cancel
Showing results forĀ 
Search instead forĀ 
Did you mean:Ā 
cancel
2838
Views
0
Helpful
5
Replies

DAP LUA script to check any AV and FW in hostscan

JESSICA Walsh
Level 1
Level 1

This script is from a Cisco doc and is supposed to check for any AV and FW in the hostscan table and, if parameters are met, then access passes. However, it only seems to be checking for FW. With FW and AV on, access works. With FW off and AV on, access is denied, but with FW on and AV off, access is permitted. I don't know LUA and am trying to learn it, but I cannot find the error in the script. Any suggestions? I've tried removing the last parentheses and with and without a space, but no luck.

 

(assert(function()
    function checkav(antix)
        if (type(antix) == "table") then
            for k,v in pairs(antix) do
                if (EVAL(v.activescan, "EQ", "ok", "string") and EVAL (v.lastupdate, "LT", "2592000", "integer")) then
                    return true
                end
            end
        end
        return false
    end
    function checkfw(antix)
        if (type(antix) == "table") then
            for k,v in pairs(antix) do
                if (EVAL(v.enabled, "EQ", "ok", "string")) then
                    return true
                end
            end
        end
        return false
    end
    return (checkav(endpoint.av) and checkfw(endpoint.fw))

end) () )

 

It came from here: https://www.cisco.com/c/en/us/support/docs/security/asa-5500-x-series-next-generation-firewalls/115947-dap-adv-functions-00.html#anc7

5 Replies 5

GioGonza
Level 4
Level 4

Hello @JESSICA Walsh

 

Can you perform the same test you already did but collecting the debugs for DAP in order to look further what could be the issue on your conection?

 

We can do the debugs once you perform a change, with FW and AV on, with FW off and AV on and with FW on and AV off: 

 

debug menu dap 2

debug dap trace

 

Share the outputs and I will further,

 

HTH

Gio

DAP record [    RECORD-NAME      ]:
((EVAL(aaa.cisco.grouppolicy,"EQ","XXX","string") and EVAL(aaa.radius["25"],"EQ","XXX","string") and EVAL(aaa.cisco.tunnelgroup,"EQ","XXX","string"))) and ((assert(function()
    function checkav(antix)
        if (type(antix) == "table") then
            for k,v in pairs(antix) do
                if (EVAL(v.activescan, "EQ", "ok", "string") and EVAL (v.lastupdate, "LT", "2592000", "integer")) then
                    return true
                end
            end
        end
        return false
    end
    function checkfw(antix)
        if (type(antix) == "table") then
            for k,v in pairs(antix) do
                if (EVAL(v.enabled, "EQ", "ok", "string")) then
                    return true
                end
            end
        end
        return false
    end
    return (checkav(endpoint.av) and checkfw(endpoint.fw))

end) () ))

 

 

I have taken out my user name and some other info that I cannot post. this was a successful access with FW and AV turned on 

FW is on, AV is disabled and it sees it as disabled, but picks the right DAP anyway.

Hello @JESSICA Walsh

 

By any chance, do you have the output for "debug menu dap 2", I want to see what is configured on the ASA when you try the connection. 

 

Gio

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: