Deploy Nessus using JSON

You can automatically configure and deploy Nessus scanners using a JSON file, config.json. To determine the location of this file on your operating system, see Default Data Directories.

When you first launch Nessus after installation, Nessus first checks for the presence of environment variables, then checks for the config.json file. When Nessus launches for the first time, Nessus uses that information to link the scanner to a manager, set preferences, and create a user.

Location of config.json file

Place the config.json file in the following location:

  • Linux: /opt/nessus/var/nessus/config.json
  • Windows: C:\ProgramData\Tenable\Nessus\nessus\config.json
  • Mac OS X: /Library/Nessus/run/var/nessus/config.json

Example Nessusconfig.json file format:

{ "link": { "name": "sensor name", "host": "hostname or IP address", "port": 443, "key": "abcdefghijklmnopqrstuvwxyz", "ms_cert": "CA certificate for linking", "retry": 1, "groups": ["group 1", "group 2"], "proxy": { "proxy": "proxyhostname", "proxy_port": 443, "proxy_username": "proxyusername", "proxy_password": "proxypassword", "user_agent": "proxyagent", "proxy_auth": "NONE" } }, "preferences": { "global.max_hosts": "500" }, "user": { "username": "admin", "password": "password", "role": "system_administrator", "type": "local" } }

config.json Details

The following describes the format of the different settings in each section of config.json.

Note: All sections are optional; if you do not include a section, it is not configured when you first launch Nessus. You can manually configure the settings later.

Link

  • The link section sets preferences to link Nessus to a manager.
  • Only name, host, port, and key are required. All other settings are optional.

Preferences

  • The preferences section configures any advanced settings. For more information, see Advanced Settings.

User

  • The user section creates a Nessus user.

  • If you do not enter a username, Nessus does not create a user.
  • If you create a user but leave the password value empty, Nessus automatically generates a password. To log in as the user, use nessuscli to change the user's password first.