Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

built-in variable doesn't show in security events #8192

Closed
stgmsa opened this issue Jun 25, 2024 · 4 comments · Fixed by #8231
Closed

built-in variable doesn't show in security events #8192

stgmsa opened this issue Jun 25, 2024 · 4 comments · Fixed by #8231
Assignees
@jrouzierinverse @stgmsa
Labels
Priority: Medium Type: Bug
Milestone
PacketFence-14.0

Comments

@stgmsa
Copy link
Contributor

stgmsa commented Jun 25, 2024
edited
Loading

Describe the bug
In "lost of stolen" security event, we have an additional email message by default for "email node owner" or "email recipient".

And inside the additional message, a "[% mac %]" was defined, expecting to include the mac address of the device.

However, in the email we received, there's nothing.

To Reproduce
Steps to reproduce the behavior:

  1. login to admin UI and make sure "lost or stolen" is enabled and "email device owner" or "email recipient" is enabled.
  2. log into packetfence server
  3. manaully trigger a "lost or stolen" security event using pfcmd /usr/local/pf/bin/pfcmd security_event add {MAC} 1300005
  4. check the email we received.

Expected behavior

  1. the mac address appears in the email we received.

Desktop (please complete the following information):
independent

Smartphone (please complete the following information):
independent

Additional context
I think it's due to the [% mac %] variabled we used in "security_events.conf".
we were expecting it being parsed when sending the emails, however it's probably parsed when loading security_events.conf into pfconfig, as a result, there will be no variable in "additional message"

checking pfconfig values using either:
/usr/local/pf/bin/pfcmd pfconfig show 'config::SecurityEvents'
or
/usr/local/pf/bin/pfcmd pfconfig show 'config::SecurityEvents()'

checking pfconfig content using pfcmd will not show a variable template like [% mac %], instead, 2 spaces will be there. which seems to be a "parsed" value of [% mac %] - it's empty.
@stgmsa
Copy link
Contributor Author

stgmsa commented Jun 25, 2024

Confirmed with @fdurand, it's because the [% mac %] being parsed when loading ini files to pfconfig.
we'll need a way to skip parsing dynamic variables for security events' additional message

@satkunas satkunas added this to the PacketFence-14.0 milestone Jun 26, 2024
@jrouzierinverse
Copy link
Member

We can run it through template toolkit to process it.

@stgmsa
Copy link
Contributor Author

stgmsa commented Jul 29, 2024 via email

@jrouzierinverse
Copy link
Member

OK

@stgmsa stgmsa mentioned this issue Jul 29, 2024
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@jrouzierinverse jrouzierinverse

@stgmsa stgmsa

Labels
Priority: Medium Type: Bug
Projects
None yet
Milestone
PacketFence-14.0
Development

Successfully merging a pull request may close this issue.

Fix/security extra message wrapping inverse-inc/packetfence
3 participants
@jrouzierinverse @satkunas @stgmsa