So, as part of rebuilding the home lab I thought I would take a look at Tenable Nessus for scanning security flaws and missing patches. I know I still have more work to do on Greylog with regards to looking at dashboards in particular, given the levels of auditing that are enabled. I’ve still not gone through and applied the hardening GPOs to the domain so thought I would take a look at the Nessus scan to see what’s detected. As a reminder, my domain controllers are both running Windows Server 2019 core.
I have started by downloading the Tenable Core + Nessus OVA file from the Tenable website. The appliance uses CentOS 7 as its operating system. Once the appliance was deployed and started, as I have DHCP enabled, I logged in with the following credentials:
URI: https://IP.ADDRESS:8000 Username: wizard Password: admin
The first task of the ‘wizard’ is to create a new administrative user. This user must have a password of at least 14 characters. Once you have created your admin user you are logged out and have to sign in with the new account.
The next thing to do is start configuring Nessus. To do this, the portal can be accessed via https://IPAddress:8834/. You are presented with the product to install, which in my case is the free essentials. You are then prompted for your name and email address to which an activation code is sent. Enter the code that gets sent and create an administrative username/password to log in going forward. Nessus will then start doing its thing installing plugins.
Once the initialisation is complete, Nessus prompts for IP address ranges to scan. So I configured the subnets that I am using and set it off. It starts with DNS records. Scanning the network doesn’t count towards the 16 host limit, once it had found a list of hosts, I selected the domain controllers and set it off to scan. These DO count towards the 16 host limit.
I must make a disclaimer at this point. I will admit that I have disabled the Windows Firewall on the hosts as I was having an issue getting something working (possibly the SCCM client push). I cannot stress how bad this is, however it’s just my lab. Enabling Windows FW is something I will be doing. I was just being lazy with my lab.
27 vulnerabilities were found during the initial scan. A lot revolve around Certificates, TLS levels etc. I do have the internal PKI built and issuing certificates. To prevent mis reporting of untrusted certificates, within the Nessus settings, I have added the Base64 cer file contents to the Custom CA setting. Adding the certificate increased the number of vulnerabilities by one which is confusing.