packetfence
packetfence copied to clipboard
Published
20 hours ago •
inverse-inc
inverse-inc
Creating security event with trigger "Switch Group" only fails silently
Describe the bug Creating a security event to trigger on any event fails.
To Reproduce Steps to reproduce the behavior:
- In 'Compliance/Security Events' create a new event
- Create a new security event (mine has action "Email Administrator" only)
- Add an Event Trigger: Endpoint = "Switch Group" "existing Switchgroup"
- Save the Security Event
journalctl -f -t pfperl-api-docker-wrapper
Apr 03 10:27:20 paketzaun pfperl-api-docker-wrapper[1215]: pfperl-api(19) ERROR: [mac:[undef]] Invalid trigger switch_group::openwrt-o8b. Error was : Attribute (condition) is required at /usr/local/pf/lib_perl/lib/perl5/x86_64-linux-gnu-thread-multi/Moose/Object.pm line 24
Apr 03 10:27:20 paketzaun pfperl-api-docker-wrapper[1215]: Moose::Object::new('pf::condition::switch_group', 'HASH(0x55fe00c1beb8)') called at /usr/local/pf/lib/pf/factory/condition/security_event.pm line 100
Apr 03 10:27:20 paketzaun pfperl-api-docker-wrapper[1215]: pf::factory::condition::security_event::instantiate('pf::factory::condition::security_event', 'switch_group::openwrt-o8b') called at /usr/local/pf/lib/pfconfig/namespaces/FilterEngine/SecurityEvent.pm line 51
Apr 03 10:27:20 paketzaun pfperl-api-docker-wrapper[1215]: eval {...} at /usr/local/pf/lib/pfconfig/namespaces/FilterEngine/SecurityEvent.pm line 51
Apr 03 10:27:20 paketzaun pfperl-api-docker-wrapper[1215]: pfconfig::namespaces::FilterEngine::SecurityEvent::build('pfconfig::namespaces::FilterEngine::SecurityEvent=HASH(0x55fdfd40fc18)') called at /usr/local/pf/lib/pfconfig/manager.pm line 65
Apr 03 10:27:20 paketzaun pfperl-api-docker-wrapper[1215]: pfconfig::manager::config_builder('pfconfig::manager=HASH(0x55fdfd328c28)', 'FilterEngine::SecurityEvent()') called at /usr/local/pf/lib/pfconfig/manager.pm line 337
Apr 03 10:27:20 paketzaun pfperl-api-docker-wrapper[1215]: pfconfig::manager::cache_resource('pfconfig::manager=HASH(0x55fdfd328c28)', 'FilterEngine::SecurityEvent()') called at /usr/local/pf/lib/pfconfig/manager.pm line 425
Apr 03 10:27:20 paketzaun pfperl-api-docker-wrapper[1215]: pfconfig::manager::expire('pfconfig::manager=HASH(0x55fdfd328c28)', 'FilterEngine::SecurityEvent', undef) called at /usr/local/pf/lib/pfconfig/manager.pm line 445
Apr 03 10:27:20 paketzaun pfperl-api-docker-wrapper[1215]: pfconfig::manager::expire('pfconfig::manager=HASH(0x55fdfd328c28)', 'config::SecurityEvents') called at /usr/local/pf/lib/pf/ConfigStore.pm line 681
Apr 03 10:27:20 paketzaun pfperl-api-docker-wrapper[1215]: pf::ConfigStore::commitPfconfig('pf::ConfigStore::SecurityEvents=HASH(0x55fdf7967348)') called at /usr/local/pf/lib/pf/ConfigStore.pm line 650
Apr 03 10:27:20 paketzaun pfperl-api-docker-wrapper[1215]: pf::ConfigStore::commit('pf::ConfigStore::SecurityEvents=HASH(0x55fdf7967348)') called at /usr/local/pf/lib/pf/ConfigStore/SecurityEvents.pm line 169
Apr 03 10:27:20 paketzaun pfperl-api-docker-wrapper[1215]: pf::ConfigStore::SecurityEvents::commit('pf::ConfigStore::SecurityEvents=HASH(0x55fdf7967348)') called at /usr/local/pf/lib/pf/UnifiedApi/Controller/Config.pm line 444
Apr 03 10:27:20 paketzaun pfperl-api-docker-wrapper[1215]: pf::UnifiedApi::Controller::Config::commit('pf::UnifiedApi::Controller::Config::SecurityEvents=HASH(0x55fe00f0ef10)', 'pf::ConfigStore::SecurityEvents=HASH(0x55fdf7967348)') called at /usr/local/pf/lib/pf/UnifiedApi/Controller/Config/SecurityEvents.pm line 57
Apr 03 10:27:20 paketzaun pfperl-api-docker-wrapper[1215]: pf::UnifiedApi::Controller::Config::SecurityEvents::commit('pf::UnifiedApi::Controller::Config::SecurityEvents=HASH(0x55fe00f0ef10)', 'pf::ConfigStore::SecurityEvents=HASH(0x55fdf7967348)') called at /usr/local/pf/lib/pf/UnifiedApi/Controller/Config.pm line 570
Apr 03 10:27:20 paketzaun pfperl-api-docker-wrapper[1215]: pf::UnifiedApi::Controller::Config::update('pf::UnifiedApi::Controller::Config::SecurityEvents=HASH(0x55fe00f0ef10)') called at /usr/local/pf/lib_perl/lib/perl5/Mojolicious.pm line 190
Apr 03 10:27:20 paketzaun pfperl-api-docker-wrapper[1215]: Mojolicious::_action(undef, 'pf::UnifiedApi::Controller::Config::SecurityEvents=HASH(0x55fe00f0ef10)', 'CODE(0x55fde8b73fd0)', 1) called at /usr/local/pf/lib_perl/lib/perl5/Mojolicious/Plugins.pm line 15
Apr 03 10:27:20 paketzaun pfperl-api-docker-wrapper[1215]: Mojolicious::Plugins::__ANON__ at /usr/local/pf/lib_perl/lib/perl5/Mojolicious/Plugins.pm line 18
Apr 03 10:27:20 paketzaun pfperl-api-docker-wrapper[1215]: Mojolicious::Plugins::emit_chain('Mojolicious::Plugins=HASH(0x55fdf3e52708)', 'around_action', 'pf::UnifiedApi::Controller::Config::SecurityEvents=HASH(0x55fe00f0ef10)', 'CODE(0x55fde8b73fd0)', 1) called at /usr/local/pf/lib_perl/lib/perl5/Mojolicious/Routes.pm line 88
Apr 03 10:27:20 paketzaun pfperl-api-docker-wrapper[1215]: Mojolicious::Routes::_action('pf::UnifiedApi::custom=HASH(0x55fde040c9f0)', 'pf::UnifiedApi::Controller::Config::SecurityEvents=HASH(0x55fe00f0ef10)', 'CODE(0x55fde8b73fd0)', 1) called at /usr/local/pf/lib_perl/lib/perl5/Mojolicious/Routes.pm line 161
Apr 03 10:27:20 paketzaun pfperl-api-docker-wrapper[1215]: Mojolicious::Routes::_controller('Mojolicious::Routes=HASH(0x55fddf195898)', 'pf::UnifiedApi::Controller=HASH(0x55fdfd765530)', 'HASH(0x55fdfc9575a0)', 1) called at /usr/local/pf/lib_perl/lib/perl5/Mojolicious/Routes.pm line 44
Apr 03 10:27:20 paketzaun pfperl-api-docker-wrapper[1215]: Mojolicious::Routes::continue('Mojolicious::Routes=HASH(0x55fddf195898)', 'pf::UnifiedApi::Controller=HASH(0x55fdfd765530)') called at /usr/local/pf/lib_perl/lib/perl5/Mojolicious/Routes.pm line 46
Apr 03 10:27:20 paketzaun pfperl-api-docker-wrapper[1215]: Mojolicious::Routes::continue('Mojolicious::Routes=HASH(0x55fddf195898)', 'pf::UnifiedApi::Controller=HASH(0x55fdfd765530)') called at /usr/local/pf/lib_perl/lib/perl5/Mojolicious/Routes.pm line 52
Apr 03 10:27:20 paketzaun pfperl-api-docker-wrapper[1215]: Mojolicious::Routes::dispatch('Mojolicious::Routes=HASH(0x55fddf195898)', 'pf::UnifiedApi::Controller=HASH(0x55fdfd765530)') called at /usr/local/pf/lib_perl/lib/perl5/Mojolicious.pm line 125
Apr 03 10:27:20 paketzaun pfperl-api-docker-wrapper[1215]: Mojolicious::dispatch('pf::UnifiedApi::custom=HASH(0x55fde040c9f0)', 'pf::UnifiedApi::Controller=HASH(0x55fdfd765530)') called at /usr/local/pf/lib_perl/lib/perl5/Mojolicious.pm line 134
Apr 03 10:27:20 paketzaun pfperl-api-docker-wrapper[1215]: Mojolicious::__ANON__(undef, 'pf::UnifiedApi::Controller=HASH(0x55fdfd765530)') called at /usr/local/pf/lib_perl/lib/perl5/Mojolicious/Plugins.pm line 15
Apr 03 10:27:20 paketzaun pfperl-api-docker-wrapper[1215]: Mojolicious::Plugins::__ANON__ at /usr/local/pf/lib_perl/lib/perl5/Mojolicious.pm line 200
Apr 03 10:27:20 paketzaun pfperl-api-docker-wrapper[1215]: eval {...} at /usr/local/pf/lib_perl/lib/perl5/Mojolicious.pm line 200
Apr 03 10:27:20 paketzaun pfperl-api-docker-wrapper[1215]: Mojolicious::_exception('CODE(0x55fdfd6fdad8)', 'pf::UnifiedApi::Controller=HASH(0x55fdfd765530)') called at /usr/local/pf/lib_perl/lib/perl5/Mojolicious/Plugins.pm line 15
Apr 03 10:27:20 paketzaun pfperl-api-docker-wrapper[1215]: Mojolicious::Plugins::__ANON__ at /usr/local/pf/lib_perl/lib/perl5/Mojolicious/Plugins.pm line 18
Apr 03 10:27:20 paketzaun pfperl-api-docker-wrapper[1215]: Mojolicious::Plugins::emit_chain('Mojolicious::Plugins=HASH(0x55fdf3e52708)', 'around_dispatch', 'pf::UnifiedApi::Controller=HASH(0x55fdfd765530)') called at /usr/local/pf/lib_perl/lib/perl5/Mojolicious.pm line 139
Apr 03 10:27:20 paketzaun pfperl-api-docker-wrapper[1215]: Mojolicious::handler('pf::UnifiedApi::custom=HASH(0x55fde040c9f0)', 'Mojo::Transaction::HTTP=HASH(0x55fdfd16ace8)') called at /usr/local/pf/lib_perl/lib/perl5/Mojo/Server.pm line 70
Apr 03 10:27:20 paketzaun pfperl-api-docker-wrapper[1215]: Mojo::Server::__ANON__('Mojo::Server::Prefork=HASH(0x55fdf4234668)', 'Mojo::Transaction::HTTP=HASH(0x55fdfd16ace8)') called at /usr/local/pf/lib_perl/lib/perl5/Mojo/EventEmitter.pm line 15
Apr 03 10:27:20 paketzaun pfperl-api-docker-wrapper[1215]: Mojo::EventEmitter::emit('Mojo::Server::Prefork=HASH(0x55fdf4234668)', 'request', 'Mojo::Transaction::HTTP=HASH(0x55fdfd16ace8)') called at /usr/local/pf/lib_perl/lib/perl5/Mojo/Server/Daemon.pm line 103
Apr 03 10:27:20 paketzaun pfperl-api-docker-wrapper[1215]: Mojo::Server::Daemon::__ANON__('Mojo::Transaction::HTTP=HASH(0x55fdfd16ace8)') called at /usr/local/pf/lib_perl/lib/perl5/Mojo/EventEmitter.pm line 15
Apr 03 10:27:20 paketzaun pfperl-api-docker-wrapper[1215]: Mojo::EventEmitter::emit('Mojo::Transaction::HTTP=HASH(0x55fdfd16ace8)', 'request') called at /usr/local/pf/lib_perl/lib/perl5/Mojo/Transaction/HTTP.pm line 60
Apr 03 10:27:20 paketzaun pfperl-api-docker-wrapper[1215]: Mojo::Transaction::HTTP::server_read('Mojo::Transaction::HTTP=HASH(0x55fdfd16ace8)', '{"id":"3000008","isClone":false,"isNew":true,"access_duration":"12h","actions":["email_admin","email_recipient"],"auto_enable":null,"button_text":null,"delay_by":
The security event doesn't work, but is successfully saved.
Screenshots
Expected behavior The condition presented on the web-interface reads:
( Endpoint = Switch Group( openwrt-o8b ) ) AND (All device types) AND (Any data usage) AND (Any event)
I'd expect that I'd get an security event (in this case an email) for Any event concerning a switch in Switch Group openwrt-o8b.
Desktop (please complete the following information):
- OS: Debian / PF13.1
- Browser Firefox
Additional context For testing and debugging it would be nice to be able to use a security event that triggers on any event on a switch, switch group or even on any switch.
hello, i need to integrate suricata with packetfence for security event can you help me.
