That is interesting.
It would be nice if 'Inverse' could integrate the PERL option into PF. I do not
have the necessary PERL knowhow to
even contemplate the task but I expect it would be fairly easy to achieve
looking at the synopsis of the package.
Andrew
-----------------------------
Falmouth University
-----------------------------
-----Original Message-----
From: Thierry Laurion [mailto:tlaur...@inverse.ca]
Sent: 08 March 2017 21:35
To: packetfence-users@lists.sourceforge.net
Subject: Re: [PacketFence-users] Installing OpenVAS on PacketFence ZEN 6.5
Hi Andrew,
Quite interestingly, OpenVAS 9 just got released today after more then
two years of development!
http://www.openvas.org/news.html#openvas9
There is a Perl implementation of omp, that even if old, might work and
permit the replacement of our calls to the omp binary:
http://search.cpan.org/~wneessen/OpenVAS-OMP_0.04/lib/OpenVAS/OMP.pm
Regards,
Thierry
On 03/08/2017 01:07 PM, Thierry Laurion wrote:
> Hi Andrew,
>
> Unfortunately, there is a conflict between OpenVAS and PacketFence
> dependency against required wmi support. OpenVAS obsoletes wmi package
> dependency and replaces it with openvas-smb, while PacketFence still
> requires wmi through perl-Net-WMIClient module usage.
>
>
> There is no trivial solution to this problem or direct workaround.
>
> * One solution would be to replace perl-Net-WMIClient code with python
> code and impacket library to do wmi calls.
>
> * Another solution would be to validate if OpenVAS API is available
> without OpenVAS-client (omp) usage, and replace accordingly how we
> communicate with the remote OpenVAS manager to request scans,
> callbacks and reports.
>
>
> May I ask you how you planned to use OpenVAS in your specific deployment?
>
> * If it was for pre-registration or registration scanning:
> OpenVAS/Nessus scans can take anywhere between seconds to minutes
> before finishing a scan of a host. Meanwhile, that endpoint would be
> stuck in registration until the scan finishes and the results are
> validated for violations. For preregistration/ registration scans,
> it is recommended to define wmi scans instead, which would validate
> for example that the endpoint that connects is compliant with the
> domain prevention policies. Those quick tests could be the
> validation that the remote computer has a proper activated firewall,
> an up to date antivirus and so on. Else, a violation could be raised
> and linked actions, applied.
> * If it was for post-registration, then your scenario would fit for a
> vulnerability scan since not impacting the user desiring to have
> network access, but the endpoint would already be in your production
> environment at at the moment of scanning for vulnerabilities.
> PacketFence scanning requires some violation triggers to be defined,
> which are specific OIDs (alerts) that would not be tolerated.
>
> Regards,
> Thierry
> On 02/27/2017 11:28 AM, Torry, Andrew wrote:
>> Hi Folks,
>>
>> I was really hoping this would be working by now but I still cannot
> get the OpenVAS scanner functionality to work.
>> I have installed OpenVAS-CLI and the support libraries from the ATOMIC
> repository but
>> my scan jobs fail because the OpenVAS application itself is not
> installed:-
>> [root@PacketFence-6_5_0 ~]# omp
>> omp: error while loading shared libraries: libopenvas_omp.so.8: cannot
> open shared object file: No such file or directory
>> [root@PacketFence-6_5_0 ~]#
>>
>> When I install OpenVAS I get this:-
>>
>> [root@PacketFence-6_5_0 ~]# yum install openvas --enablerepo=atomic
>> Loaded plugins: fastestmirror
>> Setting up Install Process
>> Loading mirror speeds from cached hostfile
>> * atomic: www4.atomicorp.com
>> * base: mirror.as29550.net
>> * extras: mirror.as29550.net
>> * updates: mirror.as29550.net
>> Resolving Dependencies
>> --> Running transaction check
>> ---> Package openvas.noarch 0:1.0-17.el6.art will be installed
>> --> Processing Dependency: wapiti for package:
> openvas-1.0-17.el6.art.noarch
>> --> Processing Dependency: openvas-scanner for package:
> openvas-1.0-17.el6.art.noarch
>> --> Processing Dependency: openvas-manager for package:
> openvas-1.0-17.el6.art.noarch
>> --> Processing Dependency: nmap for package: openvas-1.0-17.el6.art.noarch
>> --> Processing Dependency: nikto for package:
> openvas-1.0-17.el6.art.noarch
>> --> Processing Dependency: ncrack for package:
> openvas-1.0-17.el6.art.noarch
>> --> Processing Dependency: haveged for package:
> openvas-1.0-17.el6.art.noarch
>> --> Processing Dependency: greenbone-security-assistant for package:
> openvas-1.0-17.el6.art.noarch
>> --> Processing Dependency: dirb for package: openvas-1.0-17.el6.art.noarch
>> --> Running transaction check
>> ---> Package dirb.x86_64 0:221-2.el6.art will be installed
>> ---> Package greenbone-security-assistant.x86_64 0:6.0.11-27.el6.art
> will be installed
>> --> Processing Dependency: libmicrohttpd for package:
> greenbone-security-assistant-6.0.11-27.el6.art.x86_64
>> --> Processing Dependency: libopenvas_omp.so.8()(64bit) for package:
> greenbone-security-assistant-6.0.11-27.el6.art.x86_64
>> --> Processing Dependency: libopenvas_misc.so.8()(64bit) for package:
> greenbone-security-assistant-6.0.11-27.el6.art.x86_64
>> --> Processing Dependency: libopenvas_base.so.8()(64bit) for package:
> greenbone-security-assistant-6.0.11-27.el6.art.x86_64
>> --> Processing Dependency: libmicrohttpd.so.10()(64bit) for package:
> greenbone-security-assistant-6.0.11-27.el6.art.x86_64
>> ---> Package haveged.x86_64 0:1.3-2.el6.art will be installed
>> ---> Package ncrack.x86_64 0:0.3-0.2.ALPHA.el6.art will be installed
>> ---> Package nikto.noarch 1:2.1.6-12.el6.art will be installed
>> --> Processing Dependency: perl-JSON-PP for package:
> 1:nikto-2.1.6-12.el6.art.noarch
>> ---> Package nmap.x86_64 2:6.47-8.el6.art will be installed
>> --> Processing Dependency: nmap-ncat = 2:6.47-8.el6.art for package:
> 2:nmap-6.47-8.el6.art.x86_64
>> ---> Package openvas-manager.x86_64 0:6.0.9-36.el6.art will be installed
>> --> Processing Dependency: doxygen for package:
> openvas-manager-6.0.9-36.el6.art.x86_64
>> --> Processing Dependency: /usr/bin/pdflatex for package:
> openvas-manager-6.0.9-36.el6.art.x86_64
>> --> Processing Dependency: /usr/bin/makensis for package:
> openvas-manager-6.0.9-36.el6.art.x86_64
>> ---> Package openvas-scanner.x86_64 0:5.0.7-25.el6.art will be installed
>> --> Processing Dependency: rsync for package:
> openvas-scanner-5.0.7-25.el6.art.x86_64
>> --> Processing Dependency: pnscan for package:
> openvas-scanner-5.0.7-25.el6.art.x86_64
>> --> Processing Dependency: openldap-clients for package:
> openvas-scanner-5.0.7-25.el6.art.x86_64
>> --> Processing Dependency: net-snmp-utils for package:
> openvas-scanner-5.0.7-25.el6.art.x86_64
>> --> Processing Dependency: /usr/bin/rsync for package:
> openvas-scanner-5.0.7-25.el6.art.x86_64
>> ---> Package wapiti.noarch 0:2.3.0-5.el6.art will be installed
>> --> Processing Dependency: python-httplib2 for package:
> wapiti-2.3.0-5.el6.art.noarch
>> --> Processing Dependency: python-SocksiPy for package:
> wapiti-2.3.0-5.el6.art.noarch
>> --> Processing Dependency: python-BeautifulSoup for package:
> wapiti-2.3.0-5.el6.art.noarch
>> --> Running transaction check
>> ---> Package doxygen.x86_64 1:1.6.1-6.el6 will be installed
>> ---> Package libmicrohttpd.x86_64 0:0.9.33-4.el6 will be installed
>> ---> Package mingw32-nsis.x86_64 0:2.46-2.el6 will be installed
>> ---> Package net-snmp-utils.x86_64 1:5.5-57.el6_8.1 will be installed
>> ---> Package nmap-ncat.x86_64 2:6.47-8.el6.art will be installed
>> --> Processing Dependency: socat for package:
> 2:nmap-ncat-6.47-8.el6.art.x86_64
>> ---> Package openldap-clients.x86_64 0:2.4.40-12.el6 will be installed
>> ---> Package openvas-libraries.x86_64 0:7.0.9-18.el6.art will be updated
>> ---> Package openvas-libraries.x86_64 0:8.0.8-25.el6.art will be an update
>> --> Processing Dependency:
> libopenvas_wmiclient.so.1(OPENVAS_WMICLIENT)(64bit) for package:
> openvas-libraries-8.0.8-25.el6.art.x86_64
>> --> Processing Dependency:
> libopenvas_wincmd.so.1(OPENVAS_WINCMD)(64bit) for package:
> openvas-libraries-8.0.8-25.el6.art.x86_64
>> --> Processing Dependency: libopenvas_wmiclient.so.1()(64bit) for
> package: openvas-libraries-8.0.8-25.el6.art.x86_64
>> --> Processing Dependency: libopenvas_wincmd.so.1()(64bit) for
> package: openvas-libraries-8.0.8-25.el6.art.x86_64
>> ---> Package perl-JSON-PP.noarch 0:2.27200-2.el6.art will be installed
>> ---> Package pnscan.x86_64 0:1.11-1.el6.art will be installed
>> ---> Package python-BeautifulSoup.noarch 0:3.0.7a-3.el6.art will be
> installed
>> ---> Package python-SocksiPy.noarch 0:1.00-4.el6.art will be installed
>> ---> Package python-httplib2.noarch 0:0.7.4-1.el6.art will be installed
>> ---> Package rsync.x86_64 0:3.0.6-12.el6 will be installed
>> ---> Package texlive-latex.x86_64 0:2007-60.el6_7 will be installed
>> --> Processing Dependency: texlive-utils = 2007-60.el6_7 for package:
> texlive-latex-2007-60.el6_7.x86_64
>> --> Processing Dependency: texlive-texmf-errata = 2007 for package:
> texlive-latex-2007-60.el6_7.x86_64
>> --> Processing Dependency: texlive-dvips = 2007-60.el6_7 for package:
> texlive-latex-2007-60.el6_7.x86_64
>> --> Processing Dependency: texlive = 2007-60.el6_7 for package:
> texlive-latex-2007-60.el6_7.x86_64
>> --> Processing Dependency: texlive-texmf-latex >= 2007-39 for package:
> texlive-latex-2007-60.el6_7.x86_64
>> --> Processing Dependency: netpbm-progs for package:
> texlive-latex-2007-60.el6_7.x86_64
>> --> Processing Dependency: /usr/bin/texconfig-sys for package:
> texlive-latex-2007-60.el6_7.x86_64
>> --> Processing Dependency: /usr/bin/fmtutil-sys for package:
> texlive-latex-2007-60.el6_7.x86_64
>> --> Processing Dependency: /usr/bin/fmtutil for package:
> texlive-latex-2007-60.el6_7.x86_64
>> --> Running transaction check
>> ---> Package netpbm-progs.x86_64 0:10.47.05-11.el6 will be installed
>> --> Processing Dependency: netpbm = 10.47.05-11.el6 for package:
> netpbm-progs-10.47.05-11.el6.x86_64
>> --> Processing Dependency: libnetpbm.so.10()(64bit) for package:
> netpbm-progs-10.47.05-11.el6.x86_64
>> ---> Package openvas-smb.x86_64 0:1.0.1-1.el6.art will be obsoleting
>> --> Processing Dependency: libroken.so.18(HEIMDAL_ROKEN_1.0)(64bit)
> for package: openvas-smb-1.0.1-1.el6.art.x86_64
>> --> Processing Dependency: libkrb5.so.26(HEIMDAL_KRB5_2.0)(64bit) for
> package: openvas-smb-1.0.1-1.el6.art.x86_64
>> --> Processing Dependency: libhdb.so.9(HEIMDAL_HDB_1.0)(64bit) for
> package: openvas-smb-1.0.1-1.el6.art.x86_64
>> --> Processing Dependency: libgssapi.so.3(HEIMDAL_GSS_2.0)(64bit) for
> package: openvas-smb-1.0.1-1.el6.art.x86_64
>> --> Processing Dependency: libasn1.so.8(HEIMDAL_ASN1_1.0)(64bit) for
> package: openvas-smb-1.0.1-1.el6.art.x86_64
>> --> Processing Dependency: libwind.so.0()(64bit) for package:
> openvas-smb-1.0.1-1.el6.art.x86_64
>> --> Processing Dependency: libroken.so.18()(64bit) for package:
> openvas-smb-1.0.1-1.el6.art.x86_64
>> --> Processing Dependency: libkrb5.so.26()(64bit) for package:
> openvas-smb-1.0.1-1.el6.art.x86_64
>> --> Processing Dependency: libhx509.so.5()(64bit) for package:
> openvas-smb-1.0.1-1.el6.art.x86_64
>> --> Processing Dependency: libheimntlm.so.0()(64bit) for package:
> openvas-smb-1.0.1-1.el6.art.x86_64
>> --> Processing Dependency: libhdb.so.9()(64bit) for package:
> openvas-smb-1.0.1-1.el6.art.x86_64
>> --> Processing Dependency: libhcrypto.so.4()(64bit) for package:
> openvas-smb-1.0.1-1.el6.art.x86_64
>> --> Processing Dependency: libgssapi.so.3()(64bit) for package:
> openvas-smb-1.0.1-1.el6.art.x86_64
>> --> Processing Dependency: libasn1.so.8()(64bit) for package:
> openvas-smb-1.0.1-1.el6.art.x86_64
>> ---> Package socat.x86_64 0:1.7.2.1-2.el6.art will be installed
>> --> Processing Dependency: libreadline.so.5()(64bit) for package:
> socat-1.7.2.1-2.el6.art.x86_64
>> ---> Package texlive.x86_64 0:2007-60.el6_7 will be installed
>> --> Processing Dependency: texlive-texmf-fonts >= 2007-39 for package:
> texlive-2007-60.el6_7.x86_64
>> --> Processing Dependency: texlive-texmf >= 2007-39 for package:
> texlive-2007-60.el6_7.x86_64
>> --> Processing Dependency: libpoppler.so.5()(64bit) for package:
> texlive-2007-60.el6_7.x86_64
>> --> Processing Dependency: libkpathsea.so.4()(64bit) for package:
> texlive-2007-60.el6_7.x86_64
>> ---> Package texlive-dvips.x86_64 0:2007-60.el6_7 will be installed
>> --> Processing Dependency: texlive-texmf-dvips >= 2007-39 for package:
> texlive-dvips-2007-60.el6_7.x86_64
>> --> Processing Dependency: psutils for package:
> texlive-dvips-2007-60.el6_7.x86_64
>> ---> Package texlive-texmf-errata.noarch 0:2007-7.1.el6 will be installed
>> ---> Package texlive-texmf-latex.noarch 0:2007-39.el6_7 will be installed
>> --> Processing Dependency: texlive-texmf-errata-latex = 2007 for
> package: texlive-texmf-latex-2007-39.el6_7.noarch
>> --> Processing Dependency: tex-preview for package:
> texlive-texmf-latex-2007-39.el6_7.noarch
>> ---> Package texlive-utils.x86_64 0:2007-60.el6_7 will be installed
>> ---> Package wmi.x86_64 0:1.3.14-4.centos6 will be obsoleted
>> --> Processing Dependency: libasync_wmi_lib.so.0()(64bit) for package:
> perl-Net-WMIClient-0.62-0.x86_64
>> --> Running transaction check
>> ---> Package compat-readline5.x86_64 0:5.2-17.1.el6 will be installed
>> ---> Package heimdal-libs.x86_64
> 0:1.6.0-0.9.20140621gita5adc06.el6.art will be installed
>> ---> Package kpathsea.x86_64 0:2007-60.el6_7 will be installed
>> ---> Package netpbm.x86_64 0:10.47.05-11.el6 will be installed
>> ---> Package poppler.x86_64 0:0.12.4-10.el6 will be installed
>> --> Processing Dependency: poppler-data >= 0.4.0 for package:
> poppler-0.12.4-10.el6.x86_64
>> --> Processing Dependency: libopenjpeg.so.2()(64bit) for package:
> poppler-0.12.4-10.el6.x86_64
>> ---> Package psutils.x86_64 0:1.17-34.el6 will be installed
>> ---> Package tex-preview.noarch 0:11.85-10.el6 will be installed
>> ---> Package texlive-texmf.noarch 0:2007-39.el6_7 will be installed
>> ---> Package texlive-texmf-dvips.noarch 0:2007-39.el6_7 will be installed
>> --> Processing Dependency: texlive-texmf-errata-dvips = 2007 for
> package: texlive-texmf-dvips-2007-39.el6_7.noarch
>> ---> Package texlive-texmf-errata-latex.noarch 0:2007-7.1.el6 will be
> installed
>> ---> Package texlive-texmf-fonts.noarch 0:2007-39.el6_7 will be installed
>> --> Processing Dependency: texlive-texmf-errata-fonts = 2007 for
> package: texlive-texmf-fonts-2007-39.el6_7.noarch
>> ---> Package wmi.x86_64 0:1.3.14-4.centos6 will be updated
>> ---> Package wmi.x86_64 0:1.3.14-4.el6.art will be an update
>> --> Running transaction check
>> ---> Package openjpeg-libs.x86_64 0:1.3-11.el6 will be installed
>> ---> Package poppler-data.noarch 0:0.4.0-1.el6 will be installed
>> ---> Package texlive-texmf-errata-dvips.noarch 0:2007-7.1.el6 will be
> installed
>> ---> Package texlive-texmf-errata-fonts.noarch 0:2007-7.1.el6 will be
> installed
>> --> Restarting Dependency Resolution with new changes.
>> --> Running transaction check
>> ---> Package wmi.x86_64 0:1.3.14-4.el6.art will be an update
>> --> Processing Dependency: libasync_wmi_lib.so.0()(64bit) for package:
> perl-Net-WMIClient-0.62-0.x86_64
>> --> Finished Dependency Resolution
>> Error: Package: perl-Net-WMIClient-0.62-0.x86_64 (@packetfence)
>> Requires: libasync_wmi_lib.so.0()(64bit)
>> Removing: wmi-1.3.14-4.centos6.x86_64 (@packetfence)
>> libasync_wmi_lib.so.0()(64bit)
>> Obsoleted By: openvas-smb-1.0.1-1.el6.art.x86_64 (atomic)
>> Not found
>> Updated By: wmi-1.3.14-4.el6.art.x86_64 (atomic)
>> libasync_wmi_lib.so.0()(64bit)
>> Available: wmi-1.3.14-3.el6.art.x86_64 (atomic)
>> libasync_wmi_lib.so.0()(64bit)
>> You could try using --skip-broken to work around the problem
>> You could try running: rpm -Va --nofiles --nodigest
>> [root@PacketFence-6_5_0 ~]#
>>
>>
>> What do I need to do to get OpenVAS scanning to work
>>
>> Andrew
>>
>>
>> -----------------------------
>> Falmouth Exeter Plus
>> -----------------------------
>>
>>
> ------------------------------------------------------------------------------
>> Check out the vibrant tech community on one of the world's most
>> engaging tech sites, SlashDot.org! http://sdm.link/slashdot
>> _______________________________________________
>> PacketFence-users mailing list
>> PacketFence-users@lists.sourceforge.net
>> https://lists.sourceforge.net/lists/listinfo/packetfence-users
--
Thierry Laurion
tlaur...@inverse.ca :: +1.514.447.4918 *120 :: https://inverse.ca
Inverse inc. :: Leaders behind SOGo (https://sogo.nu) and PacketFence
(https://packetfence.org)
------------------------------------------------------------------------------
Announcing the Oxford Dictionaries API! The API offers world-renowned
dictionary content that is easy and intuitive to access. Sign up for an
account today to start using our lexical data to power your apps and
projects. Get started today and enter our developer competition.
http://sdm.link/oxford
_______________________________________________
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users
------------------------------------------------------------------------------
Announcing the Oxford Dictionaries API! The API offers world-renowned
dictionary content that is easy and intuitive to access. Sign up for an
account today to start using our lexical data to power your apps and
projects. Get started today and enter our developer competition.
http://sdm.link/oxford
_______________________________________________
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users
