Nessus-Service
Unless otherwise specified, you can use nessus-service server commands interchangeably with nessusd commands.
If necessary, whenever possible, you should start and stop Nessus service using Nessus service controls in the operating system’s interface. However, there are many nessus-service functions that you can perform through a command-line interface.
# killall nessusd command to stop all Nessus services and in-process scans.Note: You must run the following commands with administrative privileges.
Nessus-Service Syntax
| Operating System | Command |
|---|---|
|
Linux |
# /opt/nessus/sbin/nessus-service [-vhD] [-c <config-file>] [-p <port-number>] [-a <address>] [-S <ip[,ip,…]>] |
|
FreeBSD |
# /usr/local/nessus/sbin/nessus-service [-vhD] [-c <config-file>] [-p <port-number>] [-a <address>] [-S <ip[,ip,…]>] |
|
macOS |
# /Library/Nessus/run/sbin/nessus-service [-vhD] [-c <config-file>] [-p <port-number>] [-a <address>] [-S <ip[,ip,…]>] |
| Windows | C:\Program Files\Tenable\Nessus\nessus-service.exe [-vhD] [-c <config-file>] [-p <port-number>] [-a <address>] [-S <ip[,ip,…]>] |
Suppress Command Output Examples
You can suppress command output by using the -q option.
Linux
# /opt/nessus/sbin/nessus-service -q -D
Nessus-Service or Nessusd Commands
| Option | Description |
|---|---|
|
-c <config-file> |
When starting the nessusd server, use this optionto specify the server-side nessusd configuration file to use. It allows for the use of an alternate configuration file instead of the standard db. |
|
-S <ip[,ip2,…]> |
When starting the nessusd server, force the source IP of the connections established by Nessus during scanning to <ip>. This option is only useful if you have a multihomed machine with multiple public IP addresses that you would like to use instead of the default one. For this setup to work, the host running nessusd must have multiple NICs with these IP addresses set. |
|
-D |
When starting the nessusd server, this option forces the server to run in the background (daemon mode). |
|
-v |
Show the version number and exit. |
|
-l |
Show a list of those third-party software licenses. |
|
-h |
Show a summary of the commands and exit. |
|
--ipv4-only |
Only listen on IPv4 socket. |
|
--ipv6-only |
Only listen on IPv6 socket. |
|
-q |
Operate in "quiet" mode, suppressing all messages to stdout. |
|
-R |
Force a reprocessing of the plugins. |
|
-t |
Check the time stamp of each plugin when starting up to only compile newly updated plugins. |
|
-K or --set-encryption-passwd |
Set an encryption password for the scanner. If you set an encryption password, Nessus encrypts all policies, scans results, and scan configurations. You must enter the password when Tenable Nessus restarts. Caution: If you lose your encryption password, it cannot be recovered by an administrator or Tenable Support. |
Notes
If you are running nessusd on a gateway and if you do not want people on the outside to connect to your nessusd, set your listen_address advanced setting.
To set this setting, use the Nessuscli tool:
nessuscli fix --set listen_address=<IP address>
This setting tells the server to only listen to connections on the address <address> that is an IP address, not a machine name.