[tac_plus] Re: firewall 0.0.0.0??
Schmidt, Daniel
dan.schmidt at uplinkdata.com
Tue Jun 9 17:40:47 UTC 2009
Rather unlikely seeing as how a router/switch never yields a 0.0.0.0.
In other words, if it was a bug I would see it on other places and I do
not. Also, there is no 0.0.0.0 anywhere in my script, and mind that
variable is just a string! If the problem was in my script, the
variable would be empty, or it would just plain crash, it's impossible
for the script to set 0.0.0.0 as it had to come from somewhere.
http://pastie.org/506002
The firewall does not send a cmd-arg=<cr>, which was not expected. That
will be fixed.
-----Original Message-----
From: john heasley [mailto:heas at shrubbery.net]
Sent: Tuesday, June 09, 2009 10:55 AM
To: Schmidt, Daniel
Cc: tac_plus at shrubbery.net
Subject: Re: [tac_plus] firewall 0.0.0.0??
Tue, Jun 09, 2009 at 09:58:50AM -0600, Schmidt, Daniel:
> Hum... Anybody ever noticed that, when you try to enable on a PIX,
your
> source ip is given as 0.0.0.0? As of yet, I am unsure whether to
blame
> tac_plus or the pix.
>
> 2009-06-09 09:26:06: User 'homer' not allowed from source '0.0.0.0' in
> 'BN'->'host_allow'
> 2009-06-09 09:26:09: User 'homer' not allowed from source '0.0.0.0' in
> 'BN'->'host_allow'
i'd lean toward your script. tacacs gets the ip from the tcp socket.
> If I allow 0.0.0.0 as a source and look at the tac_pairs I get:
>
> service=shell
> cmd*
> priv-lvl=15
> idletime=10
> 2009-06-09 09:36:33: User 'homer' granted access to device
> '192.168.168.168' in group 'BN' from '172.16.25.17'
> service=shell
> cmd=enable
> 2009-06-09 09:37:00: User 'homer' allowed command 'enable' to device
> '192.168.168.168' in 'BN'->'command_permit'
> service=shell
> cmd=enable
> 2009-06-09 09:37:00: User 'homer' allowed command 'enable' to device
> '192.168.168.168' in 'BN'->'command_permit'
> service=shell
> cmd*
> priv-lvl=15
> idletime=10
> 2009-06-09 09:37:02: User 'homer' granted access to device
> '192.168.168.168' in group 'BN' from '172.16.25.17'
>
> (Notice also, firewall doesn't give a cmd-arg=<cr> at the end. Odd.)
> _______________________________________________
> tac_plus mailing list
> tac_plus at shrubbery.net
> http://www.shrubbery.net/mailman/listinfo.cgi/tac_plus
More information about the tac_plus
mailing list