allenmichael/install.ps1

## install.ps1
Write-Host "Install command has been executed. Nessus Agent will be installed"
$serviceName = 'Tenable Nessus Agent'
$nameE = "Enable Nessus Agent"
$operationE = "Starting Nessus Agent"
$messageE = "Enable Nessus agent"

function DownloadFile {
    Param(
        [Parameter(Mandatory = $True)]
        [hashtable]$Params,
        [int]$Retries = 3
    )
    $package = $Params['Package']
    $outFile = $Params['OutFile']
    [int]$trials = 0
    $webClient = New-Object net.webclient
    $downloadUrl = "https://"
    do {
        try {
            $trials += 1
            $webClient.DownloadFile($downloadUrl, $outFile)
            Write-Host "Nessus Agent downloaded" "INFO"
            break
        }
        catch [System.Net.WebException] {
            Write-Host "Problem downloading $downloadUrl `tTrial $trials `n` tException:  $_.Exception.Message" "ERROR"
            throw "Problem downloading $downloadUrl `tTrial $trials `n` tException:  $_.Exception.Message"
        }
    }
    while ($trials -lt $Retries)
}

function Start-Nessus-Agent {
    $retries = 3
    $retryCount = 0
    $completed = $false
    while (-not $completed) {
        Try {
            Write-Host "Starting the Nessus Agent" "INFO"
            Start-Service "$serviceName"
            Write-Host "The Nessus Agent is started" "INFO"
            $completed = $true
            Write-Host "$nameE" "$operationE" "success" "$messageE" "success" "Nessus Agent service has started"
        }
        Catch {
            if ($retryCount -ge $retries) {
                Write-Host "Starting the Nessus Agent failed after 3 retries" "ERROR"
                Write-Host $_ "ERROR"
                Write-Host $_.ScriptStackTrace "ERROR"
                Write-Host "$nameE" "$operationE" "error" "$messageE" "error" "Nessus Agent service has not started"
                exit 1
            }
            else {
                Write-Host "Starting the Nessus Agent has failed. retrying in 20s" "ERROR"
                Write-Host $_ "ERROR"
                Write-Host $_.ScriptStackTrace "ERROR"
                sleep 20
                $retryCount++
            }
        }
    }
}

$nessusLinkingKey = $Env:SSM_LINKING_KEY
$nessusAgentName = $Env:SSM_AGENT_NAME
$nessusAgentGroups = $Env:SSM_AGENT_GROUP

if (!$nessusAgentName) {
    $nessusAgentName = "aws-tio-agent-{0}" -f [System.Net.Dns]::GetHostName()
}

if (!$nessusAgentGroups) {
    $nessusAgentGroups = '["aws-tio-agents"]'
}

if (!$nessusLinkingKey) {
    Write-Host "Failed to find a Nessus Linking Key. A Nessus Linking Key is required to be passed in the SSM_LINKING_KEY environment variable located in the additional arguments fields." "ERROR"
    throw "SSM_LINKING_KEY is required in the additional arguments fields"
}

$x64FileName = "NessusAgent-x64.msi"
$x86FileName = "NessusAgent-Win32.msi"
$package = ""

if ([Environment]::Is64BitOperatingSystem) {
    $package = $x64FileName
}
else {
    $package = $x86FileName
}

$savedFile = "$env:temp\" + $package
Write-Host "Starting download of Nessus Agent package" "INFO"
DownloadFile -Params @{'Package' = "$package"; 'OutFile' = "$savedFile" }
Write-Host "Nessus Agent package downloaded" "INFO"

$DataStamp = get-date -Format yyyyMMddTHHmmss
$logFile = "$env:temp\nessus-agent-install-$DataStamp.log"

$params = '/i', "$savedFile", '/qn', '/norestart', '/L*v', "$logFile"

Write-Host "Starting install of Nessus Agent package" "INFO"
Start-Process "msiexec.exe" -ArgumentList $params -Wait -NoNewWindow -PassThru
Write-Host "Nessus Agent package installed" "INFO"

if ((Get-Service $serviceName).Status -ne 'Running') {
    Start-Nessus-Agent
}
Write-Host "Nessus Agent is now installed and running." "INFO"

$nessusCLI = 'C:\Program Files\Tenable\Nessus Agent\nessuscli.exe'
$nessusCLIEnableParams = 'agent', 'link', "--key=$nessusLinkingKey", "--name=$nessusAgentName", "--groups=$nessusAgentGroups", '--cloud'
$nessusCLIFixUpdateParams = 'fix', '--set', 'agent_update_channel=ga'
Start-Process $nessusCLI -ArgumentList $nessusCLIEnableParams -Wait -NoNewWindow -PassThru
Start-Process $nessusCLI -ArgumentList $nessusCLIFixUpdateParams -Wait -NoNewWindow -PassThru

$retries = 3
$retryCount = 0
$completed = $false
while (-not $completed) {
    $nessusCLIAgentStatusParams = 'agent', 'status'
    Start-Process $nessusCLI -ArgumentList $nessusCLIAgentStatusParams -Wait -NoNewWindow -PassThru -RedirectStandardOutput stdout.txt -RedirectStandardError stderr.txt
    $checkForError = Get-Content -Path 'stderr.txt'
    $agentStatus = Get-Content -Path 'stdout.txt'
    $connectedPattern = 'Connected to cloud.tenable.com:443'
    if ($checkForError) {
        Write-Host "Nessus Agent CLI is not connecting and cannot verify a linked Nessus Agent" "ERROR"
    }
    if ($agentStatus) {
        $foundConnection = $agentStatus | Select-String -Pattern $connectedPattern
        if ($foundConnection) {
            Write-Host "Nessus Agent is confirmed as linked to Tenable.io" "INFO"
            $completed = $true
            break
        }
        else {
            Write-Host "Nessus Agent not linked to Tenable.io yet." "INFO"
        }
    }
    else {
        Write-Host "Nessus Agent CLI is not connecting and cannot verify a linked Nessus Agent" "ERROR"
    }

    if ($retryCount -ge $retries) {
        Write-Host "Checking the Nessus Agent linking status has failed after 3 retries. This does not mean that the Nessus Agent did not link. Please check within your Tenable.io dashboard to verify that this Nessus Agent is linked." "ERROR"
        Write-Host "$nameE" "$operationE" "error" "$messageE" "$subName" "error" "Nessus Agent service has not started"
        exit 0
    }
    else {
        Write-Host "Starting the Nessus Agent has failed. retrying in 20s" "ERROR"
        sleep 20
        $retryCount++
    }
}

## install.sh
#!/bin/bash
if [[ -z "${SSM_LINKING_KEY}" ]]; then
    printf '%s\n' "SSM_LINKING_KEY is required in the additional arguments fields" >&2
    exit 1
fi
if [[ -z "${SSM_AGENT_NAME}" ]]; then
    SSM_AGENT_NAME="aws-tio-agent-$(hostname)"
fi
if [[ -z "${SSM_AGENT_GROUP}" ]]; then
    SSM_AGENT_GROUP='aws-tio-agents'
fi

$download_url="https://"

CONFIGURATION='{"link":{"host":"cloud.tenable.com","port":443,"key":'\""$SSM_LINKING_KEY"\"',"name":'\""$SSM_AGENT_NAME"\"',"groups":['\""$SSM_AGENT_GROUP"\"']}}'
SERVER='cloud.tenable.com:443'
echo "** Beginning Nessus Agent installation process. **"

release=$(cat /etc/*release)
centos8=$(echo "$release" | grep -c "centos:8")
centos7=$(echo "$release" | grep -c "centos:7")
centos6=$(echo "$release" | grep -c "CentOS release 6")
rhel8=$(echo "$release" | grep -c "enterprise_linux:8")
rhel7=$(echo "$release" | grep -c "enterprise_linux:7")
rhel6=$(echo "$release" | grep -c "Red Hat Enterprise Linux.*release 6")
ubuntu=$(echo "$release" | grep NAME | grep -c Ubuntu)
debian=$(echo "$release" | grep NAME | grep -c Debian)
fedora=$(echo "$release" | grep NAME | grep -c Fedora)
al1=$(echo "$release" | grep NAME | grep -c "Amazon Linux AMI")
al2=$(echo "$release" | grep PRETTY_NAME | grep -c "Amazon Linux 2")
suse15=$(echo "$release" | grep -c "SUSE Linux Enterprise Server 15")
suse12=$(echo $release | grep -c "SUSE Linux Enterprise Server 12")
suse11=$(echo $release | grep -c "SUSE Linux Enterprise Server 11")
aarch64=$(uname -p | grep -c aarch64)

is_64_bit=0
if [[ $(getconf LONG_BIT) -eq "64" ]]; then
  is_64_bit=1
fi

file=
cmd=
startcmd="/bin/systemctl start nessusagent"

if [[ $aarch64 -eq 0 ]]; then
    if [[ $rhel8 -gt 0 ]] || [[ $centos8 -gt 0 ]]; then
        file=NessusAgent-es8.x86_64.rpm
        cmd="rpm -ivh $file"
    elif [[ $rhel7 -gt 0 ]] || [[ $centos7 -gt 0 ]]; then
        file=NessusAgent-es7.x86_64.rpm
        cmd="rpm -ivh $file"
    elif [[ $rhel6 -gt 0 ]] || [[ $centos6 -gt 0 ]]; then
        if [[ $is_64_bit -gt 0 ]]; then
            file=NessusAgent-es6.x86_64.rpm
        else
            file=NessusAgent-es6.i386.rpm
        fi
        cmd="rpm -ivh $file"
        startcmd="/sbin/service nessusagent start"
    elif [[ $al2 -gt 0 ]] || [[ $al1 -gt 0 ]]; then
        file=NessusAgent-amzn.x86_64.rpm
        cmd="rpm -ivh $file"
        startcmd="/sbin/service nessusagent start"
    elif [[ $fedora -gt 0 ]]; then
        file=NessusAgent-fc20.x86_64.rpm
        cmd="rpm -ivh $file"
        startcmd="/sbin/service nessusagent start"
    elif [[ $ubuntu -gt 0 ]]; then
        if [[ $is_64_bit -gt 0 ]]; then
            file=NessusAgent-ubuntu1110_amd64.deb
        else
            file=NessusAgent-ubuntu1110_i386.deb
        fi
        cmd="dpkg -i $file"

        if [[ ! -x /bin/systemctl ]]; then
            startcmd="/etc/init.d/nessusagent start"
        fi
    elif [[ $debian -gt 0 ]]; then
        if [[ $is_64_bit -gt 0 ]]; then
            file=NessusAgent-debian6_amd64.deb
        else
            file=NessusAgent-debian6_i386.deb
        fi
        cmd="dpkg -i $file"

        if [[ ! -x /bin/systemctl ]]; then
            startcmd="/etc/init.d/nessusagent start"
        fi
    elif [[ $suse15 -gt 0]]; then
        file=NessusAgent-suse15.x86_64.rpm
        cmd="rpm -ivh $file"

        startcmd="/etc/rc.d/nessusagent start"
    elif [[ $suse12 -gt 0]]; then
        file=NessusAgent-suse12.x86_64.rpm
        cmd="rpm -ivh $file"

        startcmd="/etc/rc.d/nessusagent start"
    elif [[ $suse11 -gt 0]]; then
        file=NessusAgent-suse11.x86_64.rpm
        cmd="rpm -ivh $file"

        startcmd="/etc/rc.d/nessusagent start"
    fi
else
    if [[ $al2 -gt 0 ]]; then
        file=NessusAgent-amzn2.aarch64.rpm
        cmd="rpm -ivh $file"
    fi
fi

if [[ -z "$file" ]]; then
    echo "Unknown or unsupported OS."
    exit 1
fi

if dpkg -S /bin/ls >/dev/null 2>&1; then
    apt-get update
    if [ $(dpkg-query -W -f='${Status}' curl 2>/dev/null | grep -c "ok installed") -eq 0 ]; then
        (apt-get --yes install curl || (
            sleep 15
            apt-get --yes install curl
        ))
    fi
elif rpm -q -f /bin/ls >/dev/null 2>&1; then
    if ! command -v curl &>/dev/null; then
    if command -v yum &>/dev/null; then
        yum install curl -y
    elif command -v zypper &>/dev/null; then
        zypper install -y curl
    fi
fi

echo "Installing Nessus Agent install package $file"
curl -sk https://$download_url/$file -o $file -D $file.headers

ok200=$(cat $file.headers | grep -c 'HTTP/1.1 200')
if [[ $ok200 -eq 0 ]]; then
    echo "Could not download the installation package for Nessus Agent."
    exit 1
fi

echo "Installing Nessus Agent."
$cmd
RC=$?

rm -f $file
rm -f $file.headers

if [[ $RC -ne 0 ]]; then
    echo "Error installing Nessus Agent; exiting."
    exit 1
fi

echo "Applying auto-configuration."
echo $CONFIGURATION >/opt/nessus_agent/var/nessus/config.json

echo "Starting Nessus Agent."
output=$($startcmd 2>&1)

echo "Waiting for Nessus Agent to start and link..."
EFFECTIVE_CF=/opt/nessus_agent/var/nessus/.autoconfigure.json
ACF_ERRORS=/opt/nessus_agent/var/nessus/.autoconfigure.error
NESSUSCLI=/opt/nessus_agent/sbin/nessuscli

retries=50
tries=0
COMPLETE=0
ERRORS=0
while [ "$tries" -lt "$retries" ]; do
    if [ -e "$EFFECTIVE_CF" ]; then
        echo
        echo "Auto-configuration complete."
        COMPLETE=1
        break
    fi

    echo -n "."
    tries=$(($tries + 1))
    sleep 10
done

if [ -e "$ACF_ERRORS" ]; then
    ERRORS=1
fi

$NESSUSCLI fix --secure --get ms_server_ip 2>&1 1>/dev/null
RC=$?

if [ "$RC" -eq "0" ]; then
    echo "The Nessus Agent is now linked to $SERVER"
else
    echo "The Nessus Agent may have failed to link to $SERVER"
fi

if [ -e "$ACF_ERRORS" ]; then
    echo "There were errors during the autoconfiguration process: "
    cat $ACF_ERRORS
    echo
fi

## uninstall.ps1
Write-Host "Uninstall command has been executed. Nessus Agent will be uninstalled"
$serviceName = 'Tenable Nessus Agent'
$nameE = "Uninstall Nessus Agent"
$operationE = "Stopping Nessus Agent"
$messageE = "Uninstall Nessus agent"

function Stop-NessusAgent {
    $retries = 3
    $retryCount = 0
    $completed = $false
    while (-not $completed) {
        Try {
            Write-Host "Stopping the Nessus Agent" "INFO"
            Stop-Service "$serviceName"
            Write-Host "The Nessus Agent has been stopped" "INFO"
            $completed = $true
            Write-Status "$nameE" "$operationE" "success" "$messageE" "success" "Nessus Agent service has stopped"
        }
        Catch {
            if ($retryCount -ge $retries) {
                Write-Host "Stopping the Nessus Agent failed after 3 retries" "ERROR"
                Write-Host $_ "ERROR"
                Write-Host $_.ScriptStackTrace "ERROR"
                Write-Status "$nameE" "$operationE" "error" "$messageE" "error" "Nessus Agent service has not been stopped"
                exit 1
            }
            else {
                Write-Host "Stopping the Nessus Agent has failed. retrying in 20s" "ERROR"
                Write-Host $_ "ERROR"
                Write-Host $_.ScriptStackTrace "ERROR"
                sleep 20
                $retryCount++
            }
        }
    }
}

$nessusCLI = 'C:\Program Files\Tenable\Nessus Agent\nessuscli.exe'
$retries = 3
$retryCount = 0
$completed = $false
while (-not $completed) {
    try {
        $nessusCLIUnlinkParams = 'agent', 'unlink'
        Start-Process $nessusCLI -ArgumentList $nessusCLIUnlinkParams -Wait -NoNewWindow -PassThru
    }
    catch {
    }
    $nessusCLIAgentStatusParams = 'agent', 'status'
    Start-Process $nessusCLI -ArgumentList $nessusCLIAgentStatusParams -Wait -NoNewWindow -PassThru -RedirectStandardOutput stdout.txt -RedirectStandardError stderr.txt
    $checkForError = Get-Content -Path 'stderr.txt'
    $agentStatus = Get-Content -Path 'stdout.txt'
    $unlinkedPattern = 'Not linked to a manager'
    if ($checkForError) {
        Write-Host "Nessus Agent CLI is not connecting and cannot verify unlinking Nessus Agent" "ERROR"
    }
    if ($agentStatus) {
        $foundUnlinked = $agentStatus | Select-String -Pattern $unlinkedPattern
        if ($foundUnlinked) {
            Write-Host "Nessus Agent is confirmed as unlinked to Tenable.io" "INFO"
            $completed = $true
            break
        }
    }
    else {
        Write-Host "Nessus Agent CLI is not connecting and cannot verify unlinking Nessus Agent" "ERROR"
    }

    if ($retryCount -ge $retries) {
        Write-Host "Unlinking the Nessus Agent has failed after 3 retries. Please unlink from the Tenable.io dashboard" "ERROR"
        Write-Host "$nameE" "$operationE" "error" "$messageE" "$subName" "error" "Nessus Agent service has not started"
        break
    }
    else {
        Write-Host "Nessus Agent still linked to Tenable.io. Trying to unlink again in 20s" "ERROR"
        sleep 20
        $retryCount++
    }
}

Stop-NessusAgent
$agentInstalledName = Get-Package -Provider Programs -IncludeWindowsInstaller -Name 'Nessus Agent*' | Select-Object -ExpandProperty Name
$installedAgent = Get-WmiObject -Class Win32_Product | Where-Object { $_.Name -eq $agentInstalledName }
$installedAgent.Uninstall()

## uninstall.sh
#!/bin/bash

release=$(cat /etc/*release)
centos8=$(echo "$release" | grep -c "centos:8")
rhel8=$(echo "$release" | grep -c "enterprise_linux:8")
centos7=$(echo "$release" | grep -c "centos:7")
centos6=$(echo "$release" | grep -c "CentOS release 6")
rhel7=$(echo "$release" | grep -c "enterprise_linux:7")
rhel6=$(echo "$release" | grep -c "Red Hat Enterprise Linux.*release 6")
ubuntu=$(echo "$release" | grep NAME | grep -c Ubuntu)
debian=$(echo "$release" | grep NAME | grep -c Debian)
fedora=$(echo "$release" | grep NAME | grep -c Fedora)
al1=$(echo "$release" | grep NAME | grep -c "Amazon Linux AMI")
al2=$(echo "$release" | grep PRETTY_NAME | grep -c "Amazon Linux 2")
aarch64=$(uname -p | grep -c aarch64)

/opt/nessus_agent/sbin/nessuscli agent unlink

if [[ $centos8 -gt 0 ]] || [[ $centos7 -gt 0 ]] || [[ $centos6 -gt 0 ]] ||
    [[ $rhel8 -gt 0 ]] || [[ $rhel7 -gt 0 ]] || [[ $rhel6 -gt 0 ]] ||
    [[ $al2 -gt 0 ]] || [[ $al1 -gt 0 ]] || [[ $fedora -gt 0 ]]; then
    /sbin/service nessusagent stop ||
        distro=$(rpm -qa | grep -i NessusAgent) ||
        rpm -e $distro || true
elif [[ $ubuntu -gt 0 ]] || [[ $debian -gt 0 ]]; then
    if [[ ! -x /bin/systemctl ]]; then
        /etc/init.d/nessusagent stop
    else
        /bin/systemctl stop nessusagent
    fi
    distro=$(dpkg -l | grep -i NessusAgent) ||
        dpkg -r $distro || true
else
    echo "Unknown or unsupported OS."
    exit 1
fi
	Write-Host "Install command has been executed. Nessus Agent will be installed"
	$serviceName = 'Tenable Nessus Agent'
	$nameE = "Enable Nessus Agent"
	$operationE = "Starting Nessus Agent"
	$messageE = "Enable Nessus agent"

	function DownloadFile {
	Param(
	[Parameter(Mandatory = $True)]
	[hashtable]$Params,
	[int]$Retries = 3
	)
	$package = $Params['Package']
	$outFile = $Params['OutFile']
	[int]$trials = 0
	$webClient = New-Object net.webclient
	$downloadUrl = "https://"
	do {
	try {
	$trials += 1
	$webClient.DownloadFile($downloadUrl, $outFile)
	Write-Host "Nessus Agent downloaded" "INFO"
	break
	}
	catch [System.Net.WebException] {
	Write-Host "Problem downloading $downloadUrl `tTrial $trials `n` tException: $_.Exception.Message" "ERROR"
	throw "Problem downloading $downloadUrl `tTrial $trials `n` tException: $_.Exception.Message"
	}
	}
	while ($trials -lt $Retries)
	}

	function Start-Nessus-Agent {
	$retries = 3
	$retryCount = 0
	$completed = $false
	while (-not $completed) {
	Try {
	Write-Host "Starting the Nessus Agent" "INFO"
	Start-Service "$serviceName"
	Write-Host "The Nessus Agent is started" "INFO"
	$completed = $true
	Write-Host "$nameE" "$operationE" "success" "$messageE" "success" "Nessus Agent service has started"
	}
	Catch {
	if ($retryCount -ge $retries) {
	Write-Host "Starting the Nessus Agent failed after 3 retries" "ERROR"
	Write-Host $_ "ERROR"
	Write-Host $_.ScriptStackTrace "ERROR"
	Write-Host "$nameE" "$operationE" "error" "$messageE" "error" "Nessus Agent service has not started"
	exit 1
	}
	else {
	Write-Host "Starting the Nessus Agent has failed. retrying in 20s" "ERROR"
	Write-Host $_ "ERROR"
	Write-Host $_.ScriptStackTrace "ERROR"
	sleep 20
	$retryCount++
	}
	}
	}
	}

	$nessusLinkingKey = $Env:SSM_LINKING_KEY
	$nessusAgentName = $Env:SSM_AGENT_NAME
	$nessusAgentGroups = $Env:SSM_AGENT_GROUP

	if (!$nessusAgentName) {
	$nessusAgentName = "aws-tio-agent-{0}" -f [System.Net.Dns]::GetHostName()
	}

	if (!$nessusAgentGroups) {
	$nessusAgentGroups = '["aws-tio-agents"]'
	}

	if (!$nessusLinkingKey) {
	Write-Host "Failed to find a Nessus Linking Key. A Nessus Linking Key is required to be passed in the SSM_LINKING_KEY environment variable located in the additional arguments fields." "ERROR"
	throw "SSM_LINKING_KEY is required in the additional arguments fields"
	}

	$x64FileName = "NessusAgent-x64.msi"
	$x86FileName = "NessusAgent-Win32.msi"
	$package = ""

	if ([Environment]::Is64BitOperatingSystem) {
	$package = $x64FileName
	}
	else {
	$package = $x86FileName
	}

	$savedFile = "$env:temp\" + $package
	Write-Host "Starting download of Nessus Agent package" "INFO"
	DownloadFile -Params @{'Package' = "$package"; 'OutFile' = "$savedFile" }
	Write-Host "Nessus Agent package downloaded" "INFO"

	$DataStamp = get-date -Format yyyyMMddTHHmmss
	$logFile = "$env:temp\nessus-agent-install-$DataStamp.log"

	$params = '/i', "$savedFile", '/qn', '/norestart', '/L*v', "$logFile"

	Write-Host "Starting install of Nessus Agent package" "INFO"
	Start-Process "msiexec.exe" -ArgumentList $params -Wait -NoNewWindow -PassThru
	Write-Host "Nessus Agent package installed" "INFO"

	if ((Get-Service $serviceName).Status -ne 'Running') {
	Start-Nessus-Agent
	}
	Write-Host "Nessus Agent is now installed and running." "INFO"

	$nessusCLI = 'C:\Program Files\Tenable\Nessus Agent\nessuscli.exe'
	$nessusCLIEnableParams = 'agent', 'link', "--key=$nessusLinkingKey", "--name=$nessusAgentName", "--groups=$nessusAgentGroups", '--cloud'
	$nessusCLIFixUpdateParams = 'fix', '--set', 'agent_update_channel=ga'
	Start-Process $nessusCLI -ArgumentList $nessusCLIEnableParams -Wait -NoNewWindow -PassThru
	Start-Process $nessusCLI -ArgumentList $nessusCLIFixUpdateParams -Wait -NoNewWindow -PassThru

	$retries = 3
	$retryCount = 0
	$completed = $false
	while (-not $completed) {
	$nessusCLIAgentStatusParams = 'agent', 'status'
	Start-Process $nessusCLI -ArgumentList $nessusCLIAgentStatusParams -Wait -NoNewWindow -PassThru -RedirectStandardOutput stdout.txt -RedirectStandardError stderr.txt
	$checkForError = Get-Content -Path 'stderr.txt'
	$agentStatus = Get-Content -Path 'stdout.txt'
	$connectedPattern = 'Connected to cloud.tenable.com:443'
	if ($checkForError) {
	Write-Host "Nessus Agent CLI is not connecting and cannot verify a linked Nessus Agent" "ERROR"
	}
	if ($agentStatus) {
	$foundConnection = $agentStatus \| Select-String -Pattern $connectedPattern
	if ($foundConnection) {
	Write-Host "Nessus Agent is confirmed as linked to Tenable.io" "INFO"
	$completed = $true
	break
	}
	else {
	Write-Host "Nessus Agent not linked to Tenable.io yet." "INFO"
	}
	}
	else {
	Write-Host "Nessus Agent CLI is not connecting and cannot verify a linked Nessus Agent" "ERROR"
	}

	if ($retryCount -ge $retries) {
	Write-Host "Checking the Nessus Agent linking status has failed after 3 retries. This does not mean that the Nessus Agent did not link. Please check within your Tenable.io dashboard to verify that this Nessus Agent is linked." "ERROR"
	Write-Host "$nameE" "$operationE" "error" "$messageE" "$subName" "error" "Nessus Agent service has not started"
	exit 0
	}
	else {
	Write-Host "Starting the Nessus Agent has failed. retrying in 20s" "ERROR"
	sleep 20
	$retryCount++
	}
	}
	#!/bin/bash
	if [[ -z "${SSM_LINKING_KEY}" ]]; then
	printf '%s\n' "SSM_LINKING_KEY is required in the additional arguments fields" >&2
	exit 1
	fi
	if [[ -z "${SSM_AGENT_NAME}" ]]; then
	SSM_AGENT_NAME="aws-tio-agent-$(hostname)"
	fi
	if [[ -z "${SSM_AGENT_GROUP}" ]]; then
	SSM_AGENT_GROUP='aws-tio-agents'
	fi

	$download_url="https://"

	CONFIGURATION='{"link":{"host":"cloud.tenable.com","port":443,"key":'\""$SSM_LINKING_KEY"\"',"name":'\""$SSM_AGENT_NAME"\"',"groups":['\""$SSM_AGENT_GROUP"\"']}}'
	SERVER='cloud.tenable.com:443'
	echo " Beginning Nessus Agent installation process. "

	release=$(cat /etc/*release)
	centos8=$(echo "$release" \| grep -c "centos:8")
	centos7=$(echo "$release" \| grep -c "centos:7")
	centos6=$(echo "$release" \| grep -c "CentOS release 6")
	rhel8=$(echo "$release" \| grep -c "enterprise_linux:8")
	rhel7=$(echo "$release" \| grep -c "enterprise_linux:7")
	rhel6=$(echo "$release" \| grep -c "Red Hat Enterprise Linux.*release 6")
	ubuntu=$(echo "$release" \| grep NAME \| grep -c Ubuntu)
	debian=$(echo "$release" \| grep NAME \| grep -c Debian)
	fedora=$(echo "$release" \| grep NAME \| grep -c Fedora)
	al1=$(echo "$release" \| grep NAME \| grep -c "Amazon Linux AMI")
	al2=$(echo "$release" \| grep PRETTY_NAME \| grep -c "Amazon Linux 2")
	suse15=$(echo "$release" \| grep -c "SUSE Linux Enterprise Server 15")
	suse12=$(echo $release \| grep -c "SUSE Linux Enterprise Server 12")
	suse11=$(echo $release \| grep -c "SUSE Linux Enterprise Server 11")
	aarch64=$(uname -p \| grep -c aarch64)

	is_64_bit=0
	if [[ $(getconf LONG_BIT) -eq "64" ]]; then
	is_64_bit=1
	fi

	file=
	cmd=
	startcmd="/bin/systemctl start nessusagent"

	if [[ $aarch64 -eq 0 ]]; then
	if [[ $rhel8 -gt 0 ]] \|\| [[ $centos8 -gt 0 ]]; then
	file=NessusAgent-es8.x86_64.rpm
	cmd="rpm -ivh $file"
	elif [[ $rhel7 -gt 0 ]] \|\| [[ $centos7 -gt 0 ]]; then
	file=NessusAgent-es7.x86_64.rpm
	cmd="rpm -ivh $file"
	elif [[ $rhel6 -gt 0 ]] \|\| [[ $centos6 -gt 0 ]]; then
	if [[ $is_64_bit -gt 0 ]]; then
	file=NessusAgent-es6.x86_64.rpm
	else
	file=NessusAgent-es6.i386.rpm
	fi
	cmd="rpm -ivh $file"
	startcmd="/sbin/service nessusagent start"
	elif [[ $al2 -gt 0 ]] \|\| [[ $al1 -gt 0 ]]; then
	file=NessusAgent-amzn.x86_64.rpm
	cmd="rpm -ivh $file"
	startcmd="/sbin/service nessusagent start"
	elif [[ $fedora -gt 0 ]]; then
	file=NessusAgent-fc20.x86_64.rpm
	cmd="rpm -ivh $file"
	startcmd="/sbin/service nessusagent start"
	elif [[ $ubuntu -gt 0 ]]; then
	if [[ $is_64_bit -gt 0 ]]; then
	file=NessusAgent-ubuntu1110_amd64.deb
	else
	file=NessusAgent-ubuntu1110_i386.deb
	fi
	cmd="dpkg -i $file"

	if [[ ! -x /bin/systemctl ]]; then
	startcmd="/etc/init.d/nessusagent start"
	fi
	elif [[ $debian -gt 0 ]]; then
	if [[ $is_64_bit -gt 0 ]]; then
	file=NessusAgent-debian6_amd64.deb
	else
	file=NessusAgent-debian6_i386.deb
	fi
	cmd="dpkg -i $file"

	if [[ ! -x /bin/systemctl ]]; then
	startcmd="/etc/init.d/nessusagent start"
	fi
	elif [[ $suse15 -gt 0]]; then
	file=NessusAgent-suse15.x86_64.rpm
	cmd="rpm -ivh $file"

	startcmd="/etc/rc.d/nessusagent start"
	elif [[ $suse12 -gt 0]]; then
	file=NessusAgent-suse12.x86_64.rpm
	cmd="rpm -ivh $file"

	startcmd="/etc/rc.d/nessusagent start"
	elif [[ $suse11 -gt 0]]; then
	file=NessusAgent-suse11.x86_64.rpm
	cmd="rpm -ivh $file"

	startcmd="/etc/rc.d/nessusagent start"
	fi
	else
	if [[ $al2 -gt 0 ]]; then
	file=NessusAgent-amzn2.aarch64.rpm
	cmd="rpm -ivh $file"
	fi
	fi

	if [[ -z "$file" ]]; then
	echo "Unknown or unsupported OS."
	exit 1
	fi

	if dpkg -S /bin/ls >/dev/null 2>&1; then
	apt-get update
	if [ $(dpkg-query -W -f='${Status}' curl 2>/dev/null \| grep -c "ok installed") -eq 0 ]; then
	(apt-get --yes install curl \|\| (
	sleep 15
	apt-get --yes install curl
	))
	fi
	elif rpm -q -f /bin/ls >/dev/null 2>&1; then
	if ! command -v curl &>/dev/null; then
	if command -v yum &>/dev/null; then
	yum install curl -y
	elif command -v zypper &>/dev/null; then
	zypper install -y curl
	fi
	fi

	echo "Installing Nessus Agent install package $file"
	curl -sk https://$download_url/$file -o $file -D $file.headers

	ok200=$(cat $file.headers \| grep -c 'HTTP/1.1 200')
	if [[ $ok200 -eq 0 ]]; then
	echo "Could not download the installation package for Nessus Agent."
	exit 1
	fi

	echo "Installing Nessus Agent."
	$cmd
	RC=$?

	rm -f $file
	rm -f $file.headers

	if [[ $RC -ne 0 ]]; then
	echo "Error installing Nessus Agent; exiting."
	exit 1
	fi

	echo "Applying auto-configuration."
	echo $CONFIGURATION >/opt/nessus_agent/var/nessus/config.json

	echo "Starting Nessus Agent."
	output=$($startcmd 2>&1)

	echo "Waiting for Nessus Agent to start and link..."
	EFFECTIVE_CF=/opt/nessus_agent/var/nessus/.autoconfigure.json
	ACF_ERRORS=/opt/nessus_agent/var/nessus/.autoconfigure.error
	NESSUSCLI=/opt/nessus_agent/sbin/nessuscli

	retries=50
	tries=0
	COMPLETE=0
	ERRORS=0
	while [ "$tries" -lt "$retries" ]; do
	if [ -e "$EFFECTIVE_CF" ]; then
	echo
	echo "Auto-configuration complete."
	COMPLETE=1
	break
	fi

	echo -n "."
	tries=$(($tries + 1))
	sleep 10
	done

	if [ -e "$ACF_ERRORS" ]; then
	ERRORS=1
	fi

	$NESSUSCLI fix --secure --get ms_server_ip 2>&1 1>/dev/null
	RC=$?

	if [ "$RC" -eq "0" ]; then
	echo "The Nessus Agent is now linked to $SERVER"
	else
	echo "The Nessus Agent may have failed to link to $SERVER"
	fi

	if [ -e "$ACF_ERRORS" ]; then
	echo "There were errors during the autoconfiguration process: "
	cat $ACF_ERRORS
	echo
	fi
	Write-Host "Uninstall command has been executed. Nessus Agent will be uninstalled"
	$serviceName = 'Tenable Nessus Agent'
	$nameE = "Uninstall Nessus Agent"
	$operationE = "Stopping Nessus Agent"
	$messageE = "Uninstall Nessus agent"

	function Stop-NessusAgent {
	$retries = 3
	$retryCount = 0
	$completed = $false
	while (-not $completed) {
	Try {
	Write-Host "Stopping the Nessus Agent" "INFO"
	Stop-Service "$serviceName"
	Write-Host "The Nessus Agent has been stopped" "INFO"
	$completed = $true
	Write-Status "$nameE" "$operationE" "success" "$messageE" "success" "Nessus Agent service has stopped"
	}
	Catch {
	if ($retryCount -ge $retries) {
	Write-Host "Stopping the Nessus Agent failed after 3 retries" "ERROR"
	Write-Host $_ "ERROR"
	Write-Host $_.ScriptStackTrace "ERROR"
	Write-Status "$nameE" "$operationE" "error" "$messageE" "error" "Nessus Agent service has not been stopped"
	exit 1
	}
	else {
	Write-Host "Stopping the Nessus Agent has failed. retrying in 20s" "ERROR"
	Write-Host $_ "ERROR"
	Write-Host $_.ScriptStackTrace "ERROR"
	sleep 20
	$retryCount++
	}
	}
	}
	}

	$nessusCLI = 'C:\Program Files\Tenable\Nessus Agent\nessuscli.exe'
	$retries = 3
	$retryCount = 0
	$completed = $false
	while (-not $completed) {
	try {
	$nessusCLIUnlinkParams = 'agent', 'unlink'
	Start-Process $nessusCLI -ArgumentList $nessusCLIUnlinkParams -Wait -NoNewWindow -PassThru
	}
	catch {
	}
	$nessusCLIAgentStatusParams = 'agent', 'status'
	Start-Process $nessusCLI -ArgumentList $nessusCLIAgentStatusParams -Wait -NoNewWindow -PassThru -RedirectStandardOutput stdout.txt -RedirectStandardError stderr.txt
	$checkForError = Get-Content -Path 'stderr.txt'
	$agentStatus = Get-Content -Path 'stdout.txt'
	$unlinkedPattern = 'Not linked to a manager'
	if ($checkForError) {
	Write-Host "Nessus Agent CLI is not connecting and cannot verify unlinking Nessus Agent" "ERROR"
	}
	if ($agentStatus) {
	$foundUnlinked = $agentStatus \| Select-String -Pattern $unlinkedPattern
	if ($foundUnlinked) {
	Write-Host "Nessus Agent is confirmed as unlinked to Tenable.io" "INFO"
	$completed = $true
	break
	}
	}
	else {
	Write-Host "Nessus Agent CLI is not connecting and cannot verify unlinking Nessus Agent" "ERROR"
	}

	if ($retryCount -ge $retries) {
	Write-Host "Unlinking the Nessus Agent has failed after 3 retries. Please unlink from the Tenable.io dashboard" "ERROR"
	Write-Host "$nameE" "$operationE" "error" "$messageE" "$subName" "error" "Nessus Agent service has not started"
	break
	}
	else {
	Write-Host "Nessus Agent still linked to Tenable.io. Trying to unlink again in 20s" "ERROR"
	sleep 20
	$retryCount++
	}
	}

	Stop-NessusAgent
	$agentInstalledName = Get-Package -Provider Programs -IncludeWindowsInstaller -Name 'Nessus Agent*' \| Select-Object -ExpandProperty Name
	$installedAgent = Get-WmiObject -Class Win32_Product \| Where-Object { $_.Name -eq $agentInstalledName }
	$installedAgent.Uninstall()