Nessuscli Agent

Use the Agent nessuscli utility to perform some Nessus Agent functions through a command line interface.

Note: You must run all Agent nessuscli commands as a user with administrative privileges.

Nessuscli Agent Syntax

Operating System

Command

Linux

# /opt/nessus_agent/sbin/nessuscli <cmd> <arg1> <arg2>

Mac OS X

# /Library/NessusAgent/run/sbin/nessuscli <cmd> <arg1> <arg2>

Windows

C:\Program Files\Tenable\Nessus Agent\nessuscli.exe <cmd> <arg1> <arg2>

Nessuscli Commands

Command Description
Help Commands

# nessuscli help

Displays a list of Nessus commands.

Bug Reporting Commands

# nessuscli bug-report-generator

Generates an archive of system diagnostics.

If you run this command without arguments, the utility prompts you for values.

Optional arguments:

--quiet: Run the bug report generator without prompting user for feedback.

--scrub: When in quiet mode, the bug report generator sanitizes the last two octets of the IPv4 address.

--full: When in quiet mode, the bug report generator collects extra data.

Local Agent Commands

Used to link, unlink, and display agent status

# nessuscli agent link --key=<key> --host=<host> --port=<port>

Using the Nessus Agent Linking Key, this command links the agent to the Nessus Manager or Tenable.io.

Required arguments:

  • --key: The linking key that you retrieved from the manager.
  • --host: The static IP address or hostname you set during the Nessus Manager installation.
  • --port: 8834 or your custom port.

Optional arguments:

  • --name: A name for your agent. If you do not specify a name for your agent, the name defaults to the name of the computer where you are installing the agent.
  • --groups: One or more existing agent groups where you want to add the agent. If you do not specify an agent group during the install process, you can add your linked agent to an agent group later in Nessus Manager.

    List multiple groups in a comma-separated list. If any group names have spaces, use quotes around the whole list.

    For example: --groups="Atlanta,Global Headquarters"

    Note: The agent group name is case-sensitive and must match exactly.

  • --ca-path: A custom CA certificate to use to validate the manager's server certificate.
  • --offline-install: If enabled (set to "yes"), installs Nessus Agent on the system, even if it is offline. Nessus Agent periodically attempts to link itself to its manager.

    If the agent cannot connect to the controller, it retries every hour. If the agent can connect to the controller but the link fails, it retries every 24 hours.

  • --proxy-host: The hostname or IP address of your proxy server.
  • --proxy-port: The port number of the proxy server.
  • --proxy-password: The password of the user account that you specified as the username.
  • --proxy-username: The name of a user account that has permissions to access and use the proxy server.
  • --proxy-agent: The user agent name, if your proxy requires a preset user agent.

# nessuscli agent unlink

Unlinks agent from the Nessus Manager or Tenable.io.

# nessuscli agent update

Used to manually install a plugins set.

Required arguments:

--file=<plugins_set.tgz>

# nessuscli agent status

Displays the status of the agent, jobs pending, and if the agent is linked or not linked to server.

Optional arguments:

--local: Provides the status, current jobs count, and jobs pending. This option prevents the agent from contacting the management software that it is linked with to fetch the status. Instead, it displays the last known information from its most recent sync.

--remote: Fetches the job count from the manager and displays the status.

--offline: Provides the most recently cached agent status when it cannot connect to Nessus Manager or Tenable.io.

Fix Commands
nessuscli fix --list Displays a list of agent settings and their values.
nessuscli fix --set <setting>=<value> Set an agent setting to the specified value.

For a list of agent settings, see Advanced Settings in the Nessus Agent User Guide.

# nessuscli fix --set update_hostname="<value>"

Updates agent hostnames automatically in Tenable.io or Nessus Manager 7.1.1 or later.

The update_hostname parameter can be set to yes or no. By default, this preference is disabled.

Note: Restart the agent service for the change to take effect in Nessus Manager.

# nessuscli fix --set track_unique_agents="<value>"

Tracks unique agent assets by MAC address to prevent duplicates and outdated agents from appearing in Nessus Manager if a system is reinstalled.

The track_unique_agent parameter is available in Nessus 7.1.1 and can be set to yes or no. By default, this preference is enabled.

# nessuscli fix --set max_retries="<value>"

Sets the maximum number of times an agent should retry in the event of a failure when executing the agent link, agent status, or agent unlink commands. The commands retry, the specified number of times, consecutively, sleeping increasing increments of time set by retry_sleep_milliseconds between attempts. The default value for max_retries is 0.

For example, if max_retries is set to 4, and retry_sleep_milliseconds is set to the default of 1500, then the agent will sleep for 1.5 seconds after the first try, 3 seconds after the second try, and 4.5 seconds after the third try.

Note: This setting does not affect offline updates or the agent's normal 24 hour check-in after it is linked.
# nessuscli fix --set retry_sleep_milliseconds="<value>"

Sets the number of milliseconds that an agent sleeps for between retries in event of a failure when executing the agent link, agent status, or agent unlink commands. The default is 1500 milliseconds (1.5 seconds).

Fix Secure Settings
# nessuscli fix --secure --set <setting>=<value>

Set secure settings on the agent.

Caution: Tenable does not recommend changing undocumented --secure settings as it may result in an unsupported configuration.

For a list of supported secure settings, see Advanced Settings in the Nessus Agent User Guide.

Resource Control Commands  

# nessuscli fix --set process_priority="<value>"

# nessuscli fix --get process_priority

# nessuscli fix --delete process_priority

Commands

Set, get, or delete the process_priority setting.

You can control the priority of the Nessus Agent relative to the priority of other tasks running on the system by using the process_priority preference.

For valid values and more information on how the setting works, see Agent CPU Resource Control in the Nessus Agent Deployment and User Guide for <value> preference options