Nessus Download Failed

[Georgeanna Abson]

YeahI have had many problems with Nessus and you hit the nail on the head. Mount the DMG and find the hidden package and use that instead. I have opened up cases with them about this and also told them that their scripts in their package are no longer supported in flat packages.

when packaging nessus, we need to extract the hidden .NessusAgent.pck file, and import that to composer, then edit the 'postinstall' script that is already there? looks there is already a script when I import it, this is what it contains:

Looks like the only reason they wrap it is for the license, logo, and readme . I stumbled upon the hidden .pkg in their install guide (but should have checked here first). I shouldn't have to do that. Software is supposed to be self-explanatory.

2 years later and this fix still holds true! I was able to unhide the real .NessusAgent.pkg and remove the . from it to unhide, uploaded it into Jamf Pro and successfully rolled out the agent after. Thanks @arekdreyer.

Jamf's purpose is to simplify work by helping organizations manage and secure an Apple experience that end users love and organizations trust. Jamf is the only company in the world that provides a complete management and security solution for an Apple-first environment that is enterprise secure, consumer simple and protects personal privacy. Learn about Jamf.

This site contains User Content submitted by Jamf Nation community members. Jamf does not review User Content submitted by members or other third parties before it is posted. All content on Jamf Nation is for informational purposes only. Information and posts may be out of date when you view them. Jamf is not responsible for, nor assumes any liability for any User Content or other third-party content appearing on Jamf Nation.

104410 None 172.16.1.14 tcp 22 Target Credential Status byAuthentication Protocol - Failure for Provided Credentials "Nessus wasunable to log into the detected authentication protocol, using theprovided credentials, in order to perform credentialedchecks." "Nessus failed to successfully authenticate directly to theremote target on an available authentication protocol. Nessus was ableto connect to the remote port and identify that the service running onthe port supports an authentication protocol, but Nessus failed toauthenticate to the remote service using the provided credentials.

There may have been a failure in protocol negotiation or communicationthat prevented authentication from being attempted or all of theprovided credentials for the authentication protocol may have beeninvalid. A protocol failure may indicate a compatibility issue withthe protocol configuration. A protocol failure due to an environmentalissue such as resource or congestion issues may also prevent validcredentials from being identified. See plugin output for errordetails.

This plugin reports per protocol, so it is possible forvalid credentials to be provided for one protocol and notanother. For example, authentication may succeed via SSHbut fail via SMB, while no credentials were provided foran available SNMP service.

Providing valid credentials for all availableauthentication protocols may improve scan coverage, butthe value of successful authentication for a givenprotocol may vary from target to target depending uponwhat data (if any) is gathered from the target via thatprotocol. For example, successful authentication via SSHis more valuable for Linux targets than for Windowstargets, and likewise successful authentication via SMBis more valuable for Windows targets than for Linuxtargets." "Address the reported problem(s) so that credentialed checks can beexecuted." "Nessus was unable to log into the following host for whichcredentials have been provided :

In a normal SSH connection, the client would initate the key exchange after #64. I'd say the Nessus software is at fault for failing to do that in time. It may be due to the switch generally missing the first ACK but that mustn't be a problem for a client.

LinkedIn and 3rd parties use essential and non-essential cookies to provide, secure, analyze and improve our Services, and to show you relevant ads (including professional and job ads) on and off LinkedIn. Learn more in our Cookie Policy.

However, when something goes wrong with these scans, it can be difficult to pinpoint the source of the issue. In this blog post, I will discuss some of the most common issues related to troubleshooting credentialed scans in #nessus from Tenable and provide tips on how to resolve them.

Once you check the prerequisites above, and the credential scan is still failing, you should look for more details. However, Windows and Linux are different and you also need to check different things for the OSes:

If the problem persists, submit a support case with Tenable and include the Nessus DB scan results, the password used to encrypt the results, and any other relevant information about the target and scanner.

I am trying to integrate the Splunk Add-on tenable to collect scan details from Nessus. Unfotunately, no data has been collected. Here is what I confirmed to do:

1- I installed the add-on on my heavy forwarder and configured the correct index=nessus.

2- I also installed the add-on on the search head cluster as the guide suggested after deleting both "eventgen.conf" & "inputs.conf". (Splunk Add-on for Tenable, Splunk Docs)

3- Moreover, I ensured to get the correct keys from Nessus tenable when configuring the add-on on Splunk.

(How_To_Guide_Tenable.io_Splunk_v2.pdf)

4- The indexers have the correct index.

5- Firewall ports have been allowed.

By running a tcpdump on my Heavyforwarder, I couldn't see any packages sent/received between it and the Nessus server. However, I manged to find two repetitive errors in the Nessuslog file as follow:

@Mystica856 the few times I did run into the above issue was due to a bad API or Secret Key. Hopefuly when you generated your key you copied it down from Nessus. If you do have to pull new keys make sure that you copy them down in a safe place and try adding them back to both Host and Plugin on the HF configuration page.

I've installed Nessus and SecurityCenter on a RedHat 7.5 instance by following the user guide from Tenable. I'm able to get to the Nessus interface which is served on port 8834, create the admin login, and choose "SecurityCenter Manged" but I cannot access SecurityCenter on port 443. I have verified that a listener was added on 443 during the installation but continue to get a 403 error which states "Forbidden, You don't have permission to access / on this server." I've read on the Tenable site that SecurityCenter ownership for all child files/directories should be tns:tns so I tested that but no change was noticed. I tried restarting SecurityCenter but it failed to restart due to httpd process already running.

Previously I used to scan sites using Nessus web client, but when I tried to login with the same credentials I am able to see a401 (Invalid Credentials) error. I have restarted the service nessusd, still facing the same issue.

Nessus is an open-source vulnerability scanner developed by Tenable Inc. It provides a subscription service for security engineers, penetration testers, and other cybersecurity personnel and enthusiasts to proactively find network vulnerabilities, identify and fix them, and automate scans.

Nessus has a paid subscription, Nessus Professional, and a free version, Nessus Essentials, limited to just 16 IP addresses per scanner. Nessus offers various services like vulnerability assessment, vulnerability scanning, network scanning, web scanning, asset discovery, etc.

When downloading the Nessus service, ensure you have a stable internet connection. If your device is not connected to a stable network, or the internet went off while you were downloading Nessus, the download will fail. Check out these tricks to improve your internet speed and connectivity.

Chances are that you are running Linux on a virtual machine like VMware, VirtualBox, HyperV, etc. Edit the settings of your Linux virtual machine and increase the allocated storage. Or you can clear up disk space on your Linux computer with these GUI tools.

Your proxy server might be blocking the Nessus service from updating or downloading your plugins. Ensure that "plugins.nessus.org" is not being filtered by slow proxy servers or proxy-based antivirus. Configure your proxy server to allow this service or put it off.

The Nessus download fails because the plugins fail to install completely or don't install at all. When this occurs, Nessus returns minimal or sometimes empty scans when you use it to scan for vulnerabilities.

Now that you've fixed the error, you can go on to scan vulnerabilities with Nessus. Do not hesitate to take advantage of the numerous templates and tools made available by Nessus to ensure there are no vulnerabilities that could lead to serious cyber threats.

The MID-server is unable to connect to the Tenable Security Center host even though we have allowed Port 443 and the username/pwd are configured correctly. How can i further troubleshoot what is causing the connection to fail ?

Hi All, this has been resolved. Please ensure to put when entering the name/ip in the "Address" field of Tenable.sc . The documentation does not mention this . After changing to it worked for us. Ensure port 443 is open though as a pre-requisite.

I would recommend verifying that the MID Server is able to connect to the Tenable.sc host. Typically the MID server needs to be in the same subnet as the Tenable host, and I have even put it on the same server in the past. You may also need to open additional ports, as I believe Tenable uses 8835 as a default communication port. See the Tenable documentation for more information on ports, as you may be using different ones: -ports-are-required-for-Tenable-products

Hi @Weston Wilson , Apparently Tenable documentation for SNOW mentions only port 443 as required to be opened between the MID Server and T.SC instance. This is because T.SC only uses 443 https for accessing its GUI. THe nessus scanners in turn use 8834 however, they r not involved in SNOW integration directly.

3a8082e126