Create Windows or Linux Golden Image with Tenable Agent Installed

You can install a Tenable Agent on a Windows or Linux golden image. However, there are files and registry settings that you must set per host.

Note: By removing and changing files, the agent generates new files once the agent reboots. If the host is imaged with these files and you attempt to link several imaged agents, you receive a 409 UUID error.

The following steps require administrative or root privileges. You only need to perform the following steps if the agent you want to use in the image is already linked to Tenable Vulnerability Management or Tenable Nessus Manager.

  1. Stop the agent service.

  2. Run the prepare-image command (using Linux syntax as an example):

    ./nessuscli prepare-image

    Running this command performs the following pre-imaging cleanup tasks:

    • Unlinks the agent, if linked.

    • Deletes any host tag on the agent. For example, the registry key on Windows or tenable_tag on Unix.

    • Deletes any UUID file on the agent (for example, /opt/nessus/var/nessus/uuid or an equivalent on macOS and Windows).

    • Deletes plugin dbs.

    • Deletes the global db.

    • Deletes master.key.

    • Deletes the backups directory.

    Note: Do not restart the agent service on the host until you have created the image. Restarting the agent service regenerates the UUIDs, tags, and files that the prepare-image command has purged.

    Once the command finishes running, create the golden image based on your organization's standards. Once you create the golden image, you can link the agent back to Tenable Vulnerability Management or Tenable Nessus Manager on individual instantiations via the config.json method or by running the nessuscli agent link command.

More resources: