Hi Guys,
We have PF version 4.3.0 and Nessus 5.2, the perl package that start the
nessus scans (the API to interact with the REST protocol of Nessus) DOES
NOT work with the 6.0 version of Nessus, they changed the REST protocol for
that version. I don´t know if that perl package to interact with nessus had
been updated to work with the 6.0 version, but our last try tell us that We
need to rewrite that perl package to make it work (
perl-Net-Nessus-XMLRPC-0.40-1.el6.noarch). Rigth now your best way to do
this is downgrade your Nessus install to a 5.XX series and is going to work
without any problem, or ask for support with the Guys of Inverse to make
itworks with that version, they are very capable and very efficient to
solve this kind of situations. My advice is if you have license paid for
nessus, go to the support portal and download a 5.x.x series RPM and will
work very smooth, the other thing is that you need to have the policy
created inside the nessus server.
I hope that this can help you,
Best Regards,
On Wed, Feb 18, 2015 at 1:40 PM, Delisle, Pierre-Luc <
[email protected]> wrote:
> Yes. Nessus service is installed on the PacketFence server, so
> 127.0.0.1:8834 works.
>
> I also tried using a remote Nessus server and got the exact same error.
>
> _____________________________
> Pierre-Luc Delisle
> Département d'assurance qualité
> Quality assurance department
> Hewlett-Packard Networking
> [email protected]
> Téléphone: (514) 920-2511 T
> Hewlett-Packard Company
> 2344 Alfred-Nobel, 2e étage
> Montréal, QC, H4S 0A4
> Canada
>
>
>
> -----Original Message-----
> From: Fabrice DURAND [mailto:[email protected]]
> Sent: Wednesday, February 18, 2015 1:36 PM
> To: [email protected]
> Subject: Re: [PacketFence-users] PacketFence ZEN 4.6.0 with Nessus 6.2.1 -
> Cannot configure scan on registration
>
> Ok, does nessus run on 127.0.0.1:8834 ?
>
> Regards
> Fabrice
>
> Le 2015-02-18 13:07, Delisle, Pierre-Luc a écrit :
> > The result is :
> > Nessus-6.2.1-es6.x64_64
> > perl-Net-Nessus-XMLRPC-0.40-1.el6.noarch
> >
> > Thanks
> >
> > _____________________________
> > Pierre-Luc Delisle
> > Département d'assurance qualité
> > Quality assurance department
> > Hewlett-Packard Networking
> > [email protected]
> > Téléphone: (514) 920-2511 T
> > Hewlett-Packard Company
> > 2344 Alfred-Nobel, 2e étage
> > Montréal, QC, H4S 0A4
> > Canada
> >
> >
> >
> > -----Original Message-----
> > From: Fabrice DURAND [mailto:[email protected]]
> > Sent: Wednesday, February 18, 2015 12:59 PM
> > To: [email protected]
> > Subject: Re: [PacketFence-users] PacketFence ZEN 4.6.0 with Nessus
> > 6.2.1 - Cannot configure scan on registration
> >
> > Can you paste me the result of:
> >
> > rpm -qa|grep Nessus
> >
> > or
> > dpkg -i|grep nessus
> >
> > Thanks
> > Fabrice
> >
> > Le 2015-02-18 12:37, Delisle, Pierre-Luc a écrit :
> >> Thanks a lot for your answer.
> >>
> >> I've modified the pf.conf file according to your description.
> Unfortunately, when I restart the packetfence service (service packetfence
> restart), the config file revert back to this :
> >>
> >> [general]
> >> #
> >> # general.domain
> >> #
> >> # Domain name of PacketFence system.
> >> domain=secure.LAN
> >> #
> >> # general.hostname
> >> #
> >> # Hostname of PacketFence system. This is concatenated with the domain
> in Apache rewriting rules and therefore must be resolvable by clients.
> >> hostname=centos-packetfence
> >>
> >> [trapping]
> >> #
> >> # trapping.range
> >> #
> >> # Comma-delimited list of address ranges/CIDR blocks that PacketFence
> >> will monitor/detect/trap on. Gateway, network, and # broadcast
> addresses are ignored.
> >> range=192.168.0.0/16
> >>
> >> [alerting]
> >> #
> >> # alerting.emailaddr
> >> #
> >> # Email address to which notifications of rogue DHCP servers,
> >> violations with an action of "email", or any other #
> PacketFence-related message goes to.
> >> [email protected]
> >>
> >> [scan]
> >> #
> >> # scan.engine
> >> #
> >> # Which scan engine to use to perform client-side policy compliance.
> >> engine=nessus
> >> #
> >> # scan.registration
> >> #
> >> # If this option is enabled, the PF system will scan each host after
> >> # registration is complete.
> >> registration=enabled
> >> #
> >> # scan.duration
> >> duration=15s
> >> #
> >> # scan.user
> >> #
> >> # Username to log into scanning engine with.
> >> user=administrator
> >> #
> >> # scan.pass
> >> #
> >> # Password to log into scanning engine with.
> >> pass=79Lubonja
> >> #
> >> # scan.nessus_clientpolicy
> >> #
> >> # Name of the remote policy on the nessus server
> >> nessus_clientpolicy=BasicNetScan
> >>
> >> [database]
> >> #
> >> # database.pass
> >> #
> >> # Password for the mysql database used by PacketFence.
> >> pass=79Lubonja
> >>
> >> [captive_portal]
> >> #
> >> # captive_portal.secure_redirect
> >> #
> >> # If secure_redirect is enabled, the captive portal uses HTTPS when
> >> redirecting # captured clients. This is the default behavior.
> >> secure_redirect=disabled
> >>
> >> [interface eth0.3058]
> >> ip=172.16.0.20
> >> type=management
> >> mask=255.255.0.0
> >>
> >> [interface eth0.3158]
> >> enforcement=inlinel2
> >> ip=192.168.0.20
> >> type=internal
> >> mask=255.255.0.0
> >>
> >>
> >>
> >> I guess it discards the default value.
> >>
> >> I tried this config and still no scan is running in nessus and I still
> have the same fatal error in packetfence.log.
> >>
> >> _____________________________
> >> Pierre-Luc Delisle
> >> Département d'assurance qualité
> >> Quality assurance department
> >> Hewlett-Packard Networking
> >> [email protected]
> >> Téléphone: (514) 920-2511 T
> >> Hewlett-Packard Company
> >> 2344 Alfred-Nobel, 2e étage
> >> Montréal, QC, H4S 0A4
> >> Canada
> >>
> >>
> >>
> >> -----Original Message-----
> >> From: Fabrice DURAND [mailto:[email protected]]
> >> Sent: Wednesday, February 18, 2015 11:42 AM
> >> To: [email protected]
> >> Subject: Re: [PacketFence-users] PacketFence ZEN 4.6.0 with Nessus
> >> 6.2.1 - Cannot configure scan on registration
> >>
> >> Hello Pierre-Luc,
> >>
> >> it look like it miss stuff in your scan definition (host):
> >>
> >> [scan]
> >> #
> >> # scan.engine
> >> #
> >> # Which scan engine to use to perform client-side policy compliance.
> >> engine=nessus
> >> #
> >> # scan.duration
> >> #
> >> # Approximate duration of a scan. User being scanned on registration
> are presented a progress bar # for this duration, afterwards the browser
> refreshes until scan is complete.
> >> duration=15s
> >> #
> >> # scan.host
> >> #
> >> # Host the scanning engine is running on. For performance reasons, we
> # recommend running the scanning engine on a remote server. A passthrough
> will # be automagically created.
> >> host=10.0.0.1
> >> #
> >> # scan.user
> >> #
> >> # Username to log into scanning engine with.
> >> user=administrator
> >> #
> >> # scan.pass
> >> #
> >> # Password to log into scanning engine with.
> >> pass=XXXXXXXXXXXXXXXXXXX #hidden
> >> #
> >> # scan.nessus_clientpolicy
> >> #
> >> # Name of the remote policy on the nessus server
> >> nessus_clientpolicy=BasicNetScan
> >>
> >>
> >> Regards
> >> Fabrice
> >>
> >>
> >> Le 2015-02-18 11:34, Delisle, Pierre-Luc a écrit :
> >>> Hi,
> >>>
> >>>
> >>>
> >>> It's been two days that I am trying to configure automatic system
> >>> scan on registration for PacketFence with Nessus and it doesn't work.
> >>>
> >>>
> >>>
> >>> So far, here is the setup :
> >>>
> >>>
> >>>
> >>> VM : PacketFence ZEN 4.6.0 + Nessus 6.2.1
> >>>
> >>> Enforcement : Inline Enforcement
> >>>
> >>> Inline network : 192.168.0.0/16
> >>>
> >>> Management network : 172.16.0.0/16
> >>> Server IP : 172.16.0.20/16
> >>>
> >>>
> >>>
> >>> Pf.conf file :
> >>>
> >>>
> >>>
> >>> [general]
> >>>
> >>> #
> >>>
> >>> # general.domain
> >>>
> >>> #
> >>>
> >>> # Domain name of PacketFence system.
> >>>
> >>> domain=secure.LAN
> >>>
> >>> #
> >>>
> >>> # general.hostname
> >>>
> >>> #
> >>>
> >>> # Hostname of PacketFence system. This is concatenated with the
> >>> domain in Apache rewriting rules and therefore must be resolvable by
> >>> clients.
> >>>
> >>> hostname=centos-packetfence
> >>>
> >>>
> >>>
> >>> [trapping]
> >>>
> >>> #
> >>>
> >>> # trapping.range
> >>>
> >>> #
> >>>
> >>> # Comma-delimited list of address ranges/CIDR blocks that
> >>> PacketFence will monitor/detect/trap on. Gateway, network, and
> >>>
> >>> # broadcast addresses are ignored.
> >>>
> >>> range=192.168.0.0/16
> >>>
> >>> #
> >>>
> >>> # trapping.detection
> >>>
> >>> #
> >>>
> >>> # Enables snort-based worm detection. If you don't have a span
> >>> interface available, don't bother enabling it. If you do,
> >>>
> >>> # you'll most definately want this on.
> >>>
> >>> detection=enabled
> >>>
> >>>
> >>>
> >>> [alerting]
> >>>
> >>> #
> >>>
> >>> # alerting.emailaddr
> >>>
> >>> #
> >>>
> >>> # Email address to which notifications of rogue DHCP servers,
> >>> violations with an action of "email", or any other
> >>>
> >>> # PacketFence-related message goes to.
> >>>
> >>> [email protected]
> >>>
> >>>
> >>>
> >>> [scan]
> >>>
> >>> #
> >>>
> >>> # scan.engine
> >>>
> >>> #
> >>>
> >>> # Which scan engine to use to perform client-side policy compliance.
> >>>
> >>> engine=nessus
> >>>
> >>> #
> >>>
> >>> # scan.user
> >>>
> >>> #
> >>>
> >>> # Username to log into scanning engine with.
> >>>
> >>> user=administrator
> >>>
> >>> #
> >>>
> >>> # scan.pass
> >>>
> >>> #
> >>>
> >>> # Password to log into scanning engine with.
> >>>
> >>> pass=XXXXXXXXXXXXXXXXXXX #hidden
> >>>
> >>> #
> >>>
> >>> # scan.nessus_clientpolicy
> >>>
> >>> #
> >>>
> >>> # Name of the remote policy on the nessus server
> >>>
> >>> nessus_clientpolicy=BasicNetScan
> >>>
> >>>
> >>>
> >>> [database]
> >>>
> >>> #
> >>>
> >>> # database.pass
> >>>
> >>> #
> >>>
> >>> # Password for the mysql database used by PacketFence.
> >>>
> >>> pass=79Lubonja
> >>>
> >>>
> >>>
> >>> [captive_portal]
> >>>
> >>> #
> >>>
> >>> # captive_portal.secure_redirect
> >>>
> >>> #
> >>>
> >>> # If secure_redirect is enabled, the captive portal uses HTTPS when
> >>> redirecting
> >>>
> >>> # captured clients. This is the default behavior.
> >>>
> >>> secure_redirect=disabled
> >>>
> >>>
> >>>
> >>> [interface eth0.3058]
> >>>
> >>> ip=172.16.0.20
> >>>
> >>> type=management
> >>>
> >>> mask=255.255.0.0
> >>>
> >>>
> >>>
> >>> [interface eth0.3158]
> >>>
> >>> enforcement=inlinel2
> >>>
> >>> ip=192.168.0.20
> >>>
> >>> type=internal
> >>>
> >>> mask=255.255.0.0
> >>>
> >>>
> >>>
> >>>
> >>>
> >>> network.conf
> >>>
> >>>
> >>>
> >>> [192.168.0.0]
> >>>
> >>> dns=192.168.1.1
> >>>
> >>> dhcp_start=192.168.0.10
> >>>
> >>> gateway=192.168.0.20
> >>>
> >>> domain-name=inlinel2.secure.LAN
> >>>
> >>> nat_enabled=enabled
> >>>
> >>> named=enabled
> >>>
> >>> dhcp_max_lease_time=86400
> >>>
> >>> fake_mac_enabled=disabled
> >>>
> >>> dhcpd=enabled
> >>>
> >>> dhcp_end=192.168.255.246
> >>>
> >>> type=inlinel2
> >>>
> >>> netmask=255.255.0.0
> >>>
> >>> dhcp_default_lease_time=86400
> >>>
> >>>
> >>>
> >>>
> >>>
> >>> violation.conf is untouched (default).
> >>>
> >>>
> >>>
> >>>
> >>>
> >>> Nessus service is up and running. I can log in and everything works.
> >>>
> >>>
> >>>
> >>> In packetfence.log, I have this line :
> >>>
> >>>
> >>>
> >>> Feb 18 11:16:32pfcmd.pl(14072) FATAL: Can't use string ("") as a
> >>> HASH ref while "strict refs" in use at
> >>> /usr/share/perl5/vendor_perl/Net/Nessus/XMLRPC.pm line 665.
> >>>
> >>>
> >>>
> >>>
> >>>
> >>> What's wrong with my setup.
> >>>
> >>>
> >>>
> >>> It's been 15+ hours I try this and get always the same result and I
> >>> don't know what to do.
> >>>
> >>>
> >>>
> >>> Thank you very much for any help you can provide.
> >>>
> >>>
> >>>
> >>>
> >>>
> >>> Pierre-Luc Delisle
> >>>
> >>>
> >>>
> >>> --------------------------------------------------------------------
> >>> -
> >>> -
> >>> -------- Download BIRT iHub F-Type - The Free Enterprise-Grade BIRT
> >>> Server from Actuate! Instantly Supercharge Your Business Reports and
> >>> Dashboards with Interactivity, Sharing, Native Excel Exports, App
> >>> Integration & more Get technology previously reserved for
> >>> billion-dollar corporations, FREE
> >>> http://pubads.g.doubleclick.net/gampad/clk?id=190641631&iu=/4140/ostg.
> >>> clktrk
> >>>
> >>>
> >>> _______________________________________________
> >>> PacketFence-users mailing list
> >>> [email protected]
> >>> https://lists.sourceforge.net/lists/listinfo/packetfence-users
> >> --
> >> Fabrice Durand
> >> [email protected] :: +1.514.447.4918 (x135) :: www.inverse.ca
> >> Inverse inc. :: Leaders behind SOGo (http://www.sogo.nu) and
> >> PacketFence (http://packetfence.org)
> >>
> >>
> >> ---------------------------------------------------------------------
> >> -
> >> -------- Download BIRT iHub F-Type - The Free Enterprise-Grade BIRT
> >> Server from Actuate! Instantly Supercharge Your Business Reports and
> >> Dashboards with Interactivity, Sharing, Native Excel Exports, App
> >> Integration & more Get technology previously reserved for
> >> billion-dollar corporations, FREE
> >> http://pubads.g.doubleclick.net/gampad/clk?id=190641631&iu=/4140/ostg.
> >> clktrk _______________________________________________
> >> PacketFence-users mailing list
> >> [email protected]
> >> https://lists.sourceforge.net/lists/listinfo/packetfence-users
> >
> > --
> > Fabrice Durand
> > [email protected] :: +1.514.447.4918 (x135) :: www.inverse.ca
> > Inverse inc. :: Leaders behind SOGo (http://www.sogo.nu) and
> > PacketFence (http://packetfence.org)
> >
> >
> > ----------------------------------------------------------------------
> > -------- Download BIRT iHub F-Type - The Free Enterprise-Grade BIRT
> > Server from Actuate! Instantly Supercharge Your Business Reports and
> > Dashboards with Interactivity, Sharing, Native Excel Exports, App
> > Integration & more Get technology previously reserved for
> > billion-dollar corporations, FREE
> > http://pubads.g.doubleclick.net/gampad/clk?id=190641631&iu=/4140/ostg.
> > clktrk _______________________________________________
> > PacketFence-users mailing list
> > [email protected]
> > https://lists.sourceforge.net/lists/listinfo/packetfence-users
>
>
> --
> Fabrice Durand
> [email protected] :: +1.514.447.4918 (x135) :: www.inverse.ca Inverse
> inc. :: Leaders behind SOGo (http://www.sogo.nu) and PacketFence (
> http://packetfence.org)
>
>
>
> ------------------------------------------------------------------------------
> Download BIRT iHub F-Type - The Free Enterprise-Grade BIRT Server
> from Actuate! Instantly Supercharge Your Business Reports and Dashboards
> with Interactivity, Sharing, Native Excel Exports, App Integration & more
> Get technology previously reserved for billion-dollar corporations, FREE
>
> http://pubads.g.doubleclick.net/gampad/clk?id=190641631&iu=/4140/ostg.clktrk
> _______________________________________________
> PacketFence-users mailing list
> [email protected]
> https://lists.sourceforge.net/lists/listinfo/packetfence-users
>
--
*“Choose a job you love, and you will never have to work a day in your
life”*
------------------------------------------------------------------------------
Download BIRT iHub F-Type - The Free Enterprise-Grade BIRT Server
from Actuate! Instantly Supercharge Your Business Reports and Dashboards
with Interactivity, Sharing, Native Excel Exports, App Integration & more
Get technology previously reserved for billion-dollar corporations, FREE
http://pubads.g.doubleclick.net/gampad/clk?id=190641631&iu=/4140/ostg.clktrk
_______________________________________________
PacketFence-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/packetfence-users
