Can’t Run Nessus off of Backtrack Live…No Problem!

By Scott Behrens (arbit)

We have all been there.  You boot up into Backtrack live, pull down and install Nessus and try to run a scan after installing plugins.  Your scan runs way too quickly and your report is nowhere to be found.  Being the Tux penguin that you are, you realize you have run out of ‘memory’ aka virtual hard drive space.  Your / partition shows to be 100% full and you frantically start deleting forensic software by the megabyte, but still haven’t created enough free space.  Maybe you should have picked a host that had more than 2 gigs of memory or just installed it to the desktop.  But you are on a client deadline, and you don’t have the time to get a new host or overwrite the base OS.

I have a very quick and simple fix.  This is by no means the most effective or slick way to alleviate this problem, but takes 2 commands and is very easy.

After pulling down the Nessus binary and installing, do not navigate to the webpage to start the process of updating plugins, instead run the following command:

mv /opt/nessus/var/nessus /dev

ln -s /dev/nessus /opt/nessus/var

Now log into the web interface, provide your registration information, and update the plugin set.  You should now have enough hard drive space to run the scans.  This creates a softlink to the /dev partition for the huge database files that Nessus uses.  /dev has much more free space than / does, hence the fix.

I haven’t looked into great detail on why the /dev filesystem is allocated the way it is (1.2G free before Nessus install), and there may be a way to change this on boot.  Recently I had a client who wasn’t very familiar with Linux operating systems boot into backtrack for me and I therefore did not have console access.   I know /dev/ should never be used to store user files, but in a crunch this can save you some time.

If you have an even easier solution, leave a comment!

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s