Hi all,
after some time spent inside perl sourcce I changed some modules to apply
workaround. My problem seems to be a "production interface":
/usr/local/pf/lib/pf/api.pm:
....
sub trigger_scan :Public :Fork :AllowedAsAction($ip, mac, $mac,
net_type, TYPE) {
....
# return if ($added == 0 || $added == -1);
/usr/local/pf/lib/pf/util.pm:
sub is_prod_interface {
return $TRUE;
}
packetfence.log:
Feb 4 11:20:37 pfsrv packetfence_httpd.aaa: httpd.aaa(31452) ERROR:
[mac:a8:60:b6:0c:bb:ce] WARNING ! Unknown switch(es) 10.25.0.1
(pf::SwitchFactory::instantiate)
Feb 4 11:20:37 pfsrv packetfence_httpd.aaa: httpd.aaa(31452) ERROR:
[mac:a8:60:b6:0c:bb:ce] Can not instantiate switch 10.25.0.1 !
(pf::radius::_handleStaticPo
rtSecurityMovement)
Feb 4 11:20:37 pfsrv packetfence_httpd.aaa: httpd.aaa(31452) INFO:
[mac:a8:60:b6:0c:bb:ce] handling radius autz request: from switch_ip =>
(10.0.3.33), connect
ion_type => Ethernet-EAP,switch_mac => (00:18:fe:e3:52:e0), mac =>
[a8:60:b6:0c:bb:ce], port => 7, username => "becchett"
(pf::radius::authorize)
Feb 4 11:20:37 pfsrv packetfence_httpd.aaa: httpd.aaa(31452) INFO:
[mac:a8:60:b6:0c:bb:ce] Instantiate profile PF-CABLED
(pf::Connection::ProfileFactory::_from
_profile)
Feb 4 11:20:37 pfsrv packetfence_httpd.aaa: httpd.aaa(31452) INFO:
[mac:a8:60:b6:0c:bb:ce] Found authentication source(s) : 'RADIUS-AAI'
for realm 'null' (pf::
config::util::filter_authentication_sources)
Feb 4 11:20:37 pfsrv packetfence_httpd.aaa: httpd.aaa(31452) WARN:
[mac:a8:60:b6:0c:bb:ce] Calling match with empty/invalid rule class.
Defaulting to 'authenti
cation' (pf::authentication::match2)
Feb 4 11:20:37 pfsrv packetfence_httpd.aaa: httpd.aaa(31452) INFO:
[mac:a8:60:b6:0c:bb:ce] Using sources RADIUS-AAI for matching
(pf::authentication::match2)
Feb 4 11:20:37 pfsrv packetfence_httpd.aaa: httpd.aaa(31452) INFO:
[mac:a8:60:b6:0c:bb:ce] Matched rule (catchall) in source RADIUS-AAI,
returning actions. (pf
::Authentication::Source::match_rule)
Feb 4 11:20:37 pfsrv packetfence_httpd.aaa: httpd.aaa(31452) INFO:
[mac:a8:60:b6:0c:bb:ce] Matched rule (catchall) in source RADIUS-AAI,
returning actions. (pf
::Authentication::Source::match)
Feb 4 11:20:37 pfsrv packetfence_httpd.aaa: httpd.aaa(31452) INFO:
[mac:a8:60:b6:0c:bb:ce] Role has already been computed and we don't want
to recompute it. Ge
tting role from node_info (pf::role::getRegisteredRole)
Feb 4 11:20:37 pfsrv packetfence_httpd.aaa: httpd.aaa(31452) INFO:
[mac:a8:60:b6:0c:bb:ce] Username was defined "becchett" - returning role
'default' (pf::role
::getRegisteredRole)
Feb 4 11:20:37 pfsrv packetfence_httpd.aaa: httpd.aaa(31452) INFO:
[mac:a8:60:b6:0c:bb:ce] PID: "becchett", Status: reg Returned VLAN:
(undefined), Role: defau
lt (pf::role::fetchRoleForNode)
Feb 4 11:20:37 pfsrv packetfence_httpd.aaa: httpd.aaa(31452) WARN:
[mac:a8:60:b6:0c:bb:ce] No parameter defaultVlan found in
conf/switches.conf for the switch
10.0.3.33 (pf::Switch::getVlanByName)
Feb 4 11:20:37 pfsrv packetfence_httpd.aaa: httpd.aaa(31452) INFO:
[mac:a8:60:b6:0c:bb:ce] Request to /api/v1//ipset/unmark_mac?local=0 is
unauthorized, will p
erform a login (pf::api::unifiedapiclient::call)
Feb 4 11:20:37 pfsrv pfipset[31355]: t=2019-02-04T11:20:37+0100
lvl=info msg="Syncing to peers" pid=31355
request-uuid=83e071b2-2866-11e9-addd-001a4a16017f
Feb 4 11:20:37 pfsrv packetfence_httpd.aaa: httpd.aaa(31452) INFO:
[mac:a8:60:b6:0c:bb:ce] violation 1300003 force-closed for
a8:60:b6:0c:bb:ce (pf::violation:
:violation_force_close)
Feb 4 11:20:37 pfsrv packetfence_httpd.aaa: httpd.aaa(31452) INFO:
[mac:a8:60:b6:0c:bb:ce] Instantiate profile PF-CABLED
(pf::Connection::ProfileFactory::_from
_profile)
Feb 4 11:20:37 pfsrv pfdhcp[32273]: t=2019-02-04T11:20:37+0100 lvl=info
msg="DHCPREQUEST for 10.25.84.142 from a8:60:b6:0c:bb:ce (becchetti-nb)"
pid=32273 mac=
a8:60:b6:0c:bb:ce
Feb 4 11:20:37 pfsrv pfdhcp[32273]: t=2019-02-04T11:20:37+0100 lvl=info
msg="DHCPACK on 10.25.84.142 to a8:60:b6:0c:bb:ce (becchetti-nb)"
pid=32273 mac=a8:60:b
6:0c:bb:ce
Feb 4 11:20:37 pfsrv pfqueue: pfqueue(1864) INFO:
[mac:a8:60:b6:0c:bb:ce] trigger_run_scan 1 (pf::api::trigger_scan)
Feb 4 11:20:37 pfsrv pfqueue: pfqueue(1864) INFO:
[mac:a8:60:b6:0c:bb:ce] Instantiate profile PF-CABLED
(pf::Connection::ProfileFactory::_from_profile)
Feb 4 11:20:37 pfsrv pfqueue: pfqueue(989) INFO: [mac:unknown] stated
changed, adapting firewall rules for proper enforcement
(pf::inline::performInlineEnforce
ment)
Feb 4 11:20:37 pfsrv pfqueue: pfqueue(989) INFO: [mac:unknown] stated
changed, adapting firewall rules for proper enforcement
(pf::inline::performInlineEnforce
ment)
Feb 4 11:20:37 pfsrv pfqueue: pfqueue(1864) INFO:
[mac:a8:60:b6:0c:bb:ce] trigger_run_scan 2 (pf::api::trigger_scan)
Feb 4 11:20:37 pfsrv pfqueue: pfqueue(1864) INFO:
[mac:a8:60:b6:0c:bb:ce] grace expired on violation 1200004 for node
a8:60:b6:0c:bb:ce (pf::violation::violati
on_add)
Feb 4 11:20:37 pfsrv pfqueue: pfqueue(1864) INFO:
[mac:a8:60:b6:0c:bb:ce] violation 1200004 added for a8:60:b6:0c:bb:ce
(pf::violation::violation_add)
Feb 4 11:20:37 pfsrv pfqueue: pfqueue(1864) INFO:
[mac:a8:60:b6:0c:bb:ce] executing action 'log' on class 1200004
(pf::action::action_execute)
Feb 4 11:20:37 pfsrv pfqueue: pfqueue(1864) INFO:
[mac:a8:60:b6:0c:bb:ce] /usr/local/pf/logs/violation.log 2019-02-04
11:20:37: Post Reg System Scan (1200004)
detected on node a8:60:b6:0c:bb:ce (10.25.84.142) (pf::action::action_log)
Feb 4 11:20:37 pfsrv pfqueue: pfqueue(1864) INFO:
[mac:a8:60:b6:0c:bb:ce] trigger_run_scan 3, n 9 (pf::api::trigger_scan)
Feb 4 11:20:37 pfsrv pfqueue: pfqueue(1864) INFO:
[mac:a8:60:b6:0c:bb:ce] run_scan 1 (pf::scan::run_scan)
Feb 4 11:20:37 pfsrv pfqueue: pfqueue(1864) INFO:
[mac:a8:60:b6:0c:bb:ce] Instantiate profile PF-CABLED
(pf::Connection::ProfileFactory::_from_profile)
Feb 4 11:20:37 pfsrv pfqueue: pfqueue(1864) INFO:
[mac:a8:60:b6:0c:bb:ce] New ID generated: 154927563798bbce
(pf::util::generate_id)
Feb 4 11:20:37 pfsrv pfqueue: pfqueue(1864) INFO:
[mac:a8:60:b6:0c:bb:ce] Creating a new scan target named
154927563798bbce1549275637.788 for host 10.25.84.142
(pf::scan::openvas::createTarget)
Feb 4 11:20:37 pfsrv pfqueue: pfqueue(1864) INFO:
[mac:a8:60:b6:0c:bb:ce] Scan target named 154927563798bbce1549275637.788
successfully created with id: 2c418c7e-29bb-4fad-8180-19e8b73d5d24
(pf::scan::openvas::createTarget)
Feb 4 11:20:37 pfsrv pfqueue: pfqueue(1864) INFO:
[mac:a8:60:b6:0c:bb:ce] Creating a new scan task named
154927563798bbce1549275637.788 (pf::scan::openvas::createTask)
Feb 4 11:20:37 pfsrv pfqueue: pfqueue(989) INFO: [mac:unknown] Request
to /api/v1//ipset/unmark_mac?local=0 is unauthorized, will perform a
login (pf::api::unifiedapiclient::call)
Feb 4 11:20:37 pfsrv pfipset[31355]: t=2019-02-04T11:20:37+0100
lvl=info msg="Syncing to peers" pid=31355
request-uuid=841b57a6-2866-11e9-addd-001a4a16017f
Feb 4 11:20:38 pfsrv pfqueue: pfqueue(1864) INFO:
[mac:a8:60:b6:0c:bb:ce] Scan task named 154927563798bbce1549275637.788
successfully created with id: 80a90bd5-e660-478a-98b4-b733437363ff
(pf::scan::openvas::createTask)
Feb 4 11:20:38 pfsrv pfqueue: pfqueue(1864) INFO:
[mac:a8:60:b6:0c:bb:ce] Starting scan task named
154927563798bbce1549275637.788 (pf::scan::openvas::startTask)
Feb 4 11:20:38 pfsrv pfipset[31355]: t=2019-02-04T11:20:38+0100
lvl=info msg="Syncing to peers" pid=31355
request-uuid=84234314-2866-11e9-addd-001a4a16017f
Feb 4 11:20:38 pfsrv pfipset[31355]: t=2019-02-04T11:20:38+0100
lvl=info msg="Removed 10.25.84.142 from PF-iL2_ID1_10.25.0.0" pid=31355
request-uuid=84234314-2866-11e9-addd-001a4a16017f
Feb 4 11:20:38 pfsrv pfipset[31355]: t=2019-02-04T11:20:38+0100
lvl=info msg="Removed 10.25.84.142 from pfsession_Reg_10.25.0.0"
pid=31355 request-uuid=84234314-2866-11e9-addd-001a4a16017f
Feb 4 11:20:38 pfsrv pfipset[31355]: t=2019-02-04T11:20:38+0100
lvl=info msg="Added 10.25.84.142 a8:60:b6:0c:bb:ce to
pfsession_Reg_10.25.0.0" pid=31355
request-uuid=84234314-2866-11e9-addd-001a4a16017f
Feb 4 11:20:38 pfsrv pfipset[31355]: t=2019-02-04T11:20:38+0100
lvl=info msg="Added 10.25.84.142 to PF-iL2_ID1_10.25.0.0" pid=31355
request-uuid=84234314-2866-11e9-addd-001a4a16017f
Feb 4 11:20:38 pfsrv pfqueue: pfqueue(1864) INFO:
[mac:a8:60:b6:0c:bb:ce] Scan task named 154927563798bbce1549275637.788
successfully started (pf::scan::openvas::startTask)
Feb 4 11:20:38 pfsrv pfqueue: pfqueue(1864) INFO:
[mac:a8:60:b6:0c:bb:ce] trigger_run_scan 4 (pf::api::trigger_scan)
Feb 4 11:20:38 pfsrv pfqueue: pfqueue(1864) INFO:
[mac:a8:60:b6:0c:bb:ce] trigger_run_scan 8 (pf::api::trigger_scan)
Feb 4 11:20:38 pfsrv packetfence_httpd.webservices:
httpd.webservices(31455) INFO: [mac:a8:60:b6:0c:bb:ce] violation 1200004
closed for a8:60:b6:0c:bb:ce (pf::violation::violation_close)
Now PF runs OpenVAS scan after device is registered but I can't see
the result throught packetfence webmin.
Any ideas ?
Thanks
Best Regards
Enrico
Il 25/01/19 18:54, Enrico via PacketFence-users ha scritto:
Has anybody tried OpenVas with PF 8.3.0 ? Does it work ?
Thanks
Enrico
Il 22/01/19 18:14, Enrico Becchetti via PacketFence-users ha scritto:
Hi all,
my apologize for this new request but 8.3.0 seems to have a problem with
OpenVAS engine.
My Linux Centos 7 is latest release and PF 8.3.0 with pf-maint.pl.
This virtual
machine running with one NIC and some vlan.
OpenVAS 9.0.0, and greenboone 7.0.22, are installed from Atomic
repository. They
are running with Centos 7. Openvas-checkup-setup, is works fine and I
haven't
any problem with web and scan, they work always fine and I've make
some scans.
From web I've also created "Alert Packetfence" following your example
(http
and so on).
During the openvas engine setup from PF I've followed admin guide so
I 've created "Compliance->Scan->Scan engine->OpenVAS" :
IP address , port , username, password and flag on "Scan after
registraion",
Alert Scan Report ID read from OpenVAS Server , all the other fields
are empty.
I've also added Violantion.
To make some test from PF and openvas server I run this:
[root@pfsrv ~]# omp -u admin -p 9390 -X "<get_version/>" -h 10.0.0.69
Enter password:
<get_version_response status_text="OK"
status="200"><version>7.0</version></get_version_response>
This is a positive result so I've added scan to my network,
"Connetion Profile->Scanner"
OpenVAS and I've restarted PF.
Now, when I connect to network openvas doesn't run any task and
looking for ip traffic from
PF and openvas server I don't see any message !
Any ideas ?
Thank you !
Best regards
Enrico
--
_______________________________________________________________________
Enrico Becchetti Servizio di Calcolo e Reti
Istituto Nazionale di Fisica Nucleare - Sezione di Perugia
Via Pascoli,c/o Dipartimento di Fisica 06123 Perugia (ITALY)
Phone:+39 075 5852777 Mail: Enrico.Becchetti<at>pg.infn.it
_______________________________________________________________________
_______________________________________________
PacketFence-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/packetfence-users
