A step-by-step guide on setting up the Nessus security and vulnerability scanner on Linux Ubuntu 20.04 LTS in the cloud on AWS Lightsail

Having a network and web application security and vulnerability scanner deployed on your organization is very important. It can uncover serious network and web application security issues that risk the fabric and very existence of your organization. In this tutorial, I will quickly show you how to deploy the open-source edition of the Nessus security and vulnerability scanner on a cloud-hosted Linux Ubuntu 20.04 LTS server on AWS Lightsail. Nessus is a proprietary vulnerability scanner developed by Tenable, Inc. Nessus can be deployed on a variety of platforms, including Raspberry Pi. Regardless of where you are, where you need to go, or how distributed your environment is, Nessus is fully portable. Nessus is designed with an intuitive approach to navigation and user experience. This includes a resource center to guide you with actionable tips and guidance on the next steps to take. Watch this video right uptown the end to learn how to set it up.


In order to complete this tutorial, the following is a list of items that are needed. Please ensure to have these items available before taking implementation action on this tutorial to ensure success:
1) An amazon web services account (root user account or IAM user account)
2) Access to the AWS Route53 and lightsail services
3) A Linux Ubuntu 20.04 LTS instance
4) An ssh client such as putty or the macOS / Linux terminal program
5) The nessus security and vulnerability scanner installation files.


1) Sign into your amazon account and create a new Linux Ubuntu 20.04 instance in the Lightsail service
2) Create an A record in Route53 and point it to your Linux Ubuntu instance
3) Connect to the instance via ssh, install updates and set a custom hostname
4) Restart the instance and install the Nessus security scanner
5) Open a new web browser window and complete the post installation setup.

Step 1: Sign into your amazon account and create a new Linux Ubuntu 20.04 LTS instance in the Lightsail service.

1) The first step is to deploy a Linux Ubuntu instance on the AWS cloud or any other similar cloud service. Click HERE to go to the sign in page. You can also click HERE to sign up for a free tier account. Once you have signed in use the search bar at the top to run a query for “LIGHTSAIL”. Click on the Lightsail search result to open the management console. Click on the CREATE INSTANCE button to open the instance creation wizard. 

2) Proceed by clicking on CHANGE REGION AND AVAILABILITY ZONE, and choose a region to deploy the instance from the available list of options. On the SELECT A PLATFORM section choose LINUX / UNIX and on the SELECT A BLUE PRINT section click on the OS ONLY button and select the LINUX UBUNTU 20.04 LTS instance. 

3) Scroll down to the CHOOSE YOUR INSTANCE PLAN section and select the $10 plan which also gives you first 3 months free. Type in a name for the instance on the IDENTIFY YOUR INSTANCE input field and click on CREATE INSTANCE.

Step 2: Create an A record in Route53 and point it to your Linux Ubuntu instance.

4) Once the instance creation process is complete, we recommend that you set a static IP address on the instance. To do this, click on the Network tab and click on the Create static IP button. Select the instance on the drop-down menu, give the static IP a name, and click Create static IP. 

Open Amazon Route53 and click on Hosted Zones. Click on any hosted zone for registered domain names and click on Create Record. Set the record name to nessus-server, set the record type to A RECORD, paste the public IPv4 address for the instance on the Value field and click on Create Record. 

Step 3: Connect to the instance via ssh, install updates and set a custom hostname

5) Return to the Lightsail dashboard and click on the Nessus instance, click on the Connect tab scroll down and click Download Default Key. A key pair file will be downloaded to your downloads directory. Open your terminal program and change your working directory to the downloads directory. Run the following command to set the key pair file to read only and to connect to the Nessus server using the key pair file

6) Once you have successfully connected to the server via SSH, you now need to configure a custom hostname and install system and package updates. Run the commands below to do so:

Set the preserve_hostname parameter to True. i.e preserve_hostname = true. Run the command below to restart the virtual machine

If you are using a Windows based PC click HERE to learn how to connect to your instance using the PUTTY SSH client.

Step 4: Install the Nessus Security And Vulnerability Scanner