From eb05ecea5e60a033a5bfbc8c702c99be01d4fb6f Mon Sep 17 00:00:00 2001
From: James Hackett <jamesthackett1@gmail.com>
Date: Sat, 9 Dec 2023 18:19:32 +0000
Subject: [PATCH 1/3] Add nessus for internal security scans

---
 jobs/nessus.hcl | 39 +++++++++++++++++++++++++++++++++++++++
 1 file changed, 39 insertions(+)
 create mode 100644 jobs/nessus.hcl

diff --git a/jobs/nessus.hcl b/jobs/nessus.hcl
new file mode 100644
index 0000000..a8b89d4
--- /dev/null
+++ b/jobs/nessus.hcl
@@ -0,0 +1,39 @@
+job "nessus" {
+  datacenters = ["aperture"]
+  type        = "service"
+
+  group "web" {
+    network {
+      port "http" {
+        to = 8834
+      }
+    }
+
+    service {
+      name = "nessus"
+      port = "http"
+
+      check {
+        type     = "http"
+        path     = "/"
+        interval = "10s"
+        timeout  = "2s"
+        protocol = "https"
+      }
+    }
+
+    task "nessus" {
+      driver = "docker"
+
+      config {
+        image = "tenable/nessus:latest-ubuntu"
+        ports = ["http"]
+
+      }
+
+      resources {
+        memory = 1000
+      }
+    }
+  }
+}

From 546963e694e09337da759a247daf4b0e2397eb32 Mon Sep 17 00:00:00 2001
From: wizzdom <dom@wizzdom.xyz>
Date: Thu, 12 Dec 2024 01:46:05 +0000
Subject: [PATCH 2/3] nessus: add credentials, increase memory allocation

---
 jobs/nessus.hcl | 11 ++++++++++-
 1 file changed, 10 insertions(+), 1 deletion(-)

diff --git a/jobs/nessus.hcl b/jobs/nessus.hcl
index a8b89d4..97eb7a4 100644
--- a/jobs/nessus.hcl
+++ b/jobs/nessus.hcl
@@ -30,9 +30,18 @@ job "nessus" {
         ports = ["http"]
 
       }
+      template {
+        data        = <<EOF
+USERNAME={{ key "nessus/username" }}
+PASSWORD={{ key "nessus/password" }}
+ACTIVATION_CODE={{ key "nessus/activation_code" }}
+EOF
+        destination = ".env"
+        env         = true
+      }
 
       resources {
-        memory = 1000
+        memory = 2000
       }
     }
   }

From e23ce2367e5482631bbad1aa2c28dbc4bd550095 Mon Sep 17 00:00:00 2001
From: wizzdom <dom@wizzdom.xyz>
Date: Fri, 23 Jan 2026 22:22:17 +0000
Subject: [PATCH 3/3] bump ram, add mounts, allow net

---
 jobs/nessus.hcl | 36 +++++++++++++++++++++++-------------
 1 file changed, 23 insertions(+), 13 deletions(-)

diff --git a/jobs/nessus.hcl b/jobs/nessus.hcl
index 97eb7a4..f225a52 100644
--- a/jobs/nessus.hcl
+++ b/jobs/nessus.hcl
@@ -14,34 +14,44 @@ job "nessus" {
       port = "http"
 
       check {
-        type     = "http"
-        path     = "/"
-        interval = "10s"
-        timeout  = "2s"
-        protocol = "https"
+        type            = "http"
+        path            = "/"
+        interval        = "10s"
+        timeout         = "2s"
+        protocol        = "https"
+        tls_skip_verify = true
       }
+
     }
 
     task "nessus" {
       driver = "docker"
 
       config {
-        image = "tenable/nessus:latest-ubuntu"
-        ports = ["http"]
+        image      = "tenable/nessus:latest-ubuntu"
+        ports      = ["http"]
+        privileged = true # NOTE: Replace this with (one of) the below once docker driver has been configured for it
+
+        # cap_add = ["NET_ADMIN", "NET_RAW"]
 
+        volumes = [
+          "/storage/nomad/${NOMAD_JOB_NAME}/users:/opt/nessus/var/nessus/users",
+        ]
       }
+
       template {
+        destination = "local/.env"
+        env         = true
         data        = <<EOF
-USERNAME={{ key "nessus/username" }}
-PASSWORD={{ key "nessus/password" }}
-ACTIVATION_CODE={{ key "nessus/activation_code" }}
+USERNAME        = {{ key "nessus/username" }}
+PASSWORD        = {{ key "nessus/password" }}
+ACTIVATION_CODE = {{ key "nessus/activation_code" }}
 EOF
-        destination = ".env"
-        env         = true
       }
 
       resources {
-        memory = 2000
+        cpu    = 1000
+        memory = 4096
       }
     }
   }