It's a bug that was fixed lately. Here's the commit entry: http://mtn.inverse.ca/revision/info/078f23d7b05ea65889c3688b54ebc9b191badddc
It's pretty simple, you should be able to apply the change by hand if you are not familiar with the patch tool. On 08/09/11 12:20 PM, andy nguyen wrote: > I can start scanning on my laptop on registration. The problem was my > iptables. I has not configured correctly for my scan. I still have > problems with my Nessus scan. As you see on my log file, Packetfence > only picked up violation nessus id 34220 not 21725 or 55119. If I remove > ID 34220 in the violations.conf, Packetfence will not detect other > violations (as it shown on the dump file). Any ideas ?? > > > > > ***packetfence.log > > Sep 08 05:45:48 pfcmd(0) INFO: executing HOME=/usr/local/pf/conf/nessus/ > /opt/nessus/bin/nessus -q -V -x --dot-nessus > /usr/local/pf/conf/nessus/remotescan.nessus --policy-name RemoteScan > 10.0.10.21 1241 admin <password> --target-file > /tmp/pf_nessus_192.168.2.15_2011-09-08-05:45:48.txt > /usr/local/pf/html/admin/scan/results/dump_192.168.2.15_2011-09-08-05:45:48.nbe > (pf::scan::runScan) > Sep 08 05:47:22 pfcmd(0) INFO: calling violation_trigger for ip: > 192.168.2.15, mac: 00:21:70:90:4e:2f, Nessus ScanID: 34220 > (pf::scan::runScan) > Sep 08 05:47:22 pfcmd(0) INFO: Nessus scan did not detect any > vulnerabilities on 192.168.2.15 (pf::scan::runScan) > > [root@pf-zen results]# cat dump_192.168.2.15_2011-09-08-05\:45\:48.nbe > timestamps|||scan_start|Thu Sep 08 09:48:31 2011| > timestamps||192.168.2.15|host_start|Thu Sep 08 09:48:31 2011| > results|192.168.2|192.168.2.15|epmap (135/tcp) > results|192.168.2|192.168.2.15|microsoft-ds (445/tcp) > results|192.168.2|192.168.2.15|jtag-server (1309/tcp) > results|192.168.2|192.168.2.15|device2 (2030/tcp) > results|192.168.2|192.168.2.15|netbios-ssn (139/tcp) > results|192.168.2|192.168.2.15|microsoft-ds (445/udp) > results|192.168.2|192.168.2.15|isakmp (500/udp) > results|192.168.2|192.168.2.15|ms-sql-m (1434/udp) > results|192.168.2|192.168.2.15|ipsec-nat-t (4500/udp) > results|192.168.2|192.168.2.15|ntp (123/udp) > results|192.168.2|192.168.2.15|netbios-ns (137/udp) > results|192.168.2|192.168.2.15|netbios-dgm (138/udp) > results|192.168.2|192.168.2.15|ssdp (1900/udp) > results|192.168.2|192.168.2.15|general/tcp|*34220*|Security > Note|\nSynopsis :\n\nThe list of open ports could be retrieved by > netstat.\n\nDescription :\n\nUsing the WMI interface, it is possible to > get the open ports by\nrunning the netstat command remotely.\n\nSolution > :\n\nn/a\n\nRisk factor :\n\nNone\n\n > results|192.168.2|192.168.2.15|microsoft-ds (445/tcp)|*21725*|Security > Hole|\nSynopsis :\n\nSymantec Antivirus Corporate is > installed.\n\nDescription :\n\nThis plugin checks that the remote host > has Symantec Antivirus \nCorporate installed and properly running, and > makes sure that the latest \nVdefs are loaded.\n\nSolution :\n\nMake > sure SAVCE is installed, running and using the latest VDEFS.\n\nRisk > factor :\n\nCritical / CVSS Base Score : > 10.0\n(CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)\n\nPlugin output :\n\nThe > remote host has an antivirus software from Symantec installed. It has > \nbeen fingerprinted as :\n\nSymantec Endpoint Protection : > 13.0.6000.513\nDAT version : 20110617\n\nThe remote host has an > out-dated version of the Symantec \nCorporate virus signatures. Last > version is 20110713\n\nAs a result, the remote host might be infected by > viruses received by\nemail or other means.\n\n > results|192.168.2|192.168.2.15|microsoft-ds (445/tcp)|*55119*|Security > Hole|\nSynopsis :\n\nThe Microsoft .NET Framework and/or Microsoft > Silverlight install on\nthe remote host has a code execution > vulnerability.\n\nDescription :\n\nThe remote Windows host is running a > version of the Microsoft .NET\nFramework and/or Microsoft Silverlight > affected by a code execution\nvulnerability. A specially crafted .NET > application could access\nmemory unsafely, resulting in arbitrary code > execution.\n\nSolution :\n\nMicrosoft has released a set of patches for > .NET Framework 2.0, 3.5,\nand Silverlight > :\n\nhttp://www.microsoft.com/technet/security/bulletin/MS11-039.mspx\n\nRisk > factor :\n\nHigh / CVSS Base Score : > 9.3\n(CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)\n\nPlugin output :\n\nProduct : > Microsoft Silverlight\n Path : C:\\Program Files\\Microsoft > Silverlight\\4.0.50917.0\n Installed version : 4.0.50917.0\n Fixed > version : 4.0.60531.0\n\nCVE : CVE-2011-0664\nBID : 48212\nOther > references : OSVDB:72931, MSFT:MS11-039\n > timestamps||192.168.2.15|host_end|Thu Sep 08 09:49:59 2011| > timestamps|||scan_end|Thu Sep 08 09:50:01 2011| > ** This is my pf.conf scan session > [scan] > ssl=enabled > pass=password > user=admin > port=1241 > host=10.0.10.21 > registration=enabled > nessusclient_file=remotescan.nessus > nessusclient_policy=RemoteScan > live_tids=34220,21725,53830,55119 > ** This is my violations.conf > [1300003] > desc=Check Antivirus Updates > priority=5 > url=/remediation.php?template=system_scan > actions=log,trap > button=Virus Scan > trigger=Scan:34220,Scan::55119,Scan::53830,Scan::21725 > disable=N > vlan=registrationVlan -- Olivier Bilodeau [email protected] :: +1.514.447.4918 *115 :: www.inverse.ca Inverse inc. :: Leaders behind SOGo (www.sogo.nu) and PacketFence (www.packetfence.org) ------------------------------------------------------------------------------ Doing More with Less: The Next Generation Virtual Desktop What are the key obstacles that have prevented many mid-market businesses from deploying virtual desktops? How do next-generation virtual desktops provide companies an easier-to-deploy, easier-to-manage and more affordable virtual desktop model.http://www.accelacomm.com/jaw/sfnl/114/51426474/ _______________________________________________ Packetfence-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/packetfence-users
