I think there is no documentation for OpenVAS in the site they advice to use the Greenbone Security Manual. Is the lack of the program greenbone_sourcefire_connector a reason to submit a bug report?
> No dia 17/08/2016, às 15:15, Eero Volotinen <[email protected]> escreveu: > > You are free to submit fixes to documentation ;) > > Eero > > 2016-08-17 16:39 GMT+03:00 Fábio Fernandes <[email protected] > <mailto:[email protected]>>: > It would be nice that they mentioned what works and what does not on the free > version. I spent a lot of time for nothing probably :( . > It would be nice if someone with the Greenbone paid version could confirm > that the connector exists or the greenbone_sourcefire_connector program. > >> No dia 17/08/2016, às 14:03, Eero Volotinen <[email protected] >> <mailto:[email protected]>> escreveu: >> >> I think that is normal way that opensource works. You usually need to pay >> for more advanced features like this ;) >> >> Eero >> >> 2016-08-17 16:01 GMT+03:00 Fábio Fernandes <[email protected] >> <mailto:[email protected]>>: >> That is what i think too. But its strange that it appears in the free >> version and in the INSTALL file of the free version it looks like they use >> the same version but leave some internal components out or maybe they forgot >> to put it there because it is an feature not used normally by first time >> users. Anyway it would be nice if someone with the Greenbone paid version >> could confirm this. >> >>> No dia 17/08/2016, às 12:22, Eero Volotinen <[email protected] >>> <mailto:[email protected]>> escreveu: >>> >>> I think it's only available on commercial greenbone version. >>> >>> So, you should buy greenbone to get connector >>> >>> -- >>> Eero >>> >>> 2016-08-17 13:55 GMT+03:00 Fábio Fernandes <[email protected] >>> <mailto:[email protected]>>: >>> Strange. If you go to OpenVAS menu Configurations->Alerts and create a new >>> Alert you see an option that says Sourcefire Connector and the >>> configuration fields for it maybe it is not fully implemented. >>> Another strange thing as i said in the first post is that in the INSTALL >>> file in the OpenVAS Manager source code it says that it has a Sourcefire >>> Connector but in order for it to work it needs a program that i cannot find >>> anywhere. >>> >>> … >>> Prerequisites for Sourcefire Connector alert: >>> * A program in the PATH called greenbone_sourcefire_connector that takes >>> args >>> IP, port, PKCS12 file and report file in Sourcefire format. >>> … >>> >>> I would like to find this program as i think it is the only thing i need to >>> get it working. >>> >>>> No dia 17/08/2016, às 08:07, Eero Volotinen <[email protected] >>>> <mailto:[email protected]>> escreveu: >>>> >>>> Well. there is no sourcefire connector for openvas. Only supported format >>>> is sourcefire report that you can manually import to sourcefire system. >>>> >>>> ref: >>>> https://svn.wald.intevation.org/svn/openvas/trunk/openvas-manager/report_formats/sourcefire/generate >>>> >>>> <https://svn.wald.intevation.org/svn/openvas/trunk/openvas-manager/report_formats/sourcefire/generate> >>>> (source) >>>> >>>> Eero >>>> >>>> 2016-08-17 5:50 GMT+03:00 Fábio Fernandes <[email protected] >>>> <mailto:[email protected]>>: >>>> I think it is supported because it has an specific alert for it and >>>> Greenbone appliances use the same version that is available. If it was not >>>> supported why there would be an alert for it and why the connector was >>>> mentioned in the INSTALL file? >>>> >>>> > I think it is not supported on openvas. >>>> > >>>> > Eero >>>> > >>>> > >>>> > 16.8.2016 7.59 ip. "Fábio Fernandes" <[email protected] >>>> > <mailto:[email protected]>> kirjoitti: >>>> > I have been trying to integrate OpenVAS with Sourcefire for sometime now >>>> > without success. I have seen in this threads >>>> > http://lists.wald.intevation.org/pipermail/openvas-discuss/2012-October/004602.html >>>> > >>>> > <http://lists.wald.intevation.org/pipermail/openvas-discuss/2012-October/004602.html>, >>>> > >>>> > http://lists.wald.intevation.org/pipermail/openvas-discuss/2012-December/004771.html >>>> > >>>> > <http://lists.wald.intevation.org/pipermail/openvas-discuss/2012-December/004771.html> >>>> > that when we import the Sourcefire report format from >>>> > http://greenbone.net/technology/report_formats.de.html >>>> > <http://greenbone.net/technology/report_formats.de.html> it returns an >>>> > HTTP 500 error. I have solved this issue by downloading the source code >>>> > and retrieving the sourcefire report format files and change them to >>>> > support gpg signatures that OpenVAS 8 uses. Next i generated gpg keys in >>>> > the OpenVAS homedir and imported the files create_report_import, >>>> > sourcefire.xsl, and generate to the OpenVAS machine and ran >>>> > create_report_import. That generated the correct sourcefire.xml that i >>>> > imported to OpenVAS GSA without error and then i changed the status to >>>> > active. After that i scanned a target and saved the report in Sourcefire >>>> > format and it was correct. (I tested this in Ubuntu, Kali, and CentOS >>>> > versions and for some reason there seems to be a bug in the CentOS >>>> > version because the report saved is empty with 0KB but it works for the >>>> > other versions) After that i tested the connection from the OpenVAS >>>> > machine to the Sourcefire DC 8307 port and it was open, generated the >>>> > pkcs12 file in the Sourcefire DC for Openvas with the correct IP, >>>> > created the respective Alert with the Sourcefire IP and the pkcs12 >>>> > certificate file. Ran a scan and nothing happened, even listening with >>>> > tcpdump there was no connection made and the OpenVAS Manager log (raised >>>> > to level 128) presented the following lines : >>>> > >>>> > event task:MESSAGE:2016-08-16 16h17.09 UTC:23869: Status of task >>>> > cyberwatch (b243b1b7-da5c-40fd-b047-59b3ce3fe38b) has changed to >>>> > Requested >>>> > event task:MESSAGE:2016-08-16 16h17.09 UTC:23869: Task >>>> > b243b1b7-da5c-40fd-b047-59b3ce3fe38b has been requested to start by admin >>>> > event task:MESSAGE:2016-08-16 16h17.12 UTC:23871: Status of task >>>> > cyberwatch (b243b1b7-da5c-40fd-b047-59b3ce3fe38b) has changed to Running >>>> > event task:MESSAGE:2016-08-16 16h57.39 UTC:23871: Status of task >>>> > cyberwatch (b243b1b7-da5c-40fd-b047-59b3ce3fe38b) has changed to Done >>>> > event alert:MESSAGE:2016-08-16 16h57.39 UTC:23871: The alert for task >>>> > cyberwatch was triggered (Event: Task status changed to 'Done', >>>> > Condition: Always) >>>> > >>>> > . After that i investigated what happens when an alert is executed and >>>> > found out this in the INSTALL file in the OpenVAS Manager source code: >>>> > >>>> > Prerequisites for Sourcefire Connector alert: >>>> > * A program in the PATH called greenbone_sourcefire_connector that takes >>>> > args >>>> > IP, port, PKCS12 file and report file in Sourcefire format. >>>> > >>>> > And then found that the Sourcefire alert script is called by the OpenVAS >>>> > Manager and this script present in the installation (path: >>>> > /usr/share/openvas/openvasmd/global_alert_methods/) executes the >>>> > greenbone_sourcefire_connector program from PATH. >>>> > I could not find this greenbone_sourcefire_connector program in any of >>>> > the OpenVAS versions that i installed or even on the Internet. Does >>>> > someone have this file or it only exists in the Greenbone Appliances as >>>> > their manual show how to configure this functionality. Can anybody help >>>> > me with this please? >>>> > >>>> > >>>> > _______________________________________________ >>>> > Openvas-discuss mailing list >>>> > [email protected] >>>> > <mailto:[email protected]> >>>> > https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss >>>> > >>>> > <https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss> >>>> >>>> >>> >>> >> >> > >
_______________________________________________ Openvas-discuss mailing list [email protected] https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss
