Nessus Agents are lightweight client programs that are installed locally on a host. Agents collect vulnerability, compliance, and system data and report that information back to a Tenable Security Center.

Agents run under the local SYSTEM account in Windows or root on Linux-based operating systems, and do require sufficient privileges to install software under that account on setup. Nessus Agents are packaged for installation on their respective platforms, and after installation, a scriptable command can be used to register the agent with an instance of Nessus Cloud or Tenable Security Center.

Download the appropriate agent installer for your operating system/platform from this link. http://www.tenable.com/products/nessus/agent-download

During installation, use the following options/attributes to link your agent to the UTK Tenable Security Center Vulnerability Management System:

• server=cloud.tenable.com:443 (or server=cloud.tenable.com and port=443)
• key=3b94865460bc6e1c7207ad6b203841288306f77d266a83b227dd2b85e2e815b7
• group name=UTK_EECS

When downloading the Tenable Nessus client for Linux as a .deb (Debian, Ubuntu, etc.) or .rpm (Red Hat, Fedora, etc.) file, you will need to configure it after installation and enable the Nessus Agent service. The command you will need to use is /opt/nessus_agent/sbin/nessuscli.

1. Check the agent status. It will likely be unlinked:

   ~> sudo /opt/nessus_agent/sbin/nessuscli agent status
   
   Running: Yes
   Linked to: None
   Link status: Not linked to a manager
   Last successful connection with controller: 853 secs ago
   Proxy: None
   Plugin set: 202402291358
   Scanning: No (0 jobs pending, 0 smart scan configs)
   Scans run today: 1 of 10 limit
   Last scanned: 1709293069
   Last connect: 1709307141
   Last connection attempt: 1709307141

   You should see Linked to: None. If you agent is already linked to cloud.tenable.com, you will need need to do anything else.

2. Link the agent to Tenable's cloud and the UTK_EECS group. See the above list for the currently correct parameters:

   ~> sudo /opt/nessus_agent/sbin/nessuscli agent link \
           --key=3b94865460bc6e1c7207ad6b203841288306f77d266a83b227dd2b85e2e815b7 \
           --host=cloud.tenable.com \
           --port=443 \
           --groups=UTK_EECS
   
   [info] [agent] Successfully linked to cloud.tenable.com:443

3. The nessuscli agent status should now show a properly linked agent:

   ~> sudo /opt/nessus_agent/sbin/nessuscli agent status
   
   Running: Yes
   Linked to: cloud.tenable.com:443
   Link status: Connected to cloud.tenable.com:443
   Last successful connection with controller: 95 secs ago
   Proxy: None
   Plugin set: 202402291358
   Scanning: No (0 jobs pending, 0 smart scan configs)
   Scans run today: 1 of 10 limit
   Last scanned: 1709293069
   Last connect: 1709308242
   Last connection attempt: 1709308242

4. Make sure that the Nessus Agent is running and configured to start at boot time. For most Linux systems, this will be done via the systemctl command:
   sudo systemctl enable nessusagent.service ; sudo systemctl start nessusagent.service
   If your system does not use systemd for daemon management, please see your Linux distribution's documentation.