(RADIATOR) NMAP and Radiator

Hugh Irvine hugh at open.com.au
Wed Mar 10 18:53:45 CST 2004 

Hello Barry -

The simplest thing is to use Perl and the same DBI/DBD modules as 
Radiator does.

Here is the RADONLINE table definition (from "goodies/mysqlCreate.sql"):


# An entry for each user _currently_ on line, for use by
# <SessionDatabase SQL>
# You can add more fields to this database, but you will also
# need to adjust AddQuery to store the additional values.
# You _must_ have at least
# USERNAME, NASIDENTIFIER, NASPORT and ACCTSESSIONID, which
# is the unique key in this table.
create table RADONLINE (
         USERNAME        char(50) NOT NULL,
         NASIDENTIFIER   char(50) NOT NULL,
         NASPORT         int NOT NULL,
         ACCTSESSIONID   char(30) NOT NULL,
         TIME_STAMP      int,
         FRAMEDIPADDRESS char(22),
         NASPORTTYPE     char(10),
         SERVICETYPE     char(20),

         UNIQUE RADONLINE_I (NASIDENTIFIER, NASPORT),
         INDEX RADONLINE_I2 (USERNAME)
);



regards

Hugh


On 11 Mar 2004, at 02:52, Barrett (Barry) W Clark wrote:

> Hugh, Terry,
>
> Thank you for your input.
>
> Any suggestions on the best way to scan the RADONLINE table with the 
> cron job?  Also, what format is the RADONLINE table file in?
>
> Thanks!
>
> bwc
>
> At 03:47 PM 3/4/2004, Hugh Irvine wrote:
>
>> Hello Terry, Hello Barry -
>>
>> As Terry says, you need to be careful to decouple the Radiator 
>> processing from anything else so you don't impact performance.
>>
>> I could easily imagine a simple cron job that would periodically scan 
>> the RADONLINE table and run NMAP on any new sessions.
>>
>> regards
>>
>> Hugh
>>
>>
>> On 5 Mar 2004, at 07:10, Terry Simons wrote:
>>
>>> Hmm... Just a thought.
>>>
>>> You could use a post auth script to touch a file with the IP (or 
>>> whatever) of a machine that needs to be scanned, and you could poll 
>>> the file (every minute or whatever) for new users to be scanned... 
>>> OR
>>> you could have a program like swatch watch the file for you, and 
>>> kick off an appropriate command to do your work for you.  Swatch has 
>>> the ability to watch a file for a regular expression pattern, and it 
>>> can kick off scripts with parameters from the expression you are 
>>> looking for (so it would be a cakewalk to have it just pass the 
>>> correct information to NMAP)
>>>
>>> Swatch is pretty neat... I think it would work well for something 
>>> like this.  It's perl based, and it's not too hard to set up.
>>>
>>> http://swatch.sourceforge.net/
>>>
>>> Good luck!
>>>
>>> - Terry
>>>
>>> On Mar 4, 2004, at 11:55 AM, Barrett (Barry) W Clark wrote:
>>>
>>>> Hello,
>>>>
>>>> Is it possible to set it up so that radiator will spawn a task to 
>>>> run NMAP to scan the machine associated with the
>>>> connection just made.
>>>>
>>>> (i.e...After connecting, NMAP runs on the Framed-IP-Address of the 
>>>> connection.)
>>>>
>>>> If so, How?
>>>>
>>>> Thanks!
>>>>
>>>> Barrett (Barry) W. Clark
>>>>
>>>>
>>>> --
>>>> Archive at http://www.open.com.au/archives/radiator/
>>>> Announcements on radiator-announce at open.com.au
>>>> To unsubscribe, email 'majordomo at open.com.au' with
>>>> 'unsubscribe radiator' in the body of the message.
>>>
>>> --
>>> Archive at http://www.open.com.au/archives/radiator/
>>> Announcements on radiator-announce at open.com.au
>>> To unsubscribe, email 'majordomo at open.com.au' with
>>> 'unsubscribe radiator' in the body of the message.
>>>
>>
>> NB: have you included a copy of your configuration file (no secrets),
>> together with a trace 4 debug showing what is happening?
>>
>> --
>> Radiator: the most portable, flexible and configurable RADIUS server
>> anywhere. Available on *NIX, *BSD, Windows, MacOS X.
>> -
>> Nets: internetwork inventory and management - graphical, extensible,
>> flexible with hardware, software, platform and database independence.
>> -
>> CATool: Private Certificate Authority for Unix and Unix-like systems.
>>
>> --
>> Archive at http://www.open.com.au/archives/radiator/
>> Announcements on radiator-announce at open.com.au
>> To unsubscribe, email 'majordomo at open.com.au' with
>> 'unsubscribe radiator' in the body of the message.
>
>
> --
> Archive at http://www.open.com.au/archives/radiator/
> Announcements on radiator-announce at open.com.au
> To unsubscribe, email 'majordomo at open.com.au' with
> 'unsubscribe radiator' in the body of the message.
>
>

NB: have you included a copy of your configuration file (no secrets),
together with a trace 4 debug showing what is happening?

-- 
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. Available on *NIX, *BSD, Windows, MacOS X.
-
Nets: internetwork inventory and management - graphical, extensible,
flexible with hardware, software, platform and database independence.
-
CATool: Private Certificate Authority for Unix and Unix-like systems.

--
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.

More information about the radiator mailing list