Manage Advanced Settings

Required User Role: User with administrator privileges

The nessuscli fix command has a series of options to manage the advanced settings on your Nessus scanner.

For information on what advanced settings are configurable in your version of Nessus, see Advanced Settings in the Nessus User Guide.

To see and copy the full command for your specific operating system, see the Command Quick Reference.

Usage

To view all advanced settings:

To view all advanced settings, including those you have not set, use the following command:

# nessuscli fix --show

If you have not set an advanced setting, the default value is listed in the output.

To view a list of currently set advanced settings:

To list all advanced settings that you have set, use the following command:

# nessuscli fix --list

The following is example output:

# nessuscli fix --list

qdb_mem_usage: low

report_crashes: yes

stop_scan_on_disconnect: no

reduce_connections_on_congestion: no

global.max_web_users: 1024

global.max_scans: 0

nasl_log_type: normal

nasl_no_signature_check: no

disable_xmlrpc: no

disable_ntp: yes

ssl_cipher_list: strong

xmlrpc_idle_session_timeout: 30

xmlrpc_listen_port: 8834

listen_port: 1241

listen_address: 0.0.0.0

slice_network_addresses: no

silent_dependencies: yes

auto_enable_dependencies: yes

safe_checks: yes

plugins_timeout: 320

non_simult_ports: 139, 445, 3389

checks_read_timeout: 5

allow_post_scan_editing: yes

optimize_test: yes

port_range: default

cgi_path: /cgi-bin:/scripts

rules: /Library/Nessus/run/etc/nessus/nessusd.rules

dumpfile: /Library/Nessus/run/var/nessus/logs/nessusd.dump

log_whole_attack: no

www_logfile: /Library/Nessus/run/var/nessus/logs/www_server.log

logfile: /Library/Nessus/run/var/nessus/logs/nessusd.messages

throttle_scan: yes

max_checks: 5

global.max_hosts: 2180

max_hosts: 100

auto_update_delay: 24

auto_update: yes

To see the current value for an advanced setting:

# nessuscli fix --get <setting>

For example:

# nessuscli fix --get max_hosts

The current value for 'max_hosts' is '100'.

To set a specific value for an advanced setting:

# /opt/nessus/sbin/nessuscli fix --set <setting>=<value>

Example:

# /opt/nessus/sbin/nessuscli fix --set max_hosts=200

Successfully set 'max_hosts' to '200'.

To delete your value from an advanced setting:

# nessuscli fix --delete <setting>

Example:

# /opt/nessus/sbin/nessuscli fix --delete max_hosts

Successfully deleted 'max_hosts'.

Secure Settings

You can use the --secure flag to manage encrypted advanced settings, which contain information about registration. Tenable does not recommend changing undocumented --secure settings as it may result in an unsupported configuration.

For the following commands, you can use the --secure flag:

# nessuscli fix --secure --list

# nessuscli fix --secure --fix --set <setting name=value>

# nessuscli fix --secure --get <setting>

# nessuscli fix --secure --delete <setting>

Command Quick Reference

For the full command for your operating system, see the following:

nessuscli fix --show

Copy 
/opt/nessus/sbin/nessuscli fix --show
Copy 
/Library/Nessus/run/sbin/nessuscli fix --show
Copy 
C:\Program Files\Tenable\Nessus\nessuscli.exefix --show

nessuscli fix --list

Copy 
/opt/nessus/sbin/nessuscli fix --list
Copy 
/Library/Nessus/run/sbin/nessuscli fix --list
Copy 
C:\Program Files\Tenable\Nessus\nessuscli.exe fix --list

nessuscli fix --get <setting>

Copy 
/opt/nessus/sbin/nessuscli fix --get <setting>
Copy 
/Library/Nessus/run/sbin/nessuscli fix --get <setting>
Copy 
C:\Program Files\Tenable\Nessus\nessuscli.exe fix --get <setting>

nessuscli fix --set <setting>=<value>

Copy 
/opt/nessus/sbin/nessuscli fix --set <setting>=<value>
Copy 
/Library/Nessus/run/sbin/nessuscli fix --set <setting>=<value>
Copy 
C:\Program Files\Tenable\Nessus\nessuscli.exe --set <setting>=<value>

nessuscli fix --delete <setting>

Copy 
/opt/nessus/sbin/nessuscli fix --delete <setting>
Copy 
/Library/Nessus/run/sbin/nessuscli fix --delete <setting>
Copy 
C:\Program Files\Tenable\Nessus\nessuscli.exe fix --delete <setting>