Troubleshooting Nessus
How to solve various Nessus credentialed audit problems.
Last updated
How to solve various Nessus credentialed audit problems.
Last updated
When you are trying to use Nessus to perform a credentialed audit of a Linux or Windows host, you may run into an issue where Nessus will not fully perform the credentialed audit.
You may see an error like this:
Don't worry! Here's a list of things you can do to prevent this error and perform the full scan.
If you're scanning a Windows host, one of the most likely blockers is Windows Firewall.
On the Windows host, firstly open the firewalls "inbound rules" settings, shown above
Then ALLOW all services for ports 137, 139 and 445
If you're scanning a Windows host, another likely blocker is a Windows service not running. There are two services that need to be running, so open up Windows services and lets search:
The first service you need to check is the "Remote Registry" service:
If the service is not running, double click it and select startup type "disabled". Then press "start"
The second service you need to check is the "WMI" service:
If you're scanning a Windows host, another likely blocker is registry keys. There are two keys that sometimes need to be set, so open up regedit and let's set them:
The first registry key is:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\LanmanServer\Parameters\SmbServerNameHardeningLevel = 1
The next registry key is:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\LocalAccountTokenFilterPolicy = 1
Finally, go to the Local Security Policy show below and set "Server SPN target name validation level" to "Required from client":
If you're scanning a Windows host, an unlikely blocker is the SMB v1 service not running. This should never be a problem but it's something to try. To turn SMBv1 on, go to Windows Features and check the "SMB 1.0/CIFS File Sharing Support" box:
To perform a nessus audit on Linux, the user must be root or in the SUDO group, Take a look at /etc/sudoers to ensure the user you are using is present.
To perform a nessus audit on Linux, Nessus needs to login using SSH. Take a look at the following file to ensure that there are no blockers etc/ssh/sshd_config mentioned below:
If your user is the root user, "PermitRootLogin" must be set to "yes":
If you are trying to login with a password, "PasswordAuthentication" must be set to "yes":
To perform a nessus audit on Linux, Nessus needs to login using SSH. There is a file called etc/hosts.allow that is sometimes used on Linux hosts to restrict access. In this instance, you will need to set the IP Address of the connecting Nessus host in this file:
If you want to see these tips in practice, take a look at the video below:
