How to Install Nessus Scanner on Ubuntu 20.04 and 18.04
If you’re hunting for a quick, reliable vulnerability scanner on your trusty Ubuntu box, Nessus is the go‑to. In this guide you’ll learn how to pull it from Tenable’s servers, get it up and running, and avoid the most common hiccups that can trip you up on both 20.04 (Focal) and 18.04 (Bionic).
Step 1: Grab the Right Package
wget https://www.tenable.com/downloads/api/v1/public/pages/nessus/download?i=3126&f=ddeb -O nessus.deb
Tenable ships separate Debian packages for each release; if you use the wrong one (say, a 64‑bit build on an arm machine), the installer will throw a “cannot satisfy dependency” error before even getting started. The -O flag just names it nicely so you can see what’s being installed later.
Step 2: Install with dpkg – and Don’t Panic About Broken Dependencies
sudo dpkg -i nessus.deb || sudo apt-get install -f
The first command hands the package to the system. If you’ve got a mismatched library, dpkg will stop mid‑process and complain. The second part (apt-get install -f) fixes that by pulling in missing dependencies automatically. I once ran into an issue where a fresh 18.04 install had an older libssl1.0.0, and the scanner refused to start until I upgraded to libssl1.1.
Step 3: Enable and Start the Nessus Service
sudo systemctl enable nessusd sudo systemctl start nessusd
Running Nessus as a service means it will boot with the machine, so you don’t have to remember to launch it each time. The enable command also creates the proper symlinks in /etc/systemd.
Step 4: Let It Boot Up (It Takes a Minute)
After starting, give the daemon a few seconds to finish initializing its internal database:
sudo systemctl status nessusd
If you see “active (running)” it’s good. If not, check /var/log/nessus/nessusd.log for clues; often it will point out missing libraries or permission issues.
Step 5: Open the Firewall (Optional but Recommended)
sudo ufw allow 8834/tcp
Nessus listens on port 8834 by default. If you have UFW enabled, the scanner won’t be reachable until that rule is added.
Step 6: Punch in Your Browser
Navigate to https://<your‑server>:8834 from any machine that can reach your Ubuntu box. The first time you land on the page, a self‑signed certificate warning will pop up – just accept it (or install your own cert later).
The UI is straightforward: create an admin user, choose a license key (there’s a free personal edition), and let Nessus populate its plugin set. The download can take 10–15 minutes on a modest CPU; meanwhile you can keep an eye on nessusd.log if something feels off.
Step 7: Keep the Plugins Fresh
sudo /opt/nessus/sbin/nessuscli update
Running this command every day (or once a week for a production scanner) keeps your vulnerability database up‑to‑date. The first time it runs, Nessus will warn you that it’s downloading over 200 MB of data; if you’re on a metered connection, run it during off‑peak hours.
Quick Troubleshooting Checklist
- “Failed to start nessusd.service” – usually missing libssl. Run sudo apt-get install libssl1.1 or upgrade your system.
- “Plugin error: cannot load plugin…” – delete the /opt/nessus/lib/plugins directory and let Nessus re‑install them on next boot.
- Cannot access UI – double‑check firewall rules, confirm port 8834 is listening (sudo netstat -tulpn | grep 8834), and make sure you’re using HTTPS.
Final Thoughts
That’s it. You’ve got a fully functional Nessus scanner on Ubuntu without spending hours wrestling with dependencies or reading a thousand pages of documentation. If you hit a snag, the log files are usually honest enough to tell you what went wrong, so you’ll spend less time guessing and more time actually scanning.
