Install and configure local nessus instance
This repository provides a docker-compose file that enables you to run a local instance of the Tenable Nessus Server.
To use these files, you must first have the following installed:
The following steps will run a local instance of the Nessus Server using the default configuration file (docker-compose.yml
):
- Clone this repository.
- Change directory into the root of the project.
- Edit "environment" block to include your nessus username, password, and token
- Run the
docker-compose up -d
command.
git clone https://github.com/egkelly/nessus-scanner.git
cd nessus-scanner
docker-compose up -d
After the Server has started, you can open the Nessus Scanner in your browser: http://localhost:8834. It will take several minutes to initialize the server plugins.
From within the nessus-scanner directory, run sudo bash test/is-alive.sh nessus
To deploy Nessus from GitLab, you must have the following
- GitLab server
- Alternatively, deploy a local instance of GitLab using docker-compose
web:
image: 'gitlab/gitlab-ce:latest'
restart: always
hostname: 'gitlab.example.com'
environment:
GITLAB_OMNIBUS_CONFIG: |
external_url 'https://gitlab.example.com'
ports:
- '80:80'
- '443:443'
- '22:22'
volumes:
- '/srv/gitlab/config:/etc/gitlab'
- '/srv/gitlab/logs:/var/log/gitlab'
- '/srv/gitlab/data:/var/opt/gitlab'
- Default login is root, run
sudo docker exec -it gitlab grep 'Password:' /etc/gitlab/initial_root_password
to retrieve your password
The following steps will configure the nessus deployment using GitLab pipelines (gitlab-ci.yml
):
- Import the nessus-scanner GitHub repository project into GitLab
- Under Project Settings > CI/CD, create variables for
NESSUS_USER, NESSUS_PASSWORD, NESSUS_ACTIVATION_CODE, SSH_STAGING_SERVER_PRIVATE_KEY, SSH_PROD_SERVER_PRIVATE_KEY, SSH_STAGING_USER, SSH_PROD_USER, SSH_STAGING_IP, SSH_PROD_IP
- Navigate to the project's CI/CD Pipeline and click "Run Pipeline"
NOTE: The pipeline does not actually work at this point in time