Tenable Nessus Service
If necessary, whenever possible, Nessus services should be started and stopped using Nessus service controls in the operating system’s interface.
However, there are many nessus-service functions that can be performed through a command line interface.
Unless otherwise specified, the nessusd command can be used interchangeably with nessus-service server commands.
The # killall nessusd command is used to stop all Nessus services and in-process scans.
Note: All commands must be run by a user with administrative privileges.
Nessus-Service Syntax
| Operating System | Command |
|---|---|
|
Linux |
# /opt/nessus_agent/sbin/nessus-service [-vhD] [-c <config-file>] [-p <port-number>] [-a <address>] [-S <ip[,ip,…]>] |
|
macOS |
# /Library/NessusAgent/run/sbin/nessus-service [-vhD] [-c <config-file>] [-p <port-number>] [-a <address>] [-S <ip[,ip,…]>] |
Suppress Command Output Examples
You can suppress command output by using the -q option.
Linux
# /opt/nessus_agent/sbin/nessus-service -q -D
Nessusd Commands
| Option | Description |
|---|---|
|
-c <config-file> |
When starting the nessusd server, this option is used to specify the server-side nessusd configuration file to use. It allows for the use of an alternate configuration file instead of the standard db. |
|
-S <ip[,ip2,…]> |
When starting the nessusd server, force the source IP of the connections established by Nessus during scanning to <ip>. This option is only useful if you have a multihomed machine with multiple public IP addresses that you would like to use instead of the default one. For this setup to work, the host running nessusd must have multiple NICs with these IP addresses set. |
|
-D |
When starting the nessusd server, this option forces the server to run in the background (daemon mode). |
|
-v |
Display the version number and exit. |
|
-l |
Display a list of those third-party software licenses. |
|
-h |
Show a summary of the commands and exit. |
|
--ipv4-only |
Only listen on IPv4 socket. |
|
--ipv6-only |
Only listen on IPv6 socket. |
|
-q |
Operate in "quiet" mode, suppressing all messages to stdout. |
|
-R |
Force a re-processing of the plugins. |
|
-t |
Check the time stamp of each plugin when starting up to only compile newly updated plugins. |
|
-K |
Set a master password for the scanner. If a master password is set, Nessus encrypts all policies and credentials contained in the policy. When a password is set, the Nessus UI prompts you for the password. If your master password is set and then lost, it cannot be recovered by your administrator nor Tenable Support. |
Notes
If you are running nessusd on a gateway and if you do not want people on the outside to connect to your nessusd, set your listen_address advanced setting.
To set this setting:
nessuscli fix --set listen_address=<IP address>
This setting tells the server to only listen to connections on the address <address> that is an IP address, not a machine name.