Install Nexpose
Install Nexpose
Install Nexpose
Installation Guide
November 11, 2009 2.0 Verified, tested, and updated installation procedures. Updated document template.
November 25, 2009 2.1 Updated lists of required packages for Linux and instructions for using md5sum.
Document conventions
Words in bold typeface are names of hypertext links and controls.
Words in italics are document titles, chapter titles, and names of Web and GUI interface pages.
Procedural steps are indented and appear in blue type.
Command examples appear in the Courier typeface in blue boxes.
Generalized file names in command examples appear between box brackets. Example:
[installer_file_name]
Multiple options in commands appear between arrow brackets: Example: $
/etc/init.d/[daemon_name] <start|stop|restart>
NOTES appear in blue boxes.
When NeXpose scans an asset for the first time, the console creates a repository of information
about that asset in its database. With each ensuing scan that includes that asset, the console
updates the repository.
The console includes a Web-based interface for configuring and operating NeXpose. An
authorized user can log on to this interface securely, using HTTPS, to perform any NeXpose-
related task that his or her role permits. See the section titled Understanding user roles and
permissions in NeXpose in the NeXpose Help site or NeXpose Manual. The authentication
database is stored in an encrypted format on the console server, and passwords are never stored
or transmitted in plain text.
Other console functions include generating user-configured reports and regularly downloading
patches and other critical updates from the Rapid7 central update system.
You can download software-only Linux or Windows versions for installation on your own in-house
servers, depending on your NeXpose license.
NeXpose components are also available in a dedicated hardware/software combination called an
appliance. Another option is to purchase remote scanning services from Rapid 7.
This guide is for installing the software-only version of NeXpose.
Hardware requirements
A computer hosting NeXpose components should have the following configuration:
disk space 10 GB +
manage scan activity on NeXpose Scan Engines and pull scan data from outbound; scan engines listen on 40814
them
download vulnerability checks and feature updates from a server at outbound; server listens on port 80
updates.rapid7.com
upload PGP-encrypted diagnostic information to a server at outbound; server listens on port 443
support.rapid7.com
provide Web interface access to NeXpose users inbound; console accepts HTTPS requests
over port 3780
NeXpose Scan Engines contact target assets using TCP, UDP, and ICMP to perform scans. Scan
engines do not not initiate outbound communication with the NeXpose Security Console.
Ideally there should be no firewalls or similar devices between a scan engine and its target assets.
These devices interfere with the scanning process and can limit the accuracy of results. Scanning
may also require some flexibility in security policies. For more information, see the guide Best
Practices for Planning and Executing a NeXpose Deployment.
Windows
• MS Windows Server 2003 SP2 / Server 2003 R2
NOTE: Rapid7 does not support installation on Windows XP because of an issue related to this operating system sending packets
over raw sockets.
Linux
• Red Hat Enterprise Linux 5
• Ubuntu 8.04 LTS
• SUSE Linux Enterprise Server 10
Windows
• MS Windows Server 2003 SP1
Linux
• SUSE Enterprise Linux 9
• Red Hat Enterprise Linux 4
• Fedora 9 or later
• Debian 4.0 or later
• CentOS 4 or later
• Ubuntu 7.10 or later
NOTE: For HTML reporting on Linux, you must have an X Windows server installed or the X Virtual Frame Buffer (Xvfb) must be running.
Click Finish.
The installer displays a success message. Click Finish.
If the icon isn't available, you can double-click the nsc.bat file to start the console. The file is
located in the installation directory.
The startup process may take a few minutes the first time you start the console because NeXpose is
initializing its database of vulnerabilities. You may log on to the NeXpose Security Console Web
interface immediately after NeXpose has completed the startup process.
NOTE: If you are using a desktop interface such as KDE or Gnome, omit the –console flag. For the rest of the installation, follow the directions
that appear in the interface display.
The installer displays a message that it will install NeXpose. Press 1 and then ENTER to
continue.
The installer displays the end-user license agreement. Read each displayed section and
press ENTER to continue.
At the end of the agreement, press 1 to accept the terms. Then press 0 to continue.
Press 1, and then press ENTER to proceed to the next step.
The installer displays the default installation directory, which is /opt/rapid7/nexpose.
Press ENTER to accept the default, or type a different directory, and then press ENTER.
NOTE: Make sure to note the installation directory.
Preventing the daemon from automatically starting with the host system
To prevent the NeXpose daemon from automatically starting when the host system
starts:
$ update-rc.d [daemon_name] remove
NOTE: If you are using a desktop interface such as KDE or Gnome, omit the –console flag. For the rest of the installation, follow the directions
that appear in the interface display.
The installer displays a message that it will install NeXpose. Press 1 and then ENTER to
continue.
The installer displays the end-user license agreement. Read each displayed section and
press ENTER to continue.
At the end of the agreement, press 1 to accept the terms. Then press 0 to continue.
Press 1, and then press ENTER to proceed to the next step.
Preventing the daemon from automatically starting with the host system
To prevent the NeXpose daemon from automatically starting when the host system
starts:
$ chkconfig -del [daemon_name]
NOTE: If you are using a desktop interface such as KDE or Gnome, omit the –console flag. For the rest of the installation, follow the directions
that appear in the interface display.
The installer displays a message that it will install NeXpose. Press 1 and then ENTER to
continue.
The installer displays the end-user license agreement. Read each displayed section and
press ENTER to continue.
At the end of the agreement, press 1 to accept the terms. Then press 0 to continue.
Press 1, and then press ENTER to proceed to the next step.
The installer displays the default installation directory, which is /opt/rapid7/nexpose.
Press ENTER to accept the default, or type a different directory, and then press ENTER.
NOTE: Make sure to note the installation directory.
If you are running the browser on a separate computer, substitute 127.0.0.1 with
the correct host name IP address.
NOTE: Browsers do not include non-English, UTF-8 character sets, such as those for
Chinese languages, in their default installations. To use your browser with one of these
languages, you must install the appropriate language pack. In the Windows version of
Internet Explorer 7.0, you can add a language by selecting Internet Options from the
Tools menu, and then clicking the Languages button in the Internet Options dialog
box. In the Windows version of Firefox 2.0, select Options from the Tools menu and
then clicked the Advanced icon in the Options dialog box. In the Languages pane, click
Choose... to select a language to add.
When your browser displays the Log in box, enter your user name and and password
that you specified during installation. Click the Login button. User names and
passwords are case-sensitive and non-recoverable.
NOTE: If the logon box indicates that the NeXpose Security Console is in maintenance mode, then either an error has stopped the system
from starting properly, or a scheduled task has initiated maintenance mode. See the NeXpose Help topic Running NeXpose in
maintenance mode in the NeXpose Manual or NeXpose Help.
If the console displays a warning about authentication services being unavailable, and your network
uses an external authentication source such as LDAP or Kerberos, your NeXpose global
administrator must check the configuration for that source. See Using external sources for user
authentication in NeXpose Help. The problem may also indicate that the authentication server is
down.