Nessus SSL error in the Risk Automation Suite vulnerability scan history.

Article:TECH147220  |  Created: 2010-12-30  |  Updated: 2011-07-12  |  Article URL http://www.symantec.com/docs/TECH147220
Article Type
Technical Solution


Issue



Vulnerability scans in Risk Automation Suite using SecureRecon with Nessus are not running or completing. The error below is showing in the RAS vulnerability scan history.


Error



There was no output data from scanner. Scanner IP : x.x.x.x [date and time][17247.0] SSL_CTX_set_cipher_list: error:140E6118:SSL routines:SSL_CIPHER_PROCESS_RULESTR:invalid command [date and time][17247.0] SSL_connect: error:14094413:SSL routines:SSL3_READ_BYTES:sslv3 alert unsupported certificate nessus : SSL error


Environment



Risk Automation Suite 4.0.4 running on Windows Server 2003 Enterprise

SecureRecon 5 and Nessus 4 running on SuSE Enterprise 5


Solution



  1. Login to RAS portal and delete the current Nessus scanner
  2. Edit nessusd.conf and remove the line: “ssl_cipher_list =SSLv2:-LOW:-EXPORT:RC4+RSA”
  3. Restart nessus:
    service nessusd stop
    service nessusd start
  4. Stop SecureRecon
  5. cd /securerecon
  6. mv RASAgent.conf RASAgent.conf.old
  7. Reconfigure SecureRecon 
    ./SecureRecon –s
    SecureRecon version 5.0.1.18, copyright Symantec Corporation 2010
    Which scanner do you want to integrate with? [0]
    [0] Nessus
    Enter the full path to the Nessus client executable (0) :/opt/nessus/bin/nessus
    Enter the full path to the Nessus configuration file () : /opt/nessus/etc/nessus/nessusd.conf
    Enter the full path to the Nessus plugins directory () : /opt/nessus/lib/nessus/plugins
    Enter the Nessus server IP/hostname () :localhost
    Enter the Nessus port (0) :1241
    Enter the Nessus user () :…..
    Enter the Nessus user's password () : ……
    Enter the number of IP addresses to batch per scan (10) :5
    Enter the number of the output file type you want to use (0)
    [0] .nbe
    [1] .nessus
    enter 1
    Enter the number of the logging level you want to use (0)
    [0] Low
    [1] Medium
    [2] High
    enter 2
    SecureRecon interactive setup is complete.
     
  8. Register SecureRecon
    ./SecureRecon -r <RAS_portal_name_or_IP> <RAS_user> <RAS_password>
  9. Start SecureRecon
    /root/startsr
  10. Run a scan from RAS
     

 




Article URL http://www.symantec.com/docs/TECH147220


Terms of use for this information are found in Legal Notices