Re: [PacketFence-users] Error communicatin with Nessus

Thu, 10 Aug 2017 04:52:35 -0700

Hi Akala, the result is the same for the ssl_options. It only tells LWP UserAgent to not verify the hostname. I just wanted to avoid editing something external to packetfence.
I attached my nessus6.pm, but try to update /usr/share/perl5/vendor_perl/Net/Nessus/REST.pm with the latest upstream version like I did. 


Furhermore, if you manage to get the scan running, there is another 
problem you will face: the violation reported by nessus6 will be ignored 
because there is no nessus6 type in lib/pf/factory/condition/violation.pm


I fixed it this way:


--- lib/pf/factory/condition/violation.pm.orig  2017-08-10 
12:14:46.302911023 +0200
+++ lib/pf/factory/condition/violation.pm       2017-08-10 
12:55:01.346003541 +0200

@@ -37,6 +37,7 @@
     'mac'               => {type => 'regex',         key => 'mac'},

     'mac_vendor'        => {type => 'equals',        key => 
'mac_vendor_id'},
     'nessus'            => {type => 'equals',        key => 
'last_nessus_id',          event => $TRUE},
+    'nessus6'           => {type => 'equals',        key => 
'last_nessus6_id',         event => $TRUE},
     'openvas'           => {type => 'equals',        key => 
'last_openvas_id',         event => $TRUE},
     'metadefender'      => {type => 'equals',        key => 
'last_metadefender_id',    event => $TRUE},
     'provisioner'       => {type => 'equals',        key => 
'last_provisioner_id',     event => $TRUE},


and added the ids as nessus6 in my violation

Il 10/08/2017 13:43, Akala Kehinde ha scritto:

Hi Christian,


Is the ssl config change you made in the nessus6.pm 
<http://nessus6.pm> file necessary, because I only made the change in 
the REST.pm file, and I could connect.
But the issue I am having is with the "scanner name doesn't exist" 
even after settign as "Local Scanner".
Can you send me your nessu6.pm <http://nessu6.pm> file. Want to 
compare with mine.

package pf::scan::nessus6;

=head1 NAME

pf::scan::nessus6

=cut

=head1 DESCRIPTION

pf::scan::nessus6 is a module to add Nessus v6 scanning option.

=cut

use strict;
use warnings;

use Log::Log4perl;
use Readonly;

use base ('pf::scan');

use pf::config;
use pf::scan;
use pf::util;
use pf::node;
use pf::constants::scan qw($SCAN_VID $PRE_SCAN_VID $POST_SCAN_VID 
$STATUS_STARTED);
use Net::Nessus::REST;

sub description { 'Nessus6 Scanner' }

=head1 SUBROUTINES

=over

=item new

Create a new Nessus6 scanning object with the required attributes

=cut

sub new {
    my ( $class, %data ) = @_;
    my $logger = Log::Log4perl::get_logger(__PACKAGE__);

    $logger->debug("instantiating new ". __PACKAGE__ . " object");

    my $self = bless {
            '_id'          => undef,
            '_host'        => undef,
            '_port'        => undef,
            '_username'    => undef,
            '_password'    => undef,
            '_scanIp'      => undef,
            '_scanMac'     => undef,
            '_report'      => undef,
            '_file'        => undef,
            '_policy'      => undef,
            '_type'        => undef,
            '_status'      => undef,
            '_scannername' => undef,
            '_format'      => 'csv',
            '_oses'        => undef,
            '_categories'  => undef,
    }, $class;

    foreach my $value ( keys %data ) {
        $self->{'_' . $value} = $data{$value};
    }

    return $self;
}

=item startScan

=cut

# WARNING: A lot of extra single quoting has been done to fix perl taint mode 
issues: #1087
sub startScan {
    my ( $self ) = @_;
    my $logger = Log::Log4perl::get_logger(__PACKAGE__);

    # nessus scan setup
    my $id                  = $self->{_id};
    my $hostaddr            = $self->{_scanIp};
    my $mac                 = $self->{_scanMac};
    my $host                = $self->{_ip};
    my $port                = $self->{_port};
    my $user                = $self->{_username};
    my $pass                = $self->{_password};
    my $nessus_clientpolicy = $self->{_nessus_clientpolicy};
    my $scanner_name        = $self->{_scannername};
    my $format              = $self->{_format};

    my $nessus = Net::Nessus::REST->new(url => 'https://'.$host.':'.$port, 
ssl_opts => { verify_hostname => 0 });
    $nessus->create_session(username => $user, password => $pass);

    # Verify nessus policy ID on the server, nessus remote scanner id, set scan 
name and launch the scan

    my $policy_id = $nessus->get_policy_id(name => $nessus_clientpolicy);
    if ($policy_id eq "") {
        $logger->warn("Nessus policy doesnt exist ".$nessus_clientpolicy);
        return 1;
    }

    my $scanner_id = $nessus->get_scanner_id(name => $scanner_name);
    if ($scanner_id eq ""){
        $logger->warn("Nessus scanner name doesn't exist ".$scanner_id);
        return 1;
    }

    #This is neccesary because the way of the new nessus API works, if the scan 
fails most likely
    # is in this function.
    my $policy_uuid = $nessus->get_template_id( name => 'custom', type => 
'scan');
    if ($policy_uuid eq ""){
        $logger->warn("Failled to obtain the uuid for the policy 
".$policy_uuid);
        return 1;
    }


    #Create the scan into the Nessus web server with the name 
pf-hostaddr-policyname
    my $scan_name = "pf-".$hostaddr."-".$nessus_clientpolicy;
    my $scan_id = $nessus->create_scan(
        uuid => $policy_uuid,
        settings => {
            text_targets => $hostaddr,
            name => $scan_name,
            scanner_id => $scanner_id,
            policy_id => $policy_id
        }
    );
    if ( $scan_id eq "") {
        $logger->warn("Failled to create the scan");
        return 1;
    }

    $nessus->launch_scan(scan_id => $scan_id->{id});

    $logger->info("executing Nessus scan with this policy 
".$nessus_clientpolicy);
    $self->{'_status'} = $pf::scan::STATUS_STARTED;
    $self->statusReportSyncToDb();


    # Wait the scan to finish
    my $counter = 0;
    while ($nessus->get_scan_status(scan_id => $scan_id->{id}) ne 'completed') {
        if ($counter > 3600) {
            $logger->info("Nessus scan is older than 1 hour ...");
            return 1;
        }
        $logger->info("Nessus is scanning $hostaddr");
        sleep 15;
        $counter = $counter + 15;
    }

    # Get the report
    my $file_id = $nessus->export_scan(scan_id => $scan_id->{id}, format => 
$format);
    while ($nessus->get_scan_export_status(scan_id => $scan_id->{id},file_id => 
$file_id) ne 'ready') {
        sleep 2;
    }
    $self->{'_report'} = $nessus->download_scan(scan_id => $scan_id->{id}, 
file_id => $file_id);
    # Remove report on the server and logout from nessus
    # $nessus->delete_scan(scan_id => $scan_id->{id});
    $nessus->DESTROY;

    pf::scan::parse_scan_report($self);
}

=back

=head1 AUTHOR

Inverse inc. <[email protected]>

=head1 COPYRIGHT

Copyright (C) 2005-2017 Inverse inc.

=head1 LICENSE

This program is free software; you can redistribute it and/or
modify it under the terms of the GNU General Public License
as published by the Free Software Foundation; either version 2
of the License, or (at your option) any later version.

This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
GNU General Public License for more details.

You should have received a copy of the GNU General Public License
along with this program; if not, write to the Free Software
Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301,
USA.

=cut

1;

------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
PacketFence-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/packetfence-users






















					Reply via email to