allenmichael · October 29, 2021 19:51
diff --git a/install.ps1 b/install.ps1
 Write-Host "Install command has been executed. Nessus Agent will be installed"
 $serviceName = 'Tenable Nessus Agent'
 $nameE = "Enable Nessus Agent"
 $operationE = "Starting Nessus Agent"
 $messageE = "Enable Nessus agent"

 function DownloadFile {
    Param(
        [Parameter(Mandatory = $True)]
        [hashtable]$Params,
        [int]$Retries = 3
    )
    $package = $Params['Package']
    $outFile = $Params['OutFile']
    [int]$trials = 0
    $webClient = New-Object net.webclient
    $downloadUrl = "https://"
    do {
        try {
            $trials += 1
            $webClient.DownloadFile($downloadUrl, $outFile)
            Write-Host "Nessus Agent downloaded" "INFO"
            break
        }
        catch [System.Net.WebException] {
            Write-Host "Problem downloading $downloadUrl `tTrial $trials `n` tException:  $_.Exception.Message" "ERROR"
            throw "Problem downloading $downloadUrl `tTrial $trials `n` tException:  $_.Exception.Message"
        }
    }
    while ($trials -lt $Retries)
 }

 function Start-Nessus-Agent {
    $retries = 3
    $retryCount = 0
    $completed = $false
    while (-not $completed) {
        Try {
            Write-Host "Starting the Nessus Agent" "INFO"
            Start-Service "$serviceName"
            Write-Host "The Nessus Agent is started" "INFO"
            $completed = $true
            Write-Host "$nameE" "$operationE" "success" "$messageE" "success" "Nessus Agent service has started"
        }
        Catch {
            if ($retryCount -ge $retries) {
                Write-Host "Starting the Nessus Agent failed after 3 retries" "ERROR"
                Write-Host $_ "ERROR"
                Write-Host $_.ScriptStackTrace "ERROR"
                Write-Host "$nameE" "$operationE" "error" "$messageE" "error" "Nessus Agent service has not started"
                exit 1
            }
            else {
                Write-Host "Starting the Nessus Agent has failed. retrying in 20s" "ERROR"
                Write-Host $_ "ERROR"
                Write-Host $_.ScriptStackTrace "ERROR"
                sleep 20
                $retryCount++
            }
        }
    }
 }

 $nessusLinkingKey = $Env:SSM_LINKING_KEY
 $nessusAgentName = $Env:SSM_AGENT_NAME
 $nessusAgentGroups = $Env:SSM_AGENT_GROUP

 if (!$nessusAgentName) {
    $nessusAgentName = "aws-tio-agent-{0}" -f [System.Net.Dns]::GetHostName()
 }

 if (!$nessusAgentGroups) {
    $nessusAgentGroups = '["aws-tio-agents"]'
 }

 if (!$nessusLinkingKey) {
    Write-Host "Failed to find a Nessus Linking Key. A Nessus Linking Key is required to be passed in the SSM_LINKING_KEY environment variable located in the additional arguments fields." "ERROR"
    throw "SSM_LINKING_KEY is required in the additional arguments fields"
 }

 $x64FileName = "NessusAgent-x64.msi"
 $x86FileName = "NessusAgent-Win32.msi"
 $package = ""

 if ([Environment]::Is64BitOperatingSystem) {
    $package = $x64FileName
 }
 else {
    $package = $x86FileName
 }

 $savedFile = "$env:temp\" + $package
 Write-Host "Starting download of Nessus Agent package" "INFO"
 DownloadFile -Params @{'Package' = "$package"; 'OutFile' = "$savedFile" }
 Write-Host "Nessus Agent package downloaded" "INFO" 

 $DataStamp = get-date -Format yyyyMMddTHHmmss
 $logFile = "$env:temp\nessus-agent-install-$DataStamp.log"

 $params = '/i', "$savedFile", '/qn', '/norestart', '/L*v', "$logFile"

 Write-Host "Starting install of Nessus Agent package" "INFO" 
 Start-Process "msiexec.exe" -ArgumentList $params -Wait -NoNewWindow -PassThru
 Write-Host "Nessus Agent package installed" "INFO" 

 if ((Get-Service $serviceName).Status -ne 'Running') {
    Start-Nessus-Agent
 }
 Write-Host "Nessus Agent is now installed and running." "INFO"

 $nessusCLI = 'C:\Program Files\Tenable\Nessus Agent\nessuscli.exe'
 $nessusCLIEnableParams = 'agent', 'link', "--key=$nessusLinkingKey", "--name=$nessusAgentName", "--groups=$nessusAgentGroups", '--cloud'
 $nessusCLIFixUpdateParams = 'fix', '--set', 'agent_update_channel=ga'
 Start-Process $nessusCLI -ArgumentList $nessusCLIEnableParams -Wait -NoNewWindow -PassThru
 Start-Process $nessusCLI -ArgumentList $nessusCLIFixUpdateParams -Wait -NoNewWindow -PassThru

 $retries = 3
 $retryCount = 0
 $completed = $false
 while (-not $completed) {
    $nessusCLIAgentStatusParams = 'agent', 'status'
    Start-Process $nessusCLI -ArgumentList $nessusCLIAgentStatusParams -Wait -NoNewWindow -PassThru -RedirectStandardOutput stdout.txt -RedirectStandardError stderr.txt
    $checkForError = Get-Content -Path 'stderr.txt'
    $agentStatus = Get-Content -Path 'stdout.txt'
    $connectedPattern = 'Connected to cloud.tenable.com:443'
    if ($checkForError) {
        Write-Host "Nessus Agent CLI is not connecting and cannot verify a linked Nessus Agent" "ERROR"
    }
    if ($agentStatus) {
        $foundConnection = $agentStatus | Select-String -Pattern $connectedPattern
        if ($foundConnection) {
            Write-Host "Nessus Agent is confirmed as linked to Tenable.io" "INFO"
            $completed = $true
            break
        }
        else {
            Write-Host "Nessus Agent not linked to Tenable.io yet." "INFO"
        }
    }
    else {
        Write-Host "Nessus Agent CLI is not connecting and cannot verify a linked Nessus Agent" "ERROR"
    }

    if ($retryCount -ge $retries) {
        Write-Host "Checking the Nessus Agent linking status has failed after 3 retries. This does not mean that the Nessus Agent did not link. Please check within your Tenable.io dashboard to verify that this Nessus Agent is linked." "ERROR"
        Write-Host "$nameE" "$operationE" "error" "$messageE" "$subName" "error" "Nessus Agent service has not started"
        exit 0
    }
    else {
        Write-Host "Starting the Nessus Agent has failed. retrying in 20s" "ERROR"
        sleep 20
        $retryCount++
    }
 }
diff --git a/install.sh b/install.sh
 #!/bin/bash
 if [[ -z "${SSM_LINKING_KEY}" ]]; then
    printf '%s\n' "SSM_LINKING_KEY is required in the additional arguments fields" >&2
    exit 1
 fi
 if [[ -z "${SSM_AGENT_NAME}" ]]; then
    SSM_AGENT_NAME="aws-tio-agent-$(hostname)"
 fi
 if [[ -z "${SSM_AGENT_GROUP}" ]]; then
    SSM_AGENT_GROUP='aws-tio-agents'
 fi

 $download_url="https://"

 CONFIGURATION='{"link":{"host":"cloud.tenable.com","port":443,"key":'\""$SSM_LINKING_KEY"\"',"name":'\""$SSM_AGENT_NAME"\"',"groups":['\""$SSM_AGENT_GROUP"\"']}}'
 SERVER='cloud.tenable.com:443'
 echo "** Beginning Nessus Agent installation process. **"

 release=$(cat /etc/*release)
 centos8=$(echo "$release" | grep -c "centos:8")
 centos7=$(echo "$release" | grep -c "centos:7")
 centos6=$(echo "$release" | grep -c "CentOS release 6")
 rhel8=$(echo "$release" | grep -c "enterprise_linux:8")
 rhel7=$(echo "$release" | grep -c "enterprise_linux:7")
 rhel6=$(echo "$release" | grep -c "Red Hat Enterprise Linux.*release 6")
 ubuntu=$(echo "$release" | grep NAME | grep -c Ubuntu)
 debian=$(echo "$release" | grep NAME | grep -c Debian)
 fedora=$(echo "$release" | grep NAME | grep -c Fedora)
 al1=$(echo "$release" | grep NAME | grep -c "Amazon Linux AMI")
 al2=$(echo "$release" | grep PRETTY_NAME | grep -c "Amazon Linux 2")
 suse15=$(echo "$release" | grep -c "SUSE Linux Enterprise Server 15")
 suse12=$(echo $release | grep -c "SUSE Linux Enterprise Server 12")
 suse11=$(echo $release | grep -c "SUSE Linux Enterprise Server 11")
 aarch64=$(uname -p | grep -c aarch64)

 is_64_bit=0
 if [[ $(getconf LONG_BIT) -eq "64" ]]; then
  is_64_bit=1
 fi

 file=
 cmd=
 startcmd="/bin/systemctl start nessusagent"

 if [[ $aarch64 -eq 0 ]]; then
    if [[ $rhel8 -gt 0 ]] || [[ $centos8 -gt 0 ]]; then
        file=NessusAgent-es8.x86_64.rpm
        cmd="rpm -ivh $file"
    elif [[ $rhel7 -gt 0 ]] || [[ $centos7 -gt 0 ]]; then
        file=NessusAgent-es7.x86_64.rpm
        cmd="rpm -ivh $file"
    elif [[ $rhel6 -gt 0 ]] || [[ $centos6 -gt 0 ]]; then
        if [[ $is_64_bit -gt 0 ]]; then
            file=NessusAgent-es6.x86_64.rpm
        else
            file=NessusAgent-es6.i386.rpm
        fi
        cmd="rpm -ivh $file"
        startcmd="/sbin/service nessusagent start"
    elif [[ $al2 -gt 0 ]] || [[ $al1 -gt 0 ]]; then
        file=NessusAgent-amzn.x86_64.rpm
        cmd="rpm -ivh $file"
        startcmd="/sbin/service nessusagent start"
    elif [[ $fedora -gt 0 ]]; then
        file=NessusAgent-fc20.x86_64.rpm
        cmd="rpm -ivh $file"
        startcmd="/sbin/service nessusagent start"
    elif [[ $ubuntu -gt 0 ]]; then
        if [[ $is_64_bit -gt 0 ]]; then
            file=NessusAgent-ubuntu1110_amd64.deb
        else
            file=NessusAgent-ubuntu1110_i386.deb
        fi
        cmd="dpkg -i $file"

        if [[ ! -x /bin/systemctl ]]; then
            startcmd="/etc/init.d/nessusagent start"
        fi
    elif [[ $debian -gt 0 ]]; then
        if [[ $is_64_bit -gt 0 ]]; then
            file=NessusAgent-debian6_amd64.deb
        else
            file=NessusAgent-debian6_i386.deb
        fi
        cmd="dpkg -i $file"

        if [[ ! -x /bin/systemctl ]]; then
            startcmd="/etc/init.d/nessusagent start"
        fi
    elif [[ $suse15 -gt 0]]; then
        file=NessusAgent-suse15.x86_64.rpm
        cmd="rpm -ivh $file"

        startcmd="/etc/rc.d/nessusagent start"
    elif [[ $suse12 -gt 0]]; then
        file=NessusAgent-suse12.x86_64.rpm
        cmd="rpm -ivh $file"
        
        startcmd="/etc/rc.d/nessusagent start"
    elif [[ $suse11 -gt 0]]; then
        file=NessusAgent-suse11.x86_64.rpm
        cmd="rpm -ivh $file"
        
        startcmd="/etc/rc.d/nessusagent start"
    fi
 else
    if [[ $al2 -gt 0 ]]; then
        file=NessusAgent-amzn2.aarch64.rpm
        cmd="rpm -ivh $file"
    fi
 fi

 if [[ -z "$file" ]]; then
    echo "Unknown or unsupported OS."
    exit 1
 fi

 if dpkg -S /bin/ls >/dev/null 2>&1; then
    apt-get update
    if [ $(dpkg-query -W -f='${Status}' curl 2>/dev/null | grep -c "ok installed") -eq 0 ]; then
        (apt-get --yes install curl || (
            sleep 15
            apt-get --yes install curl
        ))
    fi
 elif rpm -q -f /bin/ls >/dev/null 2>&1; then
    if ! command -v curl &>/dev/null; then
    if command -v yum &>/dev/null; then
        yum install curl -y
    elif command -v zypper &>/dev/null; then
        zypper install -y curl
    fi 
 fi

 echo "Installing Nessus Agent install package $file"
 curl -sk https://$download_url/$file -o $file -D $file.headers

 ok200=$(cat $file.headers | grep -c 'HTTP/1.1 200')
 if [[ $ok200 -eq 0 ]]; then
    echo "Could not download the installation package for Nessus Agent."
    exit 1
 fi

 echo "Installing Nessus Agent."
 $cmd
 RC=$?

 rm -f $file
 rm -f $file.headers

 if [[ $RC -ne 0 ]]; then
    echo "Error installing Nessus Agent; exiting."
    exit 1
 fi

 echo "Applying auto-configuration."
 echo $CONFIGURATION >/opt/nessus_agent/var/nessus/config.json

 echo "Starting Nessus Agent."
 output=$($startcmd 2>&1)

 echo "Waiting for Nessus Agent to start and link..."
 EFFECTIVE_CF=/opt/nessus_agent/var/nessus/.autoconfigure.json
 ACF_ERRORS=/opt/nessus_agent/var/nessus/.autoconfigure.error
 NESSUSCLI=/opt/nessus_agent/sbin/nessuscli

 retries=50
 tries=0
 COMPLETE=0
 ERRORS=0
 while [ "$tries" -lt "$retries" ]; do
    if [ -e "$EFFECTIVE_CF" ]; then
        echo
        echo "Auto-configuration complete."
        COMPLETE=1
        break
    fi

    echo -n "."
    tries=$(($tries + 1))
    sleep 10
 done

 if [ -e "$ACF_ERRORS" ]; then
    ERRORS=1
 fi

 $NESSUSCLI fix --secure --get ms_server_ip 2>&1 1>/dev/null
 RC=$?

 if [ "$RC" -eq "0" ]; then
    echo "The Nessus Agent is now linked to $SERVER"
 else
    echo "The Nessus Agent may have failed to link to $SERVER"
 fi

 if [ -e "$ACF_ERRORS" ]; then
    echo "There were errors during the autoconfiguration process: "
    cat $ACF_ERRORS
    echo
 fi
diff --git a/uninstall.ps1 b/uninstall.ps1
 Write-Host "Uninstall command has been executed. Nessus Agent will be uninstalled"
 $serviceName = 'Tenable Nessus Agent'
 $nameE = "Uninstall Nessus Agent"
 $operationE = "Stopping Nessus Agent"
 $messageE = "Uninstall Nessus agent"

 function Stop-NessusAgent {
    $retries = 3
    $retryCount = 0
    $completed = $false
    while (-not $completed) {
        Try {
            Write-Host "Stopping the Nessus Agent" "INFO"
            Stop-Service "$serviceName"
            Write-Host "The Nessus Agent has been stopped" "INFO"
            $completed = $true
            Write-Status "$nameE" "$operationE" "success" "$messageE" "success" "Nessus Agent service has stopped"
        }
        Catch {
            if ($retryCount -ge $retries) {
                Write-Host "Stopping the Nessus Agent failed after 3 retries" "ERROR"
                Write-Host $_ "ERROR"
                Write-Host $_.ScriptStackTrace "ERROR"
                Write-Status "$nameE" "$operationE" "error" "$messageE" "error" "Nessus Agent service has not been stopped"
                exit 1
            }
            else {
                Write-Host "Stopping the Nessus Agent has failed. retrying in 20s" "ERROR"
                Write-Host $_ "ERROR"
                Write-Host $_.ScriptStackTrace "ERROR"
                sleep 20
                $retryCount++
            }
        }
    }
 }

 $nessusCLI = 'C:\Program Files\Tenable\Nessus Agent\nessuscli.exe'
 $retries = 3
 $retryCount = 0
 $completed = $false
 while (-not $completed) {
    try {
        $nessusCLIUnlinkParams = 'agent', 'unlink'
        Start-Process $nessusCLI -ArgumentList $nessusCLIUnlinkParams -Wait -NoNewWindow -PassThru
    }
    catch {   
    }
    $nessusCLIAgentStatusParams = 'agent', 'status'
    Start-Process $nessusCLI -ArgumentList $nessusCLIAgentStatusParams -Wait -NoNewWindow -PassThru -RedirectStandardOutput stdout.txt -RedirectStandardError stderr.txt
    $checkForError = Get-Content -Path 'stderr.txt'
    $agentStatus = Get-Content -Path 'stdout.txt'
    $unlinkedPattern = 'Not linked to a manager'
    if ($checkForError) {
        Write-Host "Nessus Agent CLI is not connecting and cannot verify unlinking Nessus Agent" "ERROR"
    }
    if ($agentStatus) {
        $foundUnlinked = $agentStatus | Select-String -Pattern $unlinkedPattern
        if ($foundUnlinked) {
            Write-Host "Nessus Agent is confirmed as unlinked to Tenable.io" "INFO"
            $completed = $true
            break
        }
    }
    else {
        Write-Host "Nessus Agent CLI is not connecting and cannot verify unlinking Nessus Agent" "ERROR"
    }

    if ($retryCount -ge $retries) {
        Write-Host "Unlinking the Nessus Agent has failed after 3 retries. Please unlink from the Tenable.io dashboard" "ERROR"
        Write-Host "$nameE" "$operationE" "error" "$messageE" "$subName" "error" "Nessus Agent service has not started"
        break
    }
    else {
        Write-Host "Nessus Agent still linked to Tenable.io. Trying to unlink again in 20s" "ERROR"
        sleep 20
        $retryCount++
    }
 }

 Stop-NessusAgent
 $agentInstalledName = Get-Package -Provider Programs -IncludeWindowsInstaller -Name 'Nessus Agent*' | Select-Object -ExpandProperty Name
 $installedAgent = Get-WmiObject -Class Win32_Product | Where-Object { $_.Name -eq $agentInstalledName }
 $installedAgent.Uninstall()
diff --git a/uninstall.sh b/uninstall.sh
 #!/bin/bash

 release=$(cat /etc/*release)
 centos8=$(echo "$release" | grep -c "centos:8")
 rhel8=$(echo "$release" | grep -c "enterprise_linux:8")
 centos7=$(echo "$release" | grep -c "centos:7")
 centos6=$(echo "$release" | grep -c "CentOS release 6")
 rhel7=$(echo "$release" | grep -c "enterprise_linux:7")
 rhel6=$(echo "$release" | grep -c "Red Hat Enterprise Linux.*release 6")
 ubuntu=$(echo "$release" | grep NAME | grep -c Ubuntu)
 debian=$(echo "$release" | grep NAME | grep -c Debian)
 fedora=$(echo "$release" | grep NAME | grep -c Fedora)
 al1=$(echo "$release" | grep NAME | grep -c "Amazon Linux AMI")
 al2=$(echo "$release" | grep PRETTY_NAME | grep -c "Amazon Linux 2")
 aarch64=$(uname -p | grep -c aarch64)

 /opt/nessus_agent/sbin/nessuscli agent unlink

 if [[ $centos8 -gt 0 ]] || [[ $centos7 -gt 0 ]] || [[ $centos6 -gt 0 ]] ||
    [[ $rhel8 -gt 0 ]] || [[ $rhel7 -gt 0 ]] || [[ $rhel6 -gt 0 ]] ||
    [[ $al2 -gt 0 ]] || [[ $al1 -gt 0 ]] || [[ $fedora -gt 0 ]]; then
    /sbin/service nessusagent stop ||
        distro=$(rpm -qa | grep -i NessusAgent) ||
        rpm -e $distro || true
 elif [[ $ubuntu -gt 0 ]] || [[ $debian -gt 0 ]]; then
    if [[ ! -x /bin/systemctl ]]; then
        /etc/init.d/nessusagent stop
    else
        /bin/systemctl stop nessusagent
    fi
    distro=$(dpkg -l | grep -i NessusAgent) ||
        dpkg -r $distro || true
 else
    echo "Unknown or unsupported OS."
    exit 1
 fi
	Write-Host "Install command has been executed. Nessus Agent will be installed"
	$serviceName = 'Tenable Nessus Agent'
	$nameE = "Enable Nessus Agent"
	$operationE = "Starting Nessus Agent"
	$messageE = "Enable Nessus agent"

	function DownloadFile {
	Param(
	[Parameter(Mandatory = $True)]
	[hashtable]$Params,
	[int]$Retries = 3
	)
	$package = $Params['Package']
	$outFile = $Params['OutFile']
	[int]$trials = 0
	$webClient = New-Object net.webclient
	$downloadUrl = "https://"
	do {
	try {
	$trials += 1
	$webClient.DownloadFile($downloadUrl, $outFile)
	Write-Host "Nessus Agent downloaded" "INFO"
	break
	}
	catch [System.Net.WebException] {
	Write-Host "Problem downloading $downloadUrl `tTrial $trials `n` tException: $_.Exception.Message" "ERROR"
	throw "Problem downloading $downloadUrl `tTrial $trials `n` tException: $_.Exception.Message"
	}
	}
	while ($trials -lt $Retries)
	}

	function Start-Nessus-Agent {
	$retries = 3
	$retryCount = 0
	$completed = $false
	while (-not $completed) {
	Try {
	Write-Host "Starting the Nessus Agent" "INFO"
	Start-Service "$serviceName"
	Write-Host "The Nessus Agent is started" "INFO"
	$completed = $true
	Write-Host "$nameE" "$operationE" "success" "$messageE" "success" "Nessus Agent service has started"
	}
	Catch {
	if ($retryCount -ge $retries) {
	Write-Host "Starting the Nessus Agent failed after 3 retries" "ERROR"
	Write-Host $_ "ERROR"
	Write-Host $_.ScriptStackTrace "ERROR"
	Write-Host "$nameE" "$operationE" "error" "$messageE" "error" "Nessus Agent service has not started"
	exit 1
	}
	else {
	Write-Host "Starting the Nessus Agent has failed. retrying in 20s" "ERROR"
	Write-Host $_ "ERROR"
	Write-Host $_.ScriptStackTrace "ERROR"
	sleep 20
	$retryCount++
	}
	}
	}
	}

	$nessusLinkingKey = $Env:SSM_LINKING_KEY
	$nessusAgentName = $Env:SSM_AGENT_NAME
	$nessusAgentGroups = $Env:SSM_AGENT_GROUP

	if (!$nessusAgentName) {
	$nessusAgentName = "aws-tio-agent-{0}" -f [System.Net.Dns]::GetHostName()
	}

	if (!$nessusAgentGroups) {
	$nessusAgentGroups = '["aws-tio-agents"]'
	}

	if (!$nessusLinkingKey) {
	Write-Host "Failed to find a Nessus Linking Key. A Nessus Linking Key is required to be passed in the SSM_LINKING_KEY environment variable located in the additional arguments fields." "ERROR"
	throw "SSM_LINKING_KEY is required in the additional arguments fields"
	}

	$x64FileName = "NessusAgent-x64.msi"
	$x86FileName = "NessusAgent-Win32.msi"
	$package = ""

	if ([Environment]::Is64BitOperatingSystem) {
	$package = $x64FileName
	}
	else {
	$package = $x86FileName
	}

	$savedFile = "$env:temp\" + $package
	Write-Host "Starting download of Nessus Agent package" "INFO"
	DownloadFile -Params @{'Package' = "$package"; 'OutFile' = "$savedFile" }
	Write-Host "Nessus Agent package downloaded" "INFO"

	$DataStamp = get-date -Format yyyyMMddTHHmmss
	$logFile = "$env:temp\nessus-agent-install-$DataStamp.log"

	$params = '/i', "$savedFile", '/qn', '/norestart', '/L*v', "$logFile"

	Write-Host "Starting install of Nessus Agent package" "INFO"
	Start-Process "msiexec.exe" -ArgumentList $params -Wait -NoNewWindow -PassThru
	Write-Host "Nessus Agent package installed" "INFO"

	if ((Get-Service $serviceName).Status -ne 'Running') {
	Start-Nessus-Agent
	}
	Write-Host "Nessus Agent is now installed and running." "INFO"

	$nessusCLI = 'C:\Program Files\Tenable\Nessus Agent\nessuscli.exe'
	$nessusCLIEnableParams = 'agent', 'link', "--key=$nessusLinkingKey", "--name=$nessusAgentName", "--groups=$nessusAgentGroups", '--cloud'
	$nessusCLIFixUpdateParams = 'fix', '--set', 'agent_update_channel=ga'
	Start-Process $nessusCLI -ArgumentList $nessusCLIEnableParams -Wait -NoNewWindow -PassThru
	Start-Process $nessusCLI -ArgumentList $nessusCLIFixUpdateParams -Wait -NoNewWindow -PassThru

	$retries = 3
	$retryCount = 0
	$completed = $false
	while (-not $completed) {
	$nessusCLIAgentStatusParams = 'agent', 'status'
	Start-Process $nessusCLI -ArgumentList $nessusCLIAgentStatusParams -Wait -NoNewWindow -PassThru -RedirectStandardOutput stdout.txt -RedirectStandardError stderr.txt
	$checkForError = Get-Content -Path 'stderr.txt'
	$agentStatus = Get-Content -Path 'stdout.txt'
	$connectedPattern = 'Connected to cloud.tenable.com:443'
	if ($checkForError) {
	Write-Host "Nessus Agent CLI is not connecting and cannot verify a linked Nessus Agent" "ERROR"
	}
	if ($agentStatus) {
	$foundConnection = $agentStatus \| Select-String -Pattern $connectedPattern
	if ($foundConnection) {
	Write-Host "Nessus Agent is confirmed as linked to Tenable.io" "INFO"
	$completed = $true
	break
	}
	else {
	Write-Host "Nessus Agent not linked to Tenable.io yet." "INFO"
	}
	}
	else {
	Write-Host "Nessus Agent CLI is not connecting and cannot verify a linked Nessus Agent" "ERROR"
	}

	if ($retryCount -ge $retries) {
	Write-Host "Checking the Nessus Agent linking status has failed after 3 retries. This does not mean that the Nessus Agent did not link. Please check within your Tenable.io dashboard to verify that this Nessus Agent is linked." "ERROR"
	Write-Host "$nameE" "$operationE" "error" "$messageE" "$subName" "error" "Nessus Agent service has not started"
	exit 0
	}
	else {
	Write-Host "Starting the Nessus Agent has failed. retrying in 20s" "ERROR"
	sleep 20
	$retryCount++
	}
	}
	#!/bin/bash
	if [[ -z "${SSM_LINKING_KEY}" ]]; then
	printf '%s\n' "SSM_LINKING_KEY is required in the additional arguments fields" >&2
	exit 1
	fi
	if [[ -z "${SSM_AGENT_NAME}" ]]; then
	SSM_AGENT_NAME="aws-tio-agent-$(hostname)"
	fi
	if [[ -z "${SSM_AGENT_GROUP}" ]]; then
	SSM_AGENT_GROUP='aws-tio-agents'
	fi

	$download_url="https://"

	CONFIGURATION='{"link":{"host":"cloud.tenable.com","port":443,"key":'\""$SSM_LINKING_KEY"\"',"name":'\""$SSM_AGENT_NAME"\"',"groups":['\""$SSM_AGENT_GROUP"\"']}}'
	SERVER='cloud.tenable.com:443'
	echo " Beginning Nessus Agent installation process. "

	release=$(cat /etc/*release)
	centos8=$(echo "$release" \| grep -c "centos:8")
	centos7=$(echo "$release" \| grep -c "centos:7")
	centos6=$(echo "$release" \| grep -c "CentOS release 6")
	rhel8=$(echo "$release" \| grep -c "enterprise_linux:8")
	rhel7=$(echo "$release" \| grep -c "enterprise_linux:7")
	rhel6=$(echo "$release" \| grep -c "Red Hat Enterprise Linux.*release 6")
	ubuntu=$(echo "$release" \| grep NAME \| grep -c Ubuntu)
	debian=$(echo "$release" \| grep NAME \| grep -c Debian)
	fedora=$(echo "$release" \| grep NAME \| grep -c Fedora)
	al1=$(echo "$release" \| grep NAME \| grep -c "Amazon Linux AMI")
	al2=$(echo "$release" \| grep PRETTY_NAME \| grep -c "Amazon Linux 2")
	suse15=$(echo "$release" \| grep -c "SUSE Linux Enterprise Server 15")
	suse12=$(echo $release \| grep -c "SUSE Linux Enterprise Server 12")
	suse11=$(echo $release \| grep -c "SUSE Linux Enterprise Server 11")
	aarch64=$(uname -p \| grep -c aarch64)

	is_64_bit=0
	if [[ $(getconf LONG_BIT) -eq "64" ]]; then
	is_64_bit=1
	fi

	file=
	cmd=
	startcmd="/bin/systemctl start nessusagent"

	if [[ $aarch64 -eq 0 ]]; then
	if [[ $rhel8 -gt 0 ]] \|\| [[ $centos8 -gt 0 ]]; then
	file=NessusAgent-es8.x86_64.rpm
	cmd="rpm -ivh $file"
	elif [[ $rhel7 -gt 0 ]] \|\| [[ $centos7 -gt 0 ]]; then
	file=NessusAgent-es7.x86_64.rpm
	cmd="rpm -ivh $file"
	elif [[ $rhel6 -gt 0 ]] \|\| [[ $centos6 -gt 0 ]]; then
	if [[ $is_64_bit -gt 0 ]]; then
	file=NessusAgent-es6.x86_64.rpm
	else
	file=NessusAgent-es6.i386.rpm
	fi
	cmd="rpm -ivh $file"
	startcmd="/sbin/service nessusagent start"
	elif [[ $al2 -gt 0 ]] \|\| [[ $al1 -gt 0 ]]; then
	file=NessusAgent-amzn.x86_64.rpm
	cmd="rpm -ivh $file"
	startcmd="/sbin/service nessusagent start"
	elif [[ $fedora -gt 0 ]]; then
	file=NessusAgent-fc20.x86_64.rpm
	cmd="rpm -ivh $file"
	startcmd="/sbin/service nessusagent start"
	elif [[ $ubuntu -gt 0 ]]; then
	if [[ $is_64_bit -gt 0 ]]; then
	file=NessusAgent-ubuntu1110_amd64.deb
	else
	file=NessusAgent-ubuntu1110_i386.deb
	fi
	cmd="dpkg -i $file"

	if [[ ! -x /bin/systemctl ]]; then
	startcmd="/etc/init.d/nessusagent start"
	fi
	elif [[ $debian -gt 0 ]]; then
	if [[ $is_64_bit -gt 0 ]]; then
	file=NessusAgent-debian6_amd64.deb
	else
	file=NessusAgent-debian6_i386.deb
	fi
	cmd="dpkg -i $file"

	if [[ ! -x /bin/systemctl ]]; then
	startcmd="/etc/init.d/nessusagent start"
	fi
	elif [[ $suse15 -gt 0]]; then
	file=NessusAgent-suse15.x86_64.rpm
	cmd="rpm -ivh $file"

	startcmd="/etc/rc.d/nessusagent start"
	elif [[ $suse12 -gt 0]]; then
	file=NessusAgent-suse12.x86_64.rpm
	cmd="rpm -ivh $file"

	startcmd="/etc/rc.d/nessusagent start"
	elif [[ $suse11 -gt 0]]; then
	file=NessusAgent-suse11.x86_64.rpm
	cmd="rpm -ivh $file"

	startcmd="/etc/rc.d/nessusagent start"
	fi
	else
	if [[ $al2 -gt 0 ]]; then
	file=NessusAgent-amzn2.aarch64.rpm
	cmd="rpm -ivh $file"
	fi
	fi

	if [[ -z "$file" ]]; then
	echo "Unknown or unsupported OS."
	exit 1
	fi

	if dpkg -S /bin/ls >/dev/null 2>&1; then
	apt-get update
	if [ $(dpkg-query -W -f='${Status}' curl 2>/dev/null \| grep -c "ok installed") -eq 0 ]; then
	(apt-get --yes install curl \|\| (
	sleep 15
	apt-get --yes install curl
	))
	fi
	elif rpm -q -f /bin/ls >/dev/null 2>&1; then
	if ! command -v curl &>/dev/null; then
	if command -v yum &>/dev/null; then
	yum install curl -y
	elif command -v zypper &>/dev/null; then
	zypper install -y curl
	fi
	fi

	echo "Installing Nessus Agent install package $file"
	curl -sk https://$download_url/$file -o $file -D $file.headers

	ok200=$(cat $file.headers \| grep -c 'HTTP/1.1 200')
	if [[ $ok200 -eq 0 ]]; then
	echo "Could not download the installation package for Nessus Agent."
	exit 1
	fi

	echo "Installing Nessus Agent."
	$cmd
	RC=$?

	rm -f $file
	rm -f $file.headers

	if [[ $RC -ne 0 ]]; then
	echo "Error installing Nessus Agent; exiting."
	exit 1
	fi

	echo "Applying auto-configuration."
	echo $CONFIGURATION >/opt/nessus_agent/var/nessus/config.json

	echo "Starting Nessus Agent."
	output=$($startcmd 2>&1)

	echo "Waiting for Nessus Agent to start and link..."
	EFFECTIVE_CF=/opt/nessus_agent/var/nessus/.autoconfigure.json
	ACF_ERRORS=/opt/nessus_agent/var/nessus/.autoconfigure.error
	NESSUSCLI=/opt/nessus_agent/sbin/nessuscli

	retries=50
	tries=0
	COMPLETE=0
	ERRORS=0
	while [ "$tries" -lt "$retries" ]; do
	if [ -e "$EFFECTIVE_CF" ]; then
	echo
	echo "Auto-configuration complete."
	COMPLETE=1
	break
	fi

	echo -n "."
	tries=$(($tries + 1))
	sleep 10
	done

	if [ -e "$ACF_ERRORS" ]; then
	ERRORS=1
	fi

	$NESSUSCLI fix --secure --get ms_server_ip 2>&1 1>/dev/null
	RC=$?

	if [ "$RC" -eq "0" ]; then
	echo "The Nessus Agent is now linked to $SERVER"
	else
	echo "The Nessus Agent may have failed to link to $SERVER"
	fi

	if [ -e "$ACF_ERRORS" ]; then
	echo "There were errors during the autoconfiguration process: "
	cat $ACF_ERRORS
	echo
	fi
	Write-Host "Uninstall command has been executed. Nessus Agent will be uninstalled"
	$serviceName = 'Tenable Nessus Agent'
	$nameE = "Uninstall Nessus Agent"
	$operationE = "Stopping Nessus Agent"
	$messageE = "Uninstall Nessus agent"

	function Stop-NessusAgent {
	$retries = 3
	$retryCount = 0
	$completed = $false
	while (-not $completed) {
	Try {
	Write-Host "Stopping the Nessus Agent" "INFO"
	Stop-Service "$serviceName"
	Write-Host "The Nessus Agent has been stopped" "INFO"
	$completed = $true
	Write-Status "$nameE" "$operationE" "success" "$messageE" "success" "Nessus Agent service has stopped"
	}
	Catch {
	if ($retryCount -ge $retries) {
	Write-Host "Stopping the Nessus Agent failed after 3 retries" "ERROR"
	Write-Host $_ "ERROR"
	Write-Host $_.ScriptStackTrace "ERROR"
	Write-Status "$nameE" "$operationE" "error" "$messageE" "error" "Nessus Agent service has not been stopped"
	exit 1
	}
	else {
	Write-Host "Stopping the Nessus Agent has failed. retrying in 20s" "ERROR"
	Write-Host $_ "ERROR"
	Write-Host $_.ScriptStackTrace "ERROR"
	sleep 20
	$retryCount++
	}
	}
	}
	}

	$nessusCLI = 'C:\Program Files\Tenable\Nessus Agent\nessuscli.exe'
	$retries = 3
	$retryCount = 0
	$completed = $false
	while (-not $completed) {
	try {
	$nessusCLIUnlinkParams = 'agent', 'unlink'
	Start-Process $nessusCLI -ArgumentList $nessusCLIUnlinkParams -Wait -NoNewWindow -PassThru
	}
	catch {
	}
	$nessusCLIAgentStatusParams = 'agent', 'status'
	Start-Process $nessusCLI -ArgumentList $nessusCLIAgentStatusParams -Wait -NoNewWindow -PassThru -RedirectStandardOutput stdout.txt -RedirectStandardError stderr.txt
	$checkForError = Get-Content -Path 'stderr.txt'
	$agentStatus = Get-Content -Path 'stdout.txt'
	$unlinkedPattern = 'Not linked to a manager'
	if ($checkForError) {
	Write-Host "Nessus Agent CLI is not connecting and cannot verify unlinking Nessus Agent" "ERROR"
	}
	if ($agentStatus) {
	$foundUnlinked = $agentStatus \| Select-String -Pattern $unlinkedPattern
	if ($foundUnlinked) {
	Write-Host "Nessus Agent is confirmed as unlinked to Tenable.io" "INFO"
	$completed = $true
	break
	}
	}
	else {
	Write-Host "Nessus Agent CLI is not connecting and cannot verify unlinking Nessus Agent" "ERROR"
	}

	if ($retryCount -ge $retries) {
	Write-Host "Unlinking the Nessus Agent has failed after 3 retries. Please unlink from the Tenable.io dashboard" "ERROR"
	Write-Host "$nameE" "$operationE" "error" "$messageE" "$subName" "error" "Nessus Agent service has not started"
	break
	}
	else {
	Write-Host "Nessus Agent still linked to Tenable.io. Trying to unlink again in 20s" "ERROR"
	sleep 20
	$retryCount++
	}
	}

	Stop-NessusAgent
	$agentInstalledName = Get-Package -Provider Programs -IncludeWindowsInstaller -Name 'Nessus Agent*' \| Select-Object -ExpandProperty Name
	$installedAgent = Get-WmiObject -Class Win32_Product \| Where-Object { $_.Name -eq $agentInstalledName }
	$installedAgent.Uninstall()