On 10/29/2012 02:32 PM, Jan Behrend wrote: > Hi list, > > I am trying to implement system scanning on registration with openvas. > The scan job gets created all right, openvas starts scanning but after a > few seconds PF moves the node from the registration vlan to the guest > vlan as if the scan was completed successfully. > My grasp on the subject was that it should wait for the scan to end and > see if there were any issues and _then_ move it to the guest vlan or the > isolation vlan if necessary.
I found a little more information: This is the relevant code in
lib/pf/scan.pm:
line 254:
# Start the scan
my $failed_scan = $scan->startScan();
### by jan
# $failed_scan = '0';
# Hum ... somethings wrong in the scan ?
if ( $failed_scan ) {
my $cmd = $bin_dir . "/pfcmd manage vclose $host_mac $SCAN_VID";
$logger->info("TOO EARLY 2: Calling $cmd because failed_scan =
$failed_scan");
my $grace = pf_run("$cmd");
# FIXME shouldn't we focus on return code instead of output?
pretty sure this is broken
if ( $grace == -1 ) {
$logger->warn("Problem trying to close scan violation");
}
}
For some reason calling the start scan command reurns '1'. If I set
failed_scan = 0 all is well with scan report parsing and adding follow
up violations ... not the right way to approach the fix to the problem,
though ;-)
These are the corresponding log entries:
Oct 29 15:05:38 pfcmd(4223) TRACE: Scan task creation output:
<create_task_response status="201"
id="67c7f993-e6d1-4071-9bfd-4cd2edac3ecd" status_text="OK, resource
created"></create_task_response> (pf::scan::openvas::createTask)
Oct 29 15:05:38 pfcmd(4223) INFO: Scan task named 135151953699d3f4
successfully created with id: 67c7f993-e6d1-4071-9bfd-4cd2edac3ecd
(pf::scan::openvas::createTask)
Oct 29 15:05:38 pfcmd(4223) INFO: Starting scan task named
135151953699d3f4 (pf::scan::openvas::startTask)
Oct 29 15:05:38 pfcmd(4223) TRACE: Scan task starting command: omp -h
127.0.0.1 -p 9390 -u admin -w Mfe0JK1gD3TySEQVEUQbMxI9TAANYG -X
'<start_task task_id="67c7f993-e6d1-4071-9bfd-4cd2edac3ecd"/>'
(pf::scan::openvas::startTask)
Oct 29 15:05:38 pfcmd(4223) TRACE: Scan task starting output:
<start_task_response status="202" status_text="OK, request
submitted"><report_id>fbcda167-3e34-4310-98fc-4aa32fb22815</report_id></start_task_response>
(pf::scan::openvas::startTask)
Oct 29 15:05:38 pfcmd(4223) INFO: Scan task named 135151953699d3f4
successfully started (pf::scan::openvas::startTask)
Oct 29 15:05:38 pfcmd(4223) TRACE: attempt #0 to run query
scan_update_sql from module scan (pf::db::db_query_execute)
Oct 29 15:05:38 pfcmd(4223) INFO: TOO EARLY 2: Calling
/usr/local/pf/bin/pfcmd manage vclose 00:17:42:2d:d3:f4 1200001 because
failed_scan = 1 (pf::scan::run_scan)
Oct 29 15:05:39 pfcmd(4277) DEBUG: starting to parse 'manage vclose
00:17:42:2d:d3:f4 1200001' (pf::pfcmd::parseCommandLine)
Oct 29 15:05:39 pfcmd(4277) DEBUG: main cmd argument is manage
(pf::pfcmd::parseCommandLine)
--
MAX-PLANCK-INSTITUT fuer Radioastronomie
Jan Behrend - Rechenzentrum
----------------------------------------
Auf dem Huegel 69, D-53121 Bonn
Tel: +49 (228) 525 359, Fax: +49 (228) 525 229
[email protected] http://www.mpifr-bonn.mpg.de
------------------------------------------------------------------------
Die digitale Unterschrift dieser Mail kann durch das Zertifikat der
DFN Global Hierarchie überprüft werden:
https://ca.mpg.de/certs/root-DGP/deutsche-telekom-ca2-root-cert.der
Weitere Informationen zur CA der MPG finden Sie unter: https://ca.mpg.de
------------------------------------------------------------------------
smime.p7s
Description: S/MIME Cryptographic Signature
------------------------------------------------------------------------------ The Windows 8 Center - In partnership with Sourceforge Your idea - your app - 30 days. Get started! http://windows8center.sourceforge.net/ what-html-developers-need-to-know-about-coding-windows-8-metro-style-apps/
_______________________________________________ PacketFence-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/packetfence-users
