Thanks a lot for your answer Juan. It is really appreciated !
I'm not crazy ! It wasn't working ! ahahah !
I will try to downgrade the version of Nessus and I will let you know if it
works.
Thanks a lot !
_____________________________
Pierre-Luc Delisle
Département d'assurance qualité
Quality assurance department
Hewlett-Packard Networking
[email protected]<mailto:[email protected]> *
Téléphone: (514) 920-2511 *
Hewlett-Packard Company
2344 Alfred-Nobel, 2e étage
Montréal, QC, H4S 0A4
Canada
[HP]<http://www.hp.com/>
From: Durand fabrice [mailto:[email protected]]
Sent: Wednesday, February 18, 2015 7:52 PM
To: [email protected]
Subject: Re: [PacketFence-users] PacketFence ZEN 4.6.0 with Nessus 6.2.1 -
Cannot configure scan on registration
Hi Juan,
thanks for the answer.
I did a little search on cpan and eureka !
https://metacpan.org/pod/Net::Nessus::REST
We just have to write a new nessus.pm in PacketFence (like nessus6.pm) that use
this lib.
Regards
Fabrice
Le 2015-02-18 16:14, Juan Camilo Valencia a écrit :
Hi Guys,
We have PF version 4.3.0 and Nessus 5.2, the perl package that start the
nessus scans (the API to interact with the REST protocol of Nessus) DOES
NOT work with the 6.0 version of Nessus, they changed the REST protocol for
that version. I don´t know if that perl package to interact with nessus had
been updated to work with the 6.0 version, but our last try tell us that We
need to rewrite that perl package to make it work (
perl-Net-Nessus-XMLRPC-0.40-1.el6.noarch). Rigth now your best way to do
this is downgrade your Nessus install to a 5.XX series and is going to work
without any problem, or ask for support with the Guys of Inverse to make
itworks with that version, they are very capable and very efficient to
solve this kind of situations. My advice is if you have license paid for
nessus, go to the support portal and download a 5.x.x series RPM and will
work very smooth, the other thing is that you need to have the policy
created inside the nessus server.
I hope that this can help you,
Best Regards,
On Wed, Feb 18, 2015 at 1:40 PM, Delisle, Pierre-Luc <
[email protected]<mailto:[email protected]>> wrote:
Yes. Nessus service is installed on the PacketFence server, so
127.0.0.1:8834 works.
I also tried using a remote Nessus server and got the exact same error.
_____________________________
Pierre-Luc Delisle
Département d'assurance qualité
Quality assurance department
Hewlett-Packard Networking
[email protected]<mailto:[email protected]>
Téléphone: (514) 920-2511 T
Hewlett-Packard Company
2344 Alfred-Nobel, 2e étage
Montréal, QC, H4S 0A4
Canada
-----Original Message-----
From: Fabrice DURAND [mailto:[email protected]]
Sent: Wednesday, February 18, 2015 1:36 PM
To:
[email protected]<mailto:[email protected]>
Subject: Re: [PacketFence-users] PacketFence ZEN 4.6.0 with Nessus 6.2.1 -
Cannot configure scan on registration
Ok, does nessus run on 127.0.0.1:8834 ?
Regards
Fabrice
Le 2015-02-18 13:07, Delisle, Pierre-Luc a écrit :
The result is :
Nessus-6.2.1-es6.x64_64
perl-Net-Nessus-XMLRPC-0.40-1.el6.noarch
Thanks
_____________________________
Pierre-Luc Delisle
Département d'assurance qualité
Quality assurance department
Hewlett-Packard Networking
[email protected]<mailto:[email protected]>
Téléphone: (514) 920-2511 T
Hewlett-Packard Company
2344 Alfred-Nobel, 2e étage
Montréal, QC, H4S 0A4
Canada
-----Original Message-----
From: Fabrice DURAND [mailto:[email protected]]
Sent: Wednesday, February 18, 2015 12:59 PM
To:
[email protected]<mailto:[email protected]>
Subject: Re: [PacketFence-users] PacketFence ZEN 4.6.0 with Nessus
6.2.1 - Cannot configure scan on registration
Can you paste me the result of:
rpm -qa|grep Nessus
or
dpkg -i|grep nessus
Thanks
Fabrice
Le 2015-02-18 12:37, Delisle, Pierre-Luc a écrit :
Thanks a lot for your answer.
I've modified the pf.conf file according to your description.
Unfortunately, when I restart the packetfence service (service packetfence
restart), the config file revert back to this :
[general]
#
# general.domain
#
# Domain name of PacketFence system.
domain=secure.LAN
#
# general.hostname
#
# Hostname of PacketFence system. This is concatenated with the domain
in Apache rewriting rules and therefore must be resolvable by clients.
hostname=centos-packetfence
[trapping]
#
# trapping.range
#
# Comma-delimited list of address ranges/CIDR blocks that PacketFence
will monitor/detect/trap on. Gateway, network, and # broadcast
addresses are ignored.
range=192.168.0.0/16
[alerting]
#
# alerting.emailaddr
#
# Email address to which notifications of rogue DHCP servers,
violations with an action of "email", or any other #
PacketFence-related message goes to.
[email protected]<mailto:[email protected]>
[scan]
#
# scan.engine
#
# Which scan engine to use to perform client-side policy compliance.
engine=nessus
#
# scan.registration
#
# If this option is enabled, the PF system will scan each host after
# registration is complete.
registration=enabled
#
# scan.duration
duration=15s
#
# scan.user
#
# Username to log into scanning engine with.
user=administrator
#
# scan.pass
#
# Password to log into scanning engine with.
pass=79Lubonja
#
# scan.nessus_clientpolicy
#
# Name of the remote policy on the nessus server
nessus_clientpolicy=BasicNetScan
[database]
#
# database.pass
#
# Password for the mysql database used by PacketFence.
pass=79Lubonja
[captive_portal]
#
# captive_portal.secure_redirect
#
# If secure_redirect is enabled, the captive portal uses HTTPS when
redirecting # captured clients. This is the default behavior.
secure_redirect=disabled
[interface eth0.3058]
ip=172.16.0.20
type=management
mask=255.255.0.0
[interface eth0.3158]
enforcement=inlinel2
ip=192.168.0.20
type=internal
mask=255.255.0.0
I guess it discards the default value.
I tried this config and still no scan is running in nessus and I still
have the same fatal error in packetfence.log.
_____________________________
Pierre-Luc Delisle
Département d'assurance qualité
Quality assurance department
Hewlett-Packard Networking
[email protected]<mailto:[email protected]>
Téléphone: (514) 920-2511 T
Hewlett-Packard Company
2344 Alfred-Nobel, 2e étage
Montréal, QC, H4S 0A4
Canada
-----Original Message-----
From: Fabrice DURAND [mailto:[email protected]]
Sent: Wednesday, February 18, 2015 11:42 AM
To:
[email protected]<mailto:[email protected]>
Subject: Re: [PacketFence-users] PacketFence ZEN 4.6.0 with Nessus
6.2.1 - Cannot configure scan on registration
Hello Pierre-Luc,
it look like it miss stuff in your scan definition (host):
[scan]
#
# scan.engine
#
# Which scan engine to use to perform client-side policy compliance.
engine=nessus
#
# scan.duration
#
# Approximate duration of a scan. User being scanned on registration
are presented a progress bar # for this duration, afterwards the browser
refreshes until scan is complete.
duration=15s
#
# scan.host
#
# Host the scanning engine is running on. For performance reasons, we
# recommend running the scanning engine on a remote server. A passthrough
will # be automagically created.
host=10.0.0.1
#
# scan.user
#
# Username to log into scanning engine with.
user=administrator
#
# scan.pass
#
# Password to log into scanning engine with.
pass=XXXXXXXXXXXXXXXXXXX #hidden
#
# scan.nessus_clientpolicy
#
# Name of the remote policy on the nessus server
nessus_clientpolicy=BasicNetScan
Regards
Fabrice
Le 2015-02-18 11:34, Delisle, Pierre-Luc a écrit :
Hi,
It's been two days that I am trying to configure automatic system
scan on registration for PacketFence with Nessus and it doesn't work.
So far, here is the setup :
VM : PacketFence ZEN 4.6.0 + Nessus 6.2.1
Enforcement : Inline Enforcement
Inline network : 192.168.0.0/16
Management network : 172.16.0.0/16
Server IP : 172.16.0.20/16
Pf.conf file :
[general]
#
# general.domain
#
# Domain name of PacketFence system.
domain=secure.LAN
#
# general.hostname
#
# Hostname of PacketFence system. This is concatenated with the
domain in Apache rewriting rules and therefore must be resolvable by
clients.
hostname=centos-packetfence
[trapping]
#
# trapping.range
#
# Comma-delimited list of address ranges/CIDR blocks that
PacketFence will monitor/detect/trap on. Gateway, network, and
# broadcast addresses are ignored.
range=192.168.0.0/16
#
# trapping.detection
#
# Enables snort-based worm detection. If you don't have a span
interface available, don't bother enabling it. If you do,
# you'll most definately want this on.
detection=enabled
[alerting]
#
# alerting.emailaddr
#
# Email address to which notifications of rogue DHCP servers,
violations with an action of "email", or any other
# PacketFence-related message goes to.
[email protected]<mailto:[email protected]>
[scan]
#
# scan.engine
#
# Which scan engine to use to perform client-side policy compliance.
engine=nessus
#
# scan.user
#
# Username to log into scanning engine with.
user=administrator
#
# scan.pass
#
# Password to log into scanning engine with.
pass=XXXXXXXXXXXXXXXXXXX #hidden
#
# scan.nessus_clientpolicy
#
# Name of the remote policy on the nessus server
nessus_clientpolicy=BasicNetScan
[database]
#
# database.pass
#
# Password for the mysql database used by PacketFence.
pass=79Lubonja
[captive_portal]
#
# captive_portal.secure_redirect
#
# If secure_redirect is enabled, the captive portal uses HTTPS when
redirecting
# captured clients. This is the default behavior.
secure_redirect=disabled
[interface eth0.3058]
ip=172.16.0.20
type=management
mask=255.255.0.0
[interface eth0.3158]
enforcement=inlinel2
ip=192.168.0.20
type=internal
mask=255.255.0.0
network.conf
[192.168.0.0]
dns=192.168.1.1
dhcp_start=192.168.0.10
gateway=192.168.0.20
domain-name=inlinel2.secure.LAN
nat_enabled=enabled
named=enabled
dhcp_max_lease_time=86400
fake_mac_enabled=disabled
dhcpd=enabled
dhcp_end=192.168.255.246
type=inlinel2
netmask=255.255.0.0
dhcp_default_lease_time=86400
violation.conf is untouched (default).
Nessus service is up and running. I can log in and everything works.
In packetfence.log, I have this line :
Feb 18 11:16:32pfcmd.pl(14072) FATAL: Can't use string ("") as a
HASH ref while "strict refs" in use at
/usr/share/perl5/vendor_perl/Net/Nessus/XMLRPC.pm line 665.
What's wrong with my setup.
It's been 15+ hours I try this and get always the same result and I
don't know what to do.
Thank you very much for any help you can provide.
Pierre-Luc Delisle
--------------------------------------------------------------------
-
-
-------- Download BIRT iHub F-Type - The Free Enterprise-Grade BIRT
Server from Actuate! Instantly Supercharge Your Business Reports and
Dashboards with Interactivity, Sharing, Native Excel Exports, App
Integration & more Get technology previously reserved for
billion-dollar corporations, FREE
http://pubads.g.doubleclick.net/gampad/clk?id=190641631&iu=/4140/ostg.
clktrk
_______________________________________________
PacketFence-users mailing list
[email protected]<mailto:[email protected]>
https://lists.sourceforge.net/lists/listinfo/packetfence-users
--
Fabrice Durand
[email protected]<mailto:[email protected]> :: +1.514.447.4918 (x135) ::
www.inverse.ca<http://www.inverse.ca>
Inverse inc. :: Leaders behind SOGo (http://www.sogo.nu) and
PacketFence (http://packetfence.org)
---------------------------------------------------------------------
-
-------- Download BIRT iHub F-Type - The Free Enterprise-Grade BIRT
Server from Actuate! Instantly Supercharge Your Business Reports and
Dashboards with Interactivity, Sharing, Native Excel Exports, App
Integration & more Get technology previously reserved for
billion-dollar corporations, FREE
http://pubads.g.doubleclick.net/gampad/clk?id=190641631&iu=/4140/ostg.
clktrk _______________________________________________
PacketFence-users mailing list
[email protected]<mailto:[email protected]>
https://lists.sourceforge.net/lists/listinfo/packetfence-users
--
Fabrice Durand
[email protected]<mailto:[email protected]> :: +1.514.447.4918 (x135) ::
www.inverse.ca<http://www.inverse.ca>
Inverse inc. :: Leaders behind SOGo (http://www.sogo.nu) and
PacketFence (http://packetfence.org)
----------------------------------------------------------------------
-------- Download BIRT iHub F-Type - The Free Enterprise-Grade BIRT
Server from Actuate! Instantly Supercharge Your Business Reports and
Dashboards with Interactivity, Sharing, Native Excel Exports, App
Integration & more Get technology previously reserved for
billion-dollar corporations, FREE
http://pubads.g.doubleclick.net/gampad/clk?id=190641631&iu=/4140/ostg.
clktrk _______________________________________________
PacketFence-users mailing list
[email protected]<mailto:[email protected]>
https://lists.sourceforge.net/lists/listinfo/packetfence-users
--
Fabrice Durand
[email protected]<mailto:[email protected]> :: +1.514.447.4918 (x135) ::
www.inverse.ca<http://www.inverse.ca> Inverse
inc. :: Leaders behind SOGo (http://www.sogo.nu) and PacketFence (
http://packetfence.org)
------------------------------------------------------------------------------
Download BIRT iHub F-Type - The Free Enterprise-Grade BIRT Server
from Actuate! Instantly Supercharge Your Business Reports and Dashboards
with Interactivity, Sharing, Native Excel Exports, App Integration & more
Get technology previously reserved for billion-dollar corporations, FREE
http://pubads.g.doubleclick.net/gampad/clk?id=190641631&iu=/4140/ostg.clktrk
_______________________________________________
PacketFence-users mailing list
[email protected]<mailto:[email protected]>
https://lists.sourceforge.net/lists/listinfo/packetfence-users
------------------------------------------------------------------------------
Download BIRT iHub F-Type - The Free Enterprise-Grade BIRT Server
from Actuate! Instantly Supercharge Your Business Reports and Dashboards
with Interactivity, Sharing, Native Excel Exports, App Integration & more
Get technology previously reserved for billion-dollar corporations, FREE
http://pubads.g.doubleclick.net/gampad/clk?id=190641631&iu=/4140/ostg.clktrk
_______________________________________________
PacketFence-users mailing list
[email protected]<mailto:[email protected]>
https://lists.sourceforge.net/lists/listinfo/packetfence-users
------------------------------------------------------------------------------
Download BIRT iHub F-Type - The Free Enterprise-Grade BIRT Server
from Actuate! Instantly Supercharge Your Business Reports and Dashboards
with Interactivity, Sharing, Native Excel Exports, App Integration & more
Get technology previously reserved for billion-dollar corporations, FREE
http://pubads.g.doubleclick.net/gampad/clk?id=190641631&iu=/4140/ostg.clktrk
_______________________________________________
PacketFence-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/packetfence-users
