All Apps and Add-ons

Splunk Add on for Tenable Nessus

Motivator

I am seeing the following error re: the SSL cert:

2017-11-20 15:55:54,139 +0000 log_level=ERROR, pid=30119, tid=Thread-4, file=ta_tenable_sc_data_collector.py, func_name=_do_job_one_time, code_line_no=61 | [stanza_name="Nessus Security Center" data="sc_vulnerability" server="Security Center"] [SSL: CERTIFICATE_VERIFY_FAILED] certificate verification failed. The certificate validation is enabled. You may need to check the certificate and refer to the documentation and add it to the trust list.

I followed the documentation and exported the Nessus SC cert as a .crt/.pem (saved as a .crt). I then copied the contents of the PEM file into $SPLUNKHOME/etc/apps/SplunkTAnessus/bin/splunktanessus/httplib2/cacerts.txt and then saved the file, but I still see the [SSL: CERTIFICATEVERIFY_FAILED error

Any help troubleshooting this error would be greatly appreciated.

0 Karma

Motivator

Digging into the scrip I saw the REST call was on port 8089 so when I double checked the relevant firewall, that port wasn't listed. Added that port and was able to pull the info via the REST call.

Thx

0 Karma

Path Finder

Hello,

I'm facing the similar issue. My Splunk is already listening on 8089. Did u do something on the host firewall?

Thanks!

0 Karma

Motivator

I had to open port 8089 on my firewall

0 Karma

SplunkTrust
SplunkTrust

Hi @jwalzerpitt,

Is it working proper if we disable SSL??

local/nessus.conf

[tenable_sc_settings]
disable_ssl_certificate_validation = 0

Thanks

0 Karma

Motivator

I'm seeing the following after setting disablesslcertificate_validation = 0 in local/nessus.conf:

11/20/17
12:18:37.540 PM 
2017-11-20 17:18:37,540 +0000 log_level=ERROR, pid=3965, tid=Thread-5, file=ta_data_collector.py, func_name=index_data, code_line_no=118 | [stanza_name="Nessus Security Center" data="sc_vulnerability" server="Security Center"] Failed to index data
Traceback (most recent call last):
  File "/data/splunk/etc/apps/Splunk_TA_nessus/bin/splunk_ta_nessus/splunktaucclib/data_collection/ta_data_collector.py", line 115, in index_data
    self._do_safe_index()
  File "/data/splunk/etc/apps/Splunk_TA_nessus/bin/splunk_ta_nessus/splunktaucclib/data_collection/ta_data_collector.py", line 148, in _do_safe_index
    self._client = self._create_data_client()
  File "/data/splunk/etc/apps/Splunk_TA_nessus/bin/splunk_ta_nessus/splunktaucclib/data_collection/ta_data_collector.py", line 95, in _create_data_client
    self._checkpoint_manager)
  File "/data/splunk/etc/apps/Splunk_TA_nessus/bin/splunk_ta_nessus/splunktaucclib/data_collection/ta_data_client.py", line 55, in __init__
    self._ckpt)
  File "/data/splunk/etc/apps/Splunk_TA_nessus/bin/splunk_ta_nessus/ta_tenable_sc_data_collector.py", line 18, in do_job_one_time
    return _do_job_one_time(all_conf_contents, task_config, ckpt)
  File "/data/splunk/etc/apps/Splunk_TA_nessus/bin/splunk_ta_nessus/ta_tenable_sc_data_collector.py", line 62, in _do_job_one_time
    raise Exception
Exception

11/20/17
12:18:37.539 PM 
2017-11-20 17:18:37,539 +0000 log_level=ERROR, pid=3965, tid=Thread-5, file=ta_tenable_sc_data_collector.py, func_name=_do_job_one_time, code_line_no=61 | [stanza_name="Nessus Security Center" data="sc_vulnerability" server="Security Center"] [SSL: CERTIFICATE_VERIFY_FAILED] certificate verification failed. The certificate validation is enabled. You may need to check the certificate and refer to the documentation and add it to the trust list.

    11/20/17
12:18:37.521 PM 
2017-11-20 17:18:37,521 +0000 log_level=INFO, pid=3965, tid=Thread-5, file=ta_tenable_sc_data_collector.py, func_name=_do_job_one_time, code_line_no=42 | [stanza_name="Nessus Security Center" data="sc_vulnerability" server="Security Center"] Proxy is disabled.

    11/20/17
12:18:37.521 PM 
2017-11-20 17:18:37,521 +0000 log_level=INFO, pid=3965, tid=Thread-5, file=ta_tenable_sc_data_collector.py, func_name=_do_job_one_time, code_line_no=39 | [stanza_name="Nessus Security Center" data="sc_vulnerability" server="Security Center"] The disable_ssl_certificate_validation is False

    11/20/17
12:18:37.521 PM 
2017-11-20 17:18:37,521 +0000 log_level=INFO, pid=3965, tid=Thread-5, file=ta_tenable_sc_data_collector.py, func_name=_do_job_one_time, code_line_no=23 | [stanza_name="Nessus Security Center" data="sc_vulnerability" server="Security Center"] Enter _do_job_one_time().

    11/20/17
12:18:37.520 PM 
2017-11-20 17:18:37,520 +0000 log_level=INFO, pid=3965, tid=Thread-5, file=ta_data_collector.py, func_name=index_data, code_line_no=112 | [stanza_name="Nessus Security Center" data="sc_vulnerability" server="Security Center"] Start indexing data for checkpoint_key=Nessus%20Security%20Center___sc_vulnerability___Security%20Center

    11/20/17
12:18:37.518 PM 
2017-11-20 17:18:37,518 +0000 log_level=INFO, pid=3965, tid=Thread-2, file=scheduler.py, func_name=get_ready_jobs, code_line_no=100 | Get 1 ready jobs, next duration is 43199.999063, and there are 1 jobs scheduling
0 Karma

Motivator

Still seeing SSL cert error even after setting setting disablesslcertificate_validation = 1 in local/nessus.conf:

11/20/17
12:26:22.062 PM 
2017-11-20 17:26:22,062 +0000 log_level=ERROR, pid=11762, tid=Thread-4, file=ta_tenable_sc_data_collector.py, func_name=_do_job_one_time, code_line_no=61 | [stanza_name="Nessus Security Center" data="sc_vulnerability" server="Security Center"] [SSL: CERTIFICATE_VERIFY_FAILED] certificate verification failed. The certificate validation is enabled. You may need to check the certificate and refer to the documentation and add it to the trust list.
0 Karma

SplunkTrust
SplunkTrust

Hi @jwalzerpitt,

Apology for the delay. Are you using the latest app? This error fixed in latest app.

2nd after making a change in disable_ssl_certificate_validationit is recommended to restart Splunk.

Can you confirm it?

Thanks

0 Karma

Motivator

I modified local/nessus.conf file as follows:

  [tenable_sc_settings]
  disable_ssl_certificate_validation = 1

and when I check the _internal index, I see the following events:

2017-11-21 14:20:07,924 +0000 log_level=ERROR, pid=19192, tid=MainThread, file=ta_mod_input.py, func_name=main, code_line_no=186 | Tenable task encounter exception
Traceback (most recent call last):
  File "/data/splunk/etc/apps/Splunk_TA_nessus/bin/splunk_ta_nessus/splunktaucclib/data_collection/ta_mod_input.py", line 183, in main
    config_cls=configer_cls)
  File "/data/splunk/etc/apps/Splunk_TA_nessus/bin/splunk_ta_nessus/splunktaucclib/data_collection/ta_mod_input.py", line 100, in run
    tconfig = tc.create_ta_config(settings, config_cls or tc.TaConfig)
  File "/data/splunk/etc/apps/Splunk_TA_nessus/bin/splunk_ta_nessus/splunktaucclib/data_collection/ta_config.py", line 181, in create_ta_config
    return config_cls(meta_config, settings)
  File "/data/splunk/etc/apps/Splunk_TA_nessus/bin/splunk_ta_nessus/splunktaucclib/data_collection/ta_config.py", line 21, in __init__
    meta_config[c.session_key])
  File "/data/splunk/etc/apps/Splunk_TA_nessus/bin/splunk_ta_nessus/splunktalib/splunk_cluster.py", line 26, in __init__
    raise Exception("Failed to init ServerInfo")
Exception: Failed to init ServerInfo

2017-11-21 14:20:07,924 +0000 log_level=ERROR, pid=19192, tid=MainThread, file=rest.py, func_name=splunkd_request, code_line_no=42 | Failed to send rest request=https://127.0.0.1:8089/services/server/info, errcode=unknown, reason=Traceback (most recent call last):
  File "/data/splunk/etc/apps/Splunk_TA_nessus/bin/splunk_ta_nessus/splunktalib/rest.py", line 40, in splunkd_request
    headers=headers, body=data)
  File "/data/splunk/etc/apps/Splunk_TA_nessus/bin/splunk_ta_nessus/httplib2/__init__.py", line 1609, in request
    (response, content) = self._request(conn, authority, uri, request_uri, method, body, headers, redirections, cachekey)
  File "/data/splunk/etc/apps/Splunk_TA_nessus/bin/splunk_ta_nessus/httplib2/__init__.py", line 1351, in _request
    (response, content) = self._conn_request(conn, request_uri, method, body, headers)
  File "/data/splunk/etc/apps/Splunk_TA_nessus/bin/splunk_ta_nessus/httplib2/__init__.py", line 1272, in _conn_request
    conn.connect()
  File "/data/splunk/etc/apps/Splunk_TA_nessus/bin/splunk_ta_nessus/httplib2/__init__.py", line 1075, in connect
    raise socket.error, msg
error: [Errno 111] Connection refused
0 Karma

Motivator

I am on version 5.1.2 for the Add-on, and I created the local/nessus.conf file and added the stanza below and then restarted Splunk

 [tenable_sc_settings]
 disable_ssl_certificate_validation = 0

Check the _internal events and I see:

2017-11-21 14:06:41,411 +0000 log_level=ERROR, pid=6351, tid=Thread-6, file=ta_data_collector.py, func_name=index_data, code_line_no=118 | [stanza_name="Nessus SC" data="sc_vulnerability" server="Security Center"] Failed to index data
Traceback (most recent call last):
  File "/data/splunk/etc/apps/Splunk_TA_nessus/bin/splunk_ta_nessus/splunktaucclib/data_collection/ta_data_collector.py", line 115, in index_data
    self._do_safe_index()
  File "/data/splunk/etc/apps/Splunk_TA_nessus/bin/splunk_ta_nessus/splunktaucclib/data_collection/ta_data_collector.py", line 148, in _do_safe_index
    self._client = self._create_data_client()
  File "/data/splunk/etc/apps/Splunk_TA_nessus/bin/splunk_ta_nessus/splunktaucclib/data_collection/ta_data_collector.py", line 95, in _create_data_client
    self._checkpoint_manager)
  File "/data/splunk/etc/apps/Splunk_TA_nessus/bin/splunk_ta_nessus/splunktaucclib/data_collection/ta_data_client.py", line 55, in __init__
    self._ckpt)
  File "/data/splunk/etc/apps/Splunk_TA_nessus/bin/splunk_ta_nessus/ta_tenable_sc_data_collector.py", line 18, in do_job_one_time
    return _do_job_one_time(all_conf_contents, task_config, ckpt)
  File "/data/splunk/etc/apps/Splunk_TA_nessus/bin/splunk_ta_nessus/ta_tenable_sc_data_collector.py", line 62, in _do_job_one_time
    raise Exception
Exception

11/21/17
9:06:41.410 AM  
2017-11-21 14:06:41,410 +0000 log_level=ERROR, pid=6351, tid=Thread-6, file=ta_tenable_sc_data_collector.py, func_name=_do_job_one_time, code_line_no=61 | [stanza_name="Nessus SC" data="sc_vulnerability" server="Security Center"] [SSL: CERTIFICATE_VERIFY_FAILED] certificate verification failed. The certificate validation is enabled. You may need to check the certificate and refer to the documentation and add it to the trust list.

Thx

0 Karma