Menu
▾
▴
Re: [PacketFence-users] PacketFence ZEN 4.6.0 with Nessus 6.2.1 - Cannot configure scan on registration
|
From: Delisle, Pierre-L. <pie...@hp...> - 2015-02-19 12:42:24
|
Thanks a lot for your answer Juan. It is really appreciated ! I'm not crazy ! It wasn't working ! ahahah ! I will try to downgrade the version of Nessus and I will let you know if it works. Thanks a lot ! _____________________________ Pierre-Luc Delisle Département d'assurance qualité Quality assurance department Hewlett-Packard Networking pie...@hp...<mailto:pie...@hp...> * Téléphone: (514) 920-2511 * Hewlett-Packard Company 2344 Alfred-Nobel, 2e étage Montréal, QC, H4S 0A4 Canada [HP]<http://www.hp.com/> From: Durand fabrice [mailto:fd...@in...] Sent: Wednesday, February 18, 2015 7:52 PM To: pac...@li... Subject: Re: [PacketFence-users] PacketFence ZEN 4.6.0 with Nessus 6.2.1 - Cannot configure scan on registration Hi Juan, thanks for the answer. I did a little search on cpan and eureka ! https://metacpan.org/pod/Net::Nessus::REST We just have to write a new nessus.pm in PacketFence (like nessus6.pm) that use this lib. Regards Fabrice Le 2015-02-18 16:14, Juan Camilo Valencia a écrit : Hi Guys, We have PF version 4.3.0 and Nessus 5.2, the perl package that start the nessus scans (the API to interact with the REST protocol of Nessus) DOES NOT work with the 6.0 version of Nessus, they changed the REST protocol for that version. I don´t know if that perl package to interact with nessus had been updated to work with the 6.0 version, but our last try tell us that We need to rewrite that perl package to make it work ( perl-Net-Nessus-XMLRPC-0.40-1.el6.noarch). Rigth now your best way to do this is downgrade your Nessus install to a 5.XX series and is going to work without any problem, or ask for support with the Guys of Inverse to make itworks with that version, they are very capable and very efficient to solve this kind of situations. My advice is if you have license paid for nessus, go to the support portal and download a 5.x.x series RPM and will work very smooth, the other thing is that you need to have the policy created inside the nessus server. I hope that this can help you, Best Regards, On Wed, Feb 18, 2015 at 1:40 PM, Delisle, Pierre-Luc < pie...@hp...<mailto:pie...@hp...>> wrote: Yes. Nessus service is installed on the PacketFence server, so 127.0.0.1:8834 works. I also tried using a remote Nessus server and got the exact same error. _____________________________ Pierre-Luc Delisle Département d'assurance qualité Quality assurance department Hewlett-Packard Networking pie...@hp...<mailto:pie...@hp...> Téléphone: (514) 920-2511 T Hewlett-Packard Company 2344 Alfred-Nobel, 2e étage Montréal, QC, H4S 0A4 Canada -----Original Message----- From: Fabrice DURAND [mailto:fd...@in...] Sent: Wednesday, February 18, 2015 1:36 PM To: pac...@li...<mailto:pac...@li...> Subject: Re: [PacketFence-users] PacketFence ZEN 4.6.0 with Nessus 6.2.1 - Cannot configure scan on registration Ok, does nessus run on 127.0.0.1:8834 ? Regards Fabrice Le 2015-02-18 13:07, Delisle, Pierre-Luc a écrit : The result is : Nessus-6.2.1-es6.x64_64 perl-Net-Nessus-XMLRPC-0.40-1.el6.noarch Thanks _____________________________ Pierre-Luc Delisle Département d'assurance qualité Quality assurance department Hewlett-Packard Networking pie...@hp...<mailto:pie...@hp...> Téléphone: (514) 920-2511 T Hewlett-Packard Company 2344 Alfred-Nobel, 2e étage Montréal, QC, H4S 0A4 Canada -----Original Message----- From: Fabrice DURAND [mailto:fd...@in...] Sent: Wednesday, February 18, 2015 12:59 PM To: pac...@li...<mailto:pac...@li...> Subject: Re: [PacketFence-users] PacketFence ZEN 4.6.0 with Nessus 6.2.1 - Cannot configure scan on registration Can you paste me the result of: rpm -qa|grep Nessus or dpkg -i|grep nessus Thanks Fabrice Le 2015-02-18 12:37, Delisle, Pierre-Luc a écrit : Thanks a lot for your answer. I've modified the pf.conf file according to your description. Unfortunately, when I restart the packetfence service (service packetfence restart), the config file revert back to this : [general] # # general.domain # # Domain name of PacketFence system. domain=secure.LAN # # general.hostname # # Hostname of PacketFence system. This is concatenated with the domain in Apache rewriting rules and therefore must be resolvable by clients. hostname=centos-packetfence [trapping] # # trapping.range # # Comma-delimited list of address ranges/CIDR blocks that PacketFence will monitor/detect/trap on. Gateway, network, and # broadcast addresses are ignored. range=192.168.0.0/16 [alerting] # # alerting.emailaddr # # Email address to which notifications of rogue DHCP servers, violations with an action of "email", or any other # PacketFence-related message goes to. ema...@hp...<mailto:ema...@hp...> [scan] # # scan.engine # # Which scan engine to use to perform client-side policy compliance. engine=nessus # # scan.registration # # If this option is enabled, the PF system will scan each host after # registration is complete. registration=enabled # # scan.duration duration=15s # # scan.user # # Username to log into scanning engine with. user=administrator # # scan.pass # # Password to log into scanning engine with. pass=79Lubonja # # scan.nessus_clientpolicy # # Name of the remote policy on the nessus server nessus_clientpolicy=BasicNetScan [database] # # database.pass # # Password for the mysql database used by PacketFence. pass=79Lubonja [captive_portal] # # captive_portal.secure_redirect # # If secure_redirect is enabled, the captive portal uses HTTPS when redirecting # captured clients. This is the default behavior. secure_redirect=disabled [interface eth0.3058] ip=172.16.0.20 type=management mask=255.255.0.0 [interface eth0.3158] enforcement=inlinel2 ip=192.168.0.20 type=internal mask=255.255.0.0 I guess it discards the default value. I tried this config and still no scan is running in nessus and I still have the same fatal error in packetfence.log. _____________________________ Pierre-Luc Delisle Département d'assurance qualité Quality assurance department Hewlett-Packard Networking pie...@hp...<mailto:pie...@hp...> Téléphone: (514) 920-2511 T Hewlett-Packard Company 2344 Alfred-Nobel, 2e étage Montréal, QC, H4S 0A4 Canada -----Original Message----- From: Fabrice DURAND [mailto:fd...@in...] Sent: Wednesday, February 18, 2015 11:42 AM To: pac...@li...<mailto:pac...@li...> Subject: Re: [PacketFence-users] PacketFence ZEN 4.6.0 with Nessus 6.2.1 - Cannot configure scan on registration Hello Pierre-Luc, it look like it miss stuff in your scan definition (host): [scan] # # scan.engine # # Which scan engine to use to perform client-side policy compliance. engine=nessus # # scan.duration # # Approximate duration of a scan. User being scanned on registration are presented a progress bar # for this duration, afterwards the browser refreshes until scan is complete. duration=15s # # scan.host # # Host the scanning engine is running on. For performance reasons, we # recommend running the scanning engine on a remote server. A passthrough will # be automagically created. host=10.0.0.1 # # scan.user # # Username to log into scanning engine with. user=administrator # # scan.pass # # Password to log into scanning engine with. pass=XXXXXXXXXXXXXXXXXXX #hidden # # scan.nessus_clientpolicy # # Name of the remote policy on the nessus server nessus_clientpolicy=BasicNetScan Regards Fabrice Le 2015-02-18 11:34, Delisle, Pierre-Luc a écrit : Hi, It's been two days that I am trying to configure automatic system scan on registration for PacketFence with Nessus and it doesn't work. So far, here is the setup : VM : PacketFence ZEN 4.6.0 + Nessus 6.2.1 Enforcement : Inline Enforcement Inline network : 192.168.0.0/16 Management network : 172.16.0.0/16 Server IP : 172.16.0.20/16 Pf.conf file : [general] # # general.domain # # Domain name of PacketFence system. domain=secure.LAN # # general.hostname # # Hostname of PacketFence system. This is concatenated with the domain in Apache rewriting rules and therefore must be resolvable by clients. hostname=centos-packetfence [trapping] # # trapping.range # # Comma-delimited list of address ranges/CIDR blocks that PacketFence will monitor/detect/trap on. Gateway, network, and # broadcast addresses are ignored. range=192.168.0.0/16 # # trapping.detection # # Enables snort-based worm detection. If you don't have a span interface available, don't bother enabling it. If you do, # you'll most definately want this on. detection=enabled [alerting] # # alerting.emailaddr # # Email address to which notifications of rogue DHCP servers, violations with an action of "email", or any other # PacketFence-related message goes to. ema...@hp...<mailto:ema...@hp...> [scan] # # scan.engine # # Which scan engine to use to perform client-side policy compliance. engine=nessus # # scan.user # # Username to log into scanning engine with. user=administrator # # scan.pass # # Password to log into scanning engine with. pass=XXXXXXXXXXXXXXXXXXX #hidden # # scan.nessus_clientpolicy # # Name of the remote policy on the nessus server nessus_clientpolicy=BasicNetScan [database] # # database.pass # # Password for the mysql database used by PacketFence. pass=79Lubonja [captive_portal] # # captive_portal.secure_redirect # # If secure_redirect is enabled, the captive portal uses HTTPS when redirecting # captured clients. This is the default behavior. secure_redirect=disabled [interface eth0.3058] ip=172.16.0.20 type=management mask=255.255.0.0 [interface eth0.3158] enforcement=inlinel2 ip=192.168.0.20 type=internal mask=255.255.0.0 network.conf [192.168.0.0] dns=192.168.1.1 dhcp_start=192.168.0.10 gateway=192.168.0.20 domain-name=inlinel2.secure.LAN nat_enabled=enabled named=enabled dhcp_max_lease_time=86400 fake_mac_enabled=disabled dhcpd=enabled dhcp_end=192.168.255.246 type=inlinel2 netmask=255.255.0.0 dhcp_default_lease_time=86400 violation.conf is untouched (default). Nessus service is up and running. I can log in and everything works. In packetfence.log, I have this line : Feb 18 11:16:32pfcmd.pl(14072) FATAL: Can't use string ("") as a HASH ref while "strict refs" in use at /usr/share/perl5/vendor_perl/Net/Nessus/XMLRPC.pm line 665. What's wrong with my setup. It's been 15+ hours I try this and get always the same result and I don't know what to do. Thank you very much for any help you can provide. Pierre-Luc Delisle -------------------------------------------------------------------- - - -------- Download BIRT iHub F-Type - The Free Enterprise-Grade BIRT Server from Actuate! Instantly Supercharge Your Business Reports and Dashboards with Interactivity, Sharing, Native Excel Exports, App Integration & more Get technology previously reserved for billion-dollar corporations, FREE http://pubads.g.doubleclick.net/gampad/clk?id=190641631&iu=/4140/ostg. clktrk _______________________________________________ PacketFence-users mailing list Pac...@li...<mailto:Pac...@li...> https://lists.sourceforge.net/lists/listinfo/packetfence-users -- Fabrice Durand fd...@in...<mailto:fd...@in...> :: +1.514.447.4918 (x135) :: www.inverse.ca<http://www.inverse.ca> Inverse inc. :: Leaders behind SOGo (http://www.sogo.nu) and PacketFence (http://packetfence.org) --------------------------------------------------------------------- - -------- Download BIRT iHub F-Type - The Free Enterprise-Grade BIRT Server from Actuate! Instantly Supercharge Your Business Reports and Dashboards with Interactivity, Sharing, Native Excel Exports, App Integration & more Get technology previously reserved for billion-dollar corporations, FREE http://pubads.g.doubleclick.net/gampad/clk?id=190641631&iu=/4140/ostg. clktrk _______________________________________________ PacketFence-users mailing list Pac...@li...<mailto:Pac...@li...> https://lists.sourceforge.net/lists/listinfo/packetfence-users -- Fabrice Durand fd...@in...<mailto:fd...@in...> :: +1.514.447.4918 (x135) :: www.inverse.ca<http://www.inverse.ca> Inverse inc. :: Leaders behind SOGo (http://www.sogo.nu) and PacketFence (http://packetfence.org) ---------------------------------------------------------------------- -------- Download BIRT iHub F-Type - The Free Enterprise-Grade BIRT Server from Actuate! Instantly Supercharge Your Business Reports and Dashboards with Interactivity, Sharing, Native Excel Exports, App Integration & more Get technology previously reserved for billion-dollar corporations, FREE http://pubads.g.doubleclick.net/gampad/clk?id=190641631&iu=/4140/ostg. clktrk _______________________________________________ PacketFence-users mailing list Pac...@li...<mailto:Pac...@li...> https://lists.sourceforge.net/lists/listinfo/packetfence-users -- Fabrice Durand fd...@in...<mailto:fd...@in...> :: +1.514.447.4918 (x135) :: www.inverse.ca<http://www.inverse.ca> Inverse inc. :: Leaders behind SOGo (http://www.sogo.nu) and PacketFence ( http://packetfence.org) ------------------------------------------------------------------------------ Download BIRT iHub F-Type - The Free Enterprise-Grade BIRT Server from Actuate! Instantly Supercharge Your Business Reports and Dashboards with Interactivity, Sharing, Native Excel Exports, App Integration & more Get technology previously reserved for billion-dollar corporations, FREE http://pubads.g.doubleclick.net/gampad/clk?id=190641631&iu=/4140/ostg.clktrk _______________________________________________ PacketFence-users mailing list Pac...@li...<mailto:Pac...@li...> https://lists.sourceforge.net/lists/listinfo/packetfence-users ------------------------------------------------------------------------------ Download BIRT iHub F-Type - The Free Enterprise-Grade BIRT Server from Actuate! Instantly Supercharge Your Business Reports and Dashboards with Interactivity, Sharing, Native Excel Exports, App Integration & more Get technology previously reserved for billion-dollar corporations, FREE http://pubads.g.doubleclick.net/gampad/clk?id=190641631&iu=/4140/ostg.clktrk _______________________________________________ PacketFence-users mailing list Pac...@li...<mailto:Pac...@li...> https://lists.sourceforge.net/lists/listinfo/packetfence-users |
