Pages

Tuesday, April 4, 2017

Manually Update Plugins on a Nessus Scanner (Windows)

I had an issue the other day with one of my Nessus Vulnerability Scanners which is being managed by Security Center. In Security Center the status of one of the Nessus scanners showed "Plugin Out of Sync". I tried to push the plugins to the Nessus scanner from the Security Center, but I was getting a status error of "Connection timed out".  So basically I was getting a latency issue on the connection. The Nessus scanner and the Security Center are in different states, so this may be why there is so much latency. I just built this Nessus scanner, so there were just too many plugins to be pushed over the wire by Security Center. To fix this issue, I just manually copied the plugins to the Nessus scanner. Then I manually loaded the plugins into the Nessus scanner. After I did this, I have not had this issue again.

Manually updating the Plugins can sometimes fix error or scanner status of "Protocol error". These instructions work on Nessus 5x and 6x, when managed by Security Center 4x or 5x.

Follow the instructions below to manually install plugins for the Nessus scanner on a Windows computer. For Linux computers click here.

1. Login to the Nessus scanner.

2. Open PowerShell or the Windows command line (CMD) as privileged user.

3. Stop the Nessus service
# net stop "Tenable Nessus"

4. Remove the Nessus scanner from Security Center

5. Reset the scanner
# …\Program Files\Tenable\Nessus>nessuscli fetch fix --reset

6. Connect the Nessus scanner
# …\Program Files\Tenable\Nessus>nessuscli fetch –security-center

7. Load the plugins into Nessus
# …\Program Files\Tenable\Nessus>nessuscli update plugins_file.tar.qz

8. Start the Nessus scanner
# net start “Tenable Nessus”

9. Login to the web interface for Nessus and verify that the configuration is complete.
https://localhost:8834

10. Login to the web interface for the Security Center. Add the Nessus scanner back and verify connectivity.

Your done.

Related posts
On this Blog

1 comment:

  1. Thank you for posting this information, it proved to be helpful. There is a correction needed for line 5, the "fetch" does not belong in the command. The correct command is:
    nessuscli fix --reset

    Also for Linux users, the path to nessuscli is /opt/nessus/sbin/

    ReplyDelete