Help

Nessus Install / Uninstall

macguitarman
New Contributor III

‎06-17-2022 10:29 AM - edited ‎06-17-2022 10:31 AM

Anyone working with Nessus, here is a Nessus un-install script.

Realized that as of Nessus version 10.2, Nessus is no longer called NessusAgent, just Nessus and the path location is: /Library/Nessus.

Also, as is common with these security agents installer,s the PKG is lacking, and woefully in most cases, and a re-package in Composer is necessary... 

You have to grab the hidden file inside the DMG and drag into Composer and Convert to Source. I also removed the Preferences Pane, so a user cannot Stop/Start the agent.

I have a before script that looks for /Library/NessusAgent and delete it if present as well as unload with launchctl. So, the installer is always re-installing onto a clean slate...

#!/bin/sh

# if /Library/Nessus directorty exists, stop Nessus agent and delete all of Nessus, if not ignore.

if [ -d "/Library/Nessus" ]
then
echo "Directory /Library/Nessus exists. Stopping Nessus and Removing it."

/bin/launchctl stop com.tenablesecurity.nessus*

sleep 1

/bin/launchctl unload -w /Library/LaunchDaemons/com.tenablesecurity.nessus*.plist

sleep 1

rm -rf /Library/Nessus

rm /Library/LaunchDaemons/com.tenablesecurity.nessus*.plist

rm -r /Library/PreferencePanes/Nessus\ Preferences.prefPane

echo "Nessus Agent has been removed..."

else
echo "Directory does not exist, nothing to do."

fi

exit 0

 

 

 

0 Kudos
1 REPLY 1

KrisMallory
New Contributor III

‎06-21-2022 05:43 AM - edited ‎06-21-2022 05:43 AM

I ran into this recently, thinking that they had renamed the location from nessusagent to nessus. Turns out that wasn't correct. There appears to be two separate but similarly named sets of files. One is for Nessus Agent and the other is for what seems like a clustered or cloud based management console.

I didn't realize that until pushing the update out to everyone and finding out all our agents stopped checking in. Then I ran the nessuscli -h in terminal and realized the options were completely different and the agent link option was no longer there.

I'm not sure if they moved the files around or if I had just grabbed the wrong set the first time, just that after I rebuilt it again and it was fine. So I recommend using the suspicious package app, then export all the files from the non-hidden pkg to one location and the files from the hidden pkg from another. Then you can get a better idea which set is the correct one for the agent install.

Hope that helps.

0 Kudos