Hello,
I've been trying to scan systems using nessus, and everything seems to be ok
from the captive portal point of view, however nessus is not performing the
scan because the node that I am testing is not being switched from the
registration vlan, to the data vlan.
When I try to perform a scan manually via
pfcmd schedule now <IP>
I get the following output:
Use of uninitialized value in concatenation (.) or string at
/usr/local/pf/lib/pf/scan.pm line 97 (#1)
(W uninitialized) An undefined value was used as if it were already
defined. It was interpreted as a "" or a 0, but maybe it was a mistake.
To suppress this warning assign a defined value to your variables.
To help you figure out what was undefined, perl tells you what operation
you used the undefined value in. Note, however, that perl optimizes your
program and the operation displayed in the warning may not necessarily
appear literally in your program. For example, "that $foo" is
usually optimized into "that " . $foo, and the warning will refer to
the concatenation (.) operator, even though there is no . in your
program.
And line 97 in scan.pm reads:
$logger->warn("nessus scan failed, it returned: $output");
so the problem comes from the $output variable, defined in:
my $output = pf_run("$nessusRcHome /opt/nessus/bin/nessus -q -V -x --dot-nessus
$nessusclient_file --policy-name $nessusclient_policy $host $port $user $pass
--target-file $infileName $outfileName 2>&1");
just a few lines before line 97.
When I go to the captive portal, and try to re-register my node, the captive
portal shows that my system needs to be scaned, then the scan starts, and after
a minute, I get another message that my system is being scanned, but it never
finishes, so I checked the logs from packetfence and this is what I found:
Nov 11 11:37:55 pfcmd(15840) INFO: executing HOME=/usr/local/pf/conf/nessus/
/opt/nessus/bin/nessus -q -V -x --dot-nessus
/usr/local/pf/conf/nessus/nessus_policy_basic-policy.nessus --policy-name
basic-policy 172.24.99.214 1241 root <password> --target-file
/tmp/pf_nessus_192.168.8.11_2011-11-11-11:37:55.txt
/usr/local/pf/html/admin/scan/results/dump_192.168.8.11_2011-11-11-11:37:55.nbe
(pf::scan::runScan)
Nov 11 11:37:55 pfcmd(15840) WARN: Error trying to run command:
HOME=/usr/local/pf/conf/nessus/ /opt/nessus/bin/nessus -q -V -x --dot-nessus
/usr/local/pf/conf/nessus/nessus_policy_basic-policy.nessus --policy-name
basic-policy <NESSUS_IP> <NESSUS_PORT> <MYUSER> <MYPASSWORD> --target-file
/tmp/pf_nessus_<IP-REQUESTING_ACCESS>-11-11-11:37:55.txt
/usr/local/pf/html/admin/scan/results/dump_<IP-REQUESTING-ACCESS>_2011-11-11-11:37:55.nbe
2>&1 called from runScan. Child exited with non-zero value 1 (pf::util::pf_run)
Nov 11 11:37:55 pfcmd(15840) WARN: nessus scan failed, it returned:
(pf::scan::runScan)
Nov 11 11:37:55 pfcmd(15840) WARN: unable to open
/usr/local/pf/html/admin/scan/results/dump_<IP-REQUESTING-ACCESS>_2011-11-11-11:37:55.nbe
for reading; Nessus scan might have failed (pf::scan::runScan)
Nov 11 11:38:00 pfdhcplistener(13156) INFO: 00:1b:77:89:0e:07 requested an IP.
DHCP Fingerprint: OS::100 (Microsoft Windows XP). Modified node with last_dhcp
= 2011-11-11 11:37:59,computername = D1R2FHD1,dhcp_fingerprint =
1,15,3,6,44,46,47,31,33,249,43 (main::listen_dhcp)
Nov 11 11:38:00 pfdhcplistener(13156) INFO: DHCPACK from 192.168.8.252
(00:0c:29:1d:76:8c) to host 00:1b:77:89:0e:07 (192.168.8.11) (main::listen_dhcp)
Nov 11 11:38:10 pfdhcplistener(13156) INFO: 00:1b:77:89:0e:07 requested an IP.
DHCP Fingerprint: OS::100 (Microsoft Windows XP). Modified node with last_dhcp
= 2011-11-11 11:38:09,computername = D1R2FHD1,dhcp_fingerprint =
1,15,3,6,44,46,47,31,33,249,43 (main::listen_dhcp)
Nov 11 11:38:10 pfdhcplistener(13156) INFO: DHCPACK from 192.168.8.252
(00:0c:29:1d:76:8c) to host 00:1b:77:89:0e:07 (192.168.8.11) (main::listen_dhcp)
Nov 11 11:38:20 pfdhcplistener(13156) INFO: 00:1b:77:89:0e:07 requested an IP.
DHCP Fingerprint: OS::100 (Microsoft Windows XP). Modified node with last_dhcp
= 2011-11-11 11:38:19,computername = D1R2FHD1,dhcp_fingerprint =
1,15,3,6,44,46,47,31,33,249,43 (main::listen_dhcp)
Nov 11 11:38:20 pfdhcplistener(13156) INFO: DHCPACK from 192.168.8.252
(00:0c:29:1d:76:8c) to host 00:1b:77:89:0e:07 (192.168.8.11) (main::listen_dhcp)
So I'm not sure exactly what's going on, from the logs I can tell that that the
scan is not running, but I wonder what would be the best way to narrow it down
even more, what exactly means that the nessus scan failed, and returned
(pf::scan::runScan) ?
What would be a way to solve it?
I already double checked that the files are in the right place, and the .nessus
file is consistent with the information that I have on the packetfence
configuration file.
I also checked the logs where nessus is running, and the last logs there are
from a scan that I manually runned against the node I am trying to provide
network access, and nothing else.
tail $(locate nessusd.messages) -f
[Fri Nov 11 11:10:51 2011][30558.16461] pci_remote_services.nasl (process
16848) finished its job in 0.067 seconds
[Fri Nov 11 11:10:51 2011][30558.16461] hostlevel_check_failed.nasl (process
16849) finished its job in 0.066 seconds
[Fri Nov 11 11:10:51 2011][30558.16461] check_ports.nasl (process 16847)
finished its job in 0.070 seconds
[Fri Nov 11 11:10:51 2011][30558.16461] user root : launching scan_info.nasl
against 192.168.8.11 [16850]
[Fri Nov 11 11:10:51 2011][30558.16461] scan_info.nasl (process 16850) finished
its job in 0.002 seconds
[Fri Nov 11 11:10:51 2011][30558.16461] Finished testing 192.168.8.11. Time :
116.21 secs
[Fri Nov 11 11:10:52 2011][30558.16455] user root : test complete
[Fri Nov 11 11:10:52 2011][30558.16455] Scan done: 1 hosts up
[Fri Nov 11 11:10:52 2011][30558.16455] Total time to scan all hosts : 139
seconds
[Fri Nov 11 11:10:52 2011][30558.5] Task
ed076f3d-e865-e4f7-b498-ccfd54538c2f9338cf5ff5115339 is finished
Any thoughts on this?
thank you so much!
Alberto.
------------------------------------------------------------------------------
RSA(R) Conference 2012
Save $700 by Nov 18
Register now
http://p.sf.net/sfu/rsa-sfdev2dev1
_______________________________________________
Packetfence-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/packetfence-users
