cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements
1757
Views
0
Helpful
5
Replies
Highlighted
Beginner

DAP LUA script to check any AV and FW in hostscan

This script is from a Cisco doc and is supposed to check for any AV and FW in the hostscan table and, if parameters are met, then access passes. However, it only seems to be checking for FW. With FW and AV on, access works. With FW off and AV on, access is denied, but with FW on and AV off, access is permitted. I don't know LUA and am trying to learn it, but I cannot find the error in the script. Any suggestions? I've tried removing the last parentheses and with and without a space, but no luck.

 

(assert(function()
    function checkav(antix)
        if (type(antix) == "table") then
            for k,v in pairs(antix) do
                if (EVAL(v.activescan, "EQ", "ok", "string") and EVAL (v.lastupdate, "LT", "2592000", "integer")) then
                    return true
                end
            end
        end
        return false
    end
    function checkfw(antix)
        if (type(antix) == "table") then
            for k,v in pairs(antix) do
                if (EVAL(v.enabled, "EQ", "ok", "string")) then
                    return true
                end
            end
        end
        return false
    end
    return (checkav(endpoint.av) and checkfw(endpoint.fw))

end) () )

 

It came from here: https://www.cisco.com/c/en/us/support/docs/security/asa-5500-x-series-next-generation-firewalls/115947-dap-adv-functions-00.html#anc7

5 REPLIES 5
Highlighted
Enthusiast

Hello @JESSICA Walsh

 

Can you perform the same test you already did but collecting the debugs for DAP in order to look further what could be the issue on your conection?

 

We can do the debugs once you perform a change, with FW and AV on, with FW off and AV on and with FW on and AV off: 

 

debug menu dap 2

debug dap trace

 

Share the outputs and I will further,

 

HTH

Gio

Highlighted

DAP record [    RECORD-NAME      ]:
((EVAL(aaa.cisco.grouppolicy,"EQ","XXX","string") and EVAL(aaa.radius["25"],"EQ","XXX","string") and EVAL(aaa.cisco.tunnelgroup,"EQ","XXX","string"))) and ((assert(function()
    function checkav(antix)
        if (type(antix) == "table") then
            for k,v in pairs(antix) do
                if (EVAL(v.activescan, "EQ", "ok", "string") and EVAL (v.lastupdate, "LT", "2592000", "integer")) then
                    return true
                end
            end
        end
        return false
    end
    function checkfw(antix)
        if (type(antix) == "table") then
            for k,v in pairs(antix) do
                if (EVAL(v.enabled, "EQ", "ok", "string")) then
                    return true
                end
            end
        end
        return false
    end
    return (checkav(endpoint.av) and checkfw(endpoint.fw))

end) () ))

 

 

Highlighted

I have taken out my user name and some other info that I cannot post. this was a successful access with FW and AV turned on 

Highlighted

FW is on, AV is disabled and it sees it as disabled, but picks the right DAP anyway.

Highlighted

Hello @JESSICA Walsh

 

By any chance, do you have the output for "debug menu dap 2", I want to see what is configured on the ASA when you try the connection. 

 

Gio

Content for Community-Ad