Developers guide

Chapter 7
Copyright © 2008-2013 Inverse inc.
Optional components 49
Note
violations.conf is loaded at startup. A restart is required when changes are made
to this file.
Example violation
In our example we want to isolate people using Limewire. Here we assume Snort is installed and configured
to send alerts to PacketFence. Now we need to configure PacketFence isolation.
Enable Limewire violation in /usr/local/pf/conf/violations.conf and configure it to trap.
[2001808]
desc=P2P (Limewire)
priority=8
url=/content/index.php?template=p2p
actions=log,trap
enable=Y
max_enable=1
trigger=Detect::2001808
Compliance Checks
PacketFence supports either Nessus or OpenVAS as a scanning engine for compliance checks.
Installation
Nessus
Please visit http://www.nessus.org/download/ to download and install the Nessus package for your
operating system. You will also need to register for the HomeFeed (or the ProfessionalFeed) in order to
get the plugins.
After you installed Nessus, follow the Nessus documentation for the configuration of the Nessus Server,
and to create a user for PacketFence.
OpenVAS
Please visit http://www.openvas.org/install-packages.html#openvas4_centos_atomic to configure the
correct repository to be able to install the latest OpenVAS scanning engine.
Once installed, please make sure to follow the instructions to correctly configure the scanning engine
and create a scan configuration that will fit your needs. You’ll also need to create a user for PacketFence
to be able to communicate with the server.