Re: [PacketFence-users] Error communicatin with Nessus

2017-08-14 Thread Akala Kehinde via PacketFence-users 
Hallo James,

Thanks for your reply.

Juan Valencia and I have troubleshooted this last week and below is the
current status:

   - Can now connect. Had to had to instruct the LWG agent not to verify
   hostname via ssl. -> resolved
   - Violation  id 120005 and custom violation id got triggered after I
   added the nessus6 id in violation.pm file. -> resolved
   - Violation id 120005 is triggered but never closes, even after
   violation is fixed. -> not resolved

Will appreciate if you can lab this up and test why the violation id 120005
never closes.


Regards,
Kehinde

On Fri, Aug 11, 2017 at 8:47 PM, jrouzier via PacketFence-users <
packetfence-users@lists.sourceforge.net> wrote:

> Kehinde,
>
> I am looking into this. By next tuesday I should have a good solution.
>
> Thanks
>
> James
>
> On 2017-07-17 8:58 AM, Akala Kehinde via PacketFence-users wrote:
>
> Hallo Guys,
>
> Quick one..
> I get this error when PF tries triggering a violation:
>
> Checked line 96 and seems it's an error with the creds, but creds seems
> right. Or is the creds not supposed to be that on the Nessus server?
>
> Jul  8 13:57:58 pfence pfqueue: pfqueue(10450) INFO:
> [mac:00:50:ff:25:ce:00] New ID generated: 149951507810ce00
> (pf::util::generate_id)
> Jul  8 13:57:58 pfence pfqueue: pfqueue(10450) ERROR:
> [mac:00:50:ff:25:ce:00] communication error: Can't connect to
> 172.16.100.10:8834 at /usr/local/pf/lib/pf/scan/nessus6.pm line 96.
>  (pf::api::can_fork::notify)
>
>
> Regards,
> Kehinde
>
>
> --
> Check out the vibrant tech community on one of the world's most
> engaging tech sites, Slashdot.org! http://sdm.link/slashdot
>
>
>
> ___
> PacketFence-users mailing 
> listPacketFence-users@lists.sourceforge.nethttps://lists.sourceforge.net/lists/listinfo/packetfence-users
>
>
>
> 
> --
> Check out the vibrant tech community on one of the world's most
> engaging tech sites, Slashdot.org! http://sdm.link/slashdot
> ___
> PacketFence-users mailing list
> PacketFence-users@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/packetfence-users
>
>
--
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

Re: [PacketFence-users] Error communicatin with Nessus

2017-08-11 Thread jrouzier via PacketFence-users 

Kehinde,

I am looking into this. By next tuesday I should have a good solution.

Thanks

James


On 2017-07-17 8:58 AM, Akala Kehinde via PacketFence-users wrote:

Hallo Guys,

Quick one..
I get this error when PF tries triggering a violation:

Checked line 96 and seems it's an error with the creds, but creds 
seems right. Or is the creds not supposed to be that on the Nessus server?


Jul  8 13:57:58 pfence pfqueue: pfqueue(10450) INFO: 
[mac:00:50:ff:25:ce:00] New ID generated: 149951507810ce00 
(pf::util::generate_id)
Jul  8 13:57:58 pfence pfqueue: pfqueue(10450) ERROR: 
[mac:00:50:ff:25:ce:00] communication error: Can't connect to 
172.16.100.10:8834  at 
/usr/local/pf/lib/pf/scan/nessus6.pm  line 96.

 (pf::api::can_fork::notify)


Regards,
Kehinde


--
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot


___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users


--
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

Re: [PacketFence-users] Error communicatin with Nessus

2017-08-11 Thread Akala Kehinde via PacketFence-users 
I expect id 100024 to be triggered when in Production vlan but it doesn't.

On 11 Aug 2017 2:25 PM, "Akala Kehinde"  wrote:

> Ok. But in my case, I see no violation 100024 triggered even when there is
> a violation. Only 100025 tiggers.
> And also what ID is triggered on Reg? We have here only Pre and Post Reg
> IDs before the actual custom violation IDs is triggered.
>
> On 11 Aug 2017 2:07 PM, "Cristian Mammoli"  wrote:
>
> 100024  self closes when there is no wmi violation.
> When there is a violation triggered by the scan engine with action_param =
> mac = $mac, tid = 12, type = INTERNAL then it does not close itself. I
> configured the violation to allow the user to self remediate (e.g.
> uninstall an unwanted software) end re-enable network access.
>
>
>
> Il 10/08/2017 16:44, Akala Kehinde ha scritto:
>
>> Hi Cristian,
>>
>> The 100024 id doesn't trigger. No logs, nothin. Only the 100025 does.
>> Just to be sure of the Reg. and Post Reg scan operations, the Reg.scan
>> works just when authenticating and the Post Reg. after authentication. And
>> does the violation (the wmi violation itself) self close when you don't fix
>> it?
>>
>>
> --
> Mammoli Cristian
> System administrator
> T. +39 0731 22911
> Via Brodolini 6 | 60035 Jesi (an)
>
>
>
--
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

Re: [PacketFence-users] Error communicatin with Nessus

2017-08-11 Thread Cristian Mammoli via PacketFence-users 

100024  self closes when there is no wmi violation.
When there is a violation triggered by the scan engine with action_param 
= mac = $mac, tid = 12, type = INTERNAL then it does not close 
itself. I configured the violation to allow the user to self remediate 
(e.g. uninstall an unwanted software) end re-enable network access.



Il 10/08/2017 16:44, Akala Kehinde ha scritto:

Hi Cristian,

The 100024 id doesn't trigger. No logs, nothin. Only the 100025 does.
Just to be sure of the Reg. and Post Reg scan operations, the Reg.scan 
works just when authenticating and the Post Reg. after authentication. 
And does the violation (the wmi violation itself) self close when you 
don't fix it?




--
Mammoli Cristian
System administrator
T. +39 0731 22911
Via Brodolini 6 | 60035 Jesi (an)


--
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

Re: [PacketFence-users] Error communicatin with Nessus

2017-08-10 Thread Akala Kehinde via PacketFence-users 
Hi Cristian,

The 100024 id doesn't trigger. No logs, nothin. Only the 100025 does.
Just to be sure of the Reg. and Post Reg scan operations, the Reg.scan
works just when authenticating and the Post Reg. after authentication. And
does the violation (the wmi violation itself) self close when you don't fix
it?

Regards,
Kehinde

On Thu, Aug 10, 2017 at 3:57 PM, Cristian Mammoli  wrote:

> WMI works for me on production network, what issues are you having?
>
> Il 10/08/2017 14:37, Akala Kehinde ha scritto:
>
> Hi Cristian,
>
> Took me some time too to have the WMI scan running, but even only works
> for pre-reg. Failed for Reg and Post-reg scans.Had any success with that?
>
>
>
>
--
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

Re: [PacketFence-users] Error communicatin with Nessus

2017-08-10 Thread Akala Kehinde via PacketFence-users 
Hi Christian,

Is the ssl config change you made in the nessus6.pm file necessary, because
I only made the change in the REST.pm file, and I could connect.
But the issue I am having is with the "scanner name doesn't exist" even
after settign as "Local Scanner".
Can you send me your nessu6.pm file. Want to compare with mine.

Thanks.

Regards,
Kehinde

On Thu, Aug 10, 2017 at 11:04 AM, Cristian Mammoli 
wrote:

> Thanks Akala, I think the Nessus::REST shipped by inverse repo has
> multiple problems
>
> [root@srvpf pf]# rpm -qf /usr/share/perl5/vendor_perl/Net/Nessus/REST.pm
> perl-Net-Nessus-REST-0.2-4.1.noarch
> [root@srvpf pf]# yum info perl-Net-Nessus-REST-0.2-4.1.noarch
> Loaded plugins: fastestmirror
> Loading mirror speeds from cached hostfile
>  * atomic: www4.atomicorp.com
>  * base: it.centos.contactlab.it
>  * extras: it.centos.contactlab.it
>  * updates: it.centos.contactlab.it
> Installed Packages
> Name: perl-Net-Nessus-REST
> Arch: noarch
> Version : 0.2
> Release : 4.1
> Size: 23 k
> Repo: installed
> From repo   : packetfence
> Summary : Communicate with Nessus scanner(v6+) via REST
> URL : http://search.cpan.org/~grousse/Net-Nessus-REST-0.2/
> License : Artistic/GPL
> Description : This is Perl interface for communication with Nessus scanner
> over XMLRPC. You
> : can start, stop, pause and resume scan. Watch progress and
> status of scan,
> : download report, etc.
>
> There is no  ssl_opts => { verify_hostname => 0 } (even if this coul be
> passed directly by nessus6.pm). The function get_scanner_id is missing
>
> I brutally replaced /usr/share/perl5/vendor_perl/Net/Nessus/REST.pm with
> the last upstream version:
>
> wget http://cpansearch.perl.org/src/GROUSSE/Net-Nessus-REST-v0.7.
> 0/lib/Net/Nessus/REST.pm -O /usr/share/perl5/vendor_perl/N
> et/Nessus/REST.pm
>
> and modified lib/pf/scan/nessus6.pm like this:
>
> --- lib/pf/scan/nessus6.pm.orig 2017-08-10 11:02:24.977268702 +0200
> +++ lib/pf/scan/nessus6.pm  2017-08-10 10:45:59.439102230 +0200
> @@ -92,7 +92,7 @@
>  my $scanner_name= $self->{_scannername};
>  my $format  = $self->{_format};
>
> -my $nessus = Net::Nessus::REST->new(url => 'https://
> '.$host.':'.$port);
> +my $nessus = Net::Nessus::REST->new(url => 'https://'.$host.':'.$port,
> ssl_opts => { verify_hostname => 0 });
>  $nessus->create_session(username => $user, password => $pass);
>
>  # Verify nessus policy ID on the server, nessus remote scanner id,
> set scan name and launch the scan
>
> My scan.conf is this:
>
> [nessus6_scan]
> ip=srvpf.gruppoapra.com
> duration=180s
> categories=employees
> port=8834
> registration=0
> username=admin
> post_registration=1
> password=REDACTED
> pre_registration=0
> oses=1
> type=nessus6
> scannername=Local Scanner
> nessus_clientpolicy=PacketFenceScan
>
> Now the scan starts:
>
> Aug 10 11:03:41 srvpf pfqueue: pfqueue(8101) INFO: [mac:20:cf:30:36:7c:bb]
> Nessus is scanning 192.168.15.80 (pf::scan::nessus6::startScan)
>
>
> Il 09/08/2017 20:40, Akala Kehinde ha scritto:
>
>> FYI below..
>> Had to cc. the mail add.. for anyone interested in the ongoing convo...
>>
>> Regards,
>> Kehinde
>>
>> On Thu, Aug 3, 2017 at 11:08 PM, Juan Camilo Valencia <
>> juan.valen...@seguratec.com.co >
>> wrote:
>>
>> Hi Kehinde,
>>
>> Yeah could be something really more simple but what looks like is
>> that the variable is not getting initialize probably because the
>> app is not delivering any data,or the scanner name is not correct,
>> let me see with the lab how to get that info manually and debug
>> this thing correctly.
>>
>> Best regards
>>
>> 2017-08-03 13:27 GMT-05:00 Akala Kehinde > >:
>>
>> HI Juan,
>>
>> Actualy did that before sending the last mai, but to no avail.
>> Problem still persist.
>>
>> [MAWOH_NESSUS_SCAN]
>> ip=127.0.0.1
>> duration=30s
>> categories=guest,staff
>> port=8843
>> registration=1
>> username=nessusadmin
>> post_registration=1
>> password=password
>> pre_registration=1
>> oses=1
>> nessus_clientpolicy=testpolicy
>> type=nessus6
>> scannername=Local
>>
>> Aug  3 20:27:06 egelsbach pfqueue: Use of uninitialized value
>> $scanner_id in string eq at
>> /usr/local/pf/lib/pf/scan/nessus6.pm  line
>> 107.
>> Aug  3 20:27:06 egelsbach pfqueue: Use of uninitialized value
>> $scanner_id in concatenation (.) or string at
>> /usr/local/pf/lib/pf/scan/nessus6.pm  line
>> 108.
>> Aug  3 20:27:06 egelsbach pfqueue: pfqueue(31127) WARN:
>> [mac:44:8a:5b:43:55:02] Nessus scanner name doesn't exist
>>

Re: [PacketFence-users] Error communicatin with Nessus

2017-08-10 Thread Akala Kehinde via PacketFence-users 
Hi Cristian,

Took me some time too to have the WMI scan running, but even only works for
pre-reg. Failed for Reg and Post-reg scans.Had any success with that?

Regards,
Kehinde

On Thu, Aug 10, 2017 at 2:31 PM, Cristian Mammoli via PacketFence-users <
packetfence-users@lists.sourceforge.net> wrote:

> And now, even if Nessus returns no vulns the built in trigger 124 does
> not get self closed.
>
> I give up, after 3 days trying to get a scan system working beyond WMI:
>
> openvas should be installed on the pf box but can't because there is a
> conflict between a perl wmi library shipped by inverse. Furthermore I think
> pf requires an old version of openvas which is nowhere to be found
> Nessus 5 can't be downloaded anymore from tenable website
> Nessus 6 integration is utterly broken
>
> And I'm using the ZEN appliance which, I suppose, has all the pieces in
> place.
>
> Can someone of the devs provide a tested working combination before I hang
> myself out of frustration?
>
> Thanks
>
> Cristian
>
> Il 10/08/2017 13:51, Cristian Mammoli via PacketFence-users ha scritto:
>
> Hi Akala, the result is the same for the ssl_options. It only tells LWP
> UserAgent to not verify the hostname. I just wanted to avoid editing
> something external to packetfence.
>
>
>
> 
> --
> Check out the vibrant tech community on one of the world's most
> engaging tech sites, Slashdot.org! http://sdm.link/slashdot
> ___
> PacketFence-users mailing list
> PacketFence-users@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/packetfence-users
>
>
--
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

Re: [PacketFence-users] Error communicatin with Nessus

2017-08-10 Thread Cristian Mammoli via PacketFence-users 

WMI works for me on production network, what issues are you having?

Il 10/08/2017 14:37, Akala Kehinde ha scritto:

Hi Cristian,

Took me some time too to have the WMI scan running, but even only 
works for pre-reg. Failed for Reg and Post-reg scans.Had any success 
with that?


--
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

Re: [PacketFence-users] Error communicatin with Nessus

2017-08-10 Thread Cristian Mammoli via PacketFence-users 
Hi Akala, the result is the same for the ssl_options. It only tells LWP 
UserAgent to not verify the hostname. I just wanted to avoid editing 
something external to packetfence.


I attached my nessus6.pm, but try to update 
/usr/share/perl5/vendor_perl/Net/Nessus/REST.pm with the latest upstream 
version like I did.


Furhermore, if you manage to get the scan running, there is another 
problem you will face: the violation reported by nessus6 will be ignored 
because there is no nessus6 type in lib/pf/factory/condition/violation.pm


I fixed it this way:

--- lib/pf/factory/condition/violation.pm.orig  2017-08-10 
12:14:46.302911023 +0200
+++ lib/pf/factory/condition/violation.pm   2017-08-10 
12:55:01.346003541 +0200

@@ -37,6 +37,7 @@
 'mac'   => {type => 'regex', key => 'mac'},
 'mac_vendor'=> {type => 'equals',key => 
'mac_vendor_id'},
 'nessus'=> {type => 'equals',key => 
'last_nessus_id',  event => $TRUE},
+'nessus6'   => {type => 'equals',key => 
'last_nessus6_id', event => $TRUE},
 'openvas'   => {type => 'equals',key => 
'last_openvas_id', event => $TRUE},
 'metadefender'  => {type => 'equals',key => 
'last_metadefender_id',event => $TRUE},
 'provisioner'   => {type => 'equals',key => 
'last_provisioner_id', event => $TRUE},


and added the ids as nessus6 in my violation

Il 10/08/2017 13:43, Akala Kehinde ha scritto:

Hi Christian,

Is the ssl config change you made in the nessus6.pm 
 file necessary, because I only made the change in 
the REST.pm file, and I could connect.
But the issue I am having is with the "scanner name doesn't exist" 
even after settign as "Local Scanner".
Can you send me your nessu6.pm  file. Want to 
compare with mine.
package pf::scan::nessus6;

=head1 NAME

pf::scan::nessus6

=cut

=head1 DESCRIPTION

pf::scan::nessus6 is a module to add Nessus v6 scanning option.

=cut

use strict;
use warnings;

use Log::Log4perl;
use Readonly;

use base ('pf::scan');

use pf::config;
use pf::scan;
use pf::util;
use pf::node;
use pf::constants::scan qw($SCAN_VID $PRE_SCAN_VID $POST_SCAN_VID 
$STATUS_STARTED);
use Net::Nessus::REST;

sub description { 'Nessus6 Scanner' }

=head1 SUBROUTINES

=over

=item new

Create a new Nessus6 scanning object with the required attributes

=cut

sub new {
my ( $class, %data ) = @_;
my $logger = Log::Log4perl::get_logger(__PACKAGE__);

$logger->debug("instantiating new ". __PACKAGE__ . " object");

my $self = bless {
'_id'  => undef,
'_host'=> undef,
'_port'=> undef,
'_username'=> undef,
'_password'=> undef,
'_scanIp'  => undef,
'_scanMac' => undef,
'_report'  => undef,
'_file'=> undef,
'_policy'  => undef,
'_type'=> undef,
'_status'  => undef,
'_scannername' => undef,
'_format'  => 'csv',
'_oses'=> undef,
'_categories'  => undef,
}, $class;

foreach my $value ( keys %data ) {
$self->{'_' . $value} = $data{$value};
}

return $self;
}

=item startScan

=cut

# WARNING: A lot of extra single quoting has been done to fix perl taint mode 
issues: #1087
sub startScan {
my ( $self ) = @_;
my $logger = Log::Log4perl::get_logger(__PACKAGE__);

# nessus scan setup
my $id  = $self->{_id};
my $hostaddr= $self->{_scanIp};
my $mac = $self->{_scanMac};
my $host= $self->{_ip};
my $port= $self->{_port};
my $user= $self->{_username};
my $pass= $self->{_password};
my $nessus_clientpolicy = $self->{_nessus_clientpolicy};
my $scanner_name= $self->{_scannername};
my $format  = $self->{_format};

my $nessus = Net::Nessus::REST->new(url => 'https://'.$host.':'.$port, 
ssl_opts => { verify_hostname => 0 });
$nessus->create_session(username => $user, password => $pass);

# Verify nessus policy ID on the server, nessus remote scanner id, set scan 
name and launch the scan

my $policy_id = $nessus->get_policy_id(name => $nessus_clientpolicy);
if ($policy_id eq "") {
$logger->warn("Nessus policy doesnt exist ".$nessus_clientpolicy);
return 1;
}

my $scanner_id = $nessus->get_scanner_id(name => $scanner_name);
if ($scanner_id eq ""){
$logger->warn("Nessus scanner name doesn't exist ".$scanner_id);
return 1;
}

#This is neccesary because the way of the new nessus API works, if the scan 
fails most likely
# is in this function.
my $policy_uuid = $nessus->get_template_id( name => 'custom', type => 
'scan');

Re: [PacketFence-users] Error communicatin with Nessus

2017-08-09 Thread Cristian Mammoli via PacketFence-users 

I'm getting the same error. Nessus is running and I can connect with
wget https://127.0.0.1:8834 --no-check-certificate
Even a simple test program such as this fails with the same error even 
if the data is correct:


use Net::Nessus::REST;

my $nessus = Net::Nessus::REST->new(
url => 'https://localhost:8834'
);

$nessus->create_session(
username => 'admin',
password => '123',
);

[root@srvpf ~]# perl test.pl
communication error: Can't connect to localhost:8834 at test.pl line 7.

There is no trace of the connection in the nessus logs

Il 01/08/2017 16:52, Juan Camilo Valencia via PacketFence-users ha scritto:

Hi Akala,

Nessus has a log that you can verify from the server perspective to 
try figure it out what is going on, if I'm not wrong is in 
/opt/nessus/var/nessus/log/ and is something realted with server in 
its name, try to tail that log while you try to do the connection from 
packetfence and you can have more information about it. Also can you 
locate
/usr/share/perl5/vendor_perl/Net/Nessus/REST.pm and paste it, probably 
you are using a package outside inverse repo and that package has a 
little modification to bypass some SSL verification for 
self-certificate servers, which generic package does not have.


I hope this can help you a little bit.

Best Regards,


2017-07-31 13:30 GMT-05:00 Akala Kehinde via PacketFence-users 
>:


Hello Fabrice,

Still can"t get my head around this.. Seems to me like an API
communication problem or any more ideas to what the problem might be.

Regards,
Kehinde

On Sat, Jul 29, 2017 at 8:53 AM, Akala Kehinde
> wrote:

Hello Fabrice,

I still get the same error, kindly see logs below:

[root@pfence logs]# netstat -nlp | grep 8834
tcp0  0 0.0.0.0:8834 
 0.0.0.0:*   LISTEN  1761/nessusd

tcp6   0  0 :::8834   :::*LISTEN
 1761/nessusd
[root@pfence logs]#

Jul 29 08:51:53 pfence pfqueue: pfqueue(13223) INFO:
[mac:00:50:ff:25:ce:00] Instantiate profile SNS
(pf::Connection::ProfileFactory::_from_profile)
Jul 29 08:51:53 pfence pfqueue: pfqueue(13223) INFO:
[mac:00:50:ff:25:ce:00] violation 125 already exists for
00:50:ff:25:ce:00, not adding again (pf::violation::violation_add)
Jul 29 08:51:54 pfence pfqueue: pfqueue(13223) INFO:
[mac:00:50:ff:25:ce:00] Instantiate profile SNS
(pf::Connection::ProfileFactory::_from_profile)
Jul 29 08:51:54 pfence pfqueue: pfqueue(13223) INFO:
[mac:00:50:ff:25:ce:00] New ID generated: 15013423ce00
(pf::util::generate_id)
Jul 29 08:51:54 pfence pfqueue: pfqueue(13223) ERROR:
[mac:00:50:ff:25:ce:00] communication error: Can't connect to
127.0.0.1:8834  at
/usr/local/pf/lib/pf/scan/nessus6.pm  line 96.
 (pf::api::can_fork::notify)



Regards,
Kehinde

On Fri, Jul 28, 2017 at 8:22 PM, Fabrice Durand via
PacketFence-users > wrote:

Hello Akala,

if nessus run on the same server then try 127.0.0.1 for
the server ip.

Also what return : netstat -nlp | grep 8834

Regards

Fabrice



Le 2017-07-28 à 12:09, Akala Kehinde via PacketFence-users
a écrit :

Just FYI, the Nessus server runs on the PF server.

Regards,
Kehinde

On Fri, Jul 28, 2017 at 5:53 PM, Akala Kehinde
>
wrote:

Hallo Guys,

Quick one..
I get this error when PF tries triggering a violation:

Checked line 96 and seems it's an error with the
creds, but creds is right. Or is the creds not
supposed to be that on the Nessus server?

Jul  8 13:57:58 pfence pfqueue: pfqueue(10450) INFO:
[mac:00:50:ff:25:ce:00] New ID generated:
149951507810ce00 (pf::util::generate_id)
Jul  8 13:57:58 pfence pfqueue: pfqueue(10450) ERROR:
[mac:00:50:ff:25:ce:00] communication error: Can't
connect to 172.16.100.10:8834
 at
/usr/local/pf/lib/pf/scan/nessus6.pm
 line 96.
 (pf::api::can_fork::notify)


Regards,
Kehinde

Regards,
Kehinde

Re: [PacketFence-users] Error communicatin with Nessus

2017-08-01 Thread Juan Camilo Valencia via PacketFence-users 
Hi Akala,

Nessus has a log that you can verify from the server perspective to try
figure it out what is going on, if I'm not wrong is in
/opt/nessus/var/nessus/log/ and is something realted with server in its
name, try to tail that log while you try to do the connection from
packetfence and you can have more information about it. Also can you locate
/usr/share/perl5/vendor_perl/Net/Nessus/REST.pm and paste it, probably you
are using a package outside inverse repo and that package has a little
modification to bypass some SSL verification for self-certificate servers,
which generic package does not have.

I hope this can help you a little bit.

Best Regards,


2017-07-31 13:30 GMT-05:00 Akala Kehinde via PacketFence-users <
packetfence-users@lists.sourceforge.net>:

> Hello Fabrice,
>
> Still can"t get my head around this.. Seems to me like an API
> communication problem or any more ideas to what the problem might be.
>
> Regards,
> Kehinde
>
> On Sat, Jul 29, 2017 at 8:53 AM, Akala Kehinde 
> wrote:
>
>> Hello Fabrice,
>>
>> I still get the same error, kindly see logs below:
>>
>> [root@pfence logs]# netstat -nlp | grep 8834
>> tcp0  0 0.0.0.0:88340.0.0.0:*
>> LISTEN  1761/nessusd
>> tcp6   0  0 :::8834 :::*
>>  LISTEN  1761/nessusd
>> [root@pfence logs]#
>>
>> Jul 29 08:51:53 pfence pfqueue: pfqueue(13223) INFO:
>> [mac:00:50:ff:25:ce:00] Instantiate profile SNS
>> (pf::Connection::ProfileFactory::_from_profile)
>> Jul 29 08:51:53 pfence pfqueue: pfqueue(13223) INFO:
>> [mac:00:50:ff:25:ce:00] violation 125 already exists for
>> 00:50:ff:25:ce:00, not adding again (pf::violation::violation_add)
>> Jul 29 08:51:54 pfence pfqueue: pfqueue(13223) INFO:
>> [mac:00:50:ff:25:ce:00] Instantiate profile SNS
>> (pf::Connection::ProfileFactory::_from_profile)
>> Jul 29 08:51:54 pfence pfqueue: pfqueue(13223) INFO:
>> [mac:00:50:ff:25:ce:00] New ID generated: 15013423ce00
>> (pf::util::generate_id)
>> Jul 29 08:51:54 pfence pfqueue: pfqueue(13223) ERROR:
>> [mac:00:50:ff:25:ce:00] communication error: Can't connect to
>> 127.0.0.1:8834 at /usr/local/pf/lib/pf/scan/nessus6.pm line 96.
>>  (pf::api::can_fork::notify)
>>
>>
>>
>> Regards,
>> Kehinde
>>
>> On Fri, Jul 28, 2017 at 8:22 PM, Fabrice Durand via PacketFence-users <
>> packetfence-users@lists.sourceforge.net> wrote:
>>
>>> Hello Akala,
>>>
>>> if nessus run on the same server then try 127.0.0.1 for the server ip.
>>>
>>> Also what return : netstat -nlp | grep 8834
>>>
>>> Regards
>>>
>>> Fabrice
>>>
>>>
>>>
>>> Le 2017-07-28 à 12:09, Akala Kehinde via PacketFence-users a écrit :
>>>
>>> Just FYI, the Nessus server runs on the PF server.
>>>
>>> Regards,
>>> Kehinde
>>>
>>> On Fri, Jul 28, 2017 at 5:53 PM, Akala Kehinde 
>>> wrote:
>>>
 Hallo Guys,

 Quick one..
 I get this error when PF tries triggering a violation:

 Checked line 96 and seems it's an error with the creds, but creds is
 right. Or is the creds not supposed to be that on the Nessus server?

 Jul  8 13:57:58 pfence pfqueue: pfqueue(10450) INFO:
 [mac:00:50:ff:25:ce:00] New ID generated: 149951507810ce00
 (pf::util::generate_id)
 Jul  8 13:57:58 pfence pfqueue: pfqueue(10450) ERROR:
 [mac:00:50:ff:25:ce:00] communication error: Can't connect to
 172.16.100.10:8834 at /usr/local/pf/lib/pf/scan/nessus6.pm line 96.
  (pf::api::can_fork::notify)


 Regards,
 Kehinde

 Regards,
 Kehinde

>>>
>>>
>>>
>>> --
>>> Check out the vibrant tech community on one of the world's most
>>> engaging tech sites, Slashdot.org! http://sdm.link/slashdot
>>>
>>>
>>>
>>> ___
>>> PacketFence-users mailing 
>>> listPacketFence-users@lists.sourceforge.nethttps://lists.sourceforge.net/lists/listinfo/packetfence-users
>>>
>>>
>>> --
>>> Fabrice durandfdur...@inverse.ca ::  +1.514.447.4918 <(514)%20447-4918> 
>>> (x135) ::  www.inverse.ca
>>> Inverse inc. :: Leaders behind SOGo (http://www.sogo.nu) and PacketFence 
>>> (http://packetfence.org)
>>>
>>>
>>> 
>>> --
>>> Check out the vibrant tech community on one of the world's most
>>> engaging tech sites, Slashdot.org! http://sdm.link/slashdot
>>> ___
>>> PacketFence-users mailing list
>>> PacketFence-users@lists.sourceforge.net
>>> https://lists.sourceforge.net/lists/listinfo/packetfence-users
>>>
>>>
>>
>
> 
> --
> Check out the vibrant tech community on one of the world's most
> engaging tech sites, Slashdot.org! http://sdm.link/slashdot
> ___
> PacketFence-users mailing list
> PacketFence-users@lists.sourceforge.net
>

Re: [PacketFence-users] Error communicatin with Nessus

2017-08-01 Thread Akala Kehinde via PacketFence-users 
Hello Fabrice,

Still can"t get my head around this.. Seems to me like an API communication
problem or any more ideas to what the problem might be.

Regards,
Kehinde

On Sat, Jul 29, 2017 at 8:53 AM, Akala Kehinde 
wrote:

> Hello Fabrice,
>
> I still get the same error, kindly see logs below:
>
> [root@pfence logs]# netstat -nlp | grep 8834
> tcp0  0 0.0.0.0:88340.0.0.0:*
> LISTEN  1761/nessusd
> tcp6   0  0 :::8834 :::*LISTEN
>  1761/nessusd
> [root@pfence logs]#
>
> Jul 29 08:51:53 pfence pfqueue: pfqueue(13223) INFO:
> [mac:00:50:ff:25:ce:00] Instantiate profile SNS (pf::Connection::
> ProfileFactory::_from_profile)
> Jul 29 08:51:53 pfence pfqueue: pfqueue(13223) INFO:
> [mac:00:50:ff:25:ce:00] violation 125 already exists for
> 00:50:ff:25:ce:00, not adding again (pf::violation::violation_add)
> Jul 29 08:51:54 pfence pfqueue: pfqueue(13223) INFO:
> [mac:00:50:ff:25:ce:00] Instantiate profile SNS (pf::Connection::
> ProfileFactory::_from_profile)
> Jul 29 08:51:54 pfence pfqueue: pfqueue(13223) INFO:
> [mac:00:50:ff:25:ce:00] New ID generated: 15013423ce00
> (pf::util::generate_id)
> Jul 29 08:51:54 pfence pfqueue: pfqueue(13223) ERROR:
> [mac:00:50:ff:25:ce:00] communication error: Can't connect to
> 127.0.0.1:8834 at /usr/local/pf/lib/pf/scan/nessus6.pm line 96.
>  (pf::api::can_fork::notify)
>
>
>
> Regards,
> Kehinde
>
> On Fri, Jul 28, 2017 at 8:22 PM, Fabrice Durand via PacketFence-users <
> packetfence-users@lists.sourceforge.net> wrote:
>
>> Hello Akala,
>>
>> if nessus run on the same server then try 127.0.0.1 for the server ip.
>>
>> Also what return : netstat -nlp | grep 8834
>>
>> Regards
>>
>> Fabrice
>>
>>
>>
>> Le 2017-07-28 à 12:09, Akala Kehinde via PacketFence-users a écrit :
>>
>> Just FYI, the Nessus server runs on the PF server.
>>
>> Regards,
>> Kehinde
>>
>> On Fri, Jul 28, 2017 at 5:53 PM, Akala Kehinde 
>> wrote:
>>
>>> Hallo Guys,
>>>
>>> Quick one..
>>> I get this error when PF tries triggering a violation:
>>>
>>> Checked line 96 and seems it's an error with the creds, but creds is
>>> right. Or is the creds not supposed to be that on the Nessus server?
>>>
>>> Jul  8 13:57:58 pfence pfqueue: pfqueue(10450) INFO:
>>> [mac:00:50:ff:25:ce:00] New ID generated: 149951507810ce00
>>> (pf::util::generate_id)
>>> Jul  8 13:57:58 pfence pfqueue: pfqueue(10450) ERROR:
>>> [mac:00:50:ff:25:ce:00] communication error: Can't connect to
>>> 172.16.100.10:8834 at /usr/local/pf/lib/pf/scan/nessus6.pm line 96.
>>>  (pf::api::can_fork::notify)
>>>
>>>
>>> Regards,
>>> Kehinde
>>>
>>> Regards,
>>> Kehinde
>>>
>>
>>
>>
>> --
>> Check out the vibrant tech community on one of the world's most
>> engaging tech sites, Slashdot.org! http://sdm.link/slashdot
>>
>>
>>
>> ___
>> PacketFence-users mailing 
>> listPacketFence-users@lists.sourceforge.nethttps://lists.sourceforge.net/lists/listinfo/packetfence-users
>>
>>
>> --
>> Fabrice durandfdur...@inverse.ca ::  +1.514.447.4918 <(514)%20447-4918> 
>> (x135) ::  www.inverse.ca
>> Inverse inc. :: Leaders behind SOGo (http://www.sogo.nu) and PacketFence 
>> (http://packetfence.org)
>>
>>
>> 
>> --
>> Check out the vibrant tech community on one of the world's most
>> engaging tech sites, Slashdot.org! http://sdm.link/slashdot
>> ___
>> PacketFence-users mailing list
>> PacketFence-users@lists.sourceforge.net
>> https://lists.sourceforge.net/lists/listinfo/packetfence-users
>>
>>
>
--
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

Re: [PacketFence-users] Error communicatin with Nessus

2017-07-29 Thread Akala Kehinde via PacketFence-users 
Hello Fabrice,

I still get the same error, kindly see logs below:

[root@pfence logs]# netstat -nlp | grep 8834
tcp0  0 0.0.0.0:88340.0.0.0:*   LISTEN
 1761/nessusd
tcp6   0  0 :::8834 :::*LISTEN
 1761/nessusd
[root@pfence logs]#

Jul 29 08:51:53 pfence pfqueue: pfqueue(13223) INFO:
[mac:00:50:ff:25:ce:00] Instantiate profile SNS
(pf::Connection::ProfileFactory::_from_profile)
Jul 29 08:51:53 pfence pfqueue: pfqueue(13223) INFO:
[mac:00:50:ff:25:ce:00] violation 125 already exists for
00:50:ff:25:ce:00, not adding again (pf::violation::violation_add)
Jul 29 08:51:54 pfence pfqueue: pfqueue(13223) INFO:
[mac:00:50:ff:25:ce:00] Instantiate profile SNS
(pf::Connection::ProfileFactory::_from_profile)
Jul 29 08:51:54 pfence pfqueue: pfqueue(13223) INFO:
[mac:00:50:ff:25:ce:00] New ID generated: 15013423ce00
(pf::util::generate_id)
Jul 29 08:51:54 pfence pfqueue: pfqueue(13223) ERROR:
[mac:00:50:ff:25:ce:00] communication error: Can't connect to 127.0.0.1:8834
at /usr/local/pf/lib/pf/scan/nessus6.pm line 96.
 (pf::api::can_fork::notify)



Regards,
Kehinde

On Fri, Jul 28, 2017 at 8:22 PM, Fabrice Durand via PacketFence-users <
packetfence-users@lists.sourceforge.net> wrote:

> Hello Akala,
>
> if nessus run on the same server then try 127.0.0.1 for the server ip.
>
> Also what return : netstat -nlp | grep 8834
>
> Regards
>
> Fabrice
>
>
>
> Le 2017-07-28 à 12:09, Akala Kehinde via PacketFence-users a écrit :
>
> Just FYI, the Nessus server runs on the PF server.
>
> Regards,
> Kehinde
>
> On Fri, Jul 28, 2017 at 5:53 PM, Akala Kehinde 
> wrote:
>
>> Hallo Guys,
>>
>> Quick one..
>> I get this error when PF tries triggering a violation:
>>
>> Checked line 96 and seems it's an error with the creds, but creds is
>> right. Or is the creds not supposed to be that on the Nessus server?
>>
>> Jul  8 13:57:58 pfence pfqueue: pfqueue(10450) INFO:
>> [mac:00:50:ff:25:ce:00] New ID generated: 149951507810ce00
>> (pf::util::generate_id)
>> Jul  8 13:57:58 pfence pfqueue: pfqueue(10450) ERROR:
>> [mac:00:50:ff:25:ce:00] communication error: Can't connect to
>> 172.16.100.10:8834 at /usr/local/pf/lib/pf/scan/nessus6.pm line 96.
>>  (pf::api::can_fork::notify)
>>
>>
>> Regards,
>> Kehinde
>>
>> Regards,
>> Kehinde
>>
>
>
>
> --
> Check out the vibrant tech community on one of the world's most
> engaging tech sites, Slashdot.org! http://sdm.link/slashdot
>
>
>
> ___
> PacketFence-users mailing 
> listPacketFence-users@lists.sourceforge.nethttps://lists.sourceforge.net/lists/listinfo/packetfence-users
>
>
> --
> Fabrice durandfdur...@inverse.ca ::  +1.514.447.4918 <(514)%20447-4918> 
> (x135) ::  www.inverse.ca
> Inverse inc. :: Leaders behind SOGo (http://www.sogo.nu) and PacketFence 
> (http://packetfence.org)
>
>
> 
> --
> Check out the vibrant tech community on one of the world's most
> engaging tech sites, Slashdot.org! http://sdm.link/slashdot
> ___
> PacketFence-users mailing list
> PacketFence-users@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/packetfence-users
>
>
--
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

Re: [PacketFence-users] Error communicatin with Nessus

2017-07-28 Thread Fabrice Durand via PacketFence-users 
Hello Akala,

if nessus run on the same server then try 127.0.0.1 for the server ip.

Also what return : netstat -nlp | grep 8834

Regards

Fabrice



Le 2017-07-28 à 12:09, Akala Kehinde via PacketFence-users a écrit :
> Just FYI, the Nessus server runs on the PF server.
>
> Regards,
> Kehinde
>
> On Fri, Jul 28, 2017 at 5:53 PM, Akala Kehinde  > wrote:
>
> Hallo Guys,
>
> Quick one..
> I get this error when PF tries triggering a violation:
>
> Checked line 96 and seems it's an error with the creds, but creds
> is right. Or is the creds not supposed to be that on the Nessus
> server?
>
> Jul  8 13:57:58 pfence pfqueue: pfqueue(10450) INFO:
> [mac:00:50:ff:25:ce:00] New ID generated: 149951507810ce00
> (pf::util::generate_id)
> Jul  8 13:57:58 pfence pfqueue: pfqueue(10450) ERROR:
> [mac:00:50:ff:25:ce:00] communication error: Can't connect
> to 172.16.100.10:8834  at
> /usr/local/pf/lib/pf/scan/nessus6.pm  line 96.
>  (pf::api::can_fork::notify)
>
>
> Regards,
> Kehinde
>
> Regards,
> Kehinde
>
>
>
>
> --
> Check out the vibrant tech community on one of the world's most
> engaging tech sites, Slashdot.org! http://sdm.link/slashdot
>
>
> ___
> PacketFence-users mailing list
> PacketFence-users@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/packetfence-users

-- 
Fabrice Durand
fdur...@inverse.ca ::  +1.514.447.4918 (x135) ::  www.inverse.ca
Inverse inc. :: Leaders behind SOGo (http://www.sogo.nu) and PacketFence 
(http://packetfence.org) 

--
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

Re: [PacketFence-users] Error communicatin with Nessus

2017-07-28 Thread Akala Kehinde via PacketFence-users 
Just FYI, the Nessus server runs on the PF server.

Regards,
Kehinde

On Fri, Jul 28, 2017 at 5:53 PM, Akala Kehinde 
wrote:

> Hallo Guys,
>
> Quick one..
> I get this error when PF tries triggering a violation:
>
> Checked line 96 and seems it's an error with the creds, but creds is
> right. Or is the creds not supposed to be that on the Nessus server?
>
> Jul  8 13:57:58 pfence pfqueue: pfqueue(10450) INFO:
> [mac:00:50:ff:25:ce:00] New ID generated: 149951507810ce00
> (pf::util::generate_id)
> Jul  8 13:57:58 pfence pfqueue: pfqueue(10450) ERROR:
> [mac:00:50:ff:25:ce:00] communication error: Can't connect to
> 172.16.100.10:8834 at /usr/local/pf/lib/pf/scan/nessus6.pm line 96.
>  (pf::api::can_fork::notify)
>
>
> Regards,
> Kehinde
>
> Regards,
> Kehinde
>
--
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users