Hi Fabrice,
That will be great...
Best Regards,
El mié, feb 18, 2015 19:55, Durand fabrice <[email protected]> escribió:
> Hi Juan,
>
> thanks for the answer.
> I did a little search on cpan and eureka !
> https://metacpan.org/pod/Net::Nessus::REST
> We just have to write a new nessus.pm in PacketFence (like nessus6.pm)
> that use this lib.
>
> Regards
> Fabrice
>
> Le 2015-02-18 16:14, Juan Camilo Valencia a écrit :
>
> Hi Guys,
>
> We have PF version 4.3.0 and Nessus 5.2, the perl package that start the
> nessus scans (the API to interact with the REST protocol of Nessus) DOES
> NOT work with the 6.0 version of Nessus, they changed the REST protocol for
> that version. I don´t know if that perl package to interact with nessus had
> been updated to work with the 6.0 version, but our last try tell us that We
> need to rewrite that perl package to make it work (
> perl-Net-Nessus-XMLRPC-0.40-1.el6.noarch). Rigth now your best way to do
> this is downgrade your Nessus install to a 5.XX series and is going to work
> without any problem, or ask for support with the Guys of Inverse to make
> itworks with that version, they are very capable and very efficient to
> solve this kind of situations. My advice is if you have license paid for
> nessus, go to the support portal and download a 5.x.x series RPM and will
> work very smooth, the other thing is that you need to have the policy
> created inside the nessus server.
>
> I hope that this can help you,
>
> Best Regards,
>
> On Wed, Feb 18, 2015 at 1:40 PM, Delisle, Pierre-Luc
> <[email protected]> wrote:
>
>
> Yes. Nessus service is installed on the PacketFence server, so127.0.0.1:8834
> works.
>
> I also tried using a remote Nessus server and got the exact same error.
>
> _____________________________
> Pierre-Luc Delisle
> Département d'assurance qualité
> Quality assurance department
> Hewlett-Packard [email protected]
> Téléphone: (514) 920-2511 T
> Hewlett-Packard Company
> 2344 Alfred-Nobel, 2e étage
> Montréal, QC, H4S 0A4
> Canada
>
>
>
> -----Original Message-----
> From: Fabrice DURAND [mailto:[email protected] <[email protected]>]
> Sent: Wednesday, February 18, 2015 1:36 PM
> To: [email protected]
> Subject: Re: [PacketFence-users] PacketFence ZEN 4.6.0 with Nessus 6.2.1 -
> Cannot configure scan on registration
>
> Ok, does nessus run on 127.0.0.1:8834 ?
>
> Regards
> Fabrice
>
> Le 2015-02-18 13:07, Delisle, Pierre-Luc a écrit :
>
> The result is :
> Nessus-6.2.1-es6.x64_64
> perl-Net-Nessus-XMLRPC-0.40-1.el6.noarch
>
> Thanks
>
> _____________________________
> Pierre-Luc Delisle
> Département d'assurance qualité
> Quality assurance department
> Hewlett-Packard [email protected]
> Téléphone: (514) 920-2511 T
> Hewlett-Packard Company
> 2344 Alfred-Nobel, 2e étage
> Montréal, QC, H4S 0A4
> Canada
>
>
>
> -----Original Message-----
> From: Fabrice DURAND [mailto:[email protected] <[email protected]>]
> Sent: Wednesday, February 18, 2015 12:59 PM
> To: [email protected]
> Subject: Re: [PacketFence-users] PacketFence ZEN 4.6.0 with Nessus
> 6.2.1 - Cannot configure scan on registration
>
> Can you paste me the result of:
>
> rpm -qa|grep Nessus
>
> or
> dpkg -i|grep nessus
>
> Thanks
> Fabrice
>
> Le 2015-02-18 12:37, Delisle, Pierre-Luc a écrit :
>
> Thanks a lot for your answer.
>
> I've modified the pf.conf file according to your description.
>
> Unfortunately, when I restart the packetfence service (service packetfence
> restart), the config file revert back to this :
>
>
> [general]
> #
> # general.domain
> #
> # Domain name of PacketFence system.
> domain=secure.LAN
> #
> # general.hostname
> #
> # Hostname of PacketFence system. This is concatenated with the domain
>
> in Apache rewriting rules and therefore must be resolvable by clients.
>
> hostname=centos-packetfence
>
> [trapping]
> #
> # trapping.range
> #
> # Comma-delimited list of address ranges/CIDR blocks that PacketFence
> will monitor/detect/trap on. Gateway, network, and # broadcast
>
> addresses are ignored.
>
> range=192.168.0.0/16
>
> [alerting]
> #
> # alerting.emailaddr
> #
> # Email address to which notifications of rogue DHCP servers,
> violations with an action of "email", or any other #
>
> PacketFence-related message goes to.
>
> [email protected]
>
> [scan]
> #
> # scan.engine
> #
> # Which scan engine to use to perform client-side policy compliance.
> engine=nessus
> #
> # scan.registration
> #
> # If this option is enabled, the PF system will scan each host after
> # registration is complete.
> registration=enabled
> #
> # scan.duration
> duration=15s
> #
> # scan.user
> #
> # Username to log into scanning engine with.
> user=administrator
> #
> # scan.pass
> #
> # Password to log into scanning engine with.
> pass=79Lubonja
> #
> # scan.nessus_clientpolicy
> #
> # Name of the remote policy on the nessus server
> nessus_clientpolicy=BasicNetScan
>
> [database]
> #
> # database.pass
> #
> # Password for the mysql database used by PacketFence.
> pass=79Lubonja
>
> [captive_portal]
> #
> # captive_portal.secure_redirect
> #
> # If secure_redirect is enabled, the captive portal uses HTTPS when
> redirecting # captured clients. This is the default behavior.
> secure_redirect=disabled
>
> [interface eth0.3058]
> ip=172.16.0.20
> type=management
> mask=255.255.0.0
>
> [interface eth0.3158]
> enforcement=inlinel2
> ip=192.168.0.20
> type=internal
> mask=255.255.0.0
>
>
>
> I guess it discards the default value.
>
> I tried this config and still no scan is running in nessus and I still
>
> have the same fatal error in packetfence.log.
>
>
> _____________________________
> Pierre-Luc Delisle
> Département d'assurance qualité
> Quality assurance department
> Hewlett-Packard [email protected]
> Téléphone: (514) 920-2511 T
> Hewlett-Packard Company
> 2344 Alfred-Nobel, 2e étage
> Montréal, QC, H4S 0A4
> Canada
>
>
>
> -----Original Message-----
> From: Fabrice DURAND [mailto:[email protected] <[email protected]>]
> Sent: Wednesday, February 18, 2015 11:42 AM
> To: [email protected]
> Subject: Re: [PacketFence-users] PacketFence ZEN 4.6.0 with Nessus
> 6.2.1 - Cannot configure scan on registration
>
> Hello Pierre-Luc,
>
> it look like it miss stuff in your scan definition (host):
>
> [scan]
> #
> # scan.engine
> #
> # Which scan engine to use to perform client-side policy compliance.
> engine=nessus
> #
> # scan.duration
> #
> # Approximate duration of a scan. User being scanned on registration
>
> are presented a progress bar # for this duration, afterwards the browser
> refreshes until scan is complete.
>
> duration=15s
> #
> # scan.host
> #
> # Host the scanning engine is running on. For performance reasons, we
>
> # recommend running the scanning engine on a remote server. A passthrough
> will # be automagically created.
>
> host=10.0.0.1
> #
> # scan.user
> #
> # Username to log into scanning engine with.
> user=administrator
> #
> # scan.pass
> #
> # Password to log into scanning engine with.
> pass=XXXXXXXXXXXXXXXXXXX #hidden
> #
> # scan.nessus_clientpolicy
> #
> # Name of the remote policy on the nessus server
> nessus_clientpolicy=BasicNetScan
>
>
> Regards
> Fabrice
>
>
> Le 2015-02-18 11:34, Delisle, Pierre-Luc a écrit :
>
> Hi,
>
>
>
> It's been two days that I am trying to configure automatic system
> scan on registration for PacketFence with Nessus and it doesn't work.
>
>
>
> So far, here is the setup :
>
>
>
> VM : PacketFence ZEN 4.6.0 + Nessus 6.2.1
>
> Enforcement : Inline Enforcement
>
> Inline network : 192.168.0.0/16
>
> Management network : 172.16.0.0/16
> Server IP : 172.16.0.20/16
>
>
>
> Pf.conf file :
>
>
>
> [general]
>
> #
>
> # general.domain
>
> #
>
> # Domain name of PacketFence system.
>
> domain=secure.LAN
>
> #
>
> # general.hostname
>
> #
>
> # Hostname of PacketFence system. This is concatenated with the
> domain in Apache rewriting rules and therefore must be resolvable by
> clients.
>
> hostname=centos-packetfence
>
>
>
> [trapping]
>
> #
>
> # trapping.range
>
> #
>
> # Comma-delimited list of address ranges/CIDR blocks that
> PacketFence will monitor/detect/trap on. Gateway, network, and
>
> # broadcast addresses are ignored.
>
> range=192.168.0.0/16
>
> #
>
> # trapping.detection
>
> #
>
> # Enables snort-based worm detection. If you don't have a span
> interface available, don't bother enabling it. If you do,
>
> # you'll most definately want this on.
>
> detection=enabled
>
>
>
> [alerting]
>
> #
>
> # alerting.emailaddr
>
> #
>
> # Email address to which notifications of rogue DHCP servers,
> violations with an action of "email", or any other
>
> # PacketFence-related message goes to.
> [email protected]
>
>
>
> [scan]
>
> #
>
> # scan.engine
>
> #
>
> # Which scan engine to use to perform client-side policy compliance.
>
> engine=nessus
>
> #
>
> # scan.user
>
> #
>
> # Username to log into scanning engine with.
>
> user=administrator
>
> #
>
> # scan.pass
>
> #
>
> # Password to log into scanning engine with.
>
> pass=XXXXXXXXXXXXXXXXXXX #hidden
>
> #
>
> # scan.nessus_clientpolicy
>
> #
>
> # Name of the remote policy on the nessus server
>
> nessus_clientpolicy=BasicNetScan
>
>
>
> [database]
>
> #
>
> # database.pass
>
> #
>
> # Password for the mysql database used by PacketFence.
>
> pass=79Lubonja
>
>
>
> [captive_portal]
>
> #
>
> # captive_portal.secure_redirect
>
> #
>
> # If secure_redirect is enabled, the captive portal uses HTTPS when
> redirecting
>
> # captured clients. This is the default behavior.
>
> secure_redirect=disabled
>
>
>
> [interface eth0.3058]
>
> ip=172.16.0.20
>
> type=management
>
> mask=255.255.0.0
>
>
>
> [interface eth0.3158]
>
> enforcement=inlinel2
>
> ip=192.168.0.20
>
> type=internal
>
> mask=255.255.0.0
>
>
>
>
>
> network.conf
>
>
>
> [192.168.0.0]
>
> dns=192.168.1.1
>
> dhcp_start=192.168.0.10
>
> gateway=192.168.0.20
>
> domain-name=inlinel2.secure.LAN
>
> nat_enabled=enabled
>
> named=enabled
>
> dhcp_max_lease_time=86400
>
> fake_mac_enabled=disabled
>
> dhcpd=enabled
>
> dhcp_end=192.168.255.246
>
> type=inlinel2
>
> netmask=255.255.0.0
>
> dhcp_default_lease_time=86400
>
>
>
>
>
> violation.conf is untouched (default).
>
>
>
>
>
> Nessus service is up and running. I can log in and everything works.
>
>
>
> In packetfence.log, I have this line :
>
>
>
> Feb 18 11:16:32pfcmd.pl(14072) FATAL: Can't use string ("") as a
> HASH ref while "strict refs" in use at
> /usr/share/perl5/vendor_perl/Net/Nessus/XMLRPC.pm line 665.
>
>
>
>
>
> What's wrong with my setup.
>
>
>
> It's been 15+ hours I try this and get always the same result and I
> don't know what to do.
>
>
>
> Thank you very much for any help you can provide.
>
>
>
>
>
> Pierre-Luc Delisle
>
>
>
> --------------------------------------------------------------------
> -
> -
> -------- Download BIRT iHub F-Type - The Free Enterprise-Grade BIRT
> Server from Actuate! Instantly Supercharge Your Business Reports and
> Dashboards with Interactivity, Sharing, Native Excel Exports, App
> Integration & more Get technology previously reserved for
> billion-dollar corporations,
> FREEhttp://pubads.g.doubleclick.net/gampad/clk?id=190641631&iu=/4140/ostg.
> clktrk
>
>
> _______________________________________________
> PacketFence-users mailing
> [email protected]https://lists.sourceforge.net/lists/listinfo/packetfence-users
>
> --
> Fabrice [email protected] :: +1.514.447.4918 (x135) :: www.inverse.ca
> Inverse inc. :: Leaders behind SOGo (http://www.sogo.nu) and
> PacketFence (http://packetfence.org)
>
>
> ---------------------------------------------------------------------
> -
> -------- Download BIRT iHub F-Type - The Free Enterprise-Grade BIRT
> Server from Actuate! Instantly Supercharge Your Business Reports and
> Dashboards with Interactivity, Sharing, Native Excel Exports, App
> Integration & more Get technology previously reserved for
> billion-dollar corporations,
> FREEhttp://pubads.g.doubleclick.net/gampad/clk?id=190641631&iu=/4140/ostg.
> clktrk _______________________________________________
> PacketFence-users mailing
> [email protected]https://lists.sourceforge.net/lists/listinfo/packetfence-users
>
>
> --
> Fabrice [email protected] :: +1.514.447.4918 (x135) :: www.inverse.ca
> Inverse inc. :: Leaders behind SOGo (http://www.sogo.nu) and
> PacketFence (http://packetfence.org)
>
>
> ----------------------------------------------------------------------
> -------- Download BIRT iHub F-Type - The Free Enterprise-Grade BIRT
> Server from Actuate! Instantly Supercharge Your Business Reports and
> Dashboards with Interactivity, Sharing, Native Excel Exports, App
> Integration & more Get technology previously reserved for
> billion-dollar corporations,
> FREEhttp://pubads.g.doubleclick.net/gampad/clk?id=190641631&iu=/4140/ostg.
> clktrk _______________________________________________
> PacketFence-users mailing
> [email protected]https://lists.sourceforge.net/lists/listinfo/packetfence-users
>
>
>
> --
> Fabrice [email protected] :: +1.514.447.4918 (x135) :: www.inverse.ca
>
> Inverse
> inc. :: Leaders behind SOGo (http://www.sogo.nu) and PacketFence
> (http://packetfence.org)
>
>
>
> ------------------------------------------------------------------------------
> Download BIRT iHub F-Type - The Free Enterprise-Grade BIRT Server
> from Actuate! Instantly Supercharge Your Business Reports and Dashboards
> with Interactivity, Sharing, Native Excel Exports, App Integration & more
> Get technology previously reserved for billion-dollar corporations, FREE
>
>
> http://pubads.g.doubleclick.net/gampad/clk?id=190641631&iu=/4140/ostg.clktrk
> _______________________________________________
> PacketFence-users mailing
> [email protected]https://lists.sourceforge.net/lists/listinfo/packetfence-users
>
>
>
>
>
> ------------------------------------------------------------------------------
> Download BIRT iHub F-Type - The Free Enterprise-Grade BIRT Server
> from Actuate! Instantly Supercharge Your Business Reports and Dashboards
> with Interactivity, Sharing, Native Excel Exports, App Integration & more
> Get technology previously reserved for billion-dollar corporations,
> FREEhttp://pubads.g.doubleclick.net/gampad/clk?id=190641631&iu=/4140/ostg.clktrk
>
>
>
> _______________________________________________
> PacketFence-users mailing
> [email protected]https://lists.sourceforge.net/lists/listinfo/packetfence-users
>
> ------------------------------------------------------------
> ------------------
> Download BIRT iHub F-Type - The Free Enterprise-Grade BIRT Server
> from Actuate! Instantly Supercharge Your Business Reports and Dashboards
> with Interactivity, Sharing, Native Excel Exports, App Integration & more
> Get technology previously reserved for billion-dollar corporations, FREE
> http://pubads.g.doubleclick.net/gampad/clk?id=190641631&;
> iu=/4140/ostg.clktrk_______________________________________________
> PacketFence-users mailing list
> [email protected]
> https://lists.sourceforge.net/lists/listinfo/packetfence-users
>
------------------------------------------------------------------------------
Download BIRT iHub F-Type - The Free Enterprise-Grade BIRT Server
from Actuate! Instantly Supercharge Your Business Reports and Dashboards
with Interactivity, Sharing, Native Excel Exports, App Integration & more
Get technology previously reserved for billion-dollar corporations, FREE
http://pubads.g.doubleclick.net/gampad/clk?id=190641631&iu=/4140/ostg.clktrk
_______________________________________________
PacketFence-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/packetfence-users
