Nessus Environment Variables

If you want to configure Nessus based on environment variables, you can set the following environment variables in the shell environment that Nessus is running in.

When you first launch Nessus after installation, Nessus first checks for the presence of environment variables, then checks for the config.json file.  When Nessus launches for the first time, Nessus uses that information to link the scanner to a manager, set preferences, and create a user.

User configuration

Use the following environment variables for initial user configuration:

  • NCONF_USER_USERNAME - Nessus username.
  • NCONF_USER_PASSWORD - Nessus user password.

    Note: If you create a user but leave the NCONF_USER_PASSWORD value empty, Nessus automatically generates a password. To log in as the user, use nessuscli to change the user's password first.

  • NCONF_USER_ROLE - Nessus user role.

Linking configuration

Use the following environment variables for linking configuration:

  • NCONF_LINK_HOST - The hostname or IP address of the manager you want to link to. To link to Tenable.io, use cloud.tenable.com.
  • NCONF_LINK_PORT - Port of the manager you want to link to.
  • NCONF_LINK_NAME - Name of the scanner to use when linking.
  • NCONF_LINK_KEY - Linking key of the manager you want to link to.
  • NCONF_LINK_CERT - (Optional) CA certificate to use to validate the connection to the manager.
  • NCONF_LINK_RETRY - (Optional) Number of times Nessus should retry linking.

  • NCONF_LINK_GROUPS - (Optional)  One or more existing scanner groups where you want to add the scanner. List multiple groups in a comma-separated list. If any group names have spaces, use quotes around the whole list. For example: "Atlanta,Global Headquarters"