Use Nessus to quickly and easily scan your network for services that are vulnerable to attack.

As a network administrator, you not only need to know which hosts are on your network and the services they are running, but also if those services are vulnerable to exploits. While Nmap [Hack #40] can only show you what machines and ports are reachable on your network, a security scanner such as Nessus (http://www.nessus.org) can tell you if those machines are vulnerable to known exploits.

Unlike a regular port scanner, a security scanner first locates listening services, and then connects to those services and attempts to execute all known exploits. It then records whether the exploit was successful and continues scanning until all available services have been tested. The key benefit here is that you’ll know at a glance how your systems perform against the most recent exploits, and thus know whether they truly are vulnerable to attack.

If you’re feeling a bit adventurous, Nessus can be installed by simply typing the following command:

$ lynx -source http://install.nessus.org | sh

This will completely automate the installation of Nessus, but isn’t really a good idea since you don’t know what you’ll be executing on your system until you actually run it. A better way to install Nessus that retains the benefits of the automated installer is to download the nessus-installer.sh script and execute it manually. After you’ve downloaded the installer script ...