Posted on 10-31-2019 06:48 PM
If anyone runs into this when trying to install the Nessus Agent with Jamf Pro:
Installation failed. The installer reported: installer: Package name is Tenable Nessus Agent installer: Certificate used to sign package is not trusted. Use --allow Untrusted to overwrite.
I have a fix. Thanks to Bartłomiej Sojka for pointing out that it's a hard link, and suggesting the solution.
It’s the package downloaded directly from the vendor https://www.tenable.com/downloads/nessus-agents, in the section Nessus Agents - 7.4.3, NessusAgent-7.4.3.dmg
I think the visible package in the disk image is actually a hard link to a hidden package in the disk image, named .NessusAgent.pkg.
I have no idea why.
Here is me using “ls -la” to get a long listing of all the files, even hidden files, in the disk image:
MacBookPro:Nessus Agent Install ladmin$ ls -la total 28120 drwxr-xr-x 5 ladmin staff 238 Sep 10 16:11 . drwxr-xr-x+ 4 root wheel 128 Oct 31 19:55 .. -rw-r--r-- 1 ladmin staff 14357839 Sep 10 16:11 .NessusAgent.pkg d-wx-wx-wt 2 ladmin staff 68 Sep 10 16:11 .Trashes -rw-r--r-- 1 ladmin staff 34145 Sep 10 16:11 Install Nessus Agent.pkg
That “14357839” is the size of the hidden package - it’s much bigger than the visible package.
The good news is that the fix is to copy the hidden item to your Downloads folder (as an example), then upload that package to Jamf Pro:
Open the disk image
In Terminal, use the command:
cp /Volumes/Nessus Agent Install/.NessusAgent.pkg ~/Downloads/Install Nessus Agent.pkg
Eject the disk image
Upload ~/Downloads/Install Nessus Agent.pkg to Jamf Pro
Posted on 06-05-2020 12:23 PM
Thank you so much! im trying this out now edit worked perfectly thank you!
Posted on 06-05-2020 04:45 PM
Yeah I have had many problems with Nessus and you hit the nail on the head. Mount the DMG and find the hidden package and use that instead. I have opened up cases with them about this and also told them that their scripts in their package are no longer supported in flat packages.
I have learned more about Nessus than I ever intended to
Posted on 07-15-2020 01:09 PM
when packaging nessus, we need to extract the hidden .NessusAgent.pck file, and import that to composer, then edit the 'postinstall' script that is already there? looks there is already a script when I import it, this is what it contains:
chown -R root:admin /Library/NessusAgent/run/
chmod a-w /Library/NessusAgent/run/lib/lib
killall -9 nessusd
/bin/launchctl unload -w /Library/LaunchDaemons/com.tenablesecurity.nessusagent.plist
chmod 0644 /Library/LaunchDaemons/com.tenablesecurity.nessusagent.plist
/Library/NessusAgent/run/sbin/nessuscli install /Library/NessusAgent/run/var/nessus/plugins-core.tar.gz
/bin/launchctl load -w /Library/LaunchDaemons/com.tenablesecurity.nessusagent.plist
sleep 10
exit 0
id like to include my switches but not sure how to include them into that pre existing script
these are the settings id like to include with my installation: # /Library/NessusAgent/run/sbin/nessuscli agent link --key=XXXXXXXXXXXXXXXXXX --groups=MACS --host=host.domain.com --port=8834
whenever i try to add this, i get an unsupported script error message. wondering if anyone has the instructions for deplying the nessus agent and include group, key, host and port in the config.
10-29-2024 03:27 PM - edited 10-29-2024 03:35 PM
Not sure how relevant this is to anyone, but I created a NessusRelink.sh script that unloads Nessus, pings once to make sure the server is there, then adds the machine to our link, drops it into our scan groups, & reloads Nessus. I also run this after a fresh Nessus install to link.
Here's an edited version: (if you use, please leave credit to us) [Replace the *.*.*.* host with your Nessus Scan Manager Server, the port ****, your link xxxxxxxxxxxx, & your groups xxxxx xxxxxx xxxxxxx]
--------------------------------------------------
# Created by Charles Archibald with help from Hieu Simms
# Modified by John Daly
# Relinks Nessus Agent to new Host:
pingcheck=`ping -c 1 *.*.*.* | grep "1 packets received"`
if [ "$pingcheck" != "" ] ; then #{ check to see if the nessus machine is online if it is, there will be something in pingcheck
launchctl unload -w /Library/LaunchDaemons/com.tenablesecurity.nessusagent.plist
rm -rf /private/etc/tenable_tag
/Library/NessusAgent/run/sbin/nessuscli agent link --key=xxxxxxxxxxxx --host=*.*.*.* --port=**** --groups="xxxxx","xxxxxx","xxxxxxx"
launchctl load -w /Library/LaunchDaemons/com.tenablesecurity.nessusagent.plist
else echo "Server is Down"
fi #}
Posted on 07-31-2020 04:05 PM
Stumbled on this post while figuring out this silly certificate trust issue. Thanks! I would have never thought to check the DMG for a hidden pkg. Why, Tenable?!
@jorge.blandon Why not have a script run in your policy that installs the package? You could even pass different groups as a parameter. Just set it to run "After" the package step.
Posted on 08-31-2020 11:52 AM
This did not work for me am I missing a step I follow your steps to the t.
Posted on 08-31-2020 09:00 PM
mount the installer DMG and open terminal
% cd /Volumes/Nessus Agent Install
% ls -al
total 32696
drwxr-xr-x 4 tlarkin staff 204 Aug 4 20:09 .
drwxr-xr-x 6 root wheel 192 Aug 31 20:56 ..
-rw-r--r-- 1 tlarkin staff 16658522 Aug 4 20:09 .NessusAgent.pkg
-rw-r--r-- 1 tlarkin staff 75703 Aug 4 20:09 Install Nessus Agent.pkg
See the .NessusAgent.pkg
? That is the actual installer. Now we can cp
the pkg to the Desktop or whatever and then mv
it to rename it. Remember, all .
files are invisible to the Finder
cp .NessusAgent.pkg ~/Desktop && mv ~/Desktop/.NessusAgent.pkg ~/Desktop/NessusAgent.pkg
Now you should see it on your Desktop. From here you can rename it in the Finder if you want to add say _vesrion
to the PKG.
Posted on 04-12-2021 01:41 PM
Anyone bugged Tenable about this?
I'll nag them about it on my end. Recommend others do the same.
Posted on 08-30-2021 12:33 PM
Looks like the only reason they wrap it is for the license, logo, and readme <sigh>. I stumbled upon the hidden .pkg in their install guide (but should have checked here first). I shouldn't have to do that. Software is supposed to be self-explanatory. <sigh>
Posted on 11-12-2021 09:43 AM
2 years later and this fix still holds true! I was able to unhide the real .NessusAgent.pkg and remove the . from it to unhide, uploaded it into Jamf Pro and successfully rolled out the agent after. Thanks @arekdreyer.
08-29-2022 01:52 PM - edited 08-29-2022 02:11 PM
Developers who fail to follow simple rules for app packaging should be shamed out of business... especially for stupid things like this.
<<edit>> Looks like they learned their lesson, as 10.2.0 has a normal pkg file inside the dmg. I withdraw my previous comment
<<edit2>> I take back my take back, they did an even dumber thing by putting a dummy visible pkg in there, fool me once, shame on me
Thanks to the OP for the fix for this
Posted on 11-29-2023 12:36 PM
Thanks you @arekdreyer and @tlarkin this was super helpful!
Posted on 09-11-2024 04:12 PM
Just wanted to swing through and say this 100% saved my bacon. I've been beating my head against automating the Nessus agent install/register for a week now and Tenable has been spectacularly unhelpful, no mention at all of this hidden file. Popped this in and everything cruised right through, thank you so much!