How to install:
You'll need nmap v4 or later, if you don't have it, download it from www.insecure.org/nmap, or your local package source.
For versions prior to 2.2RC3, rename port_scan.inc.template to port_scan.inc
cp /opt/nac/etc/port_scan.inc.template /opt/nac/etc/port_scan.inc
and modify the configuration settings according to your needs, especially the nmap path.
If you are using release 2.2 RC2 or prior, you need to import this configuration file into the database. As of release V2.2 RC2, port_scan takes all the variables from the config table (except for $debug_flag1), so the port_scan.inc file has to be also imported into the database.
Do the following from the /opt/nac/contrib directory (in case you are using 2.2 RC2):
./config2db ../etc/port_scan.inc
If you need to redefine some of these settings, you can do so through the Windows GUI.
Next, create the following directory in case it doesn't exist
mkdir /opt/nac/scan
Now you need to define the networks you'd like to scan. This can be done with Administration > NmapSubnets in the WindowsGUI, Or, in MySQL:
insert into subnets set ip_address='192.168.1.0', ip_netmask='24', scan='1';
This will add the subnetwork 192.168.1.0/24 to your subnets table and with 'scan=1' we are saying that this subnetwork can be scanned. You need to do this for every subnet you want to take into account.
If there are specific hosts you'd like to ignore, add a CSV list of the IP addresses of systems you don't want to scan.
update subnets set dontscan='192.168.1.1, 192.168.1.127, 192.168.1.254' where ip_address='192.168.1.0' and ip_netmask='24' and scan='1';
Other settings (Administration > Config) are scan_for_hours, time_threshold, whats_units_time, nmap_flags and which_nmap. The only one which typically needs changing is scan_for_hours: only systems seen on layer 3 in this number of hours (default 3) are scanned, others are ignored. This is to make scans quicker.
Next, schedule the automatic scans. Add the following entries to the root crontab.
# FreeNAC: port_scanning of systems */5 8-18 * * 1-5 /opt/nac/bin/port_scan.php --scannow # Active scanning: nmap monday 0 11 * * 1 /opt/nac/bin/port_scan.php
The first entry runs every five minutes, and it is the main mechanism to control immediate scans requested from the GUI. With the GUI you set the flag 'scannow=1' and then this cronjob will scan the systems which have this flag set.
The second entry scans all devices present in the systems table every Monday at 11:00 AM
See also the the technical guide section on the nmap module.