Re: [Packetfence-users] Packetfence & Nessus Configuration

Thu, 08 Sep 2011 10:27:07 -0700 

I can start scanning on my laptop on registration. The problem was my iptables. 
I has not configured correctly for my scan. I still have problems with my 
Nessus scan. As you see on my log file, Packetfence only picked up violation 
nessus id 34220 not 21725 or 55119. If I remove ID 34220 in the 
violations.conf, Packetfence will not detect other violations (as it shown on 
the dump file). Any ideas ??
 
 
 
 
***packetfence.log 
 
Sep 08 05:45:48 pfcmd(0) INFO: executing HOME=/usr/local/pf/conf/nessus/ 
/opt/nessus/bin/nessus -q -V -x --dot-nessus 
/usr/local/pf/conf/nessus/remotescan.nessus --policy-name RemoteScan 10.0.10.21 
1241 admin <password> --target-file 
/tmp/pf_nessus_192.168.2.15_2011-09-08-05:45:48.txt 
/usr/local/pf/html/admin/scan/results/dump_192.168.2.15_2011-09-08-05:45:48.nbe 
(pf::scan::runScan)
Sep 08 05:47:22 pfcmd(0) INFO: calling violation_trigger for ip: 192.168.2.15, 
mac: 00:21:70:90:4e:2f, Nessus ScanID: 34220 (pf::scan::runScan)
Sep 08 05:47:22 pfcmd(0) INFO: Nessus scan did not detect any vulnerabilities 
on 192.168.2.15 (pf::scan::runScan)
 
[root@pf-zen results]# cat dump_192.168.2.15_2011-09-08-05\:45\:48.nbe
timestamps|||scan_start|Thu Sep 08 09:48:31 2011|
timestamps||192.168.2.15|host_start|Thu Sep 08 09:48:31 2011|
results|192.168.2|192.168.2.15|epmap (135/tcp)
results|192.168.2|192.168.2.15|microsoft-ds (445/tcp)
results|192.168.2|192.168.2.15|jtag-server (1309/tcp)
results|192.168.2|192.168.2.15|device2 (2030/tcp)
results|192.168.2|192.168.2.15|netbios-ssn (139/tcp)
results|192.168.2|192.168.2.15|microsoft-ds (445/udp)
results|192.168.2|192.168.2.15|isakmp (500/udp)
results|192.168.2|192.168.2.15|ms-sql-m (1434/udp)
results|192.168.2|192.168.2.15|ipsec-nat-t (4500/udp)
results|192.168.2|192.168.2.15|ntp (123/udp)
results|192.168.2|192.168.2.15|netbios-ns (137/udp)
results|192.168.2|192.168.2.15|netbios-dgm (138/udp)
results|192.168.2|192.168.2.15|ssdp (1900/udp)
results|192.168.2|192.168.2.15|general/tcp|34220|Security Note|\nSynopsis 
:\n\nThe list of open ports could be retrieved by netstat.\n\nDescription 
:\n\nUsing the WMI interface, it is possible to get the open ports by\nrunning 
the netstat command remotely.\n\nSolution :\n\nn/a\n\nRisk factor :\n\nNone\n\n
results|192.168.2|192.168.2.15|microsoft-ds (445/tcp)|21725|Security 
Hole|\nSynopsis :\n\nSymantec Antivirus Corporate is installed.\n\nDescription 
:\n\nThis plugin checks that the remote host has Symantec Antivirus \nCorporate 
installed and properly running, and makes sure that the latest \nVdefs are 
loaded.\n\nSolution :\n\nMake sure SAVCE is installed, running and using the 
latest VDEFS.\n\nRisk factor :\n\nCritical / CVSS Base Score : 
10.0\n(CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)\n\nPlugin output :\n\nThe remote host 
has an antivirus software from Symantec installed. It has \nbeen fingerprinted 
as :\n\nSymantec Endpoint Protection : 13.0.6000.513\nDAT version : 
20110617\n\nThe remote host has an out-dated version of the Symantec 
\nCorporate virus signatures. Last version is 20110713\n\nAs a result, the 
remote host might be infected by viruses received by\nemail or other means.\n\n
results|192.168.2|192.168.2.15|microsoft-ds (445/tcp)|55119|Security 
Hole|\nSynopsis :\n\nThe Microsoft .NET Framework and/or Microsoft Silverlight 
install on\nthe remote host has a code execution vulnerability.\n\nDescription 
:\n\nThe remote Windows host is running a version of the Microsoft 
.NET\nFramework and/or Microsoft Silverlight affected by a code 
execution\nvulnerability. A specially crafted .NET application could 
access\nmemory unsafely, resulting in arbitrary code execution.\n\nSolution 
:\n\nMicrosoft has released a set of patches for .NET Framework 2.0, 3.5,\nand 
Silverlight 
:\n\nhttp://www.microsoft.com/technet/security/bulletin/MS11-039.mspx\n\nRisk 
factor :\n\nHigh / CVSS Base Score : 
9.3\n(CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)\n\nPlugin output :\n\nProduct : 
Microsoft Silverlight\n Path : C:\\Program Files\\Microsoft 
Silverlight\\4.0.50917.0\n Installed version : 4.0.50917.0\n Fixed version : 
4.0.60531.0\n\nCVE : CVE-2011-0664\nBID :
 48212\nOther references : OSVDB:72931, MSFT:MS11-039\n
timestamps||192.168.2.15|host_end|Thu Sep 08 09:49:59 2011|
timestamps|||scan_end|Thu Sep 08 09:50:01 2011|
** This is my pf.conf scan session
[scan]
ssl=enabled
pass=password
user=admin
port=1241
host=10.0.10.21
registration=enabled
nessusclient_file=remotescan.nessus
nessusclient_policy=RemoteScan
live_tids=34220,21725,53830,55119
** This is my violations.conf
[1300003]
desc=Check Antivirus Updates
priority=5
url=/remediation.php?template=system_scan
actions=log,trap
button=Virus Scan
trigger=Scan:34220,Scan::55119,Scan::53830,Scan::21725
disable=N
vlan=registrationVlan
------------------------------------------------------------------------------
Doing More with Less: The Next Generation Virtual Desktop 
What are the key obstacles that have prevented many mid-market businesses
from deploying virtual desktops?   How do next-generation virtual desktops
provide companies an easier-to-deploy, easier-to-manage and more affordable
virtual desktop model.http://www.accelacomm.com/jaw/sfnl/114/51426474/
_______________________________________________
Packetfence-users mailing list
Packetfence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

Reply via email to