You are free to submit fixes to documentation ;) Eero
2016-08-17 16:39 GMT+03:00 Fábio Fernandes <[email protected]>: > It would be nice that they mentioned what works and what does not on the > free version. I spent a lot of time for nothing probably :( . > It would be nice if someone with the Greenbone paid version could confirm > that the connector exists or the greenbone_sourcefire_connector program. > > No dia 17/08/2016, às 14:03, Eero Volotinen <[email protected]> > escreveu: > > I think that is normal way that opensource works. You usually need to pay > for more advanced features like this ;) > > Eero > > 2016-08-17 16:01 GMT+03:00 Fábio Fernandes <[email protected]>: > >> That is what i think too. But its strange that it appears in the free >> version and in the INSTALL file of the free version it looks like they use >> the same version but leave some internal components out or maybe they >> forgot to put it there because it is an feature not used normally by first >> time users. Anyway it would be nice if someone with the Greenbone paid >> version could confirm this. >> >> No dia 17/08/2016, às 12:22, Eero Volotinen <[email protected]> >> escreveu: >> >> I think it's only available on commercial greenbone version. >> >> So, you should buy greenbone to get connector >> >> -- >> Eero >> >> 2016-08-17 13:55 GMT+03:00 Fábio Fernandes <[email protected]>: >> >>> Strange. If you go to OpenVAS menu Configurations->Alerts and create a >>> new Alert you see an option that says Sourcefire Connector and the >>> configuration fields for it maybe it is not fully implemented. >>> Another strange thing as i said in the first post is that in the INSTALL >>> file in the OpenVAS Manager source code it says that it has a Sourcefire >>> Connector but in order for it to work it needs a program that i cannot find >>> anywhere. >>> >>> … >>> Prerequisites for Sourcefire Connector alert: >>> * A program in the PATH called greenbone_sourcefire_connector that takes >>> args >>> IP, port, PKCS12 file and report file in Sourcefire format. >>> … >>> >>> I would like to find this program as i think it is the only thing i need >>> to get it working. >>> >>> No dia 17/08/2016, às 08:07, Eero Volotinen <[email protected]> >>> escreveu: >>> >>> Well. there is no sourcefire connector for openvas. Only supported >>> format is sourcefire report that you can manually import to sourcefire >>> system. >>> >>> ref: https://svn.wald.intevation.org/svn/openvas/trunk/openvas-ma >>> nager/report_formats/sourcefire/generate (source) >>> >>> Eero >>> >>> 2016-08-17 5:50 GMT+03:00 Fábio Fernandes <[email protected]>: >>> >>>> I think it is supported because it has an specific alert for it and >>>> Greenbone appliances use the same version that is available. If it was not >>>> supported why there would be an alert for it and why the connector was >>>> mentioned in the INSTALL file? >>>> >>>> > I think it is not supported on openvas. >>>> > >>>> > Eero >>>> > >>>> > >>>> > 16.8.2016 7.59 ip. "Fábio Fernandes" <[email protected]> >>>> kirjoitti: >>>> > I have been trying to integrate OpenVAS with Sourcefire for sometime >>>> now without success. I have seen in this threads >>>> http://lists.wald.intevation.org/pipermail/openvas-discuss/2 >>>> 012-October/004602.html, http://lists.wald.intevation.o >>>> rg/pipermail/openvas-discuss/2012-December/004771.html that when we >>>> import the Sourcefire report format from http://greenbone.net/technolog >>>> y/report_formats.de.html it returns an HTTP 500 error. I have solved >>>> this issue by downloading the source code and retrieving the sourcefire >>>> report format files and change them to support gpg signatures that OpenVAS >>>> 8 uses. Next i generated gpg keys in the OpenVAS homedir and imported the >>>> files create_report_import, sourcefire.xsl, and generate to the OpenVAS >>>> machine and ran create_report_import. That generated the correct >>>> sourcefire.xml that i imported to OpenVAS GSA without error and then i >>>> changed the status to active. After that i scanned a target and saved the >>>> report in Sourcefire format and it was correct. (I tested this in Ubuntu, >>>> Kali, and CentOS versions and for some reason there seems to be a bug in >>>> the CentOS version because the report saved is empty with 0KB but it works >>>> for the other versions) After that i tested the connection from the OpenVAS >>>> machine to the Sourcefire DC 8307 port and it was open, generated the >>>> pkcs12 file in the Sourcefire DC for Openvas with the correct IP, created >>>> the respective Alert with the Sourcefire IP and the pkcs12 certificate >>>> file. Ran a scan and nothing happened, even listening with tcpdump there >>>> was no connection made and the OpenVAS Manager log (raised to level 128) >>>> presented the following lines : >>>> > >>>> > event task:MESSAGE:2016-08-16 16h17.09 UTC:23869: Status of task >>>> cyberwatch (b243b1b7-da5c-40fd-b047-59b3ce3fe38b) has changed to >>>> Requested >>>> > event task:MESSAGE:2016-08-16 16h17.09 UTC:23869: Task >>>> b243b1b7-da5c-40fd-b047-59b3ce3fe38b has been requested to start by >>>> admin >>>> > event task:MESSAGE:2016-08-16 16h17.12 UTC:23871: Status of task >>>> cyberwatch (b243b1b7-da5c-40fd-b047-59b3ce3fe38b) has changed to >>>> Running >>>> > event task:MESSAGE:2016-08-16 16h57.39 UTC:23871: Status of task >>>> cyberwatch (b243b1b7-da5c-40fd-b047-59b3ce3fe38b) has changed to Done >>>> > event alert:MESSAGE:2016-08-16 16h57.39 UTC:23871: The alert for task >>>> cyberwatch was triggered (Event: Task status changed to 'Done', Condition: >>>> Always) >>>> > >>>> > . After that i investigated what happens when an alert is executed >>>> and found out this in the INSTALL file in the OpenVAS Manager source code: >>>> > >>>> > Prerequisites for Sourcefire Connector alert: >>>> > * A program in the PATH called greenbone_sourcefire_connector that >>>> takes args >>>> > IP, port, PKCS12 file and report file in Sourcefire format. >>>> > >>>> > And then found that the Sourcefire alert script is called by the >>>> OpenVAS Manager and this script present in the installation (path: >>>> /usr/share/openvas/openvasmd/global_alert_methods/) executes the >>>> greenbone_sourcefire_connector program from PATH. >>>> > I could not find this greenbone_sourcefire_connector program in any >>>> of the OpenVAS versions that i installed or even on the Internet. Does >>>> someone have this file or it only exists in the Greenbone Appliances as >>>> their manual show how to configure this functionality. Can anybody help me >>>> with this please? >>>> > >>>> > >>>> > _______________________________________________ >>>> > Openvas-discuss mailing list >>>> > [email protected] >>>> > https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/o >>>> penvas-discuss >>>> >>>> >>> >>> >> >> > >
_______________________________________________ Openvas-discuss mailing list [email protected] https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss
