SoH - FR 2.1.11

Palmer J.D.F. J.D.F.Palmer at swansea.ac.uk
Thu Jul 14 15:30:18 CEST 2011 

Hi,

We've started to look at SoH with the intention to implement it for the
new academic session in September, but are having an issue.

The server is setup using the example soh-server, but find that the
condition in the example (below) isn't being satisfied when a client
with no AV returns it's SoH status. (SoH Reply below)
It appears after some trial that only the first of the
"SoH-MS-Windows-Health-Status =" attributes is considered, if I
manipulate the condition to check the firewall status which is returned
first it works. Is this a bug or something I've done wrong?
 
Example condition...
if (SoH-MS-Windows-Health-Status =~ /antivirus (warn|error) /) {

SoH Status Reply...

SoH-MS-Windows-Health-Status = "firewall ok snoozed=0 microsoft=1
up2date=1 enabled=0"
SoH-MS-Windows-Health-Status = "antivirus error not-installed"
SoH-MS-Windows-Health-Status = "antispyware ok snoozed=0 microsoft=1
up2date=1 enabled=1"
SoH-MS-Windows-Health-Status = "auto-updates ok action=download"
SoH-MS-Windows-Health-Status = "security-updates ok all-installed"


Separate to this, an observation from the SoH reply after I'd installed
Microsoft Security Essentials; the two hashed lines below show that
Microsoft Security Essentials is classed as being non-Microsoft.
I presume this the NAP service on the client making this decision, not
FreeRADIUS?

	SoH-MS-Windows-Health-Status = "firewall ok snoozed=0
microsoft=1 up2date=1 enabled=1"
##	SoH-MS-Windows-Health-Status = "antivirus ok snoozed=0
microsoft=0 up2date=1 enabled=1"     (MSE)
##	SoH-MS-Windows-Health-Status = "antispyware ok snoozed=0
microsoft=0 up2date=1 enabled=1"   (MSE)
	SoH-MS-Windows-Health-Status = "antispyware ok snoozed=0
microsoft=1 up2date=1 enabled=0"   (Windows Defender) 
	SoH-MS-Windows-Health-Status = "auto-updates ok action=download"
	SoH-MS-Windows-Health-Status = "security-updates warn
some-missing"

Thanks,
Jezz.


Jezz Palmer
Information Services and Systems
Swansea University
Singleton Park
Swansea
SA2 8PP
J.D.F.Palmer at swan.ac.uk

More information about the Freeradius-Users mailing list