Il 25/02/2019 21:52, Durand fabrice ha scritto:
Le 19-02-25 à 15 h 16, Enrico a écrit :
Hello Fabrice,
at last I understood that it can be the dhcp to determine the
frequency of endpoint scan.
Anyway even now I still have an unknown problem because I wanted to
assign ip address for
very long shots of time (6 months and more) in order to create a sort
of static ip.
Keep in mind that at the moment the endpoint is constantly being
scanned, at each
network access, event if the lease time hasn’t been outreached yet.
You can raise the scan violation with a grace period of x weeks.
I also have problems with resolution of local names when using PFDNS.
From what I can see in logs the local host names aren’t even
considered and all the requests
are forwarded to the officially dns servers of my network. These dns
servers fail to resolve
because they don’t know anything about PF managed local zones.
Can you explain more, i am not sure to understand the issue.
Hi Fabrice, please... if you have other "minutes" for this case ... let
me know. Thanks !!!
*pfsrv *is the Packetfence server, Inline mode.
[root@pfsrv logs]# more /etc/NetworkManager/conf.d/99-no-dns.conf
[main]
dns=none
[root@pfsrv logs]# more /etc/resolv.conf
# Generated by NetworkManager
nameserver 193.205.222.2
nameserver 193.205.222.100
profile.conf
...
[PF-CABLED]
locale=
device_registration=default
filter=vlan:25
dot1x_recompute_role_from_portal=0
description=PF-CABLED
scans=OpenVAS
sources=RADIUS-AAI
autoregister=enabled
.....
networks.conf:
[10.25.0.0]
dns=193.205.222.2
split_network=disabled
dhcp_start=10.25.0.10
gateway=10.25.0.1
domain-name=wired.local
nat_enabled=enabled
named=enabled
dhcp_max_lease_time=31536000
fake_mac_enabled=disabled
dhcpd=enabled
dhcp_end=10.25.255.246
type=inlinel2
netmask=255.255.0.0
dhcp_default_lease_time=31536000
....
two nodes are connected with dhcp client mode so both of them have
PFSRV (10.25.0.1) as gateway and dns but nslookup, or ping , from one
to another
failed. The same behaviour from pfserver:
[root@pfsrv logs]# ping macbook.wired.local
ping: macbook.wired.local: Name or service not known
PFDNS.LOG:
... pfsrv pfdns: 10.25.198.96 - [26/Feb/2019:16:01:57 +0100] "A IN
macbook.wired.local. udp 37 false 512" NXDOMAIN qr,rd,ra 113 9.846755ms
as you can see hostname resolutnio from PFSRV reach my official dns
server and it fail because the private zone
"wired.local" is managed only from Packetfence.
LOG of Official DNS:
16:19:09.352341 IP pfsrv.pg.infn.it.36289 > dns1.pg.infn.it.domain:
52285+ A? macbook.wired.local. (37)
others information from web:
Status<https://pfsrv.management:1443/node/search/1?direction=desc&by=status> Online/Offline
<https://pfsrv.management:1443/node/search/1?direction=asc&by=online> MAC Address <https://pfsrv.management:1443/node/search/1?direction=asc&by=mac>
Computer Name <https://pfsrv.management:1443/node/search/1?direction=asc&by=computername> Owner
<https://pfsrv.management:1443/node/search/1?direction=asc&by=pid> IP Address
<https://pfsrv.management:1443/node/search/1?direction=asc&by=last_ip> Tenant
<https://pfsrv.management:1443/node/search/1?direction=asc&by=tenant_name> Device Class
<https://pfsrv.management:1443/node/search/1?direction=asc&by=device_class> Role
<https://pfsrv.management:1443/node/search/1?direction=asc&by=category>
registered unknown ac:87:a3:12:81:47
<https://pfsrv.management:1443/node/ac:87:a3:12:81:47/read?tenant_id=1>
becchetti-nb becchett
<https://pfsrv.management:1443/user/becchett/read> 10.25.198.96
default Operating System default
registered unknown 00:16:cb:86:4f:d1
<https://pfsrv.management:1443/node/00:16:cb:86:4f:d1/read?tenant_id=1>
macbook becch...@pg.infn.it
<https://pfsrv.management:1443/user/becch...@pg.infn.it/read>
10.25.223.133 default Mac OS X or macOS default
[root@pfsrv conf]# more pfdns.conf
.:54 {
logger {
level INFO
processname pfdns
}
[% domain %]
proxy . /etc/resolv.conf
}
# all other domains are subject to interception
:53 {
logger {
level INFO
processname pfdns
}
pfdns {
}
# Anything not handled by pfdns will be resolved normally
[% domain %]
[% inline %]
# Default to system resolv.conf file
proxy . /etc/resolv.conf
log stdout
errors
}
pf.conf:
[interface eth0.25]
enforcement=inlinel2
ip=10.25.0.1
type=internal
mask=255.255.0.0
Regards
Fabrice
To sum it up I think I’ll have to rethink all the project, by adding
the enforcement vlan mode
instead of inline one and maybe apply it to this mailing list to
check if it is realizable.
Thanks a lot again.
Best Regards
Enrico
Il 25/02/19 18:57, Durand fabrice via PacketFence-users ha scritto:
Hello Enrico,
after registration needs to be trigger by something and in your case
it can be a dhcp packet.
So let's say your lease time is 1 week then the scan will be trigger
each week.
Or you can add the violation by script:
pfcmd violation add 00:11:22:33:44:55 1100007
Regards
Fabrice
Le 19-02-25 à 09 h 16, Enrico Becchetti via PacketFence-users a écrit :
Dear All,
I make some tests using openvas and now I would like to ask if it
is possible to configure
the frequency with which to check the endpoints.
From web gui I can choose only when make scan: pre registration,
during or after registration.
Do I choose how often make this scan on the same client ?
Thanks a lot.
Best regards
Enrico
_______________________________________________
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users
--
_______________________________________________________________________
Enrico Becchetti Servizio di Calcolo e Reti
Istituto Nazionale di Fisica Nucleare - Sezione di Perugia
Via Pascoli,c/o Dipartimento di Fisica 06123 Perugia (ITALY)
Phone:+39 075 5852777 Mail: Enrico.Becchetti<at>pg.infn.it
______________________________________________________________________
_______________________________________________
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users
