Hello Guest

Author Topic: Bug: default agent group becomes set to invalid value causing ACL violations  (Read 292 times)

0 Members and 1 Guest are viewing this topic.

Offline Cursorkeys

  • Jr. Member
  • **
  • Posts: 12
  • Karma: 0
    • View Profile
This was an interesting one and I can replicate it.

1. Perform recon task with preset 'basic monitoring'.
2. Chose newly added agent and attempt to click-to-edit the 'host alive' or 'host latency' module. Observe agent group is shown as a blank space on agent overview screen.
3. URL is diplayed similar to 'http://192.168.100.10/pandora_console/index.php?sec=gagente&sec2=godmode/agentes/configurar_agente&id_agente=68&tab=module&edit_module=1&id_agent_module=173' but a blank grey screen is shown.
4. Close browser tab and reopen portal. Observe event display shows:

ACL Violation            Attempt to access agent manager

5. Edit the agent and change the group to a value (e.g. 'servers').
6. Observe you can now edit the modules without errors.


This looks like the default group that the 'basic monitoring' scheme adds is some sort of invalid value that causes a spurious ACL violation?

I hope this report is of help.
« Last Edit: December 09, 2016, 05:19:05 AM by Cursorkeys »

Offline antonio.s

  • Administrator
  • Smart member
  • *****
  • Posts: 288
  • Karma: 2
    • View Profile
Hello Cursorkeys,

It looks like the problem is the recon task allows to create agents on the "All" group. I think if you check the database, you would see an ID 0 on the group parameter, but you can't actually assign an agent to the "all" group.
I'll raise an internal ticket to resolve this little issue, the solution will be to NOT allow the recon task to assign ID 0 to the new created agents.

Thanks for the report!

Kind regards,
Antonio.

Offline Cursorkeys

  • Jr. Member
  • **
  • Posts: 12
  • Karma: 0
    • View Profile
Hi Antonio,

Thank you very much for the quick response.

You are correct, 'id_grupo' in table 'tagente' is 0 on the problem agents. A quick UPDATE to 10 (unknown) has resolved the remaining problem agents without any more clicking :)


Is it possible to put in a feature request that ACL violations cause an error message rather than just a grey screen too?

Many thanks,

Jon

Offline antonio.s

  • Administrator
  • Smart member
  • *****
  • Posts: 288
  • Karma: 2
    • View Profile
Hello Jon,

Thanks for your contribution.
The ACL violation should actually show a warning message like this:



Regards,
Antonio.

Offline Cursorkeys

  • Jr. Member
  • **
  • Posts: 12
  • Karma: 0
    • View Profile
Hi Antonio,

That's interesting. What I see is:



I'll try to debug further!

Offline antonio.s

  • Administrator
  • Smart member
  • *****
  • Posts: 288
  • Karma: 2
    • View Profile
It should be displayed right over that grey screen. Maybe something is preventing it to appear, could it be ADblock? Not sure tho, since I use it too and can't see the same problem.

Let us know if you find something!

Kind regards,
Antonio.

Offline Cursorkeys

  • Jr. Member
  • **
  • Posts: 12
  • Karma: 0
    • View Profile
Hi Antonio,

Just to let you know I tried to work through this issue. I could see the AJAX call return successfully with the popup data in the network traffic but for some reason the popup wasn't then being displayed.

I've just updated Chrome and now I have popups. So it looks like this was Chome misbehaving somehow.

Best regards,

Jon