Jean M
-
Posts
44 -
Joined
-
Days Won
1
Posts posted by Jean M
-
-
Hi,
Is it possible to have two ESET servers (exact same version) running using the same DB?
Thanks,
Jean M
-
Just an additional word on this for other users information.
When we create a peer certificate in ESET we specify the validity period dates (start, end) be aware that it will assume 00:00 hours and minutes of start date. This means that if we created the custom root CA that is provided on the same day (for example 2019-11-12 13:20), very probably ESET will fail because it is trying to sign a certificate whose validity starts before that of root CA (2019-11-12 00:00).
-
OK.. makes sense now... thanks!
-
Hi,
I'm trying to create a peer certificate (in this case the Server certificate) but it is failing with the following message:
Failed to create certificate: Creating and signing peer certificate failed. Check peer certificate validity, certification authority validity and their overlap.: Trace info: CreatePeerCertificate: Peer certificate validity is not fully covered by certification authority validity
It looks like some validation between the CA I provide and the certificate SMC is generating for signature is failing some validation. Could someone help me understand what are the requirements of both to make this work?
The only difference compared to a CA generated from SMC is the number of bits of the RSA key..
Thanks!
-
The doc says:
QuoteMySQL database is supported up to version 5.7 and ODBC driver up to version 5.3.10. Upgrading to a higher version (5.3.11 or 8.x) of MySQL and ODBC driver is not recommended.
The second phrase confuses because I associated the versions in parenthesis like 8.x to ODBC driver instead of 5.3.11.
Also, I was mislead by:
odbcinst --version
We get 5.3.1 but now I realise this is not related to MySQL ODBC driver, it is related to other lib...
-
After more hours of debugging I was able to narrow the issue to be related to libmyodbc. I was using v5.3.13 and failed but when I tried with v5.1.13 it works..
https://dev.mysql.com/get/Downloads/Connector-ODBC/5.1/mysql-connector-odbc-5.1.13-1.el6.x86_64.rpm
-
The way I see it is that something is broken in the user login. Before the first login the users table has Administrator with native=1, auto_logout_time_in_minutes=10, password_expiration_interval_in_days=1500. After resetting the password these parameters become 0.
Also note that the error message seems to be related to a "Native User" (system? service account?)
Glad I'm not the only one with this problem.
-
I tried to install a local MySQL v5.6 in the same server of ESET SMC Server. What I see happening is that in the first login it says the user needs to change password. I change the password and I'm unable to login.
This also happened in the original setup (MySQL v5.7). Is this the expected behavior, requesting for password change on first login?
-
-
I can see a procedure execution in MySQL:
Execute CALL usp_security_users_get_by_login('Administrator' )
Also, enabling trace logging in ESET SMC Server, I get more error messages related:
2019-11-06 12:20:47 Information: ConsoleApiModule [Thread 7f60b57d2700]: 1128 Login request received [UserName=Administrator] 4, Reported address: X.X.X.X :52472, Connection (webserver) address: ip-X-X-1-25.X.internal :52446
2019-11-06 12:20:47 Information: CServerSecurityModule [Thread 7f610502e700]: Authenticating user Administrator
2019-11-06 12:20:47 Information: CServerSecurityModule [Thread 7f610502e700]: Checking native user password
2019-11-06 12:20:47 Information: ConsoleApiModule [Thread 7f60b57d2700]: 1128 Login failed [UserName=Administrator] AuthenticateNativeUser: Native user login failed
2019-11-06 12:20:47 Information: ConsoleApiModule [Thread 7f60b57d2700]: 1128 Request handler asked to close connection.
2019-11-06 12:20:47 Error: CServerSecurityModule [Thread 7f610502e700]: AuthenticateNativeUser: Native user login failedLooking at the user table (tbl_security_users?) the password hash and salt change with the kb6849 procedure. My last resort is to verify this hash and salt against the password... Is there any other variable that would make the authentication fail? (like IP filtering, hostname...?)
Also MySQL version is 5.7.26 and ODBC driver of version 5.3. The documentation says:
MySQL database is supported up to version 5.7 and ODBC driver up to version 5.3.10. Upgrading to a higher version (5.3.11 or 8.x) of MySQL and ODBC driver is not recommended.
Thanks!
-
Ok I followed those steps previously from:
https://support.eset.com/kb6849/?viewlocale=en_US
However it still doesn't work. I was able to fix other GWT communication problem I was having, now I get in SMC Web page: "Invalid username or password". In the server the error remains.
Is there any other log/debug/trace I could look into?
Thanks
-
-
Hi!
This helps even if it was not the root cause for our issue (now fixed btw! with help of your recommendations) it gives us information on what are the limits.
In order to test our run commands we, as you suggested, run the commands in the destination host and using the agent context (in Windows, "Local System" privileges) it helps a lot. For others information if they run into the same problem: to do this we used psexec from SysInternals (psexec -i -s cmd.exe).
Thanks a lot!
Jean M.
-
Hi,
What is the maximum command size we can use? (for Windows, MacOS and Linux)
I'm asking because tried a long command it seems that was not executed.
Thanks.
-
Exactly, I was looking for a setting to configure that interval but couldn't find it. With your description I was able to find it and it was in fact set to 1min! Probably by mistake..
One suggestion. We noticed that run commands logged in this audit report are not showing what command is being executed (a detail information from the command), at least from what we know. This is an important audit information as you should understand. We'd say that this should show at least in the audit events related to when we change the run command user task configuration (that's when that information is set). Certainly it could imply changes in the amount of information stored in the audit.
Thanks!
-
Great. That's exactly what we wanted.
I noticed that it logs a lot of:
2019 Oct 2 10:53:52
Update modules
Update
Modules successfully updated.
Success
System user
system
yesIt is occurring every minute. Is it possible to filter out this message somehow?
Thanks!
-
Hi,
I wanted to know if there is any audit log for the SMC that would contain for example:
- User authentication on SMC server web interface
- User actions like triggered tasks, etc.
I tried to look in
/var/log/eset/RemoteAdministrator/Server/trace.log
But it is rather verbose and I couldn't find what I needed.
Thanks,
Jean Mousinho -
Hi!
I've had some trouble installing NOD32 64bit edition in a Ubuntu 64bit. The installer seems to depend on libc6:i386:
error[16a680000]: Please install the following files or packages: libc6:i386, /lib/ld-linux.so.2
However, as far as I know, in a Ubuntu 16.04 64bit this package cannot be installed because it is the libc6 for i386, we can only install libc6-i386 which are i386 libs used for code compilation.
Did anyone succeed installing NOD32 Antivirus in Linux Ubuntu 16.04?
Thanks
Multiple ESET Servers - Same DB
in ESET PROTECT On-prem (Remote Management)
Posted
I've two cases, which are similar.
1) Fallback mechanism (active-active), from your comment it's not possible, OK.
2) Say I want to make an update on the server OS and for that I'll make a new server and install ESET SMC in it. Is there a way to make the transition from the old server to the new server without loosing data? Temporary offline is OK. I just recently saw this seems to be documented in https://help.eset.com/esmc_install/70/en-US/migration_assistant.html?migration_same_version.html, I'll need to make a more detailed read first to see if I've any doubts.
Thanks!