Menu
▾
▴
Re: [PacketFence-users] Error communicatin with Nessus
|
From: Cristian M. <c.m...@ap...> - 2017-08-10 09:04:55
|
Thanks Akala, I think the Nessus::REST shipped by inverse repo has multiple problems [root@srvpf pf]# rpm -qf /usr/share/perl5/vendor_perl/Net/Nessus/REST.pm perl-Net-Nessus-REST-0.2-4.1.noarch [root@srvpf pf]# yum info perl-Net-Nessus-REST-0.2-4.1.noarch Loaded plugins: fastestmirror Loading mirror speeds from cached hostfile * atomic: www4.atomicorp.com * base: it.centos.contactlab.it * extras: it.centos.contactlab.it * updates: it.centos.contactlab.it Installed Packages Name : perl-Net-Nessus-REST Arch : noarch Version : 0.2 Release : 4.1 Size : 23 k Repo : installed From repo : packetfence Summary : Communicate with Nessus scanner(v6+) via REST URL : http://search.cpan.org/~grousse/Net-Nessus-REST-0.2/ License : Artistic/GPL Description : This is Perl interface for communication with Nessus scanner over XMLRPC. You : can start, stop, pause and resume scan. Watch progress and status of scan, : download report, etc. There is no ssl_opts => { verify_hostname => 0 } (even if this coul be passed directly by nessus6.pm). The function get_scanner_id is missing I brutally replaced /usr/share/perl5/vendor_perl/Net/Nessus/REST.pm with the last upstream version: wget http://cpansearch.perl.org/src/GROUSSE/Net-Nessus-REST-v0.7.0/lib/Net/Nessus/REST.pm -O /usr/share/perl5/vendor_perl/Net/Nessus/REST.pm and modified lib/pf/scan/nessus6.pm like this: --- lib/pf/scan/nessus6.pm.orig 2017-08-10 11:02:24.977268702 +0200 +++ lib/pf/scan/nessus6.pm 2017-08-10 10:45:59.439102230 +0200 @@ -92,7 +92,7 @@ my $scanner_name = $self->{_scannername}; my $format = $self->{_format}; - my $nessus = Net::Nessus::REST->new(url => 'https://'.$host.':'.$port); + my $nessus = Net::Nessus::REST->new(url => 'https://'.$host.':'.$port, ssl_opts => { verify_hostname => 0 }); $nessus->create_session(username => $user, password => $pass); # Verify nessus policy ID on the server, nessus remote scanner id, set scan name and launch the scan My scan.conf is this: [nessus6_scan] ip=srvpf.gruppoapra.com duration=180s categories=employees port=8834 registration=0 username=admin post_registration=1 password=REDACTED pre_registration=0 oses=1 type=nessus6 scannername=Local Scanner nessus_clientpolicy=PacketFenceScan Now the scan starts: Aug 10 11:03:41 srvpf pfqueue: pfqueue(8101) INFO: [mac:20:cf:30:36:7c:bb] Nessus is scanning 192.168.15.80 (pf::scan::nessus6::startScan) Il 09/08/2017 20:40, Akala Kehinde ha scritto: > FYI below.. > Had to cc. the mail add.. for anyone interested in the ongoing convo... > > Regards, > Kehinde > > On Thu, Aug 3, 2017 at 11:08 PM, Juan Camilo Valencia > <jua...@se... > <mailto:jua...@se...>> wrote: > > Hi Kehinde, > > Yeah could be something really more simple but what looks like is > that the variable is not getting initialize probably because the > app is not delivering any data,or the scanner name is not correct, > let me see with the lab how to get that info manually and debug > this thing correctly. > > Best regards > > 2017-08-03 13:27 GMT-05:00 Akala Kehinde <keh...@gm... > <mailto:keh...@gm...>>: > > HI Juan, > > Actualy did that before sending the last mai, but to no avail. > Problem still persist. > > [MAWOH_NESSUS_SCAN] > ip=127.0.0.1 > duration=30s > categories=guest,staff > port=8843 > registration=1 > username=nessusadmin > post_registration=1 > password=password > pre_registration=1 > oses=1 > nessus_clientpolicy=testpolicy > type=nessus6 > scannername=Local > > Aug 3 20:27:06 egelsbach pfqueue: Use of uninitialized value > $scanner_id in string eq at > /usr/local/pf/lib/pf/scan/nessus6.pm <http://nessus6.pm> line 107. > Aug 3 20:27:06 egelsbach pfqueue: Use of uninitialized value > $scanner_id in concatenation (.) or string at > /usr/local/pf/lib/pf/scan/nessus6.pm <http://nessus6.pm> line 108. > Aug 3 20:27:06 egelsbach pfqueue: pfqueue(31127) WARN: > [mac:44:8a:5b:43:55:02] Nessus scanner name doesn't exist > (pf::scan::nessus6::startScan) > > Tough nut to crack really:) > > > Regards, > Kehinde > > On Thu, Aug 3, 2017 at 8:15 PM, Juan Camilo Valencia > <jua...@se... > <mailto:jua...@se...>> wrote: > > Ok. Try to change the scanner name conf in pf for "Local" > without quotes, make the test and you should see in your > nessus console a scan test named pf-something should work > now. > > Regards > > El 3 ago. 2017 1:12 PM, "Akala Kehinde" > <keh...@gm... <mailto:keh...@gm...>> > escribió: > > Hello JUan, > > Am a bit confused. I see no scanner name on the > Settings tab: > > Inline image 1 > > > Regards, > Kehinde > > On Thu, Aug 3, 2017 at 7:52 PM, Juan Camilo Valencia > <jua...@se... > <mailto:jua...@se...>> wrote: > > Hi Kehinde, > > None of those screenshots show the name of the > scanner. The first one is tje name of the scan > which is different. Try to take a look on the > settings tab of Nessus server and find the scanner > name. > > Best regards > > El 3 ago. 2017 12:16 PM, "Akala Kehinde" > <keh...@gm... > <mailto:keh...@gm...>> escribió: > > Hi Juan, > > > > Scan: > > Inline image 1 > > > Policy: > > Inline image 2 > > > Policy Cred: > > Inline image 3 > > Regards, > Kehinde > > On Thu, Aug 3, 2017 at 7:09 PM, Juan Camilo > Valencia <jua...@se... > <mailto:jua...@se...>> wrote: > > Try to send a screenshot of your nessus > server through the web page to see if > somwthing else is wrong. The function that > I sent you is an api function for nessus > rest interface to get the name of the > scanner in nessus server and it is > compared against the name in your nessus > configuration file that you just provided > me. You need to make sure that both of > them match. > > Best regards > > El 3 ago. 2017 11:52 AM, "Akala Kehinde" > <keh...@gm... > <mailto:keh...@gm...>> escribió: > > Hello Juan, > > Another error yet again:) > > Aug 3 18:19:24 egelsbach pfqueue: > pfqueue(22876) INFO: > [mac:44:8a:5b:43:55:02] New ID > generated: 1501777164175502 > (pf::util::generate_id) > Aug 3 18:19:25 egelsbach pfqueue: > pfqueue(22876) WARN: > [mac:44:8a:5b:43:55:02] Use of > uninitialized value $scanner_id in > string eq at > /usr/local/pf/lib/pf/scan/nessus6.pm > <http://nessus6.pm> line 107. > (pf::scan::nessus6::startScan) > Aug 3 18:19:25 egelsbach pfqueue: > pfqueue(22876) WARN: > [mac:44:8a:5b:43:55:02] Use of > uninitialized value $scanner_id in > concatenation (.) or string at > /usr/local/pf/lib/pf/scan/nessus6.pm > <http://nessus6.pm> line 108. > (pf::scan::nessus6::startScan) > Aug 3 18:19:25 egelsbach pfqueue: Use > of uninitialized value $scanner_id in > string eq at > /usr/local/pf/lib/pf/scan/nessus6.pm > <http://nessus6.pm> line 107. > Aug 3 18:19:25 egelsbach pfqueue: Use > of uninitialized value $scanner_id in > concatenation (.) or string at > /usr/local/pf/lib/pf/scan/nessus6.pm > <http://nessus6.pm> line 108. > Aug 3 18:19:25 egelsbach pfqueue: > pfqueue(22876) WARN: > [mac:44:8a:5b:43:55:02] Nessus scanner > name doesn't exist > (pf::scan::nessus6::startScan) > Aug 3 18:19:25 egelsbach > packetfence_httpd.webservices: > httpd.webservices(22080) WARN: > [mac:44:8a:5b:43:55:02] Use of > uninitialized value in pattern match > (m//) at > /usr/local/pf/lib/pf/violation.pm > <http://violation.pm> line 792. > (pf::violation::violation_close) > Aug 3 18:19:25 egelsbach > packetfence_httpd.webservices: > httpd.webservices(22080) WARN: > [mac:44:8a:5b:43:55:02] Use of > uninitialized value $max in numeric le > (<=) at > /usr/local/pf/lib/pf/violation.pm > <http://violation.pm> line 800. > (pf::violation::violation_close) > > The scanner name actually do exist in > the scan.conf file. > > [MAWOH_NESSUS_SCAN] > ip=127.0.0.1 > duration=30s > categories=guest,staff > port=8843 > registration=1 > username=nessusadmin > post_registration=1 > password=password > pre_registration=1 > oses=1 > nessus_clientpolicy=testpolicy > type=nessus6 > scannername=testscan > . > > > Regards, > Kehinde > > On Thu, Aug 3, 2017 at 6:02 PM, Juan > Camilo Valencia > <jua...@se... > <mailto:jua...@se...>> > wrote: > > Hi Kehinde, > > in Nessus6.pm change this line, > > my $scanner_id = > $nessus->get_scan_id(name => > $scanner_name); > > for > > my $scanner_id = > $nessus->get_scanner_id(name => > $scanner_name); > > > You were right, in the past I send > you a mismatch function however > should be working for what i saw > in the rest.pm <http://rest.pm> > file. Does not make so much sense > the error, but try to restart pf > at every change, > > perl apparently loads in memory > its functions, so if you change > the file is not going to be take > until you reload the library. I'll > hope this tine I catch it. > > Best Regards, > > > 2017-08-03 10:50 GMT-05:00 Akala > Kehinde <keh...@gm... > <mailto:keh...@gm...>>: > > Hello Juan, > > See attached... > > Regards, > Kehinde > > On Thu, Aug 3, 2017 at 5:42 > PM, Juan Camilo Valencia > <jua...@se... > <mailto:jua...@se...>> > wrote: > > HI, > > Just to be sure, please > attach the nessus6.pm > <http://nessus6.pm> file > and your current REST.pm > file to see where is the > problem should be > something so simple that > we are missing, > > Best Regards, > > 2017-08-03 10:20 GMT-05:00 > Akala Kehinde > <keh...@gm... > <mailto:keh...@gm...>>: > > Hi Juna, > > Even after adding the > funtion you sent > before and after I > reinstalled, I still > got the "Unknown > scanner at > /usr/local/pf/lib/pf/scan/nessus6.pm > <http://nessus6.pm> > line 123." error. > > Regards, > Kehinde > > On Thu, Aug 3, 2017 at > 5:18 PM, Akala Kehinde > <keh...@gm... > <mailto:keh...@gm...>> > wrote: > > Hello Juan, > > Reinstalled the > REST.rpm file from > the url you sent. > IT is the same as > what I had before > and not from a > different repo. > But still got the > smae errors I did > from the begiining > starting from line > 96 in the > nessus.pm > <http://nessus.pm> > file. > > I'm thinking > there's a mismatch > of variables or > function names > between the > nessus.pm > <http://nessus.pm> > and REST.rpm files. > > Regards, > Kehinde > > On Thu, Aug 3, > 2017 at 4:28 PM, > Juan Camilo > Valencia > <jua...@se... > <mailto:jua...@se...>> > wrote: > > Hi Akala, > > Again is your > REST.pm file > what is > creating all > the problems, > and probably > it will > continue, so > please delete > the last > chanes you did > in the > Nessus6.pm, an > go to your > REST.pm and > add this function, > > sub > get_scanner_id { > my ($self, > %params) = @_; > > croak > "missing name > parameter" > unless > $params{name}; > > my > $scanner = > first { > $_->{name} eq > $params{name}} > $self->list_scanners(); > return unless > $scanner; > return > $scanner->{id}; > } > > This should > fix that > error, but > probably you > are going to > have another > problems... if > it fix all the > Nessus issues > whit this > changes taht > will be great, > however I > strongly > recommend go > to > https://inverse.ca/downloads/PacketFence/CentOS7/x86_64/RPMS/ > <https://inverse.ca/downloads/PacketFence/CentOS7/x86_64/RPMS/> > and look for > perl-Nessus-REST > rpm file and > reinstall it > in your system > that should > fix every > problem > related whit > Nessus. > > Best regards, > > 2017-08-03 > 9:01 GMT-05:00 > Akala Kehinde > <keh...@gm... > <mailto:keh...@gm...>>: > > Hello JUan, > > Still > doesn't > work when > I tried > somethn > like this: > > # my > $scan_name > = > "pf-".$hostaddr."-".$nessus_clientpolicy; > my > $scan_name > = > "pftestscan"; > my > $scan_id = > $nessus->create_scan( > > > Regards, > Kehinde > > On Thu, > Aug 3, > 2017 at > 3:32 PM, > Juan > Camilo > Valencia > <jua...@se... > <mailto:jua...@se...>> > wrote: > > Hi Akala, > > Let me > check > the > code > again, > in the > past > you > can > connect > several > Nessus > servers > between > them > and in > a > centralize > way > send a > scan > at > local > server > and > specify > a > remote > nessus > instance, > so > that > is the > reason > because > you > have > that > variable > of the > nessus > scanner > name. > Make > sure > that > variable > is > initialize > at the > beginning > of the > code > with a > value, > if I'm > not > wrong > is > default, > which > nessus > takes > like > the > default > server. > However > if you > have a > particular > name, > change > the > variable > for > the > name > of the > nessus > scanner. > > In the > meanwhile > I will > be > reviewing > what > other > things > could > be > wrong > with this. > > Best > regards, > > El 3 > ago. > 2017 > 8:07 > AM, > "Akala > Kehinde" > <keh...@gm... > <mailto:keh...@gm...>> > escribió: > > Hello > Juan, > > Changed > the > line > and > it > worked, > but > not > iuntil > it > caught > another > error: > > Can't > locate > object > method > "get_scanner_id" > > > > via > package > "Net::Nessus::REST" > at > > > /usr/local/pf/lib/pf/scan/nessus6.pm > <http://nessus6.pm> > line > 106. > > Fixed > this > by > changin > line > 106 > to > > > my > $scanner_id > = > $nessus->get_scan_id(name > => > $scanner_name); > > Then > again > I > got > another > error > > > server > error: > > Unknown > scanner > at > /usr/local/pf/lib/pf/scan/nessus6.pm > <http://nessus6.pm> > line > 124. > > Any > ideas > how > to > fix > this.. > Seems > PF > wants > to > create > a > scanner > and > save > in > Nessus > server. > I > already > created > a > policy > and > scanner > in > Nessus > server > with > same > name > on PF. > > Any > clues > how > it > should > be > properly > done? > > > Regards, > > Kehinde > > On > Wed, > Aug > 2, > 2017 > at > 7:00 > AM, > Juan > Camilo > Valencia > <jua...@se... > <mailto:jua...@se...>> > wrote: > > Ok, > let > me > know. > > > El > 1 > ago. > 2017 > 11:43 > PM, > "Akala > Kehinde" > <keh...@gm... > <mailto:keh...@gm...>> > escribió: > > Thanks > Juan, > > > Will > give > that > a > try.. > > Regards, > > Kehinde > > On > Wed, > Aug > 2, > 2017 > at > 1:38 > AM, > Juan > Camilo > Valencia > <jua...@se... > <mailto:jua...@se...>> > wrote: > > Hi > Akala, > > > What > is > happening > is > that > you > have > a > package > outside > of > the > repo > of > PF > from > inverse > and > is > probably > the > cause > of > the > error, > in > REST.pm > look > for > this > line, > my > $agent > = > LWP::UserAgent->new(); > and > change > it > for > this > one, > my > $agent > = > LWP::UserAgent->new(ssl_opts > => > { > verify_hostname > => > 0 > }); > restart > pf, > and > give > it > a > try > again > to > see > if > it > works, > what > that > line > is > looking > is > to > avoid > to > check > the > validity > of > ssl > certificates. > > I > hope > that > solves > the > issue > if > not > let > me > know, > to > continue > debbuging > the > problem > and > see > if > we > can > find > the > root > cause. > > Best > Regards, > > 2017-08-01 > 17:09 > GMT-05:00 > Akala > Kehinde > <keh...@gm... > <mailto:keh...@gm...>>: > > Hallo > Juan, > > > See > below: > > [root@pfence > Nessus]# > cat > REST.pm > package > Net::Nessus::REST; > > use > warnings; > use > strict; > > use > Carp; > use > LWP::UserAgent; > use > JSON; > use > List::Util > qw(first); > > our > $VERSION > = > 0.2; > > sub > new > { > > > my > ($class, > %params) > = > @_; > > > > my > $url > > = > $params{url} > || > 'https://localhost:8834/'; > ... [truncated message content] |
