I am seeing the following error re: the SSL cert:
2017-11-20 15:55:54,139 +0000 log_level=ERROR, pid=30119, tid=Thread-4, file=ta_tenable_sc_data_collector.py, func_name=_do_job_one_time, code_line_no=61 | [stanza_name="Nessus Security Center" data="sc_vulnerability" server="Security Center"] [SSL: CERTIFICATE_VERIFY_FAILED] certificate verification failed. The certificate validation is enabled. You may need to check the certificate and refer to the documentation and add it to the trust list.
I followed the documentation and exported the Nessus SC cert as a .crt/.pem (saved as a .crt). I then copied the contents of the PEM file into $SPLUNK_HOME/etc/apps/Splunk_TA_nessus/bin/splunk_ta_nessus/httplib2/cacerts.txt and then saved the file, but I still see the [SSL: CERTIFICATE_VERIFY_FAILED error
Any help troubleshooting this error would be greatly appreciated.
Digging into the scrip I saw the REST call was on port 8089 so when I double checked the relevant firewall, that port wasn't listed. Added that port and was able to pull the info via the REST call.
Thx
Hello,
I'm facing the similar issue. My Splunk is already listening on 8089. Did u do something on the host firewall?
Thanks!
I had to open port 8089 on my firewall
Hi @jwalzerpitt,
Is it working proper if we disable SSL??
local/nessus.conf
[tenable_sc_settings]
disable_ssl_certificate_validation = 0
Thanks
I'm seeing the following after setting disable_ssl_certificate_validation = 0 in local/nessus.conf:
11/20/17
12:18:37.540 PM
2017-11-20 17:18:37,540 +0000 log_level=ERROR, pid=3965, tid=Thread-5, file=ta_data_collector.py, func_name=index_data, code_line_no=118 | [stanza_name="Nessus Security Center" data="sc_vulnerability" server="Security Center"] Failed to index data
Traceback (most recent call last):
File "/data/splunk/etc/apps/Splunk_TA_nessus/bin/splunk_ta_nessus/splunktaucclib/data_collection/ta_data_collector.py", line 115, in index_data
self._do_safe_index()
File "/data/splunk/etc/apps/Splunk_TA_nessus/bin/splunk_ta_nessus/splunktaucclib/data_collection/ta_data_collector.py", line 148, in _do_safe_index
self._client = self._create_data_client()
File "/data/splunk/etc/apps/Splunk_TA_nessus/bin/splunk_ta_nessus/splunktaucclib/data_collection/ta_data_collector.py", line 95, in _create_data_client
self._checkpoint_manager)
File "/data/splunk/etc/apps/Splunk_TA_nessus/bin/splunk_ta_nessus/splunktaucclib/data_collection/ta_data_client.py", line 55, in __init__
self._ckpt)
File "/data/splunk/etc/apps/Splunk_TA_nessus/bin/splunk_ta_nessus/ta_tenable_sc_data_collector.py", line 18, in do_job_one_time
return _do_job_one_time(all_conf_contents, task_config, ckpt)
File "/data/splunk/etc/apps/Splunk_TA_nessus/bin/splunk_ta_nessus/ta_tenable_sc_data_collector.py", line 62, in _do_job_one_time
raise Exception
Exception
11/20/17
12:18:37.539 PM
2017-11-20 17:18:37,539 +0000 log_level=ERROR, pid=3965, tid=Thread-5, file=ta_tenable_sc_data_collector.py, func_name=_do_job_one_time, code_line_no=61 | [stanza_name="Nessus Security Center" data="sc_vulnerability" server="Security Center"] [SSL: CERTIFICATE_VERIFY_FAILED] certificate verification failed. The certificate validation is enabled. You may need to check the certificate and refer to the documentation and add it to the trust list.
11/20/17
12:18:37.521 PM
2017-11-20 17:18:37,521 +0000 log_level=INFO, pid=3965, tid=Thread-5, file=ta_tenable_sc_data_collector.py, func_name=_do_job_one_time, code_line_no=42 | [stanza_name="Nessus Security Center" data="sc_vulnerability" server="Security Center"] Proxy is disabled.
11/20/17
12:18:37.521 PM
2017-11-20 17:18:37,521 +0000 log_level=INFO, pid=3965, tid=Thread-5, file=ta_tenable_sc_data_collector.py, func_name=_do_job_one_time, code_line_no=39 | [stanza_name="Nessus Security Center" data="sc_vulnerability" server="Security Center"] The disable_ssl_certificate_validation is False
11/20/17
12:18:37.521 PM
2017-11-20 17:18:37,521 +0000 log_level=INFO, pid=3965, tid=Thread-5, file=ta_tenable_sc_data_collector.py, func_name=_do_job_one_time, code_line_no=23 | [stanza_name="Nessus Security Center" data="sc_vulnerability" server="Security Center"] Enter _do_job_one_time().
11/20/17
12:18:37.520 PM
2017-11-20 17:18:37,520 +0000 log_level=INFO, pid=3965, tid=Thread-5, file=ta_data_collector.py, func_name=index_data, code_line_no=112 | [stanza_name="Nessus Security Center" data="sc_vulnerability" server="Security Center"] Start indexing data for checkpoint_key=Nessus%20Security%20Center___sc_vulnerability___Security%20Center
11/20/17
12:18:37.518 PM
2017-11-20 17:18:37,518 +0000 log_level=INFO, pid=3965, tid=Thread-2, file=scheduler.py, func_name=get_ready_jobs, code_line_no=100 | Get 1 ready jobs, next duration is 43199.999063, and there are 1 jobs scheduling
Still seeing SSL cert error even after setting setting disable_ssl_certificate_validation = 1 in local/nessus.conf:
11/20/17
12:26:22.062 PM
2017-11-20 17:26:22,062 +0000 log_level=ERROR, pid=11762, tid=Thread-4, file=ta_tenable_sc_data_collector.py, func_name=_do_job_one_time, code_line_no=61 | [stanza_name="Nessus Security Center" data="sc_vulnerability" server="Security Center"] [SSL: CERTIFICATE_VERIFY_FAILED] certificate verification failed. The certificate validation is enabled. You may need to check the certificate and refer to the documentation and add it to the trust list.
Hi @jwalzerpitt,
Apology for the delay. Are you using the latest app? This error fixed in latest app.
2nd after making a change in disable_ssl_certificate_validation
it is recommended to restart Splunk.
Can you confirm it?
Thanks
I modified local/nessus.conf file as follows:
[tenable_sc_settings]
disable_ssl_certificate_validation = 1
and when I check the _internal index, I see the following events:
2017-11-21 14:20:07,924 +0000 log_level=ERROR, pid=19192, tid=MainThread, file=ta_mod_input.py, func_name=main, code_line_no=186 | Tenable task encounter exception
Traceback (most recent call last):
File "/data/splunk/etc/apps/Splunk_TA_nessus/bin/splunk_ta_nessus/splunktaucclib/data_collection/ta_mod_input.py", line 183, in main
config_cls=configer_cls)
File "/data/splunk/etc/apps/Splunk_TA_nessus/bin/splunk_ta_nessus/splunktaucclib/data_collection/ta_mod_input.py", line 100, in run
tconfig = tc.create_ta_config(settings, config_cls or tc.TaConfig)
File "/data/splunk/etc/apps/Splunk_TA_nessus/bin/splunk_ta_nessus/splunktaucclib/data_collection/ta_config.py", line 181, in create_ta_config
return config_cls(meta_config, settings)
File "/data/splunk/etc/apps/Splunk_TA_nessus/bin/splunk_ta_nessus/splunktaucclib/data_collection/ta_config.py", line 21, in __init__
meta_config[c.session_key])
File "/data/splunk/etc/apps/Splunk_TA_nessus/bin/splunk_ta_nessus/splunktalib/splunk_cluster.py", line 26, in __init__
raise Exception("Failed to init ServerInfo")
Exception: Failed to init ServerInfo
2017-11-21 14:20:07,924 +0000 log_level=ERROR, pid=19192, tid=MainThread, file=rest.py, func_name=splunkd_request, code_line_no=42 | Failed to send rest request=https://127.0.0.1:8089/services/server/info, errcode=unknown, reason=Traceback (most recent call last):
File "/data/splunk/etc/apps/Splunk_TA_nessus/bin/splunk_ta_nessus/splunktalib/rest.py", line 40, in splunkd_request
headers=headers, body=data)
File "/data/splunk/etc/apps/Splunk_TA_nessus/bin/splunk_ta_nessus/httplib2/__init__.py", line 1609, in request
(response, content) = self._request(conn, authority, uri, request_uri, method, body, headers, redirections, cachekey)
File "/data/splunk/etc/apps/Splunk_TA_nessus/bin/splunk_ta_nessus/httplib2/__init__.py", line 1351, in _request
(response, content) = self._conn_request(conn, request_uri, method, body, headers)
File "/data/splunk/etc/apps/Splunk_TA_nessus/bin/splunk_ta_nessus/httplib2/__init__.py", line 1272, in _conn_request
conn.connect()
File "/data/splunk/etc/apps/Splunk_TA_nessus/bin/splunk_ta_nessus/httplib2/__init__.py", line 1075, in connect
raise socket.error, msg
error: [Errno 111] Connection refused
I am on version 5.1.2 for the Add-on, and I created the local/nessus.conf file and added the stanza below and then restarted Splunk
[tenable_sc_settings]
disable_ssl_certificate_validation = 0
Check the _internal events and I see:
2017-11-21 14:06:41,411 +0000 log_level=ERROR, pid=6351, tid=Thread-6, file=ta_data_collector.py, func_name=index_data, code_line_no=118 | [stanza_name="Nessus SC" data="sc_vulnerability" server="Security Center"] Failed to index data
Traceback (most recent call last):
File "/data/splunk/etc/apps/Splunk_TA_nessus/bin/splunk_ta_nessus/splunktaucclib/data_collection/ta_data_collector.py", line 115, in index_data
self._do_safe_index()
File "/data/splunk/etc/apps/Splunk_TA_nessus/bin/splunk_ta_nessus/splunktaucclib/data_collection/ta_data_collector.py", line 148, in _do_safe_index
self._client = self._create_data_client()
File "/data/splunk/etc/apps/Splunk_TA_nessus/bin/splunk_ta_nessus/splunktaucclib/data_collection/ta_data_collector.py", line 95, in _create_data_client
self._checkpoint_manager)
File "/data/splunk/etc/apps/Splunk_TA_nessus/bin/splunk_ta_nessus/splunktaucclib/data_collection/ta_data_client.py", line 55, in __init__
self._ckpt)
File "/data/splunk/etc/apps/Splunk_TA_nessus/bin/splunk_ta_nessus/ta_tenable_sc_data_collector.py", line 18, in do_job_one_time
return _do_job_one_time(all_conf_contents, task_config, ckpt)
File "/data/splunk/etc/apps/Splunk_TA_nessus/bin/splunk_ta_nessus/ta_tenable_sc_data_collector.py", line 62, in _do_job_one_time
raise Exception
Exception
11/21/17
9:06:41.410 AM
2017-11-21 14:06:41,410 +0000 log_level=ERROR, pid=6351, tid=Thread-6, file=ta_tenable_sc_data_collector.py, func_name=_do_job_one_time, code_line_no=61 | [stanza_name="Nessus SC" data="sc_vulnerability" server="Security Center"] [SSL: CERTIFICATE_VERIFY_FAILED] certificate verification failed. The certificate validation is enabled. You may need to check the certificate and refer to the documentation and add it to the trust list.
Thx