Update to this again. Here is my process, let me know if I'm missing something:
My Process:
1. Get DHCP address from registration VLAN
2. Open IE
3. Get redirected and it says "Register Now"
4. Sign in with ldap auth to domain, click on register
5. Get the following error message (same as before) = Software Error
"Unable to open /usr/local/pf/logs/violation.log for append: Permission denied
at /usr/local/pf/lib/pf/violation.pm line 475"
6. Refresh the page and Get the "start scan" for Nessus
7. The scan starts and completes in Nessus (I have moved it from the
localhost to our profeed version of Nessus, although it hasn't yielded
different results)
8. I get the "Your system is still being scanned right now."
9. The system shows up as registered on my EmployeeAccess role in PF
10. I have to go to Violations>release to have it get on the network
My Goal: Is to have the Nessus scan complete, if I have a violation it moves it
to the VendorAccess role and vlan until said violation has been remediated. If
no violation occurs it should be automatically placed on the EmployeeAccess
role/vlan. This way there is really no interaction needed from users in I.T.
The only portion in violations.conf that is enabled:
[1100001]
desc=Nessus Scan
template=failed_scan
max_enable=2
button_text=Scan my computer again
trigger=Nessus::10861,Nessus::10943,Nessus::11177,Nessus::11231,Nessus::11302,Nessus::11304,Nessus::11528,Nessus::11595,Nessus::11664,Nessus::11787,Nessus::11790,Nessus::11803,Nessus::11808,Nessus::11835,Ne$
actions=autoreg,email,trap,log,winpopup,role
vlan=VendorAccess
priority=1
grace=15m
enabled=Y
target_category=VendorAccess
pf.conf (scan portion)
[scan]
#
# scan.engine
#
# Which scan engine to use to perform client-side policy compliance.
engine=nessus
#
# scan.registration
#
# If this option is enabled, the PF system will scan each host after
# registration is complete.
registration=enabled
#
# scan.duration
#
# Approximate duration of a scan. User being scanned on registration are
presented a progress bar
# for this duration, afterwards the browser refreshes until scan is complete.
duration=45s
#
# scan.host
#
# Host the scanning engine is running on. For performance reasons, we
# recommend running the scanning engine on a remote server. A passthrough will
# be automagically created.
host=EXTERNAL-NESSUS-SERVER.domain.local
#
# scan.user
#
# Username to log into scanning engine with.
user=NESSUSUSER
#
# scan.pass
#
# Password to log into scanning engine with.
pass=NESSUSPASS
Amanda Berlin
From: Berlin, Amanda - Information Systems [mailto:[email protected]]
Sent: Tuesday, September 17, 2013 1:36 PM
To: [email protected]
Subject: Re: [PacketFence-users] How to Debug Nessus Scan
Yep, I saw that, but I'm still getting stuck at that point. L My client just
sits there and says it's still being scanned. I can release manually in the PF
admin, but it won't automatically switch over to the correct vlan. I'd like it
to go to the normal vlan when there are no matches to a nessus violation, and
our guest vlan when it does match.
Amanda Berlin
From: Fabrice DURAND [mailto:[email protected]]
Sent: Tuesday, September 17, 2013 1:12 PM
To: [email protected]
Subject: Re: [PacketFence-users] How to Debug Nessus Scan
Hello Amanda,
after the scan the report is delete on the nessus server.
So if you want to keep this report you have to comment the line
$n->report_delete($scanid); in the nessus.pm file.
Regards
Fabrice
Le 2013-09-16 15:35, Berlin, Amanda - Information Systems a écrit :
Siddhartha,
Did you ever come to a resolution on this?
This is my issue
http://sourceforge.net/p/packetfence/mailman/message/31390761/
I'm beating my head against the wall trying to make it work. L
Amanda Berlin
------------------------------------------------------------------------------
LIMITED TIME SALE - Full Year of Microsoft Training For Just $49.99!
1,500+ hours of tutorials including VisualStudio 2012, Windows 8,
SharePoint
2013, SQL 2012, MVC 4, more. BEST VALUE: New Multi-Library Power Pack
includes
Mobile, Cloud, Java, and UX Design. Lowest price ever! Ends 9/20/13.
http://pubads.g.doubleclick.net/gampad/clk?id=58041151&iu=/4140/ostg.clktrk
_______________________________________________
PacketFence-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/packetfence-users
--
Fabrice Durand
[email protected] :: +1.514.447.4918 (x135) :: www.inverse.ca
Inverse inc. :: Leaders behind SOGo (http://www.sogo.nu) and PacketFence
(http://packetfence.org)
------------------------------------------------------------------------------
October Webinars: Code for Performance
Free Intel webinars can help you accelerate application performance.
Explore tips for MPI, OpenMP, advanced profiling, and more. Get the most from
the latest Intel processors and coprocessors. See abstracts and register >
http://pubads.g.doubleclick.net/gampad/clk?id=60133471&iu=/4140/ostg.clktrk
_______________________________________________
PacketFence-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/packetfence-users
