Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Inventory: track new Snort, WireGuard and MAC binding features #987

Closed
gsanchietti opened this issue Dec 19, 2024 · 5 comments
Closed

Inventory: track new Snort, WireGuard and MAC binding features #987

gsanchietti opened this issue Dec 19, 2024 · 5 comments
Labels
verified All test cases were verified successfully
Milestone
NethSecurity 8.5

Comments

@gsanchietti
Copy link
Member

Improve currently collected information inside the inventory.

IPS

  • status
  • rule policy
  • oinkcode enabled or not
  • number of bypass
  • number of suppression

WireGuard

  • number of server instances
  • number of peers for each instance
  • instance connected to system user database or not

MAC/IP binding

  • status: off, soft, hard
  • number of interfaces where enabled
@github-project-automation github-project-automation bot moved this to ToDo 🕐 in NethSecurity Dec 19, 2024
@gsanchietti gsanchietti added this to the NethSecurity 8.5 milestone Dec 19, 2024
@stephdl stephdl mentioned this issue Jan 14, 2025
Merged
@stephdl stephdl moved this from ToDo 🕐 to In Progress 🛠 in NethSecurity Jan 15, 2025
@gsanchietti
Copy link
Member Author

Testing image.

@stephdl
Copy link
Contributor

stephdl commented Jan 15, 2025
edited
Loading

QA

case wireguard

  • follow the documentation
  • create two instances with user_db set to "" or ldap database
  • set some peers
  • think to apply the configuration
    uci commit network
  • trigger the /usr/sbin/inventory and verify the stats
    this an example of the output
    "wiregard": {
      "instances": 2,
      "statistics": [
        {
          "server": "wg1",
          "peers": 2,
          "ns_user_db": "main"
        },
        {
          "server": "wg2",
          "peers": 0,
          "ns_user_db": "ldap"
        }
      ]
    },

case 2 snort

this is the json example

    "snort": {
      "enabled": true,
      "policy": "security",
      "oink_enabled": false,
      "disabled_rules": 2,
      "suppressed_rules": 0,
      "bypass_src_ipv4": 2,
      "bypass_src_ipv6": 0,
      "bypass_dst_ipv4": 0,
      "bypass_dst_ipv6": 0
    },

case MAC/IP binding

  • enable a dhcp server
  • enable the ip mac binding
  • you can change the parameter (0.1.2)

this is the example of json object

    "mac_ip_binding": {
      "disabled": 1,
      "soft-binding": 0,
      "hard-binding": 1
    },

@stephdl stephdl mentioned this issue Jan 15, 2025
Merged
@stephdl stephdl moved this from In Progress 🛠 to Testing in NethSecurity Jan 16, 2025
@stephdl stephdl added the testing Packages are available from testing repositories label Jan 16, 2025
@stephdl stephdl removed their assignment Jan 16, 2025
@gsanchietti gsanchietti self-assigned this Jan 16, 2025
@gsanchietti
Copy link
Member Author

Test case 1 not verified: the key should be named wireguard.

Test case 2 verified.

Test case 3 not verified: the count of disabled interfaces does not match the number of interfaces where the feature can be enabled.
I have a machine with 2 interfaces (1 LAN, 1 WAN), I can enable the binding only on interfaces listed inside the screenshot (LAN , blue etc with static address):
Image
The inventory returns the wrong number:

 inventory  | jq .features.mac_ip_binding
{
  "disabled": 2,
  "soft-binding": 0,
  "hard-binding": 0
}

@gsanchietti gsanchietti removed the testing Packages are available from testing repositories label Jan 16, 2025
@gsanchietti gsanchietti moved this from Testing to In Progress 🛠 in NethSecurity Jan 16, 2025
@gsanchietti gsanchietti assigned stephdl and unassigned gsanchietti Jan 16, 2025
@stephdl stephdl mentioned this issue Jan 16, 2025
Merged
@gsanchietti
Copy link
Member Author

Testing image: 23.05.5-ns.1.4.1-29-g3d2d5a331

@gsanchietti gsanchietti added the testing Packages are available from testing repositories label Jan 20, 2025
@nethbot nethbot moved this from In Progress 🛠 to Testing in NethSecurity Jan 20, 2025
@gsanchietti
Copy link
Member Author

All test cases have been verified.

@gsanchietti gsanchietti added verified All test cases were verified successfully and removed testing Packages are available from testing repositories labels Jan 20, 2025
@nethbot nethbot moved this from Testing to Verified in NethSecurity Jan 20, 2025
@Tbaile Tbaile closed this as completed Jan 20, 2025
@github-project-automation github-project-automation bot moved this from Verified to Done ✅ in NethSecurity Jan 20, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
verified All test cases were verified successfully
Projects
NethSecurity
Status: Done ✅
Milestone
NethSecurity 8.5
Development

No branches or pull requests
3 participants
@gsanchietti @stephdl @Tbaile