Dear all,
After some weeks my PF 8.3.0 is working fine. I've got some profile
authentication source and so on. I also have openvas
integration but I realized that it hasn't been working for a month. All
the devices that connect are not identified and therefore
the scan does not start.
fingerbank.log:
fingerbank.log:Apr 19 08:10:42 pfsrv fingerbank-collector: [GIN]
2019/04/19 - 08:10:42 | 200 | 268.658µs | 127.0.0.1 | GET
/endpoint_data/28:b2:bd:a0:b7:d4
fingerbank.log:Apr 19 08:10:43 pfsrv fingerbank-collector: [GIN]
2019/04/19 - 08:10:43 | 200 | 553.499567ms | 127.0.0.1 | GET
/endpoint_data/28:b2:bd:a0:b7:d4/details
fingerbank.log:Apr 19 08:10:47 pfsrv fingerbank: pfqueue(23233) INFO:
[mac:28:b2:bd:a0:b7:d4] Searching for 'User_Agent' entries in schema(s)
returned an empty set (fingerbank::Base::CRUD::search)
fingerbank.log:Apr 19 08:10:50 pfsrv fingerbank-collector: [GIN]
2019/04/19 - 08:10:50 | 200 | 230.05µs | 127.0.0.1 | GET
/endpoint_data/28:b2:bd:a0:b7:d4
fingerbank.log:Apr 19 08:10:50 pfsrv fingerbank-collector: [GIN]
2019/04/19 - 08:10:50 | 200 | 161.532µs | 127.0.0.1 | GET
/endpoint_data/28:b2:bd:a0:b7:d4
fingerbank.log:Apr 19 08:10:50 pfsrv fingerbank-collector: [GIN]
2019/04/19 - 08:10:50 | 200 | 140.942µs | 127.0.0.1 | GET
/endpoint_data/28:b2:bd:a0:b7:d4
fingerbank.log:Apr 19 08:10:50 pfsrv fingerbank-collector: [GIN]
2019/04/19 - 08:10:50 | 200 | 209.803µs | 127.0.0.1 | GET
/endpoint_data/28:b2:bd:a0:b7:d4
fingerbank.log:Apr 19 08:10:50 pfsrv fingerbank-collector: [GIN]
2019/04/19 - 08:10:50 | 200 | 175.20173ms | 127.0.0.1 | GET
/endpoint_data/28:b2:bd:a0:b7:d4/details
fingerbank.log:Apr 19 08:10:50 pfsrv fingerbank: pfqueue(23233) INFO:
[mac:28:b2:bd:a0:b7:d4] Searching for 'User_Agent' entries in schema(s)
returned an empty set (fingerbank::Base::CRUD::search)
fingerbank.log:Apr 19 08:10:50 pfsrv fingerbank-collector: [GIN]
2019/04/19 - 08:10:50 | 200 | 167.494356ms | 127.0.0.1 | GET
/endpoint_data/28:b2:bd:a0:b7:d4/details
fingerbank.log:Apr 19 08:10:50 pfsrv fingerbank: pfqueue(23295) INFO:
[mac:28:b2:bd:a0:b7:d4] Database
/usr/local/fingerbank/db/fingerbank_Upstream.db was changed or handles
weren't initialized. Creating han
dle. (fingerbank::DB::SQLite::build_handle)
packetfence.log:
Apr 19 08:10:41 pfsrv pfdhcp[7588]: t=2019-04-19T08:10:41+0200 lvl=info
msg="28:b2:bd:a0:b7:d4 Discover xID 87:1a:4e:99" pid=7588
mac=28:b2:bd:a0:b7:d4
Apr 19 08:10:41 pfsrv pfdhcp[7588]: t=2019-04-19T08:10:41+0200 lvl=info
msg="DHCPDISCOVER from 28:b2:bd:a0:b7:d4 (rigel)" pid=7588
mac=28:b2:bd:a0:b7:d4
Apr 19 08:10:42 pfsrv pfdhcp[7588]: t=2019-04-19T08:10:42+0200 lvl=info
msg="DHCPOFFER on 10.27.66.179 to 28:b2:bd:a0:b7:d4 (rigel)" pid=7588
mac=28:b2:bd:a0:b7:d4
Apr 19 08:10:42 pfsrv pfdhcp[7588]: t=2019-04-19T08:10:42+0200 lvl=info
msg="28:b2:bd:a0:b7:d4 Request xID 87:1a:4e:99" pid=7588
mac=28:b2:bd:a0:b7:d4
Apr 19 08:10:42 pfsrv pfdhcp[7588]: t=2019-04-19T08:10:42+0200 lvl=info
msg="DHCPREQUEST for 10.27.66.179 from 28:b2:bd:a0:b7:d4 (rigel)"
pid=7588 mac=28:b2:bd:a0:b7:d4
Apr 19 08:10:42 pfsrv pfdhcp[7588]: t=2019-04-19T08:10:42+0200 lvl=info
msg="DHCPACK on 10.27.66.179 to 28:b2:bd:a0:b7:d4 (rigel)" pid=7588
mac=28:b2:bd:a0:b7:d4
Apr 19 08:10:42 pfsrv pfqueue: pfqueue(23262) WARN:
[mac:28:b2:bd:a0:b7:d4] Unable to match MAC address to IP '10.27.66.179'
(pf::ip4log::ip2mac)
Apr 19 08:10:42 pfsrv pfqueue: pfqueue(24610) INFO:
[mac:28:b2:bd:a0:b7:d4] Instantiate profile INFN-web
(pf::Connection::ProfileFactory::_from_profile)
Apr 19 08:10:42 pfsrv pfqueue: pfqueue(24610) WARN:
[mac:28:b2:bd:a0:b7:d4] *Can't find scan engine for 28:b2:bd:a0:b7:d4
since we don't have it's OS* (pf::Connection::Profile::findScan)
Apr 19 08:10:42 pfsrv pfqueue: pfqueue(24610) WARN:
[mac:28:b2:bd:a0:b7:d4] Use of uninitialized value $added in numeric eq
(==) at /usr/local/pf/lib/pf/api.pm line 985.
Apr 19 08:10:42 pfsrv pfipset[7593]: t=2019-04-19T08:10:42+0200 lvl=info
msg="Added 10.27.66.179 28:b2:bd:a0:b7:d4 to pfsession_Unreg_10.27.0.0"
pid=7593 request-uuid=dcee4481-6269-11e9-b0b8-001a4a1601e5
....
Apr 19 08:11:03 pfsrv packetfence_httpd.portal: httpd.portal(24169)
INFO: [mac:28:b2:bd:a0:b7:d4] User mariotti has authenticated on the
portal. (Class::MOP::Class:::after)
Apr 19 08:11:03 pfsrv packetfence_httpd.portal: httpd.portal(24169)
INFO: [mac:28:b2:bd:a0:b7:d4] person mariotti added (pf::person::person_add)
Apr 19 08:11:03 pfsrv packetfence_httpd.portal: httpd.portal(24169)
INFO: [mac:28:b2:bd:a0:b7:d4] User mariotti has authenticated on the
portal. (Class::MOP::Class:::after)
Apr 19 08:11:03 pfsrv packetfence_httpd.portal: httpd.portal(24169)
WARN: [mac:28:b2:bd:a0:b7:d4] Calling match with empty/invalid rule
class. Defaulting to 'authentication' (pf::authentication::match)
....
My config are, scan.conf
[OpenVAS]
openvas_alertid=fe87d0c2-eeef-4d49-a220-e85bb7b002f5
openvas_configid=65a4a714-6b88-4468-ba32-dfbad873c275
ip=10.0.0.69
openvas_reportformatid=c1645568-627a-11e3-a660-406186ea4fc5
duration=5m
categories=
port=9390
registration=1
username=admin
post_registration=0
password=XXXXX
pre_registration=0
oses=2,1,5
type=openvas
profiles.conf:
...
[INFN-web]
locale=en_US,it_IT
device_registration=default
filter=vlan:27
description=INFN-web
autoregister=enabled
sources=IDP-AAI
dot1x_recompute_role_from_portal=0
scans=OpenVAS
redirecturl=http://www.pg.infn.it
logo=/common/infnpg-captive.png
....
violation.conf:
[1100002]
desc=OpenVAS scan (EB)
actions=email_admin,log
# for faster remediation, it is recommended to leave an offending client
in the registration vlan (where it is scanned)
vlan=isolation
window=
access_duration=12h
auto_enable=N
If I need how can I add devices to fingerbank ?
How long you have to wait to see it online ?
Many thanks
Best Regards
Enrico
--
_______________________________________________________________________
Enrico Becchetti Servizio di Calcolo e Reti
Istituto Nazionale di Fisica Nucleare - Sezione di Perugia
Via Pascoli,c/o Dipartimento di Fisica 06123 Perugia (ITALY)
Phone:+39 075 5852777 Mail: Enrico.Becchetti<at>pg.infn.it
______________________________________________________________________
_______________________________________________
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users
