Support Center

AD Integration appearing to not work on sensors beginning with Release 1.9.11

Last Updated: May 13, 2019 06:24PM EDT

Service Name (on Pulse): Active Directory Pulse Integration
Service Name (on sensor): ad_integration
Configuration File (on sensor): /opt/pwnix/data/ad-nauseam/ad-nauseam.json
Log File (on sensor): /var/log/pwnix/ad_integration.log


In normal operation after values are specified to the fields for the Active Directory Pulse Integration service within Pulse and the service is subsequently started, the values specified are sent to the sensor and written to the configuration file, then the AD Integration service is started on the sensor. After the service is started on the sensor, it reads the values from from the configuration file and active directory integration occurs with the sensor retrieving information from the AD server. Subsequently this information is sent to Pulse whereupon network hosts become tagged with a "Known Good" Trust Level.

With sensors running 1.9.11 an issue was identified involving Active Directory Pulse Integration not working as expected if this feature was enabled prior to updating to 1.9.11

The cause of the issue is attributed to the values specified in the Pulse UI to not be written to the configuration file on the sensor. Hence, when the service is started on the sensor a generic configuration file is created with default values and the service subsequently stops because of the lack of configuration.

For sensors affected by this issue, a work-around is available requiring the user to edit the configuration file on the sensor and provide the values necessary for Active Directory Pulse Integration to operate properly.

Steps to perform:

1. Establish an SSH connection to the sensor, logging in with the pwnie user account.
2. Type sudo su and press Enter, then re-type the password to become superuser.
3. Type systemctl stop ad_integration and press Enter to ensure the AD integration service is stopped.
4. Type rm /opt/pwnix/data/ad-nauseam/ad-nauseam.json and press Enter to remove the current configuration file.
5. Type rm /var/log/pwnix/ad_integration.log and press Enter to remove the current log file.
6. Leave the SSH session open.
7. Next, login to Pulse, go to the Sensors page, select the sensor involved, then go to Services.
8. Select Active Directory Pulse Integration and specify all of the values necessary, then click Save. Afterward, start the Active Directory Pulse Integration service.
9. Return to the SSH session, type reboot and press Enter to reboot the sensor.
10. After the sensor is restarted, repeat steps one and two. Next, type cat /opt/pwnix/data/ad-nauseam/ad-nauseam.json and press Enter. Because of the issue identified the contents of the config file will look like the following:

{
  "log_level": "info",
  "send_to_pulse": true,
  "polling_rate": "daily",
  "ad_host": "127.0.0.1",
  "ad_port": "636",
  "ad_user": "",
  "sensor_side_hash": "",
  "ad_base": "",
  "connection": "ldaps",
  "verify_cert": false
}

Next, the user will need to copy the necessary values from the /opt/pwnix/data/pulse.yaml file to the appropriate fields in the configuration file. For reference the pulse.yaml file contains information pertaining to the sensor's configuration, including the relevant information for Active Directory integration, etc. The pulse.yaml file is updated whenever the sensor is restarted to reflect the current, up-to-date configuration reflected within the Pulse UI.

10. Type cat /opt/pwnix/data/pulse.yaml and press Enter. Locate the section within that reflects values associated with Active Directory integration. Refer to the following example of the section and values to look for:

- config:
    ad_base: DC=VMW2k3,DC=local
    ad_host: 192.168.123.102
    ad_port: '389'
    ad_user: CN=User,CN=Users,DC=VMW2k3,DC=local
    connection: ldap
    verify_cert: 'false'
    polling_rate: hourly
    sensor_side_hash: |
      qHthyxvhs+dscnsuXgGVGA==
      :QWGCjUpgpBky2F6CbQJznf0hj1SriRoQsBw23QY4BQPIC/m/aERcOzYqHKoj
      huXntYwF9brPtJD6oWNKzSufcTAZL2u+eCjsFJqS3TDcX5bBwOnB2pPKjpmr
      UTuLdbYlPiGrhSXvPvwOkwAOrmVCHITElxyWHFAO0fON8TKp1vY=
      :Vhp0UiQJb2uFKNSRX4YMK+EC9O56iu8F59gnQLQqbc1mtr1nuWZ/QZGEAawq
      AKJ+KmzE4iSB78VapziOjr2t+Tu6VIczE7McRE8SpLEXOyKMlj6IGaAVGA80
      7DXm4MCMsgDjOEk3duTYV84qrZdkeMOz7dC01gcoAU78Sm6SJjaxlThIR2se
      rn59P6yZUc6VpHdxsPeqPrMeE1Nw7vLfDDzvRK6pLsTuJDFUf7EFVZnMj9Lq
      ybE+EY1huHh5IjVzsX3g7WQ55XlD1RSfwYKXpJpp76OKTVeSQTrxgoyHG4F9
      VEt4PH6AIowz8+APy9BL7TCmUe/qH+T3grMa8hlm99aBdCeWUe8bte4iptlH
      dtGdHBvKCONZ7Ob0dyxtMC2GXl1XFv8OuqybK/ph744ojYW73A1ZiRQs3VLl
      yoiM/smTOxcrjwF+yF/RQCiGM9XE+gnByaOJwW8FRmdxw+8Xbjn6kUkeVQws
      qb6jcHnd1DHcDh7WPia28LQCRT4ni8ynDxStu8yk49M4pBRS2NGA3eecZiQp
      o5NWEO0qy9Hrq9GaHUEPmitTTbwMn3JfScF5S3BTQmVliQ6yBiF3y7RjnCZ3
      SkDnKVnvnyi6OoU0UWMWcPOpOagNl9QCDxtMi+TBQtKkYkp0W37NuqcokvFM
      yXJwvUuk7dBmApoNqSIiSFA=

 

Everything appearing within this section in the pulse.yaml file with the exception of the sensor_side_hash needs to be copied to the configuration file. In other words, copy the value for ad_base in the pulse.yaml file to the value for ad_base in the configuration file. Repeat this for ad_host, ad_port, ad_user, etc.

For the value associated with the sensor_side_hash, this value will need to be manipulated before it is copied to the configuration file, as follows:

a. Copy the value of the sensor_side_hash reflected in the pulse.yaml file to an editor

      qHthyxvhs+dscnsuXgGVGA==
      :QWGCjUpgpBky2F6CbQJznf0hj1SriRoQsBw23QY4BQPIC/m/aERcOzYqHKoj
      huXntYwF9brPtJD6oWNKzSufcTAZL2u+eCjsFJqS3TDcX5bBwOnB2pPKjpmr
      UTuLdbYlPiGrhSXvPvwOkwAOrmVCHITElxyWHFAO0fON8TKp1vY=
      :Vhp0UiQJb2uFKNSRX4YMK+EC9O56iu8F59gnQLQqbc1mtr1nuWZ/QZGEAawq
      AKJ+KmzE4iSB78VapziOjr2t+Tu6VIczE7McRE8SpLEXOyKMlj6IGaAVGA80
      7DXm4MCMsgDjOEk3duTYV84qrZdkeMOz7dC01gcoAU78Sm6SJjaxlThIR2se
      rn59P6yZUc6VpHdxsPeqPrMeE1Nw7vLfDDzvRK6pLsTuJDFUf7EFVZnMj9Lq
      ybE+EY1huHh5IjVzsX3g7WQ55XlD1RSfwYKXpJpp76OKTVeSQTrxgoyHG4F9
      VEt4PH6AIowz8+APy9BL7TCmUe/qH+T3grMa8hlm99aBdCeWUe8bte4iptlH
      dtGdHBvKCONZ7Ob0dyxtMC2GXl1XFv8OuqybK/ph744ojYW73A1ZiRQs3VLl
      yoiM/smTOxcrjwF+yF/RQCiGM9XE+gnByaOJwW8FRmdxw+8Xbjn6kUkeVQws
      qb6jcHnd1DHcDh7WPia28LQCRT4ni8ynDxStu8yk49M4pBRS2NGA3eecZiQp
      o5NWEO0qy9Hrq9GaHUEPmitTTbwMn3JfScF5S3BTQmVliQ6yBiF3y7RjnCZ3
      SkDnKVnvnyi6OoU0UWMWcPOpOagNl9QCDxtMi+TBQtKkYkp0W37NuqcokvFM
      yXJwvUuk7dBmApoNqSIiSFA=

b. Next, remove the empty characters from the beginning of each line and add \n at the end of each line. Afterward, remove the carriage return and create one long string of characters. When finished, the sensor_side_hash should look similar to the following example:

qHthyxvhs+dscnsuXgGVGA==\n:QWGCjUpgpBky2F6CbQJznf0hj1SriRoQsBw23QY4BQPIC/m/aERcOzYqHKoj\nhuXntYwF9brPtJD6oWNKzSufcTAZL2u+eCjsFJqS3TDcX5bBwOnB2pPKjpmr\nUTuLdbYlPiGrhSXvPvwOkwAOrmVCHITElxyWHFAO0fON8TKp1vY=\n:Vhp0UiQJb2uFKNSRX4YMK+EC9O56iu8F59gnQLQqbc1mtr1nuWZ/QZGEAawq\nAKJ+KmzE4iSB78VapziOjr2t+Tu6VIczE7McRE8SpLEXOyKMlj6IGaAVGA80\n7DXm4MCMsgDjOEk3duTYV84qrZdkeMOz7dC01gcoAU78Sm6SJjaxlThIR2se\nrn59P6yZUc6VpHdxsPeqPrMeE1Nw7vLfDDzvRK6pLsTuJDFUf7EFVZnMj9Lq\nybE+EY1huHh5IjVzsX3g7WQ55XlD1RSfwYKXpJpp76OKTVeSQTrxgoyHG4F9\nVEt4PH6AIowz8+APy9BL7TCmUe/qH+T3grMa8hlm99aBdCeWUe8bte4iptlH\ndtGdHBvKCONZ7Ob0dyxtMC2GXl1XFv8OuqybK/ph744ojYW73A1ZiRQs3VLl\nyoiM/smTOxcrjwF+yF/RQCiGM9XE+gnByaOJwW8FRmdxw+8Xbjn6kUkeVQws\nqb6jcHnd1DHcDh7WPia28LQCRT4ni8ynDxStu8yk49M4pBRS2NGA3eecZiQp\no5NWEO0qy9Hrq9GaHUEPmitTTbwMn3JfScF5S3BTQmVliQ6yBiF3y7RjnCZ3\nSkDnKVnvnyi6OoU0UWMWcPOpOagNl9QCDxtMi+TBQtKkYkp0W37NuqcokvFM\nyXJwvUuk7dBmApoNqSIiSFA=\n

c. Next, copy the modified sensor_side_hash to the sensor_side_hash field in configuration file. If all has been copied correctly, the configuration file will now look like the following:

{
  "log_level": "info",
  "send_to_pulse": true,
  "polling_rate": "hourly",
  "ad_host": "192.168.123.102",
  "ad_port": "389",
  "ad_user": "CN=User,CN=Users,DC=VMW2k3,DC=local",
  "sensor_side_hash": "qHthyxvhs+dscnsuXgGVGA==\n:QWGCjUpgpBky2F6CbQJznf0hj1SriRoQsBw23QY4BQPIC/m/aERcOzYqHKoj\nhuXntYwF9brPtJD6oWNKzSufcTAZL2u+eCjsFJqS3TDcX5bBwOnB2pPKjpmr\nUTuLdbYlPiGrhSXvPvwOkwAOrmVCHITElxyWHFAO0fON8TKp1vY=\n:Vhp0UiQJb2uFKNSRX4YMK+EC9O56iu8F59gnQLQqbc1mtr1nuWZ/QZGEAawq\nAKJ+KmzE4iSB78VapziOjr2t+Tu6VIczE7McRE8SpLEXOyKMlj6IGaAVGA80\n7DXm4MCMsgDjOEk3duTYV84qrZdkeMOz7dC01gcoAU78Sm6SJjaxlThIR2se\nrn59P6yZUc6VpHdxsPeqPrMeE1Nw7vLfDDzvRK6pLsTuJDFUf7EFVZnMj9Lq\nybE+EY1huHh5IjVzsX3g7WQ55XlD1RSfwYKXpJpp76OKTVeSQTrxgoyHG4F9\nVEt4PH6AIowz8+APy9BL7TCmUe/qH+T3grMa8hlm99aBdCeWUe8bte4iptlH\ndtGdHBvKCONZ7Ob0dyxtMC2GXl1XFv8OuqybK/ph744ojYW73A1ZiRQs3VLl\nyoiM/smTOxcrjwF+yF/RQCiGM9XE+gnByaOJwW8FRmdxw+8Xbjn6kUkeVQws\nqb6jcHnd1DHcDh7WPia28LQCRT4ni8ynDxStu8yk49M4pBRS2NGA3eecZiQp\no5NWEO0qy9Hrq9GaHUEPmitTTbwMn3JfScF5S3BTQmVliQ6yBiF3y7RjnCZ3\nSkDnKVnvnyi6OoU0UWMWcPOpOagNl9QCDxtMi+TBQtKkYkp0W37NuqcokvFM\nyXJwvUuk7dBmApoNqSIiSFA=\n",
  "ad_base": "DC=VMW2k3,DC=local",
  "connection": "ldap",
  "verify_cert": false
}

11. Save the changes, then start the AD service by typing systemctl start ad_integration and press Enter.
12. Next, type tail -f /var/log/pwnix/ad_integration.log and press Enter to review the log file.

If the values to the config file were entered correctly (and most important the sensor_side_hash), the log file will reflect activity as follows, indicative of polling with the AD server being successful and the information sent to Pulse.

# Logfile created on 2018-06-18 16:44:51 -0400 by logger.rb/v1.2.7
2018-06-18T16:44:51.877-0400 INFO runner#116522: No Config found. Adding default one at /opt/pwnix/data/ad-nauseam/ad-nauseam.json
2018-06-19T13:16:23.624-0400 INFO runner#30395: Starting AD Integration...
2018-06-19T13:16:23.624-0400 INFO runner#30395: Sending Credential Request to Pulse...
2018-06-19T13:16:23.625-0400 INFO runner#30395: Waiting for Credential Request Response from Pulse...
2018-06-19T13:16:29.102-0400 INFO runner#30395: Credentials Request Complete...
2018-06-19T13:16:29.123-0400 INFO runner#30395: Sending (1/1 MAX:100) devices to Pulse.
2018-06-19T13:16:29.123-0400 INFO runner#30395: AD Integration Run Complete...

Exit SSH

At this time, nothing further needs to be done to enable Active Directory Pulse Integration. And as long as the ad_integration service on the sensor is running, the polling to the AD server will occur and the results sent to Pulse. Close the SSH

IMPORTANT: Until this issue becomes resolved, any changes made to the Pulse UI involving the configuration of the Active Directory Pulse Integration will need to be made manually to the configuration file on the sensor.

Contact Us

support@pwnieexpress.com
http://assets0.desk.com/
false
desk
Loading
seconds ago
a minute ago
minutes ago
an hour ago
hours ago
a day ago
days ago
about
false
Invalid characters found
/customer/en/portal/articles/autocomplete