Security

I'm trying to connect to a ClearPass databases to see how and what exactly is saved so I can hopefully use some of that with a custom query to satisfy customer requests.

 

One such customer request resulted in a blacklist-user-db query that polls the user_id from one of its tables and then does some amazing magic with that. These queries usualy come from Aruba support.

 

Now, having received such a query again I'd like to adapt it a little bit and for that I'd need a look into the table and records itself to see what I can actualy use.

 

For this I downloaded DbVisualizer and plugged in the database settings I could find for the database source. 

This however does not let me in.

 

Has any tinkered with (looked into) a ccpm database like this succesfully?

Care to share a tip or 2?

A couple things you need to do..

 

1. make sure you have appexternal password set

 

 

 

 

2. custom properties on the sql SSL

 

 

 

 

Just was trying to use pgadmin on 6.6.8, and it seems as 5432/tcp is now closed. Nothing seems to be mentioned on the 6.6.8 release notes about this potential change. 

 

$ nmap 172.16.55.46 -Pn -p 5432
5432/tcp closed postgresql

 

 

Anyone else run into this issue?

 

Thanks,

 

Justin

 

 

After rebuilding a new server in the lab, it looks like there was some corruption with the config files that it was using for iptables. The services is starting and the port is listening as expected on 6.6.8. 

 

$ nmap 172.16.55.47 -Pn -p 5432
PORT STATE SERVICE
5432/tcp open postgresql

 

After going back and carefully reviewing services when server was booting, it was clear that cpass-firewall was failing after succesfully loading firewall rules with iptables. 

 

 

 

Active Firewall Rules from iptables can also be found by collecting clearpass logs and selecting System Logs.  After extracting the logs, you can navigate to SystemLogs => network-info.txt and scroll down the page until you see "Iptables rule:"

 

I have listed a snipit for just 5432/tcp from the netwrok-info.txt log file of a correctly working filter. If you dont see the lines for dpt:5432 listed in the input rules, you may be affected by corruption of iptables as well. 

 

Table: filter
Chain INPUT (policy DROP)
num target prot opt source destination
...

...
16 tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:5432
...

...
30 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:5432
...

...

 

You can also open up the SystemLogs => service-info.txt file and see which services have been started by the opperating system. You dont see the cpass-firewall as displayed form the console screenshots, although you will see tcp/udp ports listed which should reflect the network-info.txt log file. 

 

I assume you're working with TAC to get this information. What's the TAC case #?

Hi, Tim

I have already changed the password of the user "appexternal" in "cluster-wide-parameters" and "Insight Repository" but it shows me the image alert. Apparently it's because you need to enable SSL, but ClarPass doesn't have that option to enable it. I have opened a case with CT, but for three days they have not responded. Is there anything I am doing wrong?

 

Regards,

Carlos Villanueva

I hate to resurect an old thread but I thought this might be the best place to add this

 

I have the following version of dbVisualizer 

 

Product: DbVisualizer Free 9.2.6 [Build #2447]
OS: Mac OS X
OS Version: 10.10.2
OS Arch: x86_64
Java Version: 1.7.0_80
Java VM: Java HotSpot(TM) 64-Bit Server VM
Java Vendor: Oracle Corporation

And have not been able to set up the SSL settings referenced above - I was able to make this work on my older installation on Mavericks - I am now on Yosimite and the latest version. Has something changed or have I missed something, The driver used is the standard posgreSQL and it will not allow any changes

 

 

I'll take a look at it and respond to this thread later. In the mean time, I recommend using pgAdmin3 to connect to the ClearPass databases.