Discussion:
[Packetfence-users] Packetfence & Nessus Configuration
andy nguyen
2011-07-20 20:42:59 UTC
Permalink
Hi All,
 
I am evaluate packetfence and nessus.  I currently have packfence zen 2.2.0 running on  one server and nessus server 4.4.1 running on a different server.  On the Nessus server I have a policy created to detect Antivirus version. Does anyone have example how to configure packetfence to use policy and scan on nessus server when registering a laptop.   Thanks
Francois Gaudreault
2011-07-21 13:02:34 UTC
Permalink
Hi,

You need to define a scan section with the nessus policy ids you want to
enforce. Look in the pf.conf.defaults section to see the options. Here
is an example :

[scan]
pass=********
user=myScanUser
host=1.2.3.4

live_tids=1100001,22964,35590

Furthermore, you need to have violations with the proper Scan
trigger(ie. For nessus policy 22964, Scan::22964)
Post by andy nguyen
Hi All,
I am evaluate packetfence and nessus.I currently have packfence zen
2.2.0 running onone server and nessus server 4.4.1 running on a
different server.On the Nessus server I have a policy created to
detect Antivirus version. Does anyone have example how to configure
packetfence to use policy and scan on nessus server when registering a
laptop.Thanks
------------------------------------------------------------------------------
5 Ways to Improve& Secure Unified Communications
Unified Communications promises greater efficiencies for business. UC can
improve internal communications as well as offer faster, more efficient ways
to interact with customers and streamline customer service. Learn more!
http://www.accelacomm.com/jaw/sfnl/114/51426253/
_______________________________________________
Packetfence-users mailing list
https://lists.sourceforge.net/lists/listinfo/packetfence-users
--
Francois Gaudreault, ing. jr
***@inverse.ca :: +1.514.447.4918 (x130) :: www.inverse.ca
Inverse inc. :: Leaders behind SOGo (www.sogo.nu) and PacketFence (www.packetfence.org)
andy nguyen
2011-07-21 21:05:12 UTC
Permalink
Thank Francois! This is configuration I have:
 
Packetfence running on 10.0.10.10
 
pf.conf file:
 
[scan]
ssl=enabled
pass=****   /* Nesssus user password
user=admin     /* Nessus user web login
port=1241
host=10.0 10.21  */This is address nessus server running
registration=enabled
live_tids=21725   */21725 is ID to scan for Symantec Antivirus
 
violations.conf file:
 
I added a session:
 
[1100011]
desc=Check Antivirus Updates
url=content/index.php?template=scan
actions=email,log,trap
trigger=Scan::21725
disable=N
 
 
 
When I register a laptop, Packetfence put laptop in islolation vlan and violation id is 1200001 (not the ID 1100011) System scan.  What did I miss?  I have create a policy on Nessus server call Antiviurs Check.  Where do I tell Packetfence Policy to use?  Does Nessus Server have to be installed on Packetfence server?   Please help??
 
Thanks
Francois Gaudreault
2011-07-27 13:44:52 UTC
Permalink
Andy,

What about your .nessus policy file? You should create one, and put it
in /usr/local/pf/conf/nessus

In pf.conf add under scan :
nessusclient_file=[FILENAME].nessus
nessusclient_policy=[POLICY-NAME]
Post by andy nguyen
Packetfence running on 10.0.10.10
[scan]
ssl=enabled
pass=**** /* Nesssus user password
user=admin /* Nessus user web login
port=1241
host=10.0 10.21 */This is address nessus server running
registration=enabled
live_tids=21725 */21725 is ID to scan for Symantec Antivirus
[1100011]
desc=Check Antivirus Updates
url=content/index.php?template=scan
actions=email,log,trap
trigger=Scan::21725
disable=N
When I register a laptop, Packetfence put laptop in islolation vlan
and violation id is 1200001 (not the ID 1100011) System scan. What
did I miss? I have create a policy on Nessus server call Antiviurs
Check. Where do I tell Packetfence Policy to use? Does Nessus Server
have to be installed on Packetfence server? Please help??
Thanks
------------------------------------------------------------------------------
5 Ways to Improve& Secure Unified Communications
Unified Communications promises greater efficiencies for business. UC can
improve internal communications as well as offer faster, more efficient ways
to interact with customers and streamline customer service. Learn more!
http://www.accelacomm.com/jaw/sfnl/114/51426253/
_______________________________________________
Packetfence-users mailing list
https://lists.sourceforge.net/lists/listinfo/packetfence-users
--
Francois Gaudreault, ing. jr
***@inverse.ca :: +1.514.447.4918 (x130) :: www.inverse.ca
Inverse inc. :: Leaders behind SOGo (www.sogo.nu) and PacketFence (www.packetfence.org)
Loading...