Install a Nessus Agent on Mac OS X

Caution: If you install a Nessus Agent on a system where an existing Nessus Agent, Nessus Manager, or Nessus scanner is running nessusd, the installation process kills all other nessusd processes. You may lose scan data as a result.

Before You Begin

Download Nessus Agent

From the Nessus Agents Download Page, download the package specific to your operating system.

Install Nessus Agent

Note: The following steps require root privileges.

To install the Nessus Agent, you can use either the GUI installation wizard or the command line.

GUI Installation:

  1. Double-click the Nessus Agent .dmg (Mac OS X Disk Image) file.
  2. Double-click Install Nessus Agent.pkg.
  3. Complete the Nessus Agent Install Wizard.

Command Line Installation:

  1. Extract Install Nessus Agent.pkg and .NessusAgent.pkg from NessusAgent-<version number>.dmg.

    Note: The .NessusAgent.pkg file is normally invisible in macOS Finder.

  2. Open Terminal.
  3. From the command line, enter the following command:
  4. # installer -pkg /<path-to>/Install Nessus Agent.pkg -target /

You can install a full plugins set before linking to reduce the bandwidth impact during a mass installation. You can accomplish this by using the nessuscli agent update command with the --file parameter, which specifies the location the plugins set. You must do this before starting the Nessus Agent. For example:

/opt/nessus_agent/sbin/nessuscli agent update --file=./plugins_set.tgz

The plugins set must be less than five days old. A stale plugin set older than five days forces a full plugins download to occur. You can download a recent plugin set from the Nessus Agents download page.

Link Agent Using Command Line Interface

To link an agent on a Mac OS X:

  1. Open Terminal.
  2. From the command line, use the nessuscli agent link command.

    For example:

    # /Library/NessusAgent/run/sbin/nessuscli agent link
    --name=MyOSXAgent --groups=All --port=8834

    The supported arguments for this command are:

    Argument Required? Value


    Use the values you retrieved from the manager.
    --host yes
    --port yes


    no Specify a name for your agent. If you do not specify a name for your agent, the name defaults to the name of the computer where you are installing the agent.
    --groups no

    Specify existing agent group or groups where you want to add the agent. If you do not specify an agent group during the install process, you can add your linked agent to an agent group later in Nessus Manager or

    Note: The agent group name is case-sensitive and must match exactly.

    --offline-install no

    For Nessus Agents 7.0.3 or later, you can install the Nessus Agent on a system even if it is offline. Add the command line option NESSUS_OFFLINE_INSTALL="yes" to the command line input. The Nessus Agent periodically attempts to link itself to either or Nessus Manager.

    If the agent cannot connect to the controller then it retries every hour, and if the agent can connect to the controller but the link fails then it retries every 24 hours.

    --cloud no

    Specify the --cloud argument to link to

    The --cloud argument is a shortcut to specifying --port=443.

    --network no For agents, add the agent to a custom network. If you do not specify a network, the agent belongs to the default network.

Note: If you attempt to clone an agent and link it to Nessus Manager or, a 409 error may appear. This error appears because another machine was linked with the same UUID value in the /private/etc/tenable_tag file. To resolve this issue, replace the value in the /private/etc/tenable_tag file with a valid UUIDv4 value.

Verify a Linked Agent

To verify a linked agent in Nessus Manager:

  1. In the top navigation bar, click Scans.

    The My Scans page appears.

  2. In the left navigation bar, click Agents.

    The Agents page appears.

  3. Locate the new agent in the linked agents table.