I will demonstrate how to set up and run local agent-based scans on tenable.io for Windows devices.
- Azure
- Ubuntu Server 22 VM
- Tenable.IO
After creating a Linux virtual machine, I will now show you how to create a local-based agent to scan my Linux device. The purpose of this is that in work settings, employees are given devices to work on outside of the office. Instead of having to manually check all of those devices, I can set up an agent that does a self-assessment on the device it's installed on.
Agent groups are used to organize and manage the agents linked to your account. Each agent can be added to any number of groups, and scans can be configured to use these groups as targets.
Go to:
- Settings
- Sensors
- Nessus Agents
- Agent Groups
As you can see, the Agent Group above was created.
- Go to Scanner
- Press New Scan
- Press the Nessus agent
- Then select the Basic Agent Scan Template
This is what it looks like when you get there.
Configurations:
- I selected the group I created in the "agent groups" section.
- Then I named the scan
- For the Scan Type, I am selecting a triggered scan so that when a filename I select ends up in the directory, & the agent discovers it, it will know it's time to scan.
For this scenario, the key file will be
goub.txt
To SSH into the Linux computer, the command is
ssh username@publicIP , then enter the password of the computer
Copy and paste this command from settings in Tenable. This is the code that will be used to install the agent on the VM.
- Settings
- Sensors
- Nessus Agents
- Linked Agents
- Look at the instructions for installing the Agent on Windows Platforms
It should appear on the right side of the screen.
Copy and paste the command as seen:
curl -H 'X-Key: 58aab372289ac80911e4c5ad40a07b23b5524319f9ff5c010aa50ec625ccf389' 'https://sensor.cloud.tenable.com/install/agent?name=agent-name&groups=agent-group' | bash
I know have to edit the command to match my machines so it properly knows what to scan.
After editing, the new command should read
curl -H 'X-Key: 58aab372289ac80911e4c5ad40a07b23b5524319f9ff5c010aa50ec625ccf389' 'https://sensor.cloud.tenable.com/install/agent?groups=Linux-Agent-Goub' | bash
- I removed the agent name, since we only have 1 VM in the group. As long as I include the agent group name, it will scan all devices in that group.
The command is
sudo -i <br / To confirm I'm in the root, I will use the ID command
It should look like this after finishing. Now I will copy and paste the command to install the agent.
After you enter the command, the Nessus agent should begin installing. It will look like this
After finishing, it looked like this with confirmation "The Nessus Agent is now linked to sensor.cloud.tenable.com
Now it's time to create the file name. I named the trigger file "goub.txt" to begin the scan.
The command for this is:
touch /opt/nessus_agent/var/nessus/triggers/goub.txt
As you can see below, the file is now in the trigger folder. I will keep checking until the file disappears. This will confirm that the scan has begun.
To check the status, I can also use the command below
sudo systemctl status nessusagent.service







