Update a Tenable Nessus Agent

After you install an agent, it automatically retrieves updates from its manager (either Tenable Vulnerability Management or Tenable Nessus Manager).

In either manager's user interface, you can set an agent update plan to determine the version that the agents automatically update to. For more information, following the procedures described in the Tenable Vulnerability Management and Tenable Nessus Manager user guides.

Manual Updates

In certain cases, such as air-gapped or internet-restricted networks, you may want to download agent updates manually. You can install updates directly to individual agents, or you can install a bulk tar.gz update file in the Tenable Nessus Manager directory. In the latter case, Tenable Nessus Manager uses the tar.gz update file to distribute updates to each linked agent.

Note: By default, Tenable Vulnerability Management-linked agents update to the generally available (GA) version one week after the version is GA. Therefore, if you manually update a Tenable Vulnerability Management-linked agents to the latest version prior to that date, you should either disable automatic updates or set your update plan to opt in to Early Access releases. This ensures that the agent does not automatically downgrade to the previous version (GA).

To install updates to Tenable Nessus Agent manually:

Note: If you need to perform the following steps on an offline machine, complete steps 1-3 on a machine with internet access. Then, copy the downloaded file to the offline machine after step 3 and perform step 4 on the offline machine.

1. Navigate to the Tenable Nessus Agent Downloads page.

2. Click the agent update file that you want to download, depending on your operating system.

   The License Agreement window appears.

3. Click I Agree.

   The update file downloads to your machine.

4. Do one of the following, depending on your operating system:

   Note: You need administrator-level privileges to complete the following steps.
   Windows

   Do one of the following:

   • Double-click the .msi file you downloaded and follow the on-screen instructions.

   • In the command line interface, enter the following command, using the location and file name of the package you downloaded:

     > msiexec /i <path-to>\NessusAgent-<version>.msi /qn

   Linux

   • In the command line interface, use the install or upgrade command specific to your Linux environment to install the downloaded file.

   macOS

   1. Mount the .dmg file you downloaded:

      # sudo hdiutil attach <path-to>/NessusAgent-<version>.dmg

   2. Install the package:

      # sudo installer -package /Volumes/Nessus\ Install/Install\ <path-to>/NessusAgent-<version>.dmg -target /

   Your operating system installs the Tenable Nessus Agent updates.

In some instances, instead of installing updates to agents directly, you may want to install agent updates to your Tenable Nessus Manager, which then distributes the updates to any linked agents.

As new versions of Tenable Nessus Agent are released, Tenable Nessus Manager becomes aware of them through feed updates, and then passes those updates to the linked agents. A Tenable Nessus Manager registered in offline or air-gapped mode does not become aware of the new agent versions automatically; you need to install the latest Tenable Nessus Agent updates file manually to update the agent versions using the following steps:

To install agent updates to Tenable Nessus Manager manually:

Note: If you need to perform the following steps on an offline machine, complete steps one and two on a machine with internet access. Then, copy the downloaded file to the offline machine during step three.

1. Navigate to the Tenable Nessus Agent Downloads page.

2. Download the nessus-agent-updates-<version>.tar.gz file. This file contains the update files for all operating systems and platforms that you can install Tenable Nessus Agent on.

   Since the package will be transferred from one system to another, always pull the MD5 checksum to verify file integrity after transit.

3. Copy the tar.gz file to your Tenable Nessus Manager directory. You can paste the file into any accessible child folder within the Tenable Nessus Manager directory.

4. Depending on your operating system, run one of the following commands to prepare the update files for the agents:

   Note: You need administrator-level privileges to run the following commands:
   Windows

   > C:\Program Files\Tenable\Nessus\nessuscli.exe update <\path\to\nessus-agents-update-<version>.tar.gz>

   Linux

   # /opt/nessus/sbin/nessuscli update </path/to/nessus-agent-updates-<version>.tar.gz>

   macOS

   # /Library/Nessus/run/sbin/nessuscli update </path/to/nessus-agent-updates-<version>.tar.gz>

   The update packages are pushed into the /remote directory, which acts as the local agent store.

5. Verify that Tenable Nessus Manager is set to update linked agents automatically by clicking Sensors > Agent Updates in the Tenable Nessus Manager user interface. Clear the Enable Agent Updates option if it is enabled.

   As the linked agents routinely check in with Tenable Nessus Manager, the new versions applicable to their operating system is provided to them automatically the next time they check in with the manager.