Deploy Nessus Agent Using JSON

When you first launch the agent after installation, the agent first checks for the presence of environment variables, then checks for the config.json file. When the agent launches for the first time, the agent uses that information to link to a manager and set preferences.

Note: config.json must be in ASCII format. Some tools, such as PowerShell, create test files in other formats by default.

Location of config.json file

Place the config.json file in the following location:

  • Linux: /opt/nessus_agent/var/nessus/config.json
  • Windows: C:\ProgramData\Tenable\Nessus Agent\nessus\config.json
  • macOS: /Library/NessusAgent/run/var/nessus/config.json

Example Agentconfig.json file format:

{ "link": { "name": "sensor name", "host": "hostname or IP address", "port": 443, "key": "abcdefghijklmnopqrstuvwxyz", "ms_cert": "CA certificate for linking", "retry": 1, "proxy": { "proxy": "proxyhostname", "proxy_port": 443, "proxy_username": "proxyusername", "proxy_password": "proxypassword", "user_agent": "proxyagent", "proxy_auth": "NONE" } }, "preferences": { "global.max_hosts": "500" } }

config.json Details

The following describes the format of the different settings in each section of config.json.

Note: All sections are optional; if you do not include a section, it is not configured when you first launch the agent. You can manually configure the settings later.

Linking

The link section sets preferences to link the agent to a manager.

Setting Description
name

(Optional)

A name for the scanner.

 A name for your agent. If you do not specify a name for your agent, the name defaults to the name of the computer where you are installing the agent.

host

The hostname or IP address of the manager you want to link to.

To link to Tenable.io, use cloud.tenable.com.

port

The port for the manager you want to link to.

For Nessus Manager: 8834 or your custom port.

For Tenable.io: 443

key The linking key that you retrieved from the manager.
network

(Optional, Tenable.io-linked agents only)

The custom network you want to link to. If you do not specify a network, the agent belongs to the default network.

ms_cert

(Optional)

A custom CA certificate to use to validate the manager's server certificate.

groups

(Optional)

One or more existing scanner groups where you want to add the scanner. List multiple groups in a comma-separated list. If any group names have spaces, use quotes around the whole list.

For example: "Atlanta,Global Headquarters"

One or more existing agent groups where you want to add the agent. If you do not specify an agent group during the install process, you can add your linked agent to an agent group later in Nessus Manager or Tenable.io.

List multiple groups in a comma-separated list. If any group names have spaces, use quotes around the whole list.

For example: "Atlanta,Global Headquarters"

Note: The agent group name is case-sensitive and must match exactly.

proxy

(Optional)

If you are using a proxy server, include the following:

auto_proxy (Windows only): If enabled, the agent uses Web Proxy Auto Discovery (WPAD) to obtain a Proxy Auto Config (PAC) file for proxy settings. This setting overrides all other proxy configuration preferences. If disabled, the agent defaults to the remaining proxy settings.

proxy: The hostname or IP address of your proxy server.

proxy_port:The port number of the proxy server.

proxy_username: The name of a user account that has permissions to access and use the proxy server.

proxy_password: The password of the user account that you specified as the username.

user_agent: The user agent name, if your proxy requires a preset user agent.

proxy_auth: The authentication method to use for the proxy.

aws_scanner

(Optional)

Set aws_scanner to true to link the Nessus scanner as an AWS scanner.

Note: The Nessus scanner must already be running on an AWS instance for the flag to take effect.

Preferences

The preferences section configures any advanced settings. For more information, see Advanced Settings.