Question

Extension Attribute: Tenable Network Security - Nessus

Forum|Forum|9 years ago
January 26, 2016
41 replies
522 views

+18

cainehorr
Valued Contributor

My original posting for this started off as just an Extension Attribute. In the past 3 days, it has become a full blown workflow.

Here's that workflow.

JAMF Software Deployment: Nessus Agent for Apple Macintosh

INTRODUCTION
Tenable Network Security's Nessus software is currently being utilized for vulnerability scanning and vulnerability management within the enterprise.

JAMF Software's Casper Suite (JSS) is used to manage Apple Macintosh systems within the enterprise. This includes the deployment of software packages such as the Nessus agent.

This article describes the various elements and requirements as utilized by the Casper Suite in order to package and deploy the Nessus agent to Macintosh systems within the enterprise.

TOPICS
....Preparing for Deployment
........The Software
............Acquiring the Nessus agent
............Creating a Custom PKG Payload
................Acquiring and Installing Casper Composer
................Overview and Purpose of Creating a Custom PKG Payload
................Enabling Hidden Files and Folders in OS X
................Staging the Nessus Agent DMG File
................Using Casper Composer to Create a Custom Nessus Agent Installer PKG File
........Configuring the JSS
............Uploading the Custom Nessus Agent Installer PKG to the JSS Server
................Extension Attributes
................Nessus Agent Installation Status
................Nessus Agent Service Status
................Nessus Agent Version and Build Information
............JAMF JSS Computer Groups
................Creating Smart Computer Groups for the Nessus Agent
....................Nesus Agent - Installed
....................Nesus Agent - Not Installed
....................Nesus Agent - Installed - IT Department
....................Nesus Agent - Not Installed - IT Department
....................Nessus Agent Service - Running
....................Nessus Agent Service - Stopped
................Creating Static Computer Groups for the Nessus Agent
................IT Department
............JAMF JSS Computer Policies
................Creating Computer Policies for the Nessus Agent
................Nessus Agent - Installation
....Testing the Deployment
....Transitioning Into Production
........Re-scoping for Production

PREPARING FOR DEPLOYMENT

THE SOFTWARE

ACQUIRING THE NESSUS AGENT
The latest version of the Nessus agent for the Macintosh platform can be obtained from the following URL:

http://www.tenable.com/products/nessus/agent-download

An installer PKG file is contained within the downloaded DMG file. The installer PKG file has been designed by Tenable Network Security to perform an integrity check against itself. This self-check prevents the extraction and upload of a working version of the PKG to the JAMF JSS server.

NOTE - 2017-05-17: It seems the latest version of Tenable's Nessus Agent v6.10.5 may actually work as-is without all the fancy re-packaging. As the old mantra goes, "Test! Test! Test!" - YMMV!

The following work-around provides us with the necessary functionality.

OVERVIEW AND PURPOSE OF CREATING A CUSTOM PKG PAYLOAD
The JAMF JSS Server relies on PKG files to install 3rd Party software.

The JAMF JSS Server can not deploy DMG files that have not been created in Casper Composer.

By creating a custom PKG file using Casper Composer, we have the ability to:

Deploy the DMG without disturbing it's integrity check as designed by Tenable Network Security
Facilitate the use of a post-install script that performs a custom installation with full logging abilities

ACQUIRING AND INSTALLING CASPER COMPOSER
If you do not currently have the correct version of Casper Composer installed on your local system, please log into your JAMF Nation account by visiting the following URL:

https://my.jamfsoftware.com/products.html

If you do not have access to the JAMF assets, please contact your JAMF Administrator for further assistance.

If you do have access the JAMF Assets, please download the proper version of the Casper Suite for deployment on the Macintosh.

Once you have downloaded the appropriate Casper Suite DMG file to your local system perform the following steps:

01 - Double-Click the DMG file
02 - Drag the "Casper Suite" icon to the "Applications" Icon

ENABLING HIDDEN FILES AND FOLDERS IN OS X
Because we are creating a special deployment PKG file, we will want to use the /tmp folder on all of the target Macintosh systems. In order for Finder, and ultimately Casper Composer to see the /tmp folder, we need to enable hidden files and folders.

01 - Launch /Applications/Utilities/Terminal.app
02 - Type in the following commands, pressing the Enter/Return key after each line

defaults write com.apple.finder AppleShowAllFiles YES
killall Finder

03 - Open a Finder window and navigate to /tmp

STAGING THE NESSUS AGENT DMG FILE
Copy the Nessus Agent DMG file to /tmp

USING CASPER COMPOSER TO CREATE A CUSTOM NESSUS AGENT INSTALLER PKG
01 - Launch /Applications/Casper Suite/Composer.app
02 - If this is the first time you have launched Casper Composer
a. You may be presented with the ""Composer.app" is an application downloaded from the Internet" window
b. Click the "Open" button
c. If prompted, type in your password
d. You will be presented with the "Choose a method to create your package:" screen
e. Continue to Step 4
03 - If this is not your first time to launch Casper Composer you will be taken to the main Casper Composer screen
a. If prompted, type in your password
b. Click on the "New" icon
c.You will be presented with the "Choose a method to create your package:" screen
04 - Select "Normal Snapshot" icon
05 - Click the "Next" button
06 - Provide a "Package Name" (i.e. NessusAgent-6.5.5_Casper_Installer_v1.2.pkg)
07 - Casper Composer will begin taking a Snapshot of your system.
a. During this time, do not make any changes to your system
08 - Once Casper Composer has completed taking the Snapshot, click on the "Create Package Source" button
09 - Casper Composer will begin taking the "After Snapshot" of your system
10 -Once Casper Composer has completed taking the After Snapshot, you will be returned to the main Casper Composer screen
11 - Your newly created source container will reside in the left-hand pane
12 - Drag the Nessus Agent DMG file from /tmp to the right-hand pane of the Casper Composer Window
13 - This will create a tree structure depicting the path to the Nessus Agent DMG file
14 - In the left-hand sidebar, expand the Nessus Agent source
15 - Right-Click on "Scripts"
16 - Click on "Add Shell Script"
17 - Click on "Post Install"
18 - Click on "postinstall" in the left-hand pane
19 - Select all of the script contents within the right-hand pane and delete the contents
20 - Copy and paste in the following script

#!/bin/sh
## postinstall

# Nexus Agent Installation Script v1.2
# Written by Caine Hörr
# Written on Tue, Jan 26, 2016
# Updated by Caine Hörr
# Updated on Wed, Jan 17, 2016

# UPDATE LOG
# v1.2
# Replaced Username="$(whoami)" with Username="$(stat -f "%Su" /dev/console)" to correct issue of identifying root as the username

# v1.1
# Added line to unlink the Nessus Agent
# Automatically collect username and hostname to generate unique name
# Add unique name when linking to the Nessus Agent

# v1.0
# Initial Nexus Agent Installation script

# Mount the Nessus Agent DMG file
# Latest version can be downloaded from http://www.tenable.com/products/nessus/agent-download
echo "########## MOUNTING THE NESSUS AGENT DMG ##########" | logger
hdiutil attach /tmp/NessusAgent-6.5.4.dmg | logger

# Run the Nessus Agent installer PKG file
echo "########## INSTALLING THE NESSUS AGENT ##########" | logger
sudo installer -pkg /Volumes/Nessus Agent Install/Install Nessus Agent.pkg -target / | logger

# Check to see if Nessus Agent is installed
NessusAgentInstalled="$(ls /Library/NessusAgent/run/sbin/ | grep nessuscli)"
if [ "$NessusAgentInstalled" = "nessuscli" ]; then
 echo "########## NESSUS AGENT INSTALLED ##########" | logger

 # Identify the correct mount point for the DMG file
 NessusAgentDMG="$(hdiutil info | grep "/Volumes/Nessus Agent Install" | awk '{ print $1 }')"

 # Detach the DMG file
 echo "########## UNMOUNTING THE NESSUS AGENT DMG ##########" | logger
 hdiutil detach $NessusAgentDMG | logger

 # Check to see if Nessus Agent is running
 NessusAgentRunning="$(sudo launchctl list com.tenablesecurity.nessusagent | grep "PID" | awk '{ print $1 }' | tr -d '"')"
 if [ "$NessusAgentRunning" = "PID" ]; then
 echo "########## NESSUS AGENT IS RUNNING ##########" | logger

 # Unlink the Nessus agent - Needed in case of upgrade or re-link…
 echo "########## UNLINKING NESSUS AGENT ##########" | logger
 sudo /Library/NessusAgent/run/sbin/nessuscli agent unlink | logger

 # Acquire some personal data (currently logged in username and computer hostname)
 Username="$(stat -f "%Su" /dev/console)"
 Computername="$(hostname | sed 's/..*$//')"
 Fullname="${Computername}_${Username}"

 # Link the Nessus Agent to cloud.tenable.com
 echo "########## CONFIGURING THE NESSUS AGENT ##########" | logger
 sudo /Library/NessusAgent/run/sbin/nessuscli agent link --key=<your key goes here> --name=$Fullname --host=cloud.tenable.com --port=443 | logger

 exit 0 # Success
else
 echo "########## WARNING - NESSUS AGENT IS NOT RUNNING ##########" | logger

 exit 1 # Failure
 fi

else 
 echo "########## ERROR - NESSUS AGENT DID NOT INSTALL ##########" | logger

 exit 1 # Failure
fi

21 - In the left-hand sidebar, click the Nessus Agent source icon
22 - You will be prompted to save changes - Click the "Save" button
23 - Click the "Build as PKG" icon
24 - Select a destination to save the custom PKG file (ie Desktop)
25 - Click the "Save" button

CONFIGURING THE JSS

UPLOADING THE CUSTOM NESSUS AGENT INSTALLER PKG TO THE JSS SERVER
01 - Connect to https://jss.yourdomain.net:8443/
02 - Log in with your credentials
03 - Click on the "Settings" (gear) icon in the upper right corner
04 - Click on "Computer Management" within the left-hand pane
05 - Click on the "Packages" icon within the "Computer Management" group
06 - Click on the "Plus" button
07 - Type in a "Display Name" (ie NessusAgent-6.5.5_Casper_Installer_v1.2.pkg)
08 - Select "Security" from the "Category" drop down menu
09 - Click on the "Upload Package File" button
10 - Click on the "Choose File" button
11 - Navigate to the location of your custom Nessus Agent PKG file
12 - Select your custom Nessus Agent PKG file
13 - Click the "Open" button
14 - Click the "Upload" button
15 - Add any additional Info or Notes to the relevant fields
16 - Click the "Save" button

EXTENSION ATTRIBUTES
Extension attributes are used to augment the functionality of the JAMF Casper Suite.

Because the Nessus Agent is not a typical Macintosh application that resides in /Applications, we need to build a set of custom controls to gather the necessary information about the status of the Nessus Agent on the client systems that are deployed within the enterprise.

With custom designed Extension attributes, we can gather the following information:

Nessus Agent Installation Status: Installed | Not Installed
Nessus Agent Service Status: Running | Stopped
Nessus Agent Version and Build Information

NESSUS AGENT INSTALLATION STATUS
01 - Connect to https://jss.yourdomain.net:8443/
02 - Log in with your credentials
03 - Click on the "Settings" (gear) icon in the upper right corner
04 - Click on "Computer Management" within the left-hand pane
05 - Click on "Extension Attributes" icon within the "Computer Management - Management Framework" group
06 - Click on the "Plus" button
07 - In the "Display Name" field, type in the following: Nessus Agent Installation Status
08 - In the "Description" field, type in the following: Check to determine if the Nessus Agent is installed.
09 - In the "Data Type" drop down, select "String"
10 - In the "Inventory Display" drop down, select "Operating System"
11 - In the "Input Type" drop down, select "Script"
12 - Click on the "OS X" button
13 - In the "Script" text field, copy and paste in the following script:

#!/bin/sh
# Check to see if Nessus Agent is installed
NessusAgentInstalled="$(ls /Library/NessusAgent/run/sbin/ | grep nessuscli)"
if [ "$NessusAgentInstalled" != "nessuscli" ] 
then
 echo "<result>Not Installed</result>"
else 
 echo "<result>Installed</result>"
fi

14 - Click the "Save" button

NESSUS AGENT SERVICE STATUS
01 - Connect to https://jss.yourdomain.net:8443/
02 - Log in with your credentials
03 - Click on the "Settings" (gear) icon in the upper right corner
04 - Click on "Computer Management" within the left-hand pane
05 - Click on "Extension Attributes" icon within the "Computer Management - Management Framework" group
06 - Click on the "Plus" button
07 - In the "Display Name" field, type in the following: Nessus Agent Service Status
08 - In the "Description" field, type in the following: Check to determine if the Nessus Agent Service is running.
09 - In the "Data Type" drop down, select "String"
10 - In the "Inventory Display" drop down, select "Operating System"
11 - In the "Input Type" drop down, select "Script"
12 - Click on the "OS X" button
13 - In the "Script" text field, copy and paste in the following script:

#!/bin/sh
# Check to see if Nessus Agent is running
NessusAgentRunning="$(sudo launchctl list com.tenablesecurity.nessusagent | grep "PID" | awk '{ print $1 }' | tr -d '"')"
if [ "$NessusAgentRunning" = "PID" ]
then
 echo "<result>Running</result>"
else
 echo "<result>Stopped</result>"
fi

14 - Click the "Save" button

NESSUS AGENT VERSION AND BUILD INFORMATION
01 - Connect to https://jss.yourdomain.net:8443/
02 - Log in with your credentials
03 - Click on the "Settings" (gear) icon in the upper right corner
04 - Click on "Computer Management" within the left-hand pane
05 - Click on "Extension Attributes" icon within the "Computer Management - Management Framework" group
06 - Click on the "Plus" button
07 - In the "Display Name" field, type in the following: Nessus Agent Version
08 - In the "Description" field, type in the following: Determine the version of the Nessus Agent that is currently installed.
09 - In the "Data Type" drop down, select "String"
10 - In the "Inventory Display" drop down, select "Operating System"
11 - In the "Input Type" drop down, select "Script"
12 - Click on the "OS X" button
13 - In the "Script" text field, copy and paste in the following script:

#!/bin/sh
# Check to see if Nessus Agent is installed
NessusAgentInstalled="$(ls /Library/NessusAgent/run/sbin/ | grep nessuscli)"
if [ "$NessusAgentInstalled" != "nessuscli" ] 
then
 echo "<result>N/A</result>"
else 
 NessusAgentVersion="$(/Library/NessusAgent/run/sbin/nessuscli -v | awk 'NR==1{print $3 " " $4 " " $5}')"
 echo "<result>$NessusAgentVersion</result>"
fi

14 - Click the "Save" button

JAMF JSS COMPUTER GROUPS
The JAMF JSS provides two kinds of Computer Groups.

Smart Computer Groups
Static Computer Group

Smart Computer Groups include logic statements that determine how Policies, Configuration Profiles, Extension Attributes and other resources are applied. Smart Computer Groups provide a mechanism by which the JSS can determine which actions to take and when.

Static Computer Groups are manually assigned systems without any form of logic work flow. Static Computer Groups are perfect for deploying systems within small, isolated test and lab groups thereby reducing any major impact on a production environment.

CREATING SMART COMPUTER GROUPS FOR THE NESSUS AGENT

NESSUS AGENT - INSTALLED
01 - Click on the "Computers" icon
02 - Click on "Smart Computer Groups"
03 - Click on the "Plus" button
04 - In the "Display Nam"e field, type in the following: Nessus Agent - Installed
05 - Click on the "Criteria" tab
06 - Click on the "Plus" button
07 - Click the "Choose" button for All Criteria
08 - Click the "Choose" button for Nessus Agent Installation Status
09 - Change the "Operator" drop down to is
10 - In the "Value" field, type in Installed
a. This value corresponds with the value as defined in the script associated with the Nessus Agent Installation Status Extension Attribute
11 - Click the "Save" button

NESSUS AGENT - NOT INSTALLED
01 - Click on the "Computers" icon
02 - Click on "Smart Computer Groups"
03 - Click on the "Plus" button
04 - In the "Display Name" field, type in the following: Nessus Agent - Not Installed
05 - Click on the "Criteria" tab
06 - Click on the "Plus" button
07 - Click the "Choose" button for "All Criteria"
08 - Click the "Choose" button for "Nessus Agent Installation Status"
09 - Change the "Operator" drop down to "is not"
10 - In the "Value" field, type in "Installed"
a. This value corresponds with the value as defined in the script associated with the Nessus Agent Installation Status Extension Attribute
11 - Click the "Save" button

NESSUS AGENT - INSTALLED - TEST GROUP
01 - Click on the "Computers" icon
02 - Click on "Smart Computer Groups"
03 - Click on the "Plus" button
04 - In the "Display Name" field, type in the following: Nessus Agent - Installed - Test Group
05 - Click on the "Criteria" tab
06 - Click on the "Plus" button
07 - Click the "Choose" button for "All Criteria"
08 - Click the "Choose" button for "Nessus Agent Installation Status"
09 - Change the "Operator" drop down to "is"
10 - In the "Value" field, type in "Installed"
a. This value corresponds with the value as defined in the script associated with the Nessus Agent Installation Status Extension Attribute
11 - Click the "Save" button

NESSUS AGENT - NOT INSTALLED - TEST GROUP
01 - Click on the "Computers" icon
02 - Click on "Smart Computer Groups"
03 - Click on the "Plus" button
04 - In the "Display Name" field, type in the following: Nessus Agent - Not Installed - Test Group
05 - Click on the "Criteria" tab
06 - Click on the "Plus" button
07 - Click the "Choose" button for "All Criteria"
08 - Click the "Choose" button for "Nessus Agent Installation Status"
09 - Change the "Operator" drop down to "is not"
10 - In the "Value" field, type in "Installed"
a. This value corresponds with the value as defined in the script associated with the Nessus Agent Installation Status Extension Attribute
11 - Click the "Save" button

NESSUS AGENT SERVICE - RUNNING
01 - Click on the "Computers" icon
02 - Click on "Smart Computer Groups"
03 - Click on the "Plus" button
04 - In the "Display Name" field, type in the following: Nessus Agent Service - Running
05 - Click on the "Criteria" tab
06 - Click on the "Plus" button
07 - Click the "Choose" button for "All Criteria"
08 - Click the "Choose" button for "Nessus Agent Service Status"
09 - Change the "Operator" drop down to "is"
10 - In the "Value" field, type in "Running"
a. This value corresponds with the value as defined in the script associated with the Nessus Agent Service Status Extension Attribute
11 - Click the "Save" button

NESSUS AGENT SERVICE - STOPPED
01 - Click on the "Computers" icon
02 - Click on "Smart Computer Groups"
03 - Click on the "Plus" button
04 - In the "Display Name" field, type in the following: Nessus Agent Service - Stopped
05 - Click on the "Criteria" tab
06 - Click on the "Plus" button
07 - Click the "Choose" button for "All Criteria"
08 - Click the "Choose" button for "Nessus Agent Service Status"
09 - Change the "Operator" drop down to "is not"
10 - In the "Value" field, type in "Running"
a. This value corresponds with the value as defined in the script associated with the Nessus Agent Service Status Extension Attribute
11 - Click the "Save" button

CREATING STATIC COMPUTER GROUPS FOR THE NESSUS AGENT

NESSUS AGENT TEST GROUP
01 - Click on the "Computers" icon
02 - Click on "Static Computer Groups"
03 - Click on the "Plus" button
04 - In the "Display Name" field, type in the following: IT Department
05 - Click on the "Assignments" tab
06 - Select each individual system to be included within the group
07 - Click the "Save" button

JAMF JSS COMPUTER POLICIES

CREATING COMPUTER POLICIES FOR THE NESSUS AGENT

NESSUS AGENT - INSTALLATION
01 - Click on the "Computers" icon
02 - Click on "Policies"
03 - Click on the "Plus" button
04 - In the "Display Name" field, type in the following: Nessus Agent - Installation
05 - Select the "Enabled" checkbox
a. Selecting "Enabled" commits the policy once the "Save" button has been clicked. By not enabling the policy, the policy will not run.
06 - Change the "Category" drop down to "Security"
07 - Select the "Enrollment Complete" checkbox
08 - Select the "Recurring Check-In" checkbox
09 - Change the "Execution Frequency" drop down to "Once per computer"
10 - Click on the "Packages" icon
11 - Click on the "Configure" button
12 - Click the "Add" button that corresponds to the Nessus Agent Installer PKG file
13 - Click on the "Maintenance" icon
14 - Click on the "Configure" button
15 - Click on the "Scope" tab
16 - Click on the "Plus" button
17 - Click on the "Computer Groups" button
18 - Click the "Add" button that corresponds to "Nessus Agent - Not Installed - IT Department"
19 - Click the "Done" button
20 - Click the "Save" button
a. Clicking the "Save" button commits the policy if the policy is Enabled.

TESTING THE DEPLOYMENT
Once the policy has been enabled and saved, all systems that have been assigned to the Nessus Agent Test Group Static Computer Group will download and run the policy during their next check in period.

You can expedite this process by running the following commands on the command line (/Applications/Utilities/Terminal.app) of a target system:

sudo jamf manage

sudo jamf policy

TRANSITIONING TO PRODUCTION
To transition to a final production run for all target systems within the enterprise, you only need to re-scope the Computer Policy entitled "Nessus Agent - Installation".

RE-SCOPING FOR PRODUCTION
01 - Click on the "Computers" icon
02 - Click on "Policies"
03 - Click on the "Nessus Agent - Installation" policy link
04 - Click on the "Scope" tab
05 - Click on the "Edit" button
06 - Click on the "Remove" button that corresponds with the "Nessus Agent - Not Installed - Test Group Smart Computer Group"
07 - Click on the "Plus" button
08 - Click on the "Computer Groups" button
09 - Click on the "Add" button associated with the "Nessus Agent - Not Installed" Smart Computer Group
10 - Click the "Done" button
11 - Click the "Save" button
a. Clicking the "Save" button commits the policy if the policy is Enabled.

Show first post

Forum|pagination.label 2 / 2

jason_hernandez
New Contributor
Forum|Forum|5 years ago
November 3, 2020

I just revisited this after using the prior method during a trial over the Summer. The process is much easier now. No need to use Composer any longer.

Mount the Nessus Agent DMG from the Tenable website.
Pull the hidden file ".NessusAgent.pkg" out of the DMG and place it where you'd like.
Rename it as you like. (I used NessusAgent_v_8_0_2.pkg)
Pull the PKG into Jamf Admin, add whatever info/details you prefer.
Create a Policy installing this PKG on the target computer.
Add the following script to run after the PKG install, it will link the agent to your Tenable instance and delete the Preference Pane (we prefer that users not mess with it)

#!/bin/sh

#Links Nessus agent to our specific key and sets needed cloud domain and port

/Library/NessusAgent/run/sbin/nessuscli agent link --key=YOUR_SPECIFIC_KEY_HERE  --host=cloud.tenable.com --port=443

# If desired, the --groups"Group Name" tag can be added

# This removes the Nessus Agent Preference Pane

rm -rf /Library/PreferencePanes/Nessus Agent Preferences.PrefPane

Tested and works well for deployment.

EddieF
New Contributor
Forum|Forum|5 years ago
December 11, 2020

I am getting the error below for people with Catalina OS but some with the older Mojave OS it is installing no problem. Anyone any ideas why? NessusAgent-8.2.0
installer: Upgrading at base path /
installer: The upgrade failed. (The Installer encountered an error that caused the installation to fail. Contact the software manufacturer for assistance. The package is attempting to install content to the system volume.)
also getting Script result: sudo: /Library/NessusAgent/run/sbin/nessuscli: command not found

+31

tlarkin
Honored Contributor
Forum|Forum|5 years ago
December 11, 2020

You are trying to upgrade an existing agent @EddieF and you must remove some files that are unique first before reinstalling

EddieF
New Contributor
Forum|Forum|5 years ago
December 14, 2020

When creating the package i've deleted everything except files in /Library and i've also tried deleting all files except /Library/NessusAgent it isn't making a difference

+31

tlarkin
Honored Contributor
Forum|Forum|5 years ago
December 14, 2020

If you are going to uninstall you should delete all contents in /Library/Nessus, the preference pane if you deploy it (we do not), and there is a unique ID that is generated upon install called the /etc/tenable_tag which also must be deleted to reinstall the app.

The installer and the agent is sorta horrible, and health checking it is also a nightmare. Please open tickets with the vendor and let them know you would like to see improvements.

+22

mhasman
Valued Contributor
Forum|Forum|4 years ago
February 16, 2021

Hello,

Are there any updates in deployment version 8.2.2, recommendations, please?

UPD. Nessus Version EA returns: Agent) 8.2.2 [build

EUC-Admin
Contributor
Forum|Forum|3 years ago
July 27, 2022

Also the Version EA needs a little work, the newer versions of Nessus are outputting alot of data with the -v. I'm trying to figure it out now, ill post back if I get it working better

Sorry to revive a two year dead thread but how did you get Jamf to acknowledge you are running the Nessus Agent in the console? I can see it running in the Tenable side but nothing on the Jamf side.

+16

dvasquez
Valued Contributor
Forum|Forum|3 years ago
July 27, 2022

@tharr00 and @Kyuubi

Thank you so much for the kind words. I am glad the workflow has found value to someone else.

One of my SecOps guys made a change. He modified the following:

ORIGINAL CODE

# Link the Nessus Agent to cloud.tenable.com
 echo "########## CONFIGURING THE NESSUS AGENT ##########" | logger
 sudo /Library/NessusAgent/run/sbin/nessuscli agent link --key=<your key goes here> --name=$Fullname --host=cloud.tenable.com --port=443 | logger

UPDATED CODE

# Link the Nessus Agent to cloud.tenable.com
 echo "########## CONFIGURING THE NESSUS AGENT ##########" | logger
sudo /Library/NessusAgent/run/sbin/nessuscli agent link ----key=<your key goes here>  --name=$Fullname --host=cloud.tenable.com --port=443 --groups="<your group info goes here>" | logger

Just in case y'all were curious!

This is so all-inclusive and so awesome. Thank you for taking the time to share with the community. We use this product and your info really helped me understand more I will be shamelessly using your scripts and configurations.

+16

dvasquez
Valued Contributor
Forum|Forum|3 years ago
July 27, 2022

I have to deal with Nessus, unfortunately, but vuln scan data is valuable. here is how I approach the deployment.

Nessus actually deploys a dummy package in their DMG that has a hidden package nested inside the DMG. Why they do this, I have literally zero clue. Security through obscurity? So you can mount the DMG and use terminal to find the hidden package that is named with a . in front of it hiding it. The downside is there are some chmod scripts that seem to apply permissions after the install, again no idea why they designed it that way. Of course if Jamf just supported native DMG installs this wouldn't be much of an issue, but it is what it is.

Also, there is a unique agent ID located in /etc/tenable_tag you must, and I will stress this, you must remove this tag if you reinstall the agent at all. This is what they use to a unique identifier on their server side tools, so I have baked in a bunch of checks into an install/remediation script

#!/bin/zsh

# use poisiotnal parameters to pass the agent link ID to the tenable agent post install
# jamf reserves 1-3 so we are startign with 4
# your nessus agent ID to register with your cloud tenant
NSAGENT="${4}"

# test to see if tenable installed correctly, if not force non zero exit status to track errors in jamf

if /Library/NessusAgent/run/sbin/nessuscli help
  then echo "binary is installed proceeding"
  else echo "Not installed, lets install now"
  jamf policy -event install_nessus
  exit 0

fi

# yeet the Nessus Pref pane because it is useless
# then yeet the tenable agent ID beacuse it is unique

if [[ -e /Library/PreferencePanes/Nessus Agent Preferences.prefPane ]]
    echo "removing pref pane..."
    then rm -rf /Library/PreferencePanes/Nessus Agent Preferences.prefPane
fi

if [[ -e /etc/tenable_tag ]]
    echo "removing tenable UUID"
    then rm -f /etc/tenable_tag
fi

# just in case it is registered with a bad/wrong scan we are gonna force it to unlink
echo "forcing an unlink..."
/Library/NessusAgent/run/sbin/nessuscli agent unlink --force

# remove the files and unload the daemons
echo "removing the daemons..."
launchctl unload /Library/LaunchDaemons/com.tenablesecurity.nessusagent.plist
rm -f /Library/LaunchDaemons/com.tenablesecurity.nessusagent.plist
echo "removing the files"
rm -rf /Library/NessusAgent

# install the new agent
echo "reinstalling the agent clean..."
jamf policy -event install_nessus

# apparently nessus deemed it necessary to deploy binaries that are not executable, because why not?
echo "setting the agent permissions..."
chmod -R +x /Library/NessusAgent/run

# now relink it
/Library/NessusAgent/run/sbin/nessuscli agent link --key="${NSAGENT}" --cloud --groups="your-scan-group-here"

We are seeing agents that auto upgrade and then not check into Nessus and I have open support tickets on this, so if anyone has insight into this I would be happy to hear about it. I am on Slack more often than here though.

truth!

+16

dvasquez
Valued Contributor
Forum|Forum|3 years ago
July 27, 2022

Good stuff, thanks @cainehorr

So.. at least as of the 7.x+ Nessus, if you show hidden files there is a second PKG inside the DMG. Thats the actualy installer and it works fine outside of the DMG. I just pull that out, unhide it (take off the leading ".") and deploy it with Jamf. Following it up with the command to add it to out nessus enviorment.

Any reason this is wrong? I guess Im missing all the logic to check it, but i have other Polcies and EA for that.

So awesome to know this! Thanks for sharing.

jsnyc
New Contributor
Forum|Forum|3 years ago
October 4, 2022

So I am having a bit of a problem getting this Linked. I've done the following:

Mounted the Nessus Agent DMG from the Tenable website.
Pulled the hidden file ".NessusAgent.pkg" out of the DMG and place it where you'd like.
Renamed it (NessusAgent_v_10_3_0.pkg)
Uploaded PKG my console.

I added the installed Script:

#This Works it installs and then it launches a webpage)
installer -pkg ./NessusAgent_v_10_3_0.pkg -target /

#Post-Install script:

/Library/Nessus/run/sbin/nessuscli agent link --key=(I removed key for post purposes) --groups=MACs --cloud --host=cloud.tenable.com

#I tried running this via a terminal and I get an errors:

Could not open /Library/Nessus/run/var/nessus/master.key - Permission denied

Error: Command '--key=Remove key for purposes of this post' not found

I am not sure what I am doing wrong here, any help would be very appreciated.

EUC-Admin
Contributor
Forum|Forum|3 years ago
October 4, 2022

So I am having a bit of a problem getting this Linked. I've done the following:

Mounted the Nessus Agent DMG from the Tenable website.
Pulled the hidden file ".NessusAgent.pkg" out of the DMG and place it where you'd like.
Renamed it (NessusAgent_v_10_3_0.pkg)
Uploaded PKG my console.

I added the installed Script:

#This Works it installs and then it launches a webpage)
installer -pkg ./NessusAgent_v_10_3_0.pkg -target /

#Post-Install script:

/Library/Nessus/run/sbin/nessuscli agent link --key=(I removed key for post purposes) --groups=MACs --cloud --host=cloud.tenable.com

#I tried running this via a terminal and I get an errors:

Could not open /Library/Nessus/run/var/nessus/master.key - Permission denied

Error: Command '--key=Remove key for purposes of this post' not found

I am not sure what I am doing wrong here, any help would be very appreciated.

Have you tried using Sudo if your attempting via the terminal?

I'd switch user if you aren't attempting this through the admin side of things on the machine itself (you can do this via terminal as well).

jsnyc
New Contributor
Forum|Forum|3 years ago
October 4, 2022

Have you tried using Sudo if your attempting via the terminal?

I'd switch user if you aren't attempting this through the admin side of things on the machine itself (you can do this via terminal as well).

Thank you in advance for you help, it's my first time installing this. I tried sudo, the first error went away which is great. But I still have this error:

Error: Command '--key=Removed Key for this post' not found

Also,

In my postinstall script is this correct:

*I noticed that the path, rather than being /library/NessusAgent it's /library/Nessus

*doesn't seem to be a NessusAgent folder in that location, but there is a Nessus folder.

/Library/Nessus/run/sbin/nessuscli agent link --key=(I removed key for post purposes) --groups=MACs --cloud --host=cloud.tenable.com --port=443

/Library/Nessus/run/sbin/nessuscli agent link --key=(I removed key for post purposes) --groups=MACs --cloud

jsnyc
New Contributor
Forum|Forum|3 years ago
October 10, 2022

It was an issue between the chair and the Keyboard. I was installing the "Manager" thinking it was the "Client". Problem solved lol. Thank you.

keenan710
New Contributor
Forum|Forum|1 year ago
July 26, 2024

I have to deal with Nessus, unfortunately, but vuln scan data is valuable. here is how I approach the deployment.

#!/bin/zsh

# use poisiotnal parameters to pass the agent link ID to the tenable agent post install
# jamf reserves 1-3 so we are startign with 4
# your nessus agent ID to register with your cloud tenant
NSAGENT="${4}"

# test to see if tenable installed correctly, if not force non zero exit status to track errors in jamf

if /Library/NessusAgent/run/sbin/nessuscli help
  then echo "binary is installed proceeding"
  else echo "Not installed, lets install now"
  jamf policy -event install_nessus
  exit 0

fi

# yeet the Nessus Pref pane because it is useless
# then yeet the tenable agent ID beacuse it is unique

if [[ -e /Library/PreferencePanes/Nessus Agent Preferences.prefPane ]]
    echo "removing pref pane..."
    then rm -rf /Library/PreferencePanes/Nessus Agent Preferences.prefPane
fi

if [[ -e /etc/tenable_tag ]]
    echo "removing tenable UUID"
    then rm -f /etc/tenable_tag
fi

# just in case it is registered with a bad/wrong scan we are gonna force it to unlink
echo "forcing an unlink..."
/Library/NessusAgent/run/sbin/nessuscli agent unlink --force

# remove the files and unload the daemons
echo "removing the daemons..."
launchctl unload /Library/LaunchDaemons/com.tenablesecurity.nessusagent.plist
rm -f /Library/LaunchDaemons/com.tenablesecurity.nessusagent.plist
echo "removing the files"
rm -rf /Library/NessusAgent

# install the new agent
echo "reinstalling the agent clean..."
jamf policy -event install_nessus

# apparently nessus deemed it necessary to deploy binaries that are not executable, because why not?
echo "setting the agent permissions..."
chmod -R +x /Library/NessusAgent/run

# now relink it
/Library/NessusAgent/run/sbin/nessuscli agent link --key="${NSAGENT}" --cloud --groups="your-scan-group-here"

Hey @tlarkin - have tried the above and got to a point I'm testing installing through self service (let me know if there is a better option) and it just spins. Assuming something I've done is incorrect and but so far I have.

put the dmg into composer > saw that the 2 .pkg files were there > set up a post install script with what you had suggested > then uploaded that as a package to jamf and pushed to self service.

Not sure if this isnt what it was intended for but I'm struggling to find a solution that works for me > tried a lot of the above and hoping it isnt just because it may be outdated.

I have verified that just manually installing tenable and then running the script for linking an agent in terminal works I just cannot get it to work remotely and don't want to manually do it on everyones machine :D

+31

tlarkin
Honored Contributor
Forum|Forum|1 year ago
July 26, 2024

@keenan710 it also needs CLI arguments to register the agent to the proper scan group and server. If you look at the output of that `nessuscli --help` it should give you the args to complete that task. The package by itself only installs the components but does not configure them. So you will need some sort of script to do so.

also my script could very well be outdated as it is pretty old. Alternatively Nessus does offer some APIs to programmatically download the installer as well, which we only use in our Linux VDI deployment currently but I am sure that could be adapted to macOS. Just gotta put API creds in a script which is not a great security practice

i would look at the CLI args from the nessus binaries and see if you are properly registering the agent

Forum|pagination.label 2 / 2

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded