Nessus (System Health Client)
This Role installs the Nessus System Health Client and links it to the ETH Monitoring System
General
This Role fullfills the following steps:
- Check if Nessus Systemhealth Client is already installed
- name: "Check if Nessus Agent is already installed"
stat:
path: /opt/nessus_agent/
register: nessusfolder
- Stop execution of Role when Nessus System Health is already installed
- name: "Stop Playbook when Nessus Agent is already installed"
ansible.builtin.meta: end_play
when: nessusfolder.stat.exists == true
- Create the local Target Directory for download of .deb Package
- name: "Create Destination Directory"
file:
path: /usr/local/nessus/
state: directory
mode: '0755'
- Download .deb package of Nessus System Health Client
- name: "Download .deb package from Seed Server"
get_url:
url: https://seed.s4d.ethz.ch/payload/common/jammy/nessus/NessusAgent10.3.2.deb
dest: /usr/local/nessus/NessusAgent10.3.2.deb
mode: 0644
when: nessusfolder.stat.exists == false
become: true
- Install Nessus System Health Client
- name: "Install Nessus Agent on target system"
shell: dpkg -i /usr/local/nessus/NessusAgent10.3.2.deb
when: nessusfolder.stat.exists == false
become: true
- Start Service
- name: "Start Nessus Service"
shell: /bin/systemctl start nessusagent.service
when: nessusfolder.stat.exists == false
become: true
- Link Nessus System Health with ETH Environment (daily)
- name: "Apply ETH Config for Nessus Agent"
shell: /opt/nessus_agent/sbin/nessuscli agent link --host=vcnc-prd-01.ethz.ch --port=8834 --key=9a36735bbd7bc76b035f3c7a9fa3fe43cc7b579d889d09a50dd0016f40172cf3 --groups=clt-daily-11h
when: nessusfolder.stat.exists == false
become: true
when: nessus_schedule == "daily"
- Link Nessus System Health with ETH Environment (weekly)
- name: "Apply ETH Config for Nessus Agent"
shell: /opt/nessus_agent/sbin/nessuscli agent link --host=vcnc-prd-01.ethz.ch --port=8834 --key=9a36735bbd7bc76b035f3c7a9fa3fe43cc7b579d889d09a50dd0016f40172cf3 --groups=clt-wkly-we-15h
when: nessusfolder.stat.exists == false
become: true
when: nessus_schedule == "weekly"
- Check if Installation was successfull
- name: "Check if Installation was successfull"
debug:
msg: "Nessus Agent 10.3.2 was successfully installed"
when: nessusfolder_new.stat.exists
Dependencies
Role Dependencies
None
Package Dependencies
None
Role Variables
| Name | Type | Default value | Purpose | Comment | Role |
|---|---|---|---|---|---|
| nessus_conf | Boolean | false | If this variable is set to true in the inventory file, Ansible will run the role Has to be defined in hosts file |
Possible values: true: enables role false: disables role |
jammy_nessus |
| nessus_schedule | string | - | Defines the schedule of the System Health Check | Possible values: daily: Define a daily schedule for Client-Health check. weekly: Define a weekly schedule for Client-Health check. |
jammy_nessus |
| nessus_key | string | String can be found in our wiki | Contains the Serialkey for Tenable Nessus Client Should be defined in group_vars! |
- | jammy_nessus |
Example Playbook
Including an example of how to use your role (for instance, with variables passed in as parameters) is always nice for users too:
---
- hosts: all
roles:
- jammy_nessus
Example Inventory/hosts
COMPUTERNAME:
mac_address: aa-bb-cc-dd-ee-ff
nessus_conf: true
nessus_schedule: daily
Standalone Playbook
- do_jammy_nessus
License
BSD
Author Information
Maintainer:
Sandro Romagnoli
Support-Contact:
s4d-linux-support@id.ethz.ch