Fix Agent Settings

The following settings describe nessuscli fix commands that relate to Tenable Nessus Agent.

Command Description
# nessuscli fix --list Shows a list of agent settings and their values.
nessuscli fix --set <setting>=<value> Set an agent setting to the specified value.

For a list of agent settings, see Advanced Settings in the Tenable Nessus Agent User Guide.

# nessuscli fix --set update_hostname="<value>"

Updates agent hostnames automatically in Tenable Vulnerability Management or Tenable Nessus Manager.

You can set the update_hostname parameter to yes or no. By default, this preference is disabled.

Note: Restart the agent service for the change to take effect in Tenable Nessus Manager.

# nessuscli fix --set agent_update_channel=<value>

(Tenable Vulnerability Management-linked agents only)

Sets the agent update plan to determine what version the agent automatically updates to.

Values:

  • ga — Automatically updates to the latest Tenable NessusAgent version when it is made generally available (GA). Note: This date is the same day the version is made generally available.This date is usually one week after the version is made generally available. For versions that address critical security issues, Tenable may make the version available immediately.

  • ea — Automatically updates to the latest Tenable NessusAgent version as soon as it is released for Early Access (EA), typically a few weeks before general availability.

  • stable — Does not automatically update to the latest Tenable NessusTenable Nessus Agent version. Remains on an earlier version of Tenable NessusTenable Nessus Agent set by Tenable, usually one release older than the current generally available version, but no earlier than 8.10.0.7.7.0. When Tenable NessusTenable Nessus Agent releases a new version, your Tenable Nessus instance agent updates software versions, but stays on a version prior to the latest release.

Note: For agents linked to Tenable Vulnerability Management, you need to run the agent_update_channel command from the agent nessuscli utility. For agents linked to Tenable Nessus Manager, you need to run the agent_update_channel command from the Tenable Nessus Managernessuscli utility.

# nessuscli fix --set maximum_scans_per_day=<value>

(Tenable Vulnerability Management-linked agents only)

Sets the maximum number of scans an agent can run per day. The minimum amount is 1, the maximum amount is 48, and the default amount is 10.

# nessuscli fix --set max_retries="<value>"

Sets the maximum number of times an agent should retry in the event of a failure when executing the agent link, agent status, or agent unlink commands. The commands retry, the specified number of times, consecutively, sleeping increasing increments of time set by retry_sleep_milliseconds between attempts. The default value for max_retries is 0. The minimum value is 0, and the maximum value is 10.

For example, if you set max_retries to 4 and set retry_sleep_milliseconds to the default of 1500, then the agent will sleep for 1.5 seconds after the first try, 3 seconds after the second try, and 4.5 seconds after the third try.

Note: This setting does not affect offline updates or the agent's normal 24 hour check-in after it is linked.
# nessuscli fix --set retry_sleep_milliseconds="<value>"

Sets the number of milliseconds that an agent sleeps for between retries in event of a failure when executing the agent link, agent status, or agent unlink commands. The default is 1500 milliseconds (1.5 seconds).

# nessuscli fix --set niap_mode=enforcing

Enforces NIAP mode for Tenable Nessus Agent. For more information about NIAP mode, see Configure Tenable Nessus Agent for NIAP Compliance.

# nessuscli fix --set niap_mode=non-enforcing

Disables NIAP mode for Nessus Agent. For more information about NIAP mode, see Configure Tenable Nessus Agent for NIAP Compliance.

# nessuscli fix --set fips_mode=enforcing

Enforces the current validated FIPS module for Tenable Nessus Agent communication and database encryption. The FIPS module does not affect scanning encryption.

Note:Tenable Nessus Agent also enforces the FIPS module when you enforce NIAP mode. For more information, see Configure Tenable Nessus Agent for NIAP Compliance.

# nessuscli fix --set fips_mode=non-enforcing

Disables the FIPS module for Tenable Nessus Agent communication and database encryption.

Note:Tenable Nessus Agent also disables the FIPS module when you disable NIAP mode. For more information, see Configure Tenable Nessus Agent for NIAP Compliance.

# nessuscli fix --set process_priority="<value>"

# nessuscli fix --get process_priority

# nessuscli fix --delete process_priority

Set, get, or delete the process_priority setting.

You can control the priority of the Tenable Nessus Agent relative to the priority of other tasks running on the system by using the process_priority preference.

For valid values and more information on how the setting works, see Agent CPU Resource Control.