PacketFence - BTS - PacketFence
View Issue Details
0001684PacketFencescanningpublic2013-08-13 11:022013-08-13 11:02
Sylvain 
 
normalmajoralways
newopen 
4.0.1 
 
0001684: OpenVAS - "Bogus command name" when creating escalator
It occurs under version 4.0.1, but I couldn't test under 4.0.5 because of some other bugs (which aren't related to this one).
As i didn't see anything either in changelogs and in issues reported... here it is.

This happen when launching a OpenVAS scan.

Right after registration, the pre-configured "System Scan" violation (1200001) is triggered.
The captive portal tells that scan is in progress.
Once the progress bar is filled, it tells that the machine is still being scanned since a given hour.
It will keep telling that (and here the problem begins).

In packetfence.log can be found:
There was an error creating scan escalator named 137606073317f486, here's the output: <omp_response status="400" status_text="Bogus command name"></omp_response> (pf::scan::openvas::createEscalator)

The scanned machine can be sent to the default vlan, by acknowledging the "System Scan" violation (1200001), as expected. But of course bypassing scan is not the best approach ;)

Here is the whole relevant output from packetfence.log:

Aug 09 17:05:30 release.pm(0) INFO: scanning 192.168.1.1 by calling /usr/local/pf/bin/pfcmd schedule now 192.168.1.1 1>/dev/null 2>&1 (pf::web::release::handler)
Aug 09 17:05:30 release.pm(0) INFO: violation for mac aa:bb:cc:dd:ee:ff vid 1200001 modified (pf::violation::violation_modify)
Aug 09 17:05:33 pfcmd.pl(10765) INFO: New ID generated: 137606073317f486 (pf::util::generate_id)
Aug 09 17:05:36 pfcmd.pl(10765) INFO: Instantiate a new vulnerability scanning engine object of type pf::scan::openvas. (pf::scan::instantiate_scan_engine)
Aug 09 17:05:36 pfcmd.pl(10765) INFO: Creating a new scan target named 137606073317f486 for host 192.168.1.1 (pf::scan::openvas::createTarget)
Aug 09 17:05:36 pfcmd.pl(10765) INFO: Scan target named 137606073317f486 successfully created with id: 0162c1eb-e374-4e39-8e16-faddab0d58e9 (pf::scan::openvas::createTarget)
Aug 09 17:05:36 pfcmd.pl(10765) INFO: Creating a new scan escalator named 137606073317f486 (pf::scan::openvas::createEscalator)
Aug 09 17:05:36 pfcmd.pl(10765) WARN: There was an error creating scan escalator named 137606073317f486, here's the output: <omp_response status="400" status_text="Bogus command name"></omp_response> (pf::scan::openvas::createEscalator)
Aug 09 17:05:36 pfcmd.pl(10765) INFO: Creating a new scan task named 137606073317f486 (pf::scan::openvas::createTask)
Aug 09 17:05:36 pfcmd.pl(10765) WARN: There was an error creating scan task named 137606073317f486, here's the output: <create_task_response status="400" status_text="Bogus element: escalator"></create_task_response> (pf::scan::openvas::createTask)
Aug 09 17:05:36 pfcmd.pl(10765) INFO: Starting scan task named 137606073317f486 (pf::scan::openvas::startTask)
Aug 09 17:05:37 pfcmd.pl(10765) WARN: There was an error starting the scan task named 137606073317f486, here's the output: <start_task_response status="404" status_text="Failed to find task ''"></start_task_response> (pf::scan::openvas::startTask)

Best regards,

Sylvain
No tags attached.
Issue History
2013-08-13 11:02SylvainNew Issue
2013-08-13 11:02SylvainNote Added: 0003402

Notes
(0003402)
Sylvain   
2013-08-13 11:02   
In the report above I only wrote about SNMP linkUp/Down VLAN enforcement and "standard" registration.
I was initially testing with 802.1x auto-registration and enforcement, but couldn't get any information about the problem.
Actually when using 802.1x there were no log about the failed OpenVAS scan.

I have gathered informations about this lack of log, should I post them here or in a separate ticket ?