Installation guide

ManualsBrandsAbit ManualsComputer equipmentLicense Scanner

The table below goes into more detail about the available options for adding a Nessus scanner:

Table 8 – Nessus Scanner Options

Option

Description

Name

Descriptive name for the Nessus scanner.

Description

Scanner description, location, or purpose.

Host

Hostname or IP address of the scanner.

Port

TCP port that the Nessus scanner listens on for communications from SecurityCenter.

The default is port 8834.

Authentication Type

Password Based or SSL Certificate. For detailed SSL Certificate configuration options,

see Appendix 3: Nessus SSL Configuration.

Username

Username generated during the Nessus install for daemon to client communications.

This must be an administrator user in order to send plugin updates to the Nessus

scanner. If the scanner will be updated by a different method, such as through another

SecurityCenter, a standard Nessus user account may be used to perform scans. This

field is only available if the Authentication Type is set to “Password”.

Password

The login password must be entered in this field. This field is only available if the

Authentication Type is set to “Password”.

Certificate

This field is available if the Authentication Type is “SSL Certificate”. Select the

“Browse” button, choose a SSL Certificate file to upload, and upload to the

SecurityCenter. For more information, see Appendix 3: Nessus SSL Configuration.

Verify Hostname

Adds a check to verify that the hostname or IP address entered in the “Host” field

matches the CommonName (CN) presented in the SSL certificate from the Nessus

server.

Use Proxy

Instructs SecurityCenter to use its configured proxy for communication with the

scanner.

State

A scanner may be marked as “Enabled” or “Disabled” within SecurityCenter to allow or

prevent access to the scanner.

Zones

The zone(s) that will have access to use this scanner.

Configure SecurityCenter for Custom Certificates to Verify Hostname

The first step to allow the Verify Hostname to work is to ensure the correct Certificate Authority (CA) certificate is

configured for use by SecurityCenter. When using the default certificates for Nessus servers, this is not required to be

done. Only when a custom CA is in use do these steps need to be performed.

1. Copy the required PEM-encoded CA certificate (and intermediary CA, if needed) to the SecurityCenter server’s

/tmp directory. For this example, the file is named ROOTCA2.cer.

2. Run the installCA.php script to create the required files for each CA in /opt/sc4/data/CA as follows:

# /opt/sc4/support/bin/php /opt/sc4/src/tools/installCA.php /tmp/ROOTCA2.cer

3. Once each of your CAs has been processed, restart the SecurityCenter services with the following command: