Create Windows or Linux Master Image with Tenable Nessus Agent Installed

When creating a master image for Windows or Linux, you may include an agent installation. However, there are files and registry settings that you must set per host. By removing and changing files, the agent generates new files once the agent reboots. If the host is imaged with these files and you attempt to link several imaged agents, you receive a 409 UUID error.

You only need to perform the following steps if the agent used in the image is already linked to Tenable Vulnerability Management or Tenable Nessus Manager.

Note: The following steps require administrative or root privileges.
Note: The process for preparing an agent to use in a golden image is different starting with Agent version 8.3.0.

Nessus Agent 8.3.0 introduced a new nessuscli utility called prepare-image. This command creates a new agent installation to use in a machine/golden image (see the Nessus Agent CLI guide for more information).

  1. Stop the agent service.

  2. Run the prepare-image command (using Linux syntax as an example):

    ./nessuscli prepare-image

    Note: Do not restart the agent service on the host until you have taken the image. Restarting the agent service regenerates the UUIDs, tags, and files that the prepare-image command has purged.

    The agent install should be ready to use in a machine image.

Nessus agents older than 8.3.0 do not include the prepare-image utility, so you must manually prepare the agent to be used in a machine image. Do not restart the agent service until you have taken the image.

Caution: Back up the Windows Registry before proceeding.

  1. Stop the agent service.

  2. Run the agent unlink command:

    nessuscli.exe agent unlink

  3. Open the Registry Editor on the agent host.

  4. Remove the Tenable tag file by deleting following registry key:

    HKLM\SOFTWARE\Tenable\TAG

  5. Delete the agent UUID from the file system:

    C:\ProgramData\Tenable\Nessus Agent\nessus\uuid

    The agent installation is ready to use in a machine image.

  1. Stop the agent service.

  2. Run the agent unlink command:

    ./nessuscli agent unlink

  3. Remove the Tenable tag and UUID files:

    rm /etc/tenable_tag /opt/nessus_agent/var/nessus/uuid

    The agent installation is ready to use in a machine image.

More resources: