Nessus (System Health Client)

This Role installs the Nessus System Health Client and links it to the ETH Monitoring System

General

This Role fullfills the following steps:

  • Check if Nessus Systemhealth Client is already installed
  - name: "Check if Nessus Agent is already installed"
    stat:
      path: /opt/nessus_agent/
    register: nessusfolder
  • Stop execution of Role when Nessus System Health is already installed
  - name: "Stop Playbook when Nessus Agent is already installed"
    ansible.builtin.meta: end_play
    when: nessusfolder.stat.exists == true
  • Create the local Target Directory for download of .deb Package
  - name: "Create Destination Directory"
    file:
      path: /usr/local/nessus/
      state: directory
      mode: '0755'
  • Download .deb package of Nessus System Health Client
  - name: "Download .deb package from Seed Server"
    get_url:
      url: https://seed.s4d.ethz.ch/payload/common/noble/nessus/NessusAgent10.3.2.deb
      dest: /usr/local/nessus/NessusAgent10.3.2.deb
      mode: 0644
    when:  nessusfolder.stat.exists == false
    become: true
  • Install Nessus System Health Client
  - name: "Install Nessus Agent on target system"
    shell: dpkg -i /usr/local/nessus/NessusAgent10.3.2.deb
    when: nessusfolder.stat.exists == false
    become: true
  • Start Service
  - name: "Start Nessus Service"
    shell: /bin/systemctl start nessusagent.service
    when: nessusfolder.stat.exists == false
    become: true
  • Link Nessus System Health with ETH Environment (daily)
  - name: "Apply ETH Config for Nessus Agent"
    shell: /opt/nessus_agent/sbin/nessuscli agent link --host=vcnc-prd-01.ethz.ch --port=8834 --key=9a36735bbd7bc76b035f3c7a9fa3fe43cc7b579d889d09a50dd0016f40172cf3 --groups=clt-daily-11h
    when: nessusfolder.stat.exists == false
    become: true
    when: nessus_schedule == "daily"

  • Link Nessus System Health with ETH Environment (weekly)
  - name: "Apply ETH Config for Nessus Agent"
    shell: /opt/nessus_agent/sbin/nessuscli agent link --host=vcnc-prd-01.ethz.ch --port=8834 --key=9a36735bbd7bc76b035f3c7a9fa3fe43cc7b579d889d09a50dd0016f40172cf3 --groups=clt-wkly-we-15h
    when: nessusfolder.stat.exists == false
    become: true
    when: nessus_schedule == "weekly"
  • Check if Installation was successfull
  - name: "Check if Installation was successfull"
    debug:
      msg: "Nessus Agent 10.3.2 was successfully installed"
    when: nessusfolder_new.stat.exists

Dependencies

Role Dependencies

None

Package Dependencies

None

Role Variables

Name Type Default value Purpose Comment Role
nessus_conf Boolean false If this variable is set to true in the inventory file, Ansible will run the role

Has to be defined in hosts file
Possible values:
true: enables role
false: disables role
noble_nessus
nessus_schedule string - Defines the schedule of the System Health Check Possible values:
daily:
Define a daily schedule for Client-Health check.

weekly:
Define a weekly schedule for Client-Health check.
noble_nessus
nessus_key string String can be found in our wiki Contains the Serialkey for Tenable Nessus Client

Should be defined in group_vars!
- noble_nessus

Example Playbook

Including an example of how to use your role (for instance, with variables passed in as parameters) is always nice for users too:

---
- hosts: all
  roles:
  - noble_nessus

Example Inventory/hosts

COMPUTERNAME:
  mac_address: aa-bb-cc-dd-ee-ff
  nessus_conf: true
  nessus_schedule: daily

Standalone Playbook

  • do_noble_nessus

License

BSD

Author Information

Maintainer:
Sandro Romagnoli

Support-Contact:
s4d-linux-support@id.ethz.ch