Regarding Snort, you can sign up as a "Registered User" and obtain VRT
rules 30 days after they are released free of charge. The benefit of a
paid subscription is immediate access to updated rules.
As for Nessus, you can also register and obtain the "Home Feed" free of
charge. However, this feed is not to be used in a corporate
environment. In these cases, you need to purchase the "Professional
Feed" for $1,200 per year per scanner. Both feeds offer access to over
38,000 plugins and allow you to perform credentialed/authenticated
scans. However, the Professional Feed allows additional capabilities
like policy compliance checking which allows you to load customized
"audit" files to perform specific policy compliance audits.
Hope this helps.
On 9/16/2010 11:20 AM, Ubence Quevedo wrote:
Hi All,
We have somewhat gotten the Packetfence ZEN 1.9.0 to work with wired
connections, but we are having some issues getting freeradius
configured to be usable for wireless connections.
From the PF Admin manual [specifically Chapter 5], we've put all of
the configuration information in place for freeradius, however the
service fails to start.
Here is the output from running radiusd -X:
[r...@localhost raddb]# radiusd -X
Starting - reading configuration files ...
reread_config: reading radiusd.conf
Config: including file: /etc/raddb/proxy.conf
Config: including file: /etc/raddb/clients.conf
Config: including file: /etc/raddb/snmp.conf
Config: including file: /etc/raddb/eap.conf
main: prefix = "/usr"
main: localstatedir = "/var"
main: logdir = "/var/log/radius"
main: libdir = "/usr/lib"
main: radacctdir = "/var/log/radius/radacct"
main: hostname_lookups = no
main: snmp = no
main: max_request_time = 30
main: cleanup_delay = 5
main: max_requests = 1024
main: delete_blocked_requests = 0
main: port = 0
main: allow_core_dumps = no
main: log_stripped_names = no
main: log_file = "/var/log/radius/radius.log"
main: log_auth = no
main: log_auth_badpass = no
main: log_auth_goodpass = no
main: pidfile = "/var/run/radiusd/radiusd.pid"
main: user = "radiusd"
main: group = "radiusd"
main: usercollide = no
main: lower_user = "no"
main: lower_pass = "no"
main: nospace_user = "no"
main: nospace_pass = "no"
main: checkrad = "/usr/sbin/checkrad"
main: proxy_requests = yes
proxy: retry_delay = 5
proxy: retry_count = 3
proxy: synchronous = no
proxy: default_fallback = yes
proxy: dead_time = 120
proxy: post_proxy_authorize = no
proxy: wake_all_if_all_dead = no
security: max_attributes = 200
security: reject_delay = 1
security: status_server = no
main: debug_level = 0
read_config_files: reading dictionary
read_config_files: reading naslist
Using deprecated naslist file. Support for this will go away soon.
read_config_files: reading clients
read_config_files: reading realms
radiusd: entering modules setup
Module: Library search path is /usr/lib
Module: Loaded exec
exec: wait = yes
exec: program = "(null)"
exec: input_pairs = "request"
exec: output_pairs = "(null)"
exec: packet_type = "(null)"
rlm_exec: Wait=yes but no output defined. Did you mean output=none?
Module: Instantiated exec (exec)
Module: Loaded expr
Module: Instantiated expr (expr)
Module: Loaded PAP
pap: encryption_scheme = "crypt"
Module: Instantiated pap (pap)
Module: Loaded CHAP
Module: Instantiated chap (chap)
Module: Loaded MS-CHAP
mschap: use_mppe = yes
mschap: require_encryption = no
mschap: require_strong = no
mschap: with_ntdomain_hack = no
mschap: passwd = "(null)"
mschap: ntlm_auth = "(null)"
Module: Instantiated mschap (mschap)
Module: Loaded System
unix: cache = no
unix: passwd = "(null)"
unix: shadow = "/etc/shadow"
unix: group = "(null)"
unix: radwtmp = "/var/log/radius/radwtmp"
unix: usegroup = no
unix: cache_reload = 600
Module: Instantiated unix (unix)
Module: Loaded eap
eap: default_eap_type = "peap"
eap: timer_expire = 60
eap: ignore_unknown_eap_types = no
eap: cisco_accounting_username_bug = no
rlm_eap: Loaded and initialized type md5
rlm_eap: Loaded and initialized type leap
gtc: challenge = "Password: "
gtc: auth_type = "PAP"
rlm_eap: Loaded and initialized type gtc
mschapv2: with_ntdomain_hack = no
rlm_eap: Loaded and initialized type mschapv2
rlm_eap: No such sub-type for default EAP type peap
radiusd.conf[10]: eap: Module instantiation failed.
radiusd.conf[1945] Unknown module "eap".
radiusd.conf[1892] Failed to parse authenticate section.
Is there something we are missing in our radius config in order for it
to work properly?
Also, both Snort and Nessus look to be non-free products. Do we need
to purchase the full versions of both softwares in order to get full
functionality out of both? I ask because when I try to get Snort
working, the service fails to start properly even when I reference the
oinkmaster config that is included in PF. When we tried to get Nessus
scanning working, it just seemed to hang on the initial client
registration portal.
Thanks for any help in advance.
/Ubence Quevedo/
/Technology Support Specialist/
/Information Systems, Business Services
Merced County Office of Education/
------------------------------------------------------------------------------
Start uncovering the many advantages of virtual appliances
and start using them to simplify application deployment and
accelerate your shift to cloud computing.
http://p.sf.net/sfu/novell-sfdev2dev
_______________________________________________
Packetfence-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/packetfence-users
------------------------------------------------------------------------------
Start uncovering the many advantages of virtual appliances
and start using them to simplify application deployment and
accelerate your shift to cloud computing.
http://p.sf.net/sfu/novell-sfdev2dev
_______________________________________________
Packetfence-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/packetfence-users
