Tenable Nessus Environment Variables

If you want to configure Tenable Nessus based on environment variables, you can set the following environment variables in the shell environment that Tenable Nessus is running in.

When you first launch Tenable Nessus after installation, Tenable Nessus first checks for the presence of environment variables, then checks for the config.json file.  When Tenable Nessus launches for the first time, Tenable Nessus uses that information to link the scanner to a manager, set preferences, and create a user.

User Configuration

Use the following environment variables for initial user configuration:

  • NCONF_USER_USERNAME - Tenable Nessus username.
  • NCONF_USER_PASSWORD - Tenable Nessus user password.

    Note: If you create a user but leave the NCONF_USER_PASSWORD value empty, Tenable Nessus automatically generates a password. To log in as the user, use nessuscli to change the user's password first.

  • NCONF_USER_ROLE - Tenable Nessus user role.

Linking Configuration

Use the following environment variables for linking configuration:

  • NCONF_LINK_HOST - The hostname or IP address of the manager you want to link to. To link to Tenable Vulnerability Management, use cloud.tenable.com.
  • NCONF_LINK_PORT - Port of the manager you want to link to.
  • NCONF_LINK_NAME - Name of the scanner to use when linking.
  • NCONF_LINK_KEY - Linking key of the manager you want to link to.
  • NCONF_LINK_CERT - (Optional) CA certificate to use to validate the connection to the manager.
  • NCONF_LINK_RETRY - (Optional) Number of times Tenable Nessus should retry linking.
  • NCONF_LINK_GROUPS - (Optional)  One or more existing scanner groups where you want to add the scanner. List multiple groups in a comma-separated list. If any group names have spaces, use quotes around the whole list. For example: "Atlanta,Global Headquarters"