All Apps and Add-ons

Splunk Add on for Tenable Nessus

jwalzerpitt
Influencer

I am seeing the following error re: the SSL cert:

2017-11-20 15:55:54,139 +0000 log_level=ERROR, pid=30119, tid=Thread-4, file=ta_tenable_sc_data_collector.py, func_name=_do_job_one_time, code_line_no=61 | [stanza_name="Nessus Security Center" data="sc_vulnerability" server="Security Center"] [SSL: CERTIFICATE_VERIFY_FAILED] certificate verification failed. The certificate validation is enabled. You may need to check the certificate and refer to the documentation and add it to the trust list.

I followed the documentation and exported the Nessus SC cert as a .crt/.pem (saved as a .crt). I then copied the contents of the PEM file into $SPLUNK_HOME/etc/apps/Splunk_TA_nessus/bin/splunk_ta_nessus/httplib2/cacerts.txt and then saved the file, but I still see the [SSL: CERTIFICATE_VERIFY_FAILED error

Any help troubleshooting this error would be greatly appreciated.

0 Karma

jwalzerpitt
Influencer

Digging into the scrip I saw the REST call was on port 8089 so when I double checked the relevant firewall, that port wasn't listed. Added that port and was able to pull the info via the REST call.

Thx

0 Karma

splunk_kk
Path Finder

Hello,

I'm facing the similar issue. My Splunk is already listening on 8089. Did u do something on the host firewall?

Thanks!

0 Karma

jwalzerpitt
Influencer

I had to open port 8089 on my firewall

0 Karma

kamlesh_vaghela
SplunkTrust
SplunkTrust

Hi @jwalzerpitt,

Is it working proper if we disable SSL??

local/nessus.conf

[tenable_sc_settings]
disable_ssl_certificate_validation = 0

Thanks

0 Karma

jwalzerpitt
Influencer

I'm seeing the following after setting disable_ssl_certificate_validation = 0 in local/nessus.conf:

11/20/17
12:18:37.540 PM 
2017-11-20 17:18:37,540 +0000 log_level=ERROR, pid=3965, tid=Thread-5, file=ta_data_collector.py, func_name=index_data, code_line_no=118 | [stanza_name="Nessus Security Center" data="sc_vulnerability" server="Security Center"] Failed to index data
Traceback (most recent call last):
  File "/data/splunk/etc/apps/Splunk_TA_nessus/bin/splunk_ta_nessus/splunktaucclib/data_collection/ta_data_collector.py", line 115, in index_data
    self._do_safe_index()
  File "/data/splunk/etc/apps/Splunk_TA_nessus/bin/splunk_ta_nessus/splunktaucclib/data_collection/ta_data_collector.py", line 148, in _do_safe_index
    self._client = self._create_data_client()
  File "/data/splunk/etc/apps/Splunk_TA_nessus/bin/splunk_ta_nessus/splunktaucclib/data_collection/ta_data_collector.py", line 95, in _create_data_client
    self._checkpoint_manager)
  File "/data/splunk/etc/apps/Splunk_TA_nessus/bin/splunk_ta_nessus/splunktaucclib/data_collection/ta_data_client.py", line 55, in __init__
    self._ckpt)
  File "/data/splunk/etc/apps/Splunk_TA_nessus/bin/splunk_ta_nessus/ta_tenable_sc_data_collector.py", line 18, in do_job_one_time
    return _do_job_one_time(all_conf_contents, task_config, ckpt)
  File "/data/splunk/etc/apps/Splunk_TA_nessus/bin/splunk_ta_nessus/ta_tenable_sc_data_collector.py", line 62, in _do_job_one_time
    raise Exception
Exception

11/20/17
12:18:37.539 PM 
2017-11-20 17:18:37,539 +0000 log_level=ERROR, pid=3965, tid=Thread-5, file=ta_tenable_sc_data_collector.py, func_name=_do_job_one_time, code_line_no=61 | [stanza_name="Nessus Security Center" data="sc_vulnerability" server="Security Center"] [SSL: CERTIFICATE_VERIFY_FAILED] certificate verification failed. The certificate validation is enabled. You may need to check the certificate and refer to the documentation and add it to the trust list.

    11/20/17
12:18:37.521 PM 
2017-11-20 17:18:37,521 +0000 log_level=INFO, pid=3965, tid=Thread-5, file=ta_tenable_sc_data_collector.py, func_name=_do_job_one_time, code_line_no=42 | [stanza_name="Nessus Security Center" data="sc_vulnerability" server="Security Center"] Proxy is disabled.

    11/20/17
12:18:37.521 PM 
2017-11-20 17:18:37,521 +0000 log_level=INFO, pid=3965, tid=Thread-5, file=ta_tenable_sc_data_collector.py, func_name=_do_job_one_time, code_line_no=39 | [stanza_name="Nessus Security Center" data="sc_vulnerability" server="Security Center"] The disable_ssl_certificate_validation is False

    11/20/17
12:18:37.521 PM 
2017-11-20 17:18:37,521 +0000 log_level=INFO, pid=3965, tid=Thread-5, file=ta_tenable_sc_data_collector.py, func_name=_do_job_one_time, code_line_no=23 | [stanza_name="Nessus Security Center" data="sc_vulnerability" server="Security Center"] Enter _do_job_one_time().

    11/20/17
12:18:37.520 PM 
2017-11-20 17:18:37,520 +0000 log_level=INFO, pid=3965, tid=Thread-5, file=ta_data_collector.py, func_name=index_data, code_line_no=112 | [stanza_name="Nessus Security Center" data="sc_vulnerability" server="Security Center"] Start indexing data for checkpoint_key=Nessus%20Security%20Center___sc_vulnerability___Security%20Center

    11/20/17
12:18:37.518 PM 
2017-11-20 17:18:37,518 +0000 log_level=INFO, pid=3965, tid=Thread-2, file=scheduler.py, func_name=get_ready_jobs, code_line_no=100 | Get 1 ready jobs, next duration is 43199.999063, and there are 1 jobs scheduling
0 Karma

jwalzerpitt
Influencer

Still seeing SSL cert error even after setting setting disable_ssl_certificate_validation = 1 in local/nessus.conf:

11/20/17
12:26:22.062 PM 
2017-11-20 17:26:22,062 +0000 log_level=ERROR, pid=11762, tid=Thread-4, file=ta_tenable_sc_data_collector.py, func_name=_do_job_one_time, code_line_no=61 | [stanza_name="Nessus Security Center" data="sc_vulnerability" server="Security Center"] [SSL: CERTIFICATE_VERIFY_FAILED] certificate verification failed. The certificate validation is enabled. You may need to check the certificate and refer to the documentation and add it to the trust list.
0 Karma

kamlesh_vaghela
SplunkTrust
SplunkTrust

Hi @jwalzerpitt,

Apology for the delay. Are you using the latest app? This error fixed in latest app.

2nd after making a change in disable_ssl_certificate_validationit is recommended to restart Splunk.

Can you confirm it?

Thanks

0 Karma

jwalzerpitt
Influencer

I modified local/nessus.conf file as follows:

  [tenable_sc_settings]
  disable_ssl_certificate_validation = 1

and when I check the _internal index, I see the following events:

2017-11-21 14:20:07,924 +0000 log_level=ERROR, pid=19192, tid=MainThread, file=ta_mod_input.py, func_name=main, code_line_no=186 | Tenable task encounter exception
Traceback (most recent call last):
  File "/data/splunk/etc/apps/Splunk_TA_nessus/bin/splunk_ta_nessus/splunktaucclib/data_collection/ta_mod_input.py", line 183, in main
    config_cls=configer_cls)
  File "/data/splunk/etc/apps/Splunk_TA_nessus/bin/splunk_ta_nessus/splunktaucclib/data_collection/ta_mod_input.py", line 100, in run
    tconfig = tc.create_ta_config(settings, config_cls or tc.TaConfig)
  File "/data/splunk/etc/apps/Splunk_TA_nessus/bin/splunk_ta_nessus/splunktaucclib/data_collection/ta_config.py", line 181, in create_ta_config
    return config_cls(meta_config, settings)
  File "/data/splunk/etc/apps/Splunk_TA_nessus/bin/splunk_ta_nessus/splunktaucclib/data_collection/ta_config.py", line 21, in __init__
    meta_config[c.session_key])
  File "/data/splunk/etc/apps/Splunk_TA_nessus/bin/splunk_ta_nessus/splunktalib/splunk_cluster.py", line 26, in __init__
    raise Exception("Failed to init ServerInfo")
Exception: Failed to init ServerInfo

2017-11-21 14:20:07,924 +0000 log_level=ERROR, pid=19192, tid=MainThread, file=rest.py, func_name=splunkd_request, code_line_no=42 | Failed to send rest request=https://127.0.0.1:8089/services/server/info, errcode=unknown, reason=Traceback (most recent call last):
  File "/data/splunk/etc/apps/Splunk_TA_nessus/bin/splunk_ta_nessus/splunktalib/rest.py", line 40, in splunkd_request
    headers=headers, body=data)
  File "/data/splunk/etc/apps/Splunk_TA_nessus/bin/splunk_ta_nessus/httplib2/__init__.py", line 1609, in request
    (response, content) = self._request(conn, authority, uri, request_uri, method, body, headers, redirections, cachekey)
  File "/data/splunk/etc/apps/Splunk_TA_nessus/bin/splunk_ta_nessus/httplib2/__init__.py", line 1351, in _request
    (response, content) = self._conn_request(conn, request_uri, method, body, headers)
  File "/data/splunk/etc/apps/Splunk_TA_nessus/bin/splunk_ta_nessus/httplib2/__init__.py", line 1272, in _conn_request
    conn.connect()
  File "/data/splunk/etc/apps/Splunk_TA_nessus/bin/splunk_ta_nessus/httplib2/__init__.py", line 1075, in connect
    raise socket.error, msg
error: [Errno 111] Connection refused
0 Karma

jwalzerpitt
Influencer

I am on version 5.1.2 for the Add-on, and I created the local/nessus.conf file and added the stanza below and then restarted Splunk

 [tenable_sc_settings]
 disable_ssl_certificate_validation = 0

Check the _internal events and I see:

2017-11-21 14:06:41,411 +0000 log_level=ERROR, pid=6351, tid=Thread-6, file=ta_data_collector.py, func_name=index_data, code_line_no=118 | [stanza_name="Nessus SC" data="sc_vulnerability" server="Security Center"] Failed to index data
Traceback (most recent call last):
  File "/data/splunk/etc/apps/Splunk_TA_nessus/bin/splunk_ta_nessus/splunktaucclib/data_collection/ta_data_collector.py", line 115, in index_data
    self._do_safe_index()
  File "/data/splunk/etc/apps/Splunk_TA_nessus/bin/splunk_ta_nessus/splunktaucclib/data_collection/ta_data_collector.py", line 148, in _do_safe_index
    self._client = self._create_data_client()
  File "/data/splunk/etc/apps/Splunk_TA_nessus/bin/splunk_ta_nessus/splunktaucclib/data_collection/ta_data_collector.py", line 95, in _create_data_client
    self._checkpoint_manager)
  File "/data/splunk/etc/apps/Splunk_TA_nessus/bin/splunk_ta_nessus/splunktaucclib/data_collection/ta_data_client.py", line 55, in __init__
    self._ckpt)
  File "/data/splunk/etc/apps/Splunk_TA_nessus/bin/splunk_ta_nessus/ta_tenable_sc_data_collector.py", line 18, in do_job_one_time
    return _do_job_one_time(all_conf_contents, task_config, ckpt)
  File "/data/splunk/etc/apps/Splunk_TA_nessus/bin/splunk_ta_nessus/ta_tenable_sc_data_collector.py", line 62, in _do_job_one_time
    raise Exception
Exception

11/21/17
9:06:41.410 AM  
2017-11-21 14:06:41,410 +0000 log_level=ERROR, pid=6351, tid=Thread-6, file=ta_tenable_sc_data_collector.py, func_name=_do_job_one_time, code_line_no=61 | [stanza_name="Nessus SC" data="sc_vulnerability" server="Security Center"] [SSL: CERTIFICATE_VERIFY_FAILED] certificate verification failed. The certificate validation is enabled. You may need to check the certificate and refer to the documentation and add it to the trust list.

Thx

0 Karma
Get Updates on the Splunk Community!

Index This | I am a number, but when you add ‘G’ to me, I go away. What number am I?

March 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...

What’s New in Splunk App for PCI Compliance 5.3.1?

The Splunk App for PCI Compliance allows customers to extend the power of their existing Splunk solution with ...

Extending Observability Content to Splunk Cloud

Register to join us !   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to ...