search

inverse-inc / packetfence

PacketFence is a fully supported, trusted, Free and Open Source network access control (NAC) solution. Boasting an impressive feature set including a captive-portal for registration and remediation, centralized wired and wireless management, powerful BYOD management options, 802.1X support, layer-2 isolation of problematic devices; PacketFence can be used to effectively secure networks small to very large heterogeneous networks.
https://packetfence.org
GNU General Public License v2.0
1.39k stars 291 forks source link

built-in variable doesn't show in security events #8192

Closed stgmsa closed 4 months ago

stgmsa commented 5 months ago

Describe the bug In "lost of stolen" security event, we have an additional email message by default for "email node owner" or "email recipient".

And inside the additional message, a "[% mac %]" was defined, expecting to include the mac address of the device.

However, in the email we received, there's nothing.

To Reproduce Steps to reproduce the behavior:

  1. login to admin UI and make sure "lost or stolen" is enabled and "email device owner" or "email recipient" is enabled.
  2. log into packetfence server
  3. manaully trigger a "lost or stolen" security event using pfcmd /usr/local/pf/bin/pfcmd security_event add {MAC} 1300005
  4. check the email we received.

Expected behavior

  1. the mac address appears in the email we received.

Desktop (please complete the following information): independent

Smartphone (please complete the following information): independent

Additional context I think it's due to the [% mac %] variabled we used in "security_events.conf". we were expecting it being parsed when sending the emails, however it's probably parsed when loading security_events.conf into pfconfig, as a result, there will be no variable in "additional message"

checking pfconfig values using either: /usr/local/pf/bin/pfcmd pfconfig show 'config::SecurityEvents' or /usr/local/pf/bin/pfcmd pfconfig show 'config::SecurityEvents()'

checking pfconfig content using pfcmd will not show a variable template like [% mac %], instead, 2 spaces will be there. which seems to be a "parsed" value of [% mac %] - it's empty.

stgmsa commented 5 months ago

Confirmed with @fdurand, it's because the [% mac %] being parsed when loading ini files to pfconfig. we'll need a way to skip parsing dynamic variables for security events' additional message

jrouzierinverse commented 4 months ago

We can run it through template toolkit to process it.

stgmsa commented 4 months ago

already got a fix by double quoting the variables

On Mon, Jul 29, 2024 at 08:27 James Rouzier @.***> wrote:

We can run it through template toolkit to process it.

— Reply to this email directly, view it on GitHub https://github.com/inverse-inc/packetfence/issues/8192#issuecomment-2255797495, or unsubscribe https://github.com/notifications/unsubscribe-auth/ABOZ43DPNW3T43O2AFESIB3ZOYYLPAVCNFSM6AAAAABJ36FQZOVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMZDENJVG44TONBZGU . You are receiving this because you were assigned.Message ID: @.***>

jrouzierinverse commented 4 months ago

OK