[Support] jbreed - nessus


33 posts in this topic Last Reply

Recommended Posts

Application Name: Nessus

Application Site: tenable.com

Docker Hub: https://hub.docker.com/r/jbreed/nessus

Github: https://github.com/jbreed/nessus

UnRaid XML Template: https://github.com/jbreed/docker-templates/blob/master/nessus/nessus.xml

 

Please post any questions/issues relating to this docker you have in this thread.

 

Note: The initial deployment will require the user to complete the registration process. You can obtain a free license by clicking on the Nessus Essential component and it will send a license you can use for a small home network. 

 

Feel free to submit pull requests on my GitHub, or discuss improvements in this forums as seen fit.

Edited by jbreed
Modified note due to implementing volume mappings
Link to post

UPDATE:

* Volume mapping to /config is completed

* User permissions set based on environment variables is completed

 

Tested multiple times on my home environment and configurations appear to be persistent. If no issues arise, the only future updates will be for security patches and/or major Nessus updates. As patches for plugins are handled within Nessus there is no need for continuous patching.

Link to post
35 minutes ago, Tuumke said:

I guess compiling plugins takes a long time?

Yes, the first time Nessus loads and configures it takes some time. After that initial setup with the volume mapped it won't be bad afterwards. If rebooted it takes a little bit for Nessus to start up, but not nearly as long.

 

 

Link to post

I also have configured letsencrypt reverse proxy for subdomain

 

nessus.subdomain.conf

 

Note1: include /config/nginx/auth.conf points towards my Organizr setup. You might not want to use this ;)

server {
    listen 443 ssl;
    listen [::]:443 ssl;

    server_name nessus.*;

    include /config/nginx/ssl.conf;

    client_max_body_size 0;

    include /config/nginx/auth-location.conf;

    location / {

        include /config/nginx/auth.conf;

        include /config/nginx/proxy.conf;
        resolver 127.0.0.11 valid=30s;
        set $upstream_nessus w.x.y.z; ## Change to IP of HOST
        proxy_pass https://$upstream_nessus:8834;
    }

}

 

Edited by Tuumke
Link to post

Many thanks for providing this truly excellent resource, very much appreciated. I can't recommend this container enough to all unRAID users who aren't completely confident regarding their local network security. First scan here found 58 vulnerabilities just on my unRAID host, one rated HIGH that was an open SMB share which I'd accidentally put some files on that I shouldn't have. Anyway, this was really easy to set up, just takes a fair while on first use.

 

[EDIT] Update: Found another interesting vulnerability in mDNS UDP port 5353 on my PS4 games console that is now blocked at firewall! 

 

IMPORTANT NOTE: My best advice to other new users of this is to set the advanced option to restrict the CPU affinity on the container, otherwise it can hammer your system at 100% CPU usage for a short while during the initial install at the plug in compilation process. I only noticed when my system fans suddenly went into full spin :)

Edited by manfat
Added update on new net vulnerability found
Link to post
4 minutes ago, manfat said:

Many thanks for providing this truly excellent resource, very much appreciated. I can't recommend this container enough to all unRAID users who aren't completely confident regarding their local network security. First scan here found 58 vulnerabilities just on my unRAID host, one rated HIGH that was an open SMB share which I'd accidentally put some files on that I shouldn't have. Anyway, this was really easy to set up, just takes a fair while on first use.

 

IMPORTANT NOTE: My best advice to other new users of this is to set the advanced option to restrict the CPU affinity on the container, otherwise it can hammer your system at 100% CPU usage for a short while during the initial install at the plug in compilation process. I only noticed when my system fans suddenly went into full spin :)

Valid point, I have mine pinned as well. Maybe I can see if I can make this a default config to use half the CPU cores. I'll have to look into that.

 

One thing to note:

Please be mindful of items flagged and don't just go making major changes. This can cause other Dockers, virtual machines, etc to become inoperable if that component was required for operation. An example may be IP forwarding being enabled, etc. 

Link to post
  • 2 weeks later...

Good morning all!

When I attempted to start this docker today, it would not start with this error in the logs:

 

Quote

 

Setting user permissions...
Modifying ID for nobody.
Modifying ID for the users group.
Adding nameservers to /etc/resolv.conf...
Extracting packaged nessus debian package: Nessus 8.5.1...
dpkg-deb: error: failed to read archive '/tmp/Nessus-8.5.1-ubuntu1110_amd64.deb': No such file or directory

Removing docker/image and reinstalling it fixed it for now. But is this going to come back? 

I generally leave the docker stopped and only run it when I'm doing scans.

Edited by guruleenyc
Link to post
2 hours ago, guruleenyc said:

Good morning all!

When I attempted to start this docker today, it would not start with this error in the logs:

 

Removing docker/image and reinstalling it fixed it for now. But is this going to come back? 

I generally leave the docker stopped and only run it when I'm doing scans.

Thanks for the heads up, yes this is a bug. I should have it patched today.

Link to post
2 hours ago, guruleenyc said:

Good morning all!

When I attempted to start this docker today, it would not start with this error in the logs:

 

Removing docker/image and reinstalling it fixed it for now. But is this going to come back? 

I generally leave the docker stopped and only run it when I'm doing scans.

Update pushed. 

 

If for some reason it doesn't show the update available, add this to your 'Template repositories:' section and 'check for updates'

https://github.com/jbreed/docker-templates

 

 

Link to post
  • 3 months later...

I also created a docker-compose file for use with Traefik (old traefik) for use on my VPS (not unraid system):

note: i have environment variables set in /etc/environment for ${USERDIR}, ${DOMAINNAME} you might want to replace those

  nessus:
    image: jbreed/nessus
    container_name: nessus
    hostname: nessus
    restart: unless-stopped
    networks:
      - traefik_proxy
    volumes:
      - ${USERDIR}/docker/nessus:/config
      - "/etc/localtime:/etc/localtime:ro"
      - ${USERDIR}/docker/shared:/shared
    environment:
      PUID: ${PUID}
      PGID: ${PGID}
      TZ: ${TZ}
    labels:
      traefik.enable: "true"
      traefik.backend: nessus
      traefik.protocol: https
      traefik.port: 8834
      traefik.frontend.rule: Host:nessus.${DOMAINNAME}
      traefik.frontend.headers.SSLHost: nessus.${DOMAINNAME}
      traefik.docker.network: traefik_proxy
      traefik.frontend.passHostHeader: "true"
      traefik.frontend.headers.SSLForceHost: "true"
      traefik.frontend.headers.SSLRedirect: "true"
      traefik.frontend.headers.browserXSSFilter: "true"
      traefik.frontend.headers.contentTypeNosniff: "true"
      traefik.frontend.headers.forceSTSHeader: "true"
      traefik.frontend.headers.STSSeconds: 315360000
      traefik.frontend.headers.STSIncludeSubdomains: "true"
      traefik.frontend.headers.STSPreload: "true"
      traefik.frontend.headers.customResponseHeaders: X-Robots-Tag:noindex,nofollow,nosnippet,noarchive,notranslate,noimageindex
      traefik.frontend.headers.frameDeny: "true"
      traefik.frontend.headers.customFrameOptionsValue: 'allow-from https:${DOMAINNAME}'  
    depends_on:
      - traefik

 

Edited by Tuumke
Link to post
  • 1 month later...

Hi, great container. qq, what I am doing wrong when trying to assign a specific ip on a bridged network? Every time I change it and save, the restart errors with invalid ip. The address is definitely valid for the network and free. Don't want to whitelist my unraid server to everything ideally.

Link to post
  • 3 weeks later...
On 1/1/2020 at 5:19 AM, atcusb said:

Hi, great container. qq, what I am doing wrong when trying to assign a specific ip on a bridged network? Every time I change it and save, the restart errors with invalid ip. The address is definitely valid for the network and free. Don't want to whitelist my unraid server to everything ideally.

Good question, I haven't attempted to set a bridge and I imagine it wouldn't have any issues. I'll have to test this myself to see what I can find out.

 

Link to post
  • 3 weeks later...

So, this is weird.  Downloaded the docker, and it took some time to configure.


Came to the registration page, entered my email, and then I entered the activation code I was sent.

 

I tried one of the scanners, and then it kicked me out, can't remember the error I got, but anyway, I can't log back in.

 

I've restarted the docker a couple times.  It keeps giving me invalid login credentials, and I'm not sure how to get back into the docker with the address I used as no matter how I try, it won't send me a "forgot password email."


How do I reset the password for the Nessus Essentials account I created?  I've tried this page to get a new password, but it's been 30 minute and I haven't received a password reset link: https://login.tenable.com

Link to post
  • 2 months later...
On 2/4/2020 at 9:42 PM, aidenpryde said:

So, this is weird.  Downloaded the docker, and it took some time to configure.


Came to the registration page, entered my email, and then I entered the activation code I was sent.

 

I tried one of the scanners, and then it kicked me out, can't remember the error I got, but anyway, I can't log back in.

 

I've restarted the docker a couple times.  It keeps giving me invalid login credentials, and I'm not sure how to get back into the docker with the address I used as no matter how I try, it won't send me a "forgot password email."


How do I reset the password for the Nessus Essentials account I created?  I've tried this page to get a new password, but it's been 30 minute and I haven't received a password reset link: https://login.tenable.com

Sorry for the late response, i've been pulled between multiple projects and need to revisit and update this.

 

Upon initial setup, this does take some time as it has to pull all the latest plugins for scanning and such. I initially looked at if I could add all of these into the image so it shrunk the time and only added the new ones, but had some issues so I just left it as is (given it works, but takes some time on the first setup). After this initial setup it will be pretty quick to spin up compared to that first time.

 

For login, (if I recall) you create the credentials upon the initial configuration. I recommend completely removing the container including the volume and re-installing it. The other option is to remove the container and leave the volume, but change the mapping so it saves to a new location. This way you don't re-use your old configuration as the volume mapping is for persistence. Hope this helps.

 

I'll be jumping into this soon to update everything and see if I can speed up that initial setup any.

Link to post

Thanks OP for creating this. I just installed it to test it.. and encountered a couple of error messages. Hopefully they are helpful for your troubleshooting. 

Upon initial login/setup of user account, I receive the following error when trying to start a scan.
image.png.be8b0c3bbf37cda63b8c20f25c3efedb.png

Then upon logging in again I get this error

image.png.d3fe691e8633f75f201c8ffe37728089.png

Link to post
  • 3 weeks later...
On 4/23/2020 at 11:03 PM, westsola said:

Thanks OP for creating this. I just installed it to test it.. and encountered a couple of error messages. Hopefully they are helpful for your troubleshooting. 

Upon initial login/setup of user account, I receive the following error when trying to start a scan.
image.png.be8b0c3bbf37cda63b8c20f25c3efedb.png

Then upon logging in again I get this error

image.png.d3fe691e8633f75f201c8ffe37728089.png

Just installed and encountered the same errors.  Are there some settings to change in the docker?  Other suggestions to debug?

Link to post
8 hours ago, Orpheus123 said:

Just installed and encountered the same errors.  Are there some settings to change in the docker?  Other suggestions to debug?

Looking into this right now as I have the time to debug and re-package with the latest Nessus components. It may resolve simply by me updating the image and pushing an update. I'll know something by today. Thanks!

Link to post
9 hours ago, Orpheus123 said:

Just installed and encountered the same errors.  Are there some settings to change in the docker?  Other suggestions to debug?

Update:

The issue was I needing to include updating the container core components to avoid a mismatch from happening due to auto updates of plugins.

 

To fix this before I push an update, you can do the following:

Get a shell/console to the container.

Type the following:

/opt/nessus/sbin/nessuscli update --all

service nessusd stop

service nessusd start

 

**confirmed you can also use the GUI to do this**

Click the top-right button for your account, then go to my account.

On the left-side menu, click 'about'

Select the third tab for 'software update'

Choose 'manual software update' at the top right.

 

This will force an update and rid any errors. I just need to update the included deb file for the initial install and then include in the initial startup script to update prior to starting the service to prevent issues with it being mismatched upon that initial launch. By default it should be set to update on a daily basis, but of course there will be issues if not updated when first running everything.

 

Thanks for the screenshots. I was able to replicate the issue and should have a patch pushed here shortly once I make sure everything is good to go.

 

Edited by jbreed
Link to post
On 4/24/2020 at 12:03 AM, westsola said:

Thanks OP for creating this. I just installed it to test it.. and encountered a couple of error messages. Hopefully they are helpful for your troubleshooting. 

Upon initial login/setup of user account, I receive the following error when trying to start a scan.
image.png.be8b0c3bbf37cda63b8c20f25c3efedb.png

Then upon logging in again I get this error

image.png.d3fe691e8633f75f201c8ffe37728089.png

For a temporary fix, I posted the commands to resolve this. I'll be pushing an update soon to resolve this without needing to console into the container and will also keep everything up to date without having to re-compile the image.

 

Thanks!

Link to post
On 2/4/2020 at 9:42 PM, aidenpryde said:

So, this is weird.  Downloaded the docker, and it took some time to configure.


Came to the registration page, entered my email, and then I entered the activation code I was sent.

 

I tried one of the scanners, and then it kicked me out, can't remember the error I got, but anyway, I can't log back in.

 

I've restarted the docker a couple times.  It keeps giving me invalid login credentials, and I'm not sure how to get back into the docker with the address I used as no matter how I try, it won't send me a "forgot password email."


How do I reset the password for the Nessus Essentials account I created?  I've tried this page to get a new password, but it's been 30 minute and I haven't received a password reset link: https://login.tenable.com

Looking back into this and going over the documentation, there is a way to fix the login via going into the console.

 

/opt/nessus/sbin/nessuscli chpasswd username

 

If you don't remember the username, you can also add a new user with:

/opt/nessus/sbin/nessuscli adduser

Link to post
5 hours ago, jbreed said:

For a temporary fix, I posted the commands to resolve this. I'll be pushing an update soon to resolve this without needing to console into the container and will also keep everything up to date without having to re-compile the image.

 

Thanks!

Thanks for the quick response.  I will try the commands after work tonight.

Link to post

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.