Setting Up Nessus Vulnerability Scanner on Ubuntu 22.04

February 25, 2025 rootlogic ubuntu security

Vulnerability scanning is a critical component of any organization's security posture. Nessus, developed by Tenable, stands out as one of the most powerful and versatile security scanners available today. This comprehensive guide walks you through installing Nessus on Ubuntu 22.04, configuring its essential settings, and launching your first scan to identify potential security weaknesses in your infrastructure.

Introduction

Nessus helps security professionals identify vulnerabilities, configuration issues, and malware that attackers could exploit in your network. With regular scans, you can proactively address security gaps before they become serious problems. Whether you're managing a small business network or enterprise infrastructure, Nessus provides invaluable security insights.

In this tutorial, you'll learn how to:

  • Install Nessus on Ubuntu 22.04
  • Configure initial settings
  • Create your first vulnerability scan
  • Interpret basic results

Prerequisites

Before beginning this installation, ensure you have:

  • A Ubuntu 22.04 server with root or sudo privileges
  • At least 4GB RAM and 5GB disk space
  • A reliable internet connection
  • Basic familiarity with Linux command line

Step 1: Update Your System

Start by ensuring your Ubuntu system is fully updated. This helps avoid potential conflicts during installation and ensures you have the latest security patches.

sudo apt update
sudo apt upgrade -y

Step 2: Download Nessus Package

Nessus offers several license options including Nessus Essentials (free for personal use with limited features), Nessus Professional, and Nessus Manager. For this tutorial, we'll use Nessus Essentials.

Visit the Tenable Downloads page to get the latest Nessus package. You'll need to select Ubuntu as your platform.

Alternatively, download directly via command line:

wget https://www.tenable.com/downloads/api/v2/pages/nessus/files/Nessus-10.5.0-ubuntu1404_amd64.deb

Note: The version number may change over time, so check the Tenable website for the most recent version.

Step 3: Install Nessus

Install the downloaded Debian package using the dpkg command:

sudo dpkg -i Nessus-10.5.0-ubuntu1404_amd64.deb

If you encounter any dependency issues, resolve them with:

sudo apt install -f

Step 4: Start the Nessus Service

After installation, start the Nessus service and enable it to launch automatically on system boot:

sudo systemctl start nessusd
sudo systemctl enable nessusd

Verify the service is running properly:

sudo systemctl status nessusd

You should see output indicating the service is active and running.

Step 5: Configure Firewall (Optional but Recommended)

If you have UFW (Uncomplicated Firewall) enabled, you'll need to allow traffic on port 8834, which is the default port Nessus uses for its web interface:

sudo ufw allow 8834/tcp
sudo ufw reload

Step 6: Initial Configuration

Once the Nessus service is running, open your web browser and navigate to:

https://your_server_ip:8834

Since Nessus uses a self-signed SSL certificate, you'll likely receive a security warning in your browser. This is expected behavior. Proceed by accepting the risk and continuing to the website.

You'll be greeted with the Nessus setup wizard, which guides you through:

  1. Creating an admin account: Set up a username and strong password
  2. Choosing a Nessus product: Select Nessus Essentials (or your licensed product)
  3. Registering your product: Enter your email address to receive an activation code
  4. Initializing the system: Nessus will download and compile plugins (this may take 10-15 minutes)

Step 7: Creating Your First Scan

After completing the initial setup, you'll be redirected to the Nessus dashboard. To create your first vulnerability scan:

  1. Click the "New Scan" button in the upper right corner
  2. Select "Basic Network Scan" from the available templates
  3. Provide a name for your scan
  4. Enter the target IP address or range you want to scan
  5. Configure any additional settings as needed
  6. Click "Save" to create the scan configuration

To launch the scan, click the play button next to your newly created scan. Depending on the network size and scan settings, this may take several minutes to complete.

Troubleshooting Section

Common Issues and Solutions

1. Installation Package Errors

Problem: Error messages when installing the Debian package.

Solution: Ensure you're using the correct package for your system architecture. Try running:

sudo apt --fix-broken install

2. Service Won't Start

Problem: Nessus service fails to start.

Solution: Check logs for specific errors:

sudo journalctl -u nessusd

Common causes include port conflicts or insufficient system resources.

3. Web Interface Inaccessible

Problem: Can't access the Nessus interface at https://your_server_ip:8834

Solution: Verify:

  • The service is running: sudo systemctl status nessusd
  • Firewall settings allow traffic: sudo ufw status
  • Correct IP address being used
  • No other services are using port 8834

4. Plugin Download Failures

Problem: Initial plugin download fails or takes too long.

Solution: Check your internet connection and proxy settings if applicable. If necessary, restart the process:

sudo systemctl restart nessusd

Best Practices & Optimization Tips

Secure Your Nessus Installation

  • Change default port: Edit /opt/nessus/etc/nessus/nessusd.conf to use a non-standard port
  • Implement IP restrictions: Configure your firewall to only allow specific IP addresses to access Nessus
  • Use strong passwords: Set complex passwords for all Nessus user accounts
  • Regular updates: Keep Nessus updated to benefit from the latest vulnerability checks

Optimize Scanning Performance

  • Schedule scans during off-hours: Minimize impact on network and services
  • Adjust scan settings: Configure throttling options for sensitive environments
  • Scan in batches: Break large networks into smaller, manageable scan ranges
  • Consider distributed scanning: For large environments, implement multiple scanners

Automation & Monitoring

For regular security assessments, set up automated scans:

  1. In the Nessus dashboard, edit your scan configuration
  2. Click the "Schedule" tab
  3. Configure recurring scan times (daily, weekly, or monthly)
  4. Save your settings

For integration with other systems, Nessus provides a comprehensive API that allows you to:

  • Trigger scans programmatically
  • Extract and process results
  • Integrate findings into ticketing systems or security dashboards

Conclusion

By installing and configuring Nessus on your Ubuntu 22.04 system, you've taken an important step toward proactive security management. Regular vulnerability scanning helps identify weaknesses before attackers can exploit them, significantly reducing your organization's risk exposure.

Remember that vulnerability management is an ongoing process, not a one-time task. Schedule regular scans, promptly address identified vulnerabilities, and keep your Nessus installation updated to maintain effective security monitoring.

With the knowledge gained from this guide, you now have the foundation to expand your vulnerability scanning capabilities and integrate them into your broader security program.