Skip to main content

Tenable Nessus Agent Installation Guide

Notice

Please reach out to the endpoint security team to receive the installation URL and Enrollment Token referenced as <Agent Group Name>, <Server>, <Port> and <Key>.

Purpose

Credential scans can acquire configuration and software data from a device. Agent scans accomplish the same thing, but with a service running on the device.

Scans require the system to be on a network that is accessible by a scanner. Agent scans do not have to have that limitation (depending on whether they are reporting to Tenable.io or a Nessus Manager located at TAMU).

Responsibilities

These actions fall under the responsibilities of the machine administrator as the installation of the Nessus agent requires admin privileges.

Procedures

Installing Nessus Agent

  1. Download the Nessus agent installer for the target operating system.

  2. Depending on the operating system, install the agent. Refer to the steps below to find the required information needed to install the agent

    • Install a Nessus Agent on Linux (latest instructions/More details)
      • Note: Remember to link the agent and use the group name issued. Please contact the System and Application team for the group name.
      • --groups="<Agent Group Name>"
    • Install a Nessus Agent on Windows (latest instructions/More details)
      • Note: Remember to link the agent and use the group name issued. Please contact the System and Application team for the group name.
      • NESSUS_GROUPS="<Agent Group Name>"

  3. Required information for installer:

important

Please contact the System and Application team for the host, port, and key.

  • --host=<Server>
  • --port=<Port>
  • key=<XXXXXXXXXXX>
  1. Confirm installation:
    • Confirm that the agent linked with the server
      • See step #4, under "Relinking Nessus Agent" section
    • Confirm with a member of the System and Application Security team that the agent is associated with the correct agent group.

Installing Nessus Agent Command Line

Depending on the operating system installation of the agent. Refer to the steps below to find the required information needed to install the agent

  1. Open a terminal as admin.
  2. CD to the directory where the .msi installer was downloaded.
  3. Type the following command:
msiexec /i NessusAgent-<version number>-x64.msi NESSUS_GROUPS="<Agent Group Name>" NESSUS_SERVER="<server:port>" NESSUS_KEY=<Key>

Relinking Nessus Agent (if the linking server changes, and your agent is currently linked)

  1. Reference the link below to find the path of the bin/exec of the Nessus CLI:

  2. Unlink Nessus agent

nessuscli agent unlink
  • For example, in Windows:
"C:\Program Files\Tenable\Nessus Agent\nessuscli.exe" agent unlink
  1. Relink the Nessus agent
nessuscli agent link --groups=<Group Name> --key=<key> --host=<host> --port=<port>
  • For example, in Windows:
     msiexec /i NessusAgent-10.1.1-x64.msi --groups="<Group Name>" NESSUS_SERVER="<server:port>" NESSUS_KEY=<Key>
  • Note: The parameter to relink an agent to a group is different when relinking from when installation:
    • Agent installation uses "NESSUS_GROUPS" parameter
    • Agent relink uses "Groups" parameter
  1. Confirm that the agent is linked properly using the "nessucli agent status"
    • For example, in Windows:
"C:\Program Files\Tenable\Nessus Agent\nessuscli.exe" agent status
  • Link Status should say: "Connected to server:port"
    • Note: It may take some time for the status to update properly. It should take no longer than 5 mins.
  1. Confirm with someone from System and Application Security that the agent has linked to the group assigned. This is very important, if your agent is not linked to the correct group, it will not be scanned.

Request

Information technology professionals on campus may contact endpoint-security@tamu.edu to request access to the agent installers, ask any questions, or request additional information.