create the credentials upon the initial configuration. I recommend completely removing the container including the volume and re-installing it. The other option is to remove the container and leave the volume, but change the mapping so it saves to a new location. This way you don't re-use your old configuration as the volume mapping is for persistence. Hope this helps. I'll be jumping into this soon to update everything and see if I can speed up that initial setup any. Quote
westsola Posted April 24, 2020 Posted April 24, 2020 Thanks OP for creating this. I just installed it to test it.. and encountered a couple of error messages. Hopefully they are helpful for your troubleshooting. Upon initial login/setup of user account, I receive the following error when trying to start a scan. Then upon logging in again I get this error Quote
Orpheus123 Posted May 12, 2020 Posted May 12, 2020 On 4/23/2020 at 11:03 PM, westsola said: Thanks OP for creating this. I just installed it to test it.. and encountered a couple of error messages. Hopefully they are helpful for your troubleshooting. Upon initial login/setup of user account, I receive the following error when trying to start a scan. Then upon logging in again I get this error Just installed and encountered the same errors. Are there some settings to change in the docker? Other suggestions to debug? Quote
jbreed Posted May 12, 2020 Author Posted May 12, 2020 8 hours ago, Orpheus123 said: Just installed and encountered the same errors. Are there some settings to change in the docker? Other suggestions to debug? Looking into this right now as I have the time to debug and re-package with the latest Nessus components. It may resolve simply by me updating the image and pushing an update. I'll know something by today. Thanks! Quote
jbreed Posted May 12, 2020 Author Posted May 12, 2020 (edited) 9 hours ago, Orpheus123 said: Just installed and encountered the same errors. Are there some settings to change in the docker? Other suggestions to debug? Update: The issue was I needing to include updating the container core components to avoid a mismatch from happening due to auto updates of plugins. To fix this before I push an update, you can do the following: Get a shell/console to the container. Type the following: /opt/nessus/sbin/nessuscli update --all service nessusd stop service nessusd start **confirmed you can also use the GUI to do this** Click the top-right button for your account, then go to my account. On the left-side menu, click 'about' Select the third tab for 'software update' Choose 'manual software update' at the top right. This will force an update and rid any errors. I just need to update the included deb file for the initial install and then include in the initial startup script to update prior to starting the service to prevent issues with it being mismatched upon that initial launch. By default it should be set to update on a daily basis, but of course there will be issues if not updated when first running everything. Thanks for the screenshots. I was able to replicate the issue and should have a patch pushed here shortly once I make sure everything is good to go. Edited May 12, 2020 by jbreed Quote
jbreed Posted May 12, 2020 Author Posted May 12, 2020 On 4/24/2020 at 12:03 AM, westsola said: Thanks OP for creating this. I just installed it to test it.. and encountered a couple of error messages. Hopefully they are helpful for your troubleshooting. Upon initial login/setup of user account, I receive the following error when trying to start a scan. Then upon logging in again I get this error For a temporary fix, I posted the commands to resolve this. I'll be pushing an update soon to resolve this without needing to console into the container and will also keep everything up to date without having to re-compile the image. Thanks! Quote
jbreed Posted May 12, 2020 Author Posted May 12, 2020 On 2/4/2020 at 9:42 PM, aidenpryde said: So, this is weird. Downloaded the docker, and it took some time to configure. Came to the registration page, entered my email, and then I entered the activation code I was sent. I tried one of the scanners, and then it kicked me out, can't remember the error I got, but anyway, I can't log back in. I've restarted the docker a couple times. It keeps giving me invalid login credentials, and I'm not sure how to get back into the docker with the address I used as no matter how I try, it won't send me a "forgot password email." How do I reset the password for the Nessus Essentials account I created? I've tried this page to get a new password, but it's been 30 minute and I haven't received a password reset link: https://login.tenable.com Looking back into this and going over the documentation, there is a way to fix the login via going into the console. /opt/nessus/sbin/nessuscli chpasswd username If you don't remember the username, you can also add a new user with: /opt/nessus/sbin/nessuscli adduser Quote
Orpheus123 Posted May 12, 2020 Posted May 12, 2020 5 hours ago, jbreed said: For a temporary fix, I posted the commands to resolve this. I'll be pushing an update soon to resolve this without needing to console into the container and will also keep everything up to date without having to re-compile the image. Thanks! Thanks for the quick response. I will try the commands after work tonight. Quote
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.