Sign In
Sign In

How to Use Nessus for Vulnerability Scanning on Ubuntu 22.04

How to Use Nessus for Vulnerability Scanning on Ubuntu 22.04
Hostman Team
Technical writer
Servers
20.11.2024
Reading time: 11 min

Nessus is one of the most popular and widely used vulnerability scanners worldwide. Developed by Tenable, Inc., Nessus provides a comprehensive solution for identifying vulnerabilities, allowing organizations and individuals to detect and address potential security threats in their network infrastructure. With Nessus, you can conduct in-depth security analysis, covering a range of tasks from simple vulnerability detection to complex compliance checks.

Versions of Nessus: Essentials, Professional, and Expert

  • Nessus Essentials. A free version intended for home users and those new to the security field. This version provides basic scanning and vulnerability detection features.

  • Nessus Professional. A paid version designed for security professionals and large organizations. It offers advanced features like large network scanning, integration with other security systems, and additional analysis and reporting tools.

  • Nessus Expert. A premium version that includes all Professional features, along with additional tools and capabilities such as cloud scanning support, integration with security incident management systems, and further customization options.

Nessus Vulnerability Scanning Features

  • Vulnerability Detection. Nessus detects vulnerabilities across different systems and applications based on its extensive vulnerability database.

  • Compliance Checks. Nessus performs checks to ensure compliance with various security standards and regulations.

  • Integration with Other Systems. It can integrate with incident management systems, log management systems, and other security tools.

  • Cloud Server Scanning. Nessus Expert offers scanning capabilities for cloud environments such as AWS, Azure, and Google Cloud.

  • Data Visualization. Nessus includes dashboards and reports for visualizing scan results.

  • Regular Updates. Nessus continuously updates its vulnerability database to keep up with emerging threats.

  • Flexible Configuration. It provides customization options to tailor the scanning process to specific environments.

Installing Nessus

You can install Nessus on Ubuntu in two ways: as a Docker container or as a .deb package. Here’s a step-by-step guide for both methods.

Installing Nessus on Ubuntu via Docker

  1. Preparation

First, ensure that Docker is installed on your system. If Docker isn’t installed, follow this guide to install Docker on Ubuntu 22.04.

  1. Download the Nessus Image

Download the latest Nessus image from Docker Hub by running:

docker pull tenable/nessus:latest-ubuntu

The download process may take around 10 minutes.

  1. Create and Start the Container

Once the image is downloaded, create and start the container with:

docker run --name "nessus_hostman" -d -p 8834:8834 tenable/nessus:latest-ubuntu

Here:

  • --name "nessus_hostman" sets the container's name.

  • -d runs the container in detached mode (background).

  • -p 8834:8834 maps port 8834 of the container to port 8834 on the host, making Nessus accessible at localhost:8834.

If you need to restart the container after stopping it, use:

docker start nessus_hostman

Installing Nessus on Ubuntu as a .deb Package

  1. Download the Installation Package

Start by downloading the installer for Ubuntu with:

curl --request GET \
 --url 'https://www.tenable.com/downloads/api/v2/pages/nessus/files/Nessus-10.6.1-ubuntu1404_amd64.deb' \
 --output 'Nessus-10.6.1-ubuntu1404_amd64.deb'
  1. Install Nessus

With the installation file downloaded to your current directory, use dpkg to install Nessus:

sudo dpkg -i ./Nessus-10.6.1-ubuntu1404_amd64.deb
  1. Start the Nessus Service

After installing, start the nessusd service:

sudo systemctl start nessusd.service
  1. Verify the Nessus Service

Check if nessusd is active and running without errors:

sudo systemctl status nessusd

You should see the status: Active: active (running).

  1. Accessing Nessus in a Browser

Now, access Nessus by opening a browser and navigating to:

https://localhost:8834/

Port 8834 is the default port for Nessus. Most browsers will show a security warning when accessing Nessus, but it’s safe to proceed by clicking Advanced and continuing to the site.

Initial Setup of Nessus

  1. Navigate to the Setup Page. After starting the container, open your browser and go to https://localhost:8834. You’ll see a loading screen as necessary components are downloaded.

  2. Register on the Tenable Website. While Nessus is downloading components, register on the Tenable website to obtain an activation code. The code will be sent to the email address you provide.

  3. Use the Setup Wizard

    • Once components are downloaded, the setup wizard will launch. Click Continue.

Image3

    • Select Nessus Essentials.

Image11

    • Enter the activation code sent to your email.

Image7

    • Create a user account by entering a username and password.

  1. Completing the Installation. Wait for the setup to finish and for all plugins to load. Once everything is complete, you’ll see the status updates on https://localhost:8834/#/settings/about/events. After this, the Nessus installation is fully set up and ready to use.

Setting Up the beeBox Server

In this guide, we’ll use the beeBox virtual machine to demonstrate Nessus’s capabilities. If you’re scanning your own server, skip this step.

After successfully installing and configuring Nessus, it’s time to test it in action. To do this, we need a target system to scan for vulnerabilities. We’ll use a virtual machine called beeBox, which is based on bWAPP (a "buggy" web application). Designed with known vulnerabilities, beeBox is perfect for security professionals, developers, and students to practice identifying and mitigating security threats.

beeBox includes the following vulnerabilities:

  • Injection (HTML, SQL, LDAP, SMTP, etc.)
  • Broken Authentication & Session Management
  • Cross-Site Scripting (XSS)
  • Insecure Direct Object References
  • Security Misconfiguration
  • Sensitive Data Exposure
  • Missing Function Level Access Control
  • Cross-Site Request Forgery (CSRF)
  • Using Components with Known Vulnerabilities
  • Unvalidated Redirects & Forwards
  • XML External Entity (XXE) Attack
  • sServer-Side Request Forgery (SSRF)

These make beeBox ideal for showcasing Nessus’s scanning capabilities.

Installing beeBox on VirtualBox

We’ll go through the installation process using VirtualBox 7.0. Steps may vary slightly for other VirtualBox versions.

  1. Download the beeBox Image. Download the beeBox virtual machine image (the bee-box_v1.6.7z file) and extract it.

  2. Create a New Virtual Machine. Open VirtualBox, click New, and in the Name and Operating System section:

    • Enter a name for the virtual machine.

    • Set the OS type to Linux.

    • Choose Oracle Linux (64-bit) as the version.

Image20

  1. Configure Hardware. Allocate 1024 MB of RAM and 1 CPU to the virtual machine.

Image5

  1. Select a Hard Disk. In the Hard Disk section:

    • Choose Use an Existing Virtual Hard Disk File.

    • Click Add and select the path to the bee-box.vmdk file you extracted earlier.

Ca21baeb A3a5 4fd9 B7f8 4f65501e9439

  1. Configure Network Settings. Before starting the VM:

    • Go to Settings > Network.

    • Change Attached to from NAT to Bridged Adapter to ensure the VM is on the same network as your primary machine.

Image6

  1. Start the Virtual Machine. Click Start to launch beeBox.

  2. Set Keyboard Layout. Once the desktop loads:

    • Click on USA in the top menu.

    • Select Keyboard Preferences, go to the Layouts tab, and set Keyboard model to IBM Rapid Access II.

Image4

  1. Retrieve IP Address. Open a terminal in beeBox and run ip a to find the virtual machine’s IP address. You can then access the beeBox application from your main machine using this IP, confirming its accessibility.

Image13

Scanning with Nessus

Nessus General Settings

Before using Nessus to scan for vulnerabilities, it's essential to understand its interface and configuration options. The main screen is divided into two primary tabs: Scans and Settings. First, let’s take a closer look at the Settings tab.

  1. About:

    • Overview: Provides general information about your Nessus installation, including the version, license details, and other key information.

    • License Utilization: Displays all IP addresses that have been scanned. In the free version, up to 16 hosts can be scanned. Hosts not scanned in the last 90 days will be automatically released from the license.

    • Software Update: Allows you to set up automatic updates or initiate updates manually.

    • Encryption Password: Lets you set a password for encrypting Nessus data. This password is crucial for data recovery if set, as data will be inaccessible without it.

    • Events: Enables you to view the update history and other important events.

  2. Advanced Settings:

    • Contains additional configurations for Nessus. Though we won’t cover each option in detail here, you can find specifics about each setting on the official website.

  3. Proxy Server:

    • If your network requires a proxy server for internet access or to reach target servers, you can configure the proxy settings here.

  4. SMTP Server:

    • This allows you to configure an SMTP server so that Nessus can send scan result notifications and other alerts via email.

Running a Basic Scan

Now let’s move to the Scans tab. It’s essential to accurately set up the scan parameters for optimal efficiency and accuracy in detecting vulnerabilities.

  1. Initiate a New Scan. On the main screen, click New Scan to open the scan creation wizard.

Image2

  1. Select Scan Type. For this example, we’ll choose Basic Network Scan.

  2. General Settings:

    • General: Enter a name and description for the scan, choose a folder for the results, and specify the target IP address (e.g., the IP of the beeBox virtual machine).

Image12

    • Schedule: Set up scan frequency if desired (optional).

    • Notifications: Add email addresses to receive notifications about scan results. For this to work, configure the SMTP server in the settings.

  1. Detailed Settings:

    • Discovery: Here, you can select the type of port scan—common ports (4,700 commonly used ports), all ports, or Custom for detailed port scan settings. For this example, we’ll select common ports.

Image22

    • Assessment: Choose the vulnerability detection method. We’ll use Scan for all web vulnerabilities to speed up the scan. Custom options are also available, and details for each setting are provided in the documentation.

Image1

    • Report: Set report generation parameters if needed (we’ll leave this unchanged for the example).

    • Advanced: Configure scan speed settings. You can enable or disable debugging for plugins in manual settings mode. For this example, we’ll set Default. You can find more information in the docs.

Image19

  1. Additional Settings

Above the primary settings, you’ll see two tabs: Credentials and Plugins.

  • Credentials: Allows you to provide credentials for accessing services on the target host (useful for finding vulnerabilities that require non-privileged access).

Image10

  • Plugins: Displays the list of plugins that will be used during the scan. When using other types of scans, such as advanced scans, you can enable or disable specific plugins.

Image14

Click Save to save your scan setup, then return to the main screen. Click Launch to start the scan.

The scan is now underway, and you can monitor its progress by clicking on the scan in the Scans tab.

Image8

Viewing Scan Results in Nessus

After completing a scan, you can analyze the results by navigating to the specific scan.

Image15

The main section of the results page contains a table with detailed information on detected vulnerabilities:

  • Severity: Reflects the threat level based on the CVSS (Common Vulnerability Scoring System) metric.

  • CVSS: Shows the CVSSv2 metric score, indicating the risk level of the vulnerability.

  • VPR: An alternative risk metric by Tenable, providing an additional risk assessment.

  • Name: The name of the detected vulnerability.

  • Family: The category or group the vulnerability belongs to.

  • Count: The number of instances of this vulnerability.

It’s worth noting that some vulnerabilities may be grouped as Mixed.To change this grouping, go to Settings > Advanced and set Use Mixed Vulnerability Groups to No.

On the left side of the table, you’ll find information about the target host, along with a chart displaying vulnerabilities' distribution by severity level.

To explore a specific vulnerability in detail, click on its name. For example, let’s look at the Drupal Database Abstraction API SQLi vulnerability.

Image21

  • Vulnerability Description: A brief description of the issue and the software version in which it was patched.

  • Detection Details: Reports on vulnerability detection and recommended mitigation methods.

  • Technical Details: An SQL query that was used to identify the vulnerability.

In the left panel, you can find:

  • Plugin Information: Description of the plugin that detected the vulnerability.

  • VPR and CVSS Ratings: Displays the severity ratings of the vulnerability according to different metrics.

  • Exploitation Data: Information about the potential for exploiting the vulnerability.

  • References: Useful links to resources like exploit-db, nist.gov, and others, where you can learn more about the vulnerability.

Conclusion

This guide covered Nessus's installation, configuration, and use for vulnerability scanning. Nessus is a powerful automated tool, but its effectiveness relies on accurate configuration. Remember that network and system security require a comprehensive approach; automated tools are best used alongside ongoing security education and layered defense strategies for reliable protection.

Servers
20.11.2024
Reading time: 11 min

Similar

Ubuntu

How to Install VNC on Ubuntu

If you need to interact with a remote server through a graphical interface, you can use VNC technology.VNC (Virtual Network Computing) allows users to establish a remote connection to a server over a network. It operates on a client-server architecture and uses the RFB protocol to transmit screen images and input data from various devices (such as keyboards or mice). VNC supports multiple operating systems, including Ubuntu, Windows, macOS, and others. Another advantage of VNC is that it allows multiple users to connect simultaneously, which can be useful for collaborative work on projects or training sessions. In this guide, we will describe how to install VNC on Ubuntu, using a Hostman cloud server with Ubuntu 22.04 as an example. Step 1: Preparing to Install VNC Before starting the installation process on both the server and the local machine, there are a few prerequisites to review.  Here is a list of what you’ll need to complete the installation: A Server Running Ubuntu 22.04. In this guide, we will use a cloud server from Hostman with minimal hardware configuration. A User with sudo Privileges. You should perform the installation as a regular user with administrative privileges. Select a Graphical Interface. You’ll need to choose a desktop environment that you will use to interact with the remote server after installing the system on both the server and the local machine. A Computer with a VNC Client Installed.  Currently, the only way to communicate with a rented server running Ubuntu 22.04 is through the console. To enable remote management via a graphical interface, you’ll need to install a desktop environment along with VNC on the server. Below are lists of available VNC servers and desktop environments that can be installed on an Ubuntu server. VNC Servers: TightVNC Server. One of the most popular VNC servers for Ubuntu. It is easy to set up and offers good performance. RealVNC Server. RealVNC provides a commercial solution for remote access to servers across various Linux distributions, including Ubuntu, Debian, Fedora, Arch Linux, and others. Desktop Environments: Xfce. A lightweight and fast desktop environment, ideal for remote sessions over VNC. It uses fewer resources than heavier desktop environments, making it an excellent choice for servers and virtual machines. GNOME. The default Ubuntu desktop environment, offering a modern and user-friendly interface. It can be used with VNC but will consume more resources than Xfce. KDE Plasma. Another popular desktop environment that provides a wide range of features and a beautiful design. The choice of VNC server and desktop environment depends on the user’s specific needs and available resources. TightVNC and Xfce are excellent options for stable remote sessions on Ubuntu, as they do not require high resources. In the next step, we will describe how to install them on the server in detail. Step 2: Installing the Desktop Environment and VNC Server To install the VNC server on Ubuntu along with the desktop environment, connect to the server and log in as a regular user with administrative rights. Update the Package List  After logging into the server, run the following command to update the packages from the connected repositories: sudo apt update Install the Desktop Environment  Next, install the previously selected desktop environment. To install Xfce, enter: sudo apt install xfce4 xfce4-goodies Here, the first package provides the basic Xfce desktop environment, while the second includes additional applications and plugins for Xfce, which are optional. Install the TightVNC Server  To install TightVNC, enter: sudo apt install tightvncserver Start the VNC Server  Once the installation is complete, initialize the VNC server by typing: vncserver This command creates a new VNC session with a specific session number, such as :1 for the first session, :2 for the second, and so on. This session number corresponds to a display port (for example, port 5901 corresponds to :1). This allows multiple VNC sessions to run on the same machine, each using a different display port. During the first-time setup, this command will prompt you to set a password, which will be required for users to connect to the server’s graphical interface. Set the View-Only Password (Optional)  After setting the main password, you’ll be prompted to set a password for view-only mode. View-only mode allows users to view the remote desktop without making any changes, which is helpful for demonstrations or when limited access is needed. If you need to change the passwords set above, use the following command: vncpasswd Now you have a VNC session. In the next step, we will set up VNC to launch the Ubuntu server with the installed desktop environment. Step 3: Configuring the VNC Server The VNC server needs to know which desktop environment it should connect to. To set this up, we’ll need to edit a specific configuration file. Stop Active VNC Instances  Before making any configurations, stop any active VNC server instances. In this guide, we’ll stop the instance running on display port 5901. To do this, enter: vncserver -kill :1 Here, :1 is the session number associated with display port 5901, which we want to stop. Create a Backup of the Configuration File  Before editing, it’s a good idea to back up the original configuration file. Run: mv ~/.vnc/xstartup ~/.vnc/xstartup.bak Edit the Configuration File  Now, open the configuration file in a text editor: nano ~/.vnc/xstartup Replace the contents with the following: #!/bin/bashxrdb $HOME/.Xresourcesstartxfce4 & #!/bin/bash – This line is called a "shebang," and it specifies that the script should be executed using the Bash shell. xrdb $HOME/.Xresources – This line reads settings from the .Xresources file, where desktop preferences like colors, fonts, cursors, and keyboard options are stored. startxfce4 & – This line starts the Xfce desktop environment on the server. Make the Configuration File Executable To allow the configuration file to be executed, use: chmod +x ~/.vnc/xstartup Start the VNC Server with Localhost Restriction Now that the configuration is updated, start the VNC server with the following command: vncserver -localhost The -localhost option restricts connections to the VNC server to the local host (the server itself), preventing remote connections from other machines. You will still be able to connect from your computer, as we’ll set up an SSH tunnel between it and the server. These connections will also be treated as local by the VNC server. The VNC server configuration is now complete. Step 4: Installing the VNC Client and Connecting to the Server Now, let’s proceed with installing a VNC client. In this example, we’ll install the client on a Windows 11 computer. Several VNC clients support different operating systems. Here are a few options:  RealVNC Viewer. The official client from RealVNC, compatible with Windows, macOS, and Linux. TightVNC Viewer. A free and straightforward VNC client that supports Windows and Linux. UltraVNC. Another free VNC client for Windows with advanced remote management features. For this guide, we’ll use the free TightVNC Viewer. Download and Install TightVNC Viewer Visit the official TightVNC website, download the installer, and run it. In the installation window, click Next and accept the license agreement. Then, select the custom installation mode and disable the VNC server installation, as shown in the image below. Click Next twice and complete the installation of the VNC client on your local machine. Set Up an SSH Tunnel for Secure Connection To encrypt your remote access to the VNC server, use SSH to create a secure tunnel. On your Windows 11 computer, open PowerShell and enter the following command: ssh -L 56789:localhost:5901 -C -N -l username server_IP_address Make sure that OpenSSH is installed on your local machine; if not, refer to Microsoft’s documentation to install it. This command configures an SSH tunnel that forwards the connection from your local computer to the remote server over a secure connection, making VNC believe the connection originates from the server itself. Here’s a breakdown of the flags used: -L sets up SSH port forwarding, redirecting the local computer’s port to the specified host and server port. Here, we choose port 56789 because it is not bound to any service. -C enables compression of data before transmitting over SSH. -N tells SSH not to execute any commands after establishing the connection. -l specifies the username for connecting to the server. Connect with TightVNC Viewer After creating the SSH tunnel, open the TightVNC Viewer and enter the following in the connection field: localhost:56789 You’ll be prompted to enter the password created during the initial setup of the VNC server. Once you enter the password, you’ll be connected to the VNC server, and the Xfce desktop environment should appear. Stop the SSH Tunnel To close the SSH tunnel, return to the PowerShell or command line on your local computer and press CTRL+C. Conclusion This guide has walked you through the step-by-step process of setting up VNC on Ubuntu 22.04. We used TightVNC Server as the VNC server, TightVNC Viewer as the client, and Xfce as the desktop environment for user interaction with the server. We hope that using VNC technology helps streamline your server administration, making the process easier and more efficient. We're prepared more detailed instruction on how to create server on Ubuntu if you have some trouble deploying it.
30 May 2025 · 8 min to read
Servers

How to Correct Server Time

The method you choose for correcting the time on your server depends on how far off the server's clock is. If the difference is small, use the first method. If the clock is significantly behind or ahead, it's better not to adjust it in a single step — it's safer to change the time gradually. Configuration on Ubuntu/Debian Quick Fix To quickly change the time on the server, use the ntpdate utility. You need sudo privileges to install it: apt-get install ntpdate To update the time once: /usr/sbin/ntpdate 1.north-america.pool.ntp.org Here, the NTP pool is the address of a trusted server used to synchronize the time. For the USA, you can use NTP servers from this page. You can find pool zones for other regions at ntppool.org. You can also set up automatic time checks using cron: crontab -e 00 1 * * * /usr/sbin/ntpdate 1.north-america.pool.ntp.org This schedules synchronization once a day. Instead of a set interval, you can specify a condition. For example, to synchronize the time on every server reboot using cron reboot: crontab -e @reboot /usr/sbin/ntpdate 1.north-america.pool.ntp.org Gradual Correction To update the time gradually, install the ntp utility on Ubuntu or Debian. It works as follows: The utility checks data from synchronization servers defined in the configuration. It calculates the difference between the current system time and the reference time. NTP gradually adjusts the system clock. This gradual correction helps avoid issues in other services caused by sudden time jumps. Install NTP: apt-get install ntp For the utility to work correctly, configure it in the file /etc/ntp.conf. Add NTP servers like: server 0.north-america.pool.ntp.org server 1.north-america.pool.ntp.org iburst server 2.north-america.pool.ntp.org server 3.north-america.pool.ntp.org The iburst option improves accuracy by sending multiple packets at once instead of just one. You can also set a preferred data source using the prefer option: server 0.ubuntu.pool.ntp.org iburst prefer After each configuration change, restart the utility: /etc/init.d/ntp restart Configuration on CentOS The method choice rules are the same. If you need to correct a difference of a few seconds, the first method will do. For minutes or hours, the second method is better. Quick Fix To quickly adjust the time, use ntpdate. Install it with: yum install ntpdate For a one-time sync: /usr/sbin/ntpdate 1.north-america.pool.ntp.org Use Crontab to set automatic periodic synchronization. For daily sync: crontab -e 00 1 * * * /usr/sbin/ntpdate 1.north-america.pool.ntp.org To sync on boot instead of at regular intervals: crontab -e @reboot /usr/sbin/ntpdate 1.north-america.pool.ntp.org Gradual Correction To change the time on the server gradually, use ntp in CentOS. Install it: yum install ntp Enable the service on startup: chkconfig ntpd on In the file /etc/ntp.conf, specify accurate time sources, for example: server 0.north-america.pool.ntp.org server 1.north-america.pool.ntp.org iburst server 2.north-america.pool.ntp.org server 3.north-america.pool.ntp.org The iburst parameter works the same as in Ubuntu/Debian — it improves accuracy by sending a burst of packets. Restart the service after making changes: /etc/init.d/ntp restart Then restart the daemon: /etc/init.d/ntpd start Additional Options Time synchronization is usually done with the server closest to your server geographically. But in the configuration, you can specify the desired region directly in the subdomain. For example: asia.pool.ntp.org europe.pool.ntp.org Even if the NTP server is offline, it can still pass on system time. Just add this line: server 127.127.1.0 You can also restrict access for external clients. By default, these parameters are set: restrict -4 default kod notrap nomodify nopeer noquery restrict -6 default kod notrap nomodify nopeer noquery The options notrap, nomodify, nopeer, and noquery prevent changes to the server's configuration. KOD (kiss of death) adds another layer of protection: if a client sends requests too frequently, it receives a warning packet and then is blocked. If you want to allow unrestricted access for the local host: restrict 127.127.1.0 To allow devices in a local network to sync with the server: restrict 192.168.1.0 mask 255.255.255.0 nomodify notrap After any changes, restart the service: service restart ntp To check the service’s operation, use the command: ntpq -p It will display a table showing the time source address, server stratum, last synchronization time, and other useful data.
16 April 2025 · 4 min to read
Servers

How to Set Up Network Storage with FreeNAS

NAS (Network Attached Storage) is a network data storage device. It provides shared file access from any connected computer or gadget. With this setup, all data is stored in one place, offering convenient access to NAS over a local network (LAN) or the Internet, and supports RAID and other technologies for data protection. NAS can be used as home storage for media files, an office server for shared documents, or a corporate solution for backups and file resources. In this tutorial, we’ll look at configuring FreeNAS — a free operating system for creating NAS based on FreeBSD. It is now developed under the name TrueNAS, but the core principles remain the same. This OS is free, uses the crash-resistant ZFS file system, and is flexible in configuration. Installing FreeNAS We’ll go through the installation of FreeNAS OS using a cloud server from Hostman. Choosing the Configuration Important system requirements for FreeNAS: RAM: 8 GB minimum (16 GB+ recommended, especially with large disks) Free disk for the system: at least 8 GB (16–32 GB recommended) Data storage disk: size depending on your needs This configuration ensures stable operation with up to 4 TB of data when using iSCSI, virtual machines, and databases and 8 TB for lighter tasks. In this tutorial, we’ll use Hostman, where only NVMe SSDs are available. However, in general, consider the following: For large media libraries, archives, and backups, HDDs are sufficient. For high-speed access, processing small files, or running VMs or databases, SSDs are better, either as primary storage or as a cache for performance. Step 1: Uploading the OS Image to Hostman Panel Go to the download page and choose an appropriate installer version in .iso format. To find the image: Click the directory of the version you want (recommended: STABLE) Open the x64 folder and copy the link to the .iso file. In this tutorial, we use version 13.3 STABLE. Image download link: https://download.freenas.org/13.3/STABLE/RELEASE/x64/TrueNAS-13.3-RELEASE.iso In the Hostman panel, go to the Cloud servers - Images section, click Upload image and paste the copied URL. Choose the server location and click Upload. Wait for the image to finish uploading. Step 2: Creating a Cloud Server Once the image is uploaded, click Create server from image. Choose the server configuration. Click Order to create the server. Step 3: Adding a Disk The default configuration includes 80 GB of NVMe storage — we’ll use this for the OS. Now we need to add an additional disk for storing data: Wait for the image to mount and for the server to become available. Go to the Plan tab and click Add disk. Choose the required size and click Add. Step 4: Installing the System Go to the Console tab. You can open the console in a new tab for convenience. The installer should appear in the console. Press Enter to start the installation. Choose the destination disk (in this case, the 80 GB NVMe). Press Space to select, then Enter to confirm. The installer will warn you that the disk will be erased. Confirm to proceed. Enter and confirm a password — you will use it later to access the web interface as the root user. Choose the boot mode. Hostman servers use Legacy BIOS. The installer offers to create a 16 GB swap partition. It helps extend RAM by using disk space, which is useful if you have less than 16 GB RAM or expect unstable loads. Not recommended on USB drives due to wear. The installation will begin.  After it completes, confirm that it finished successfully. Press Space, and in the menu, select Shutdown System to turn off the server. You can now delete the installation image so it doesn't incur charges. After rebooting, the system will show that the web interface is available via the server’s IP address. Installation is complete! Initial Setup of FreeNAS First Login to the Web Interface Go to the UI using the server’s IP address. Log in with: Username: root Password: the one set during installation You’ll see the TrueNAS dashboard. Setting Basic System Parameters Set the correct time zone: Open System, then General settings. Set your timezone in the Timezone field. Enable alerts: Go to Alert Services and Alert Settings. You can configure email notifications or messenger integrations. Creating and Configuring Storage (ZFS) FreeNAS uses the ZFS file system for reliable and flexible storage. Its benefits include data protection and useful tools for backups and replication. Go to Storage (1), then Pools (2) Click Add to create a new pool. Choose Create new pool. Enter a name for your pool, e.g., mypool. Select your disk (1) and move it to the Data VDevs field (2). You’ll see options for Mirror and Stripe modes: — Mirror Data is written to all disks in the group. If one disk fails, data remains on the others. Total storage equals the size of the smallest disk. Use when: Reliability is more important than capacity. You have two or more disks of similar size. You want redundancy without complex RAID setups. — Stripe Data is split and written across all disks. Better performance and full use of all disk space. If one disk fails, all data is lost. Use when: Speed and space are more important than reliability. Data isn’t critical (can be restored from elsewhere). You want to maximize storage with minimal setup. Click Create. Note that all data on the disk will be erased. The new pool should now appear in the panel. User Management and Access Rights In the left-hand menu, select the Account tab, then Users, and click the Add button. Fill in the required fields — full name, username (alias), and password. If needed, configure a home directory inside one of the created datasets. You can manage permissions within datasets, which are logical partitions or storage spaces created inside a ZFS pool. To do this, go to the Pools tab (1) and use the Edit Permissions option (2) on the desired dataset. You can configure access rights for individual users or entire groups. Try not to grant administrator (root) privileges to too many users, even if it seems more convenient. The fewer people with elevated access, the more secure your data will be. Setting Up Services and Sharing Protocols Enable the necessary services under the Services tab to take advantage of NAS features. The following protocols are available: SMB for Windows networks NFS for UNIX-based environments AFP for Apple users WebDAV for HTTP-based access iSCSI, FTP, and others You can configure each protocol after activation. For example, with SMB, you can set a workgroup and guest access parameters and enable auto-start on system reboot. After enabling a service, create a share in the Shares section by selecting the appropriate protocol. Advanced Features and Plugins FreeNAS (TrueNAS) features a robust plugin system (Jails, Plugins) that includes many popular applications. Some of the most in-demand plugins include: Nextcloud: A private cloud solution with office tools, calendar, audio/video conferencing. Ideal for collaborative work and personal file syncing (like Dropbox or Google Drive). Plex Media Server: A powerful tool for managing your media library — TV shows, movies, music, photos. It can auto-fetch metadata, download covers, and track viewed/unviewed status. Transmission: A lightweight torrent client with a web interface. Perfect for downloading large files directly to your NAS. Syncthing: Focused on peer-to-peer folder synchronization. Great for distributed teamwork or backup syncing across devices. Zoneminder: Enables you to set up a video surveillance system. Supports IP cameras, recording, and alert configurations. Tarsnap: A secure backup service for UNIX-like systems. To install a plugin, go to Plugins (1), choose an application, and click Install (2). Configuration (like ports or storage paths) is usually done after the quick setup. If you want more isolation, use Jails — FreeBSD-based environments that let you install packages and libraries independently of the main system. Backups and Data Protection ZFS Snapshots allow for quick recovery of data in case of accidental deletion or corruption. You can automate this by scheduling snapshots via the Tasks → Periodic Snapshot Tasks tab. Choose the dataset, snapshot lifetime, and frequency. Data deduplication saves storage space but is RAM-intensive (about 5 GB RAM per 1 TB of data). If you plan to use it heavily, consider increasing your memory. Otherwise, ZFS may slow down or run into resource issues. For advanced backup features, consider plugins like Asigra or Tarsnap. Choose a backup strategy based on your risk tolerance and data volume. Some users are fine with local snapshots; others may prefer offsite copies. Common Issues and Troubleshooting Symptom Problem Description Solution Cannot access the web interface (browser won’t open URL) Network or IP configuration issues, firewall port blocking 1. Check IP settings in TrueNAS console (options 1, 4, 6 in network menu). 2. Verify gateway and DNS settings. 3. If behind NAT, open/forward required ports (usually 80/443). 4. Ensure local firewall allows access. [EINVAL] vm_create: This system does not support virtualization CPU/motherboard doesn’t support VT-x/AMD-V, or it's disabled in BIOS/UEFI, or virtualization is off in the hypervisor 1. Enable Intel VT-x / AMD-V (SVM) in BIOS. 2. Confirm CPU supports virtualization. 3. If running inside a hypervisor, enable Nested Virtualization. "Pool is DEGRADED" or "FAULTED" ZFS pool has a failing or disconnected disk 1. Run zpool status in the console to identify the faulty disk. 2. Replace the failed disk if using RAIDZ or Mirror. 3. Start the resilvering process. 4. Review logs and run SMART tests. Slow performance or errors with deduplication Deduplication consumes too much RAM 1. Add more RAM. 2. Disable deduplication where not needed (e.g., media files). 3. Use only compression (LZ4) if resources are limited. Cannot access SMB share or it doesn't show up on the network Incorrect ACL or SMB configuration, workgroup mismatch, bad user profile 1. Enable SMB in Services and set it to auto-start. 2. Create a new share under Sharing → SMB and check permissions. 3. Configure ACLs on the dataset (e.g., Full Control for user/group). 4. Verify the correct workgroup setting. Snapshot creation/deletion fails Not enough free space or quota exceeded, or permission issues 1. Check available space in pools. 2. Increase/remove dataset quotas if too strict. 3. Make sure the user has snapshot permissions. SSH doesn’t work or key authentication fails SSH service off, keys not in the right place, wrong file permissions 1. Enable SSH under Services. 2. Upload public key under System → SSH Keypairs, or place it in ~/.ssh/authorized_keys. 3. Set correct permissions (700 for .ssh, 600 for key files). WebDAV access via password doesn’t work WebDAV user/password not set or port blocked by firewall 1. Go to Services → WebDAV and set the webdav user password. 2. Make sure the port (e.g., 8080) is open in the firewall. 3. Verify the correct access path (e.g., http://IP:8080/resource_name). Conclusion FreeNAS (TrueNAS) version 11.3 is well-suited for setting up a file server and running additional services. The system offers tools for managing ZFS pools, user permissions, and protocols like SMB, WebDAV, and iSCSI. If you need extended functionality, check out plugins and built-in virtualization (like VirtualBox or bhyve in newer versions). ZFS features such as deduplication, snapshots, and replication provide robust data protection. Plugins like Nextcloud or Plex make collaboration and media management much easier. The FreeNAS project evolved into TrueNAS, but the key principles remain: using ZFS instead of hardware RAID, flexible shared folder configuration, and a user-friendly web interface.
14 April 2025 · 10 min to read

Do you have questions,
comments, or concerns?

Our professionals are available to assist you at any moment,
whether you need help or are just unsure of where to start.
Email us
Hostman's Support