Jump to content

Archived

This topic is now archived and is closed to further replies.

bbahes

Rogue computers ratio - empty

Recommended Posts

I've installed Rogue Detection Sensor on Ubuntu 14.04. server using 3.7 Component installation on Linux.

However there are no computers detected but ERA server itself.

 

Can someone from support suggest what should I do?

 

Thanks.

Share this post


Link to post
Share on other sites

Just a hint, maybe It won't show any "rogue" client since I haven't loaded license?

 

UPDATE: I've added license key, but still ERA does not detect any client on network. Could it be that I have to make changes to iptables?

Share this post


Link to post
Share on other sites

Exactly the same issue here! On the machine, where the ERA Rogue Detection Sensor is installed, there's the following line in the Agent Logfile:

 

2015-04-20 06:13:51 Error: CSystemConnectorModule [Thread 7f06377f6700]: Failed to get system update state
 

I've already reinstalled the agent.

Share this post


Link to post
Share on other sites

Basically, the Detection seems to be working, at least the Detection Log is filled:

 

2015-04-20 06:26:01 Trace: PC Detection [Thread 7f217c3f9700]: Computer with IPv4: 192.168.1.70
2015-04-20 06:26:02 Debug: OSDetector: 192.168.1.93 [Thread 7f215b7fe700]: Time is up!
2015-04-20 06:26:02 Debug: OSDetector: 192.168.1.93 [Thread 7f215b7fe700]: 0 returned probes out of 12
2015-04-20 06:26:02 Warning: CInfoWorker [Thread 7f215b7fe700]: Info Worker warning: OS Detection on 192.168.1.93 failed: Not enough probes returned
 

Share this post


Link to post
Share on other sites

It would appear this is still BUG on Linux distributions.

 

There is KB Solution ID: SOLN3674 and on the bottom of page it says:

 

 

I have installed ESET Rogue Detection Sensor in my virtual environment, but rogue computers are not detected—how can I resolve this issue?
Early builds of ESET Rogue Detection Sensor (RD Sensor) had a known issue that prevented them from finding rogue computers when RD Sensor was installed on a virtual machine. This issue has been resolved in version 6.1.28 and later of RD Sensor, released Feb. 25th, 2015. Visit the ESET Rogue Detection Sensor download page to get the latest version of RD Sensor.

 

 

My Ubuntu 14.04. is virtual machine...any update from support?

Share this post


Link to post
Share on other sites

I've just downloaded the Agent a few days ago, it's version 6.1.450.0. So this bug shouldn't appear anymore ... ?????

Share this post


Link to post
Share on other sites

I've just downloaded the Agent a few days ago, it's version 6.1.450.0. So this bug shouldn't appear anymore ... ?????

 

It's Rogue Detection Sensor 1.0.728.0 for Linux distributions that's in question, not Agent.

Share this post


Link to post
Share on other sites

Of course, I've installed both. Agent and Detection Sensor in the same VM.

Share this post


Link to post
Share on other sites

Of course, I've installed both. Agent and Detection Sensor in the same VM.

 

Yes but only RD Sensor appears to be having problem. They've apparently only fixed Windows version. Not Linux.

Share this post


Link to post
Share on other sites

Four hours ago I've asked ESET support, but I got no reply yet.

Share this post


Link to post
Share on other sites

Four hours ago I've asked ESET support, but I got no reply yet.

 

We can only wait for them to reply.

My luck is that I'm just testing v6 for now.

Share this post


Link to post
Share on other sites
Yes but only RD Sensor appears to be having problem. They've apparently only fixed Windows version. Not Linux.

 

The bug didn't affect Windows systems. Are those undetected computers in the same network with no firewall between computers and virtual appliance? Also just to make sure, SELinux is disabled, isn't it?

Share this post


Link to post
Share on other sites

 

Yes but only RD Sensor appears to be having problem. They've apparently only fixed Windows version. Not Linux.

 

The bug didn't affect Windows systems. Are those undetected computers in the same network with no firewall between computers and virtual appliance? Also just to make sure, SELinux is disabled, isn't it?

 

 

It's just Ubuntu server 14.4.2 LTS guest on Hyper-V 2012 host. Windows guest detected all Machines on network.

I can Access network and Internet from Ubuntu guest ping and ping any host on network.

SELinux was enabled. I disabled it. Restarted server and only era is in detected list. So far...

Share this post


Link to post
Share on other sites

 

Yes but only RD Sensor appears to be having problem. They've apparently only fixed Windows version. Not Linux.

 

The bug didn't affect Windows systems. Are those undetected computers in the same network with no firewall between computers and virtual appliance? Also just to make sure, SELinux is disabled, isn't it?

 

They're in the same network. There's no firewall between. In /var/log/eset/RogueDetectionSensor/trace.log scans are logged.

 

SELinux isn't enabled. The VM is Debian Jessie.

Share this post


Link to post
Share on other sites

 

Of course, I've installed both. Agent and Detection Sensor in the same VM.

 

Yes but only RD Sensor appears to be having problem. They've apparently only fixed Windows version. Not Linux.

 

 

I don't know if this is a RD Sensor or Linux-Agent problem. At least, there are some errors in the agent-logfile. Maybe they help to narrow down the issue:

 

2015-04-22 06:11:31 Error: CSystemConnectorModule [Thread 7f06377f6700]: Failed to get system update state

2015-04-22 07:01:26 Error: CRDSensorConnectorModule [Thread 7f06367f4700]: IPCClientConnector: Data received callback, errCat: Generic, errCode: 103, errMsg: Connection aborted, clientState: Disconnecting, receivedBytes: 0

2015-04-22 07:39:30 Error: CReplicationModule [Thread 7f0634de6700]: CReplicationManager: Failed to start replication, connection for replication link '00000000-0000-0000-7007-000000000001' (Automatic replication (OUT_OF_ORDER)) is already pending

 

Share this post


Link to post
Share on other sites

I've already tried reinstalling the agent as suggested in Topic 4048 but this didn't change anything. The VM with rogue detection service is shown in the console with a green checkmark.

 

According to status.html Agent replication is working, so maybe it's a RD issue?

Share this post


Link to post
Share on other sites

I've already tried reinstalling the agent as suggested in Topic 4048 but this didn't change anything. The VM with rogue detection service is shown in the console with a green checkmark.

 

According to status.html Agent replication is working, so maybe it's a RD issue?

 

Same here.

Share this post


Link to post
Share on other sites

@bbahes: I've turned the VM network interface into promiscuous mode. The KVM-Host Bridge also. The packages are shown in tcpdump, but the RD Sensors isn't working. I wonder what else the difference between a VM and a physical machine could be.

 

The German Support isn't answering anymore. They don't seem to have a solution.

Share this post


Link to post
Share on other sites

I have tried that too, but didn't look at tcpdump output. RD Sensor still didn't work.

I have feeling it has something to do with supported OS version, as you can see on attached image.

 

 

post-5358-0-95705700-1430124251_thumb.png

Share this post


Link to post
Share on other sites

Will someone from support comment this?

Is this a bug or are we doing something wrong?

Share this post


Link to post
Share on other sites

From the RDSensor detection log that chris375 posted, it seems that OS detection probes are not returning. If OS can not be detected for a network device, then it won't be sent to ERA as a computer. Idea was that network devices (printers, routers) should be filtered out.

 

RDSensor was compiled with libpcap version 1.3.0, please verify that you have this version installed on your system. Second requirement is bridged network from virtual machine where RDSensor is installed. If all those requirements are met, you can try to run nmap with OS detection (hxxp://nmap.org/book/osdetect-usage.html) to see whether it can detect OS on some computer. If not then RDSensor will no be able to that too.

Share this post


Link to post
Share on other sites

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...