Re: [PacketFence-users] Custom Security Event

Sun, 12 Sep 2021 17:32:36 -0700 

Hello Arun,

try that.
cd /usr/local/pf
patch -p1 --dry-run < max_node.diff
if there is no error:
patch -p1 < max_node.diff

Then restart packetfence.

Regards
Fabrice

Le sam. 11 sept. 2021 à 10:40, Arun Kangle <akan...@gmail.com> a écrit :

> Hi Fabrice,
> Thanks for your reply. I will need help on this.
>
> Thanks again,
> - Arun
>
> On Sat, Sep 11, 2021 at 7:25 AM Fabrice Durand <oeufd...@gmail.com> wrote:
>
>> Hello Arun,
>>
>> there is no security event that trigger that but it´s not something
>> really complicate to add in packetfence.
>>
>> If you look at is_max_reg_nodes_reached in node.pm, you can trigger a
>> security event from there.
>>
>> Let me know if you need help on that, it won´t take me so much time to
>> code it.
>>
>> Regards
>> Fabrice
>>
>>
>> Le mer. 25 août 2021 à 05:54, Arun Kangle via PacketFence-users <
>> packetfence-users@lists.sourceforge.net> a écrit :
>>
>>> Hello All,
>>> I went through the install guide and this list but I did not find
>>> information on how to configure a customer security event.
>>> Basically I wanted to trigger a custom security event when " max nodes
>>> per pid met or exceeded" and move the node to the isolation vlan so that
>>> the user can deregister one of the nodes to proceed.
>>>
>>> Thanks on advance,
>>> - Arun
>>> _______________________________________________
>>> PacketFence-users mailing list
>>> PacketFence-users@lists.sourceforge.net
>>> https://lists.sourceforge.net/lists/listinfo/packetfence-users
>>>
>>

diff --git a/lib/pf/constants/trigger.pm b/lib/pf/constants/trigger.pm
index 115823f6b6..67aa9caa98 100644
--- a/lib/pf/constants/trigger.pm
+++ b/lib/pf/constants/trigger.pm
@@ -86,6 +86,7 @@ our $TRIGGER_MAP = {
     "fingerbank_diff_score_too_low" => "Fingerbank Collector detected a network behavior that doesn't match the known profile",
     "fingerbank_blacklisted_ips_threshold_too_high" => "Fingerbank Collector detected traffic to blacklisted IPs",
     "fingerbank_blacklisted_ports" => "Fingerbank Collector detected traffic to blacklisted ports",
+    "is_max_reg_nodes_reached" => "max nodes per pid met or exceeded",
   },
   $TRIGGER_TYPE_PROVISIONER => {
     $TRIGGER_ID_PROVISIONER => "Check status",
diff --git a/lib/pf/node.pm b/lib/pf/node.pm
index d0d88bfa80..17a77ce0c1 100644
--- a/lib/pf/node.pm
+++ b/lib/pf/node.pm
@@ -1116,6 +1116,14 @@ sub is_max_reg_nodes_reached {
         $logger->warn("No role specified or found for pid $pid (MAC $mac); assume maximum number of registered nodes is reached");
     }
 
+    my $apiclient = pf::client::getClient;
+    my %security_event = (
+        'mac'   => $mac,
+        'tid'   => 'is_max_reg_nodes_reached',
+        'type'  => 'internal',
+    );
+    $apiclient->notify('trigger_security_event', %security_event);
+
     # fallback to maximum reached
     return $TRUE;
 }

_______________________________________________
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users






















					Reply via email to