Jump to content

Recommended Posts

Posted

I've installed Rogue Detection Sensor on Ubuntu 14.04. server using 3.7 Component installation on Linux.

However there are no computers detected but ERA server itself.

 

Can someone from support suggest what should I do?

 

Thanks.

Posted (edited)

Just a hint, maybe It won't show any "rogue" client since I haven't loaded license?

 

UPDATE: I've added license key, but still ERA does not detect any client on network. Could it be that I have to make changes to iptables?

Edited by bbahes
Posted

Exactly the same issue here! On the machine, where the ERA Rogue Detection Sensor is installed, there's the following line in the Agent Logfile:

 

2015-04-20 06:13:51 Error: CSystemConnectorModule [Thread 7f06377f6700]: Failed to get system update state
 

I've already reinstalled the agent.

Posted

Basically, the Detection seems to be working, at least the Detection Log is filled:

 

2015-04-20 06:26:01 Trace: PC Detection [Thread 7f217c3f9700]: Computer with IPv4: 192.168.1.70
2015-04-20 06:26:02 Debug: OSDetector: 192.168.1.93 [Thread 7f215b7fe700]: Time is up!
2015-04-20 06:26:02 Debug: OSDetector: 192.168.1.93 [Thread 7f215b7fe700]: 0 returned probes out of 12
2015-04-20 06:26:02 Warning: CInfoWorker [Thread 7f215b7fe700]: Info Worker warning: OS Detection on 192.168.1.93 failed: Not enough probes returned
 

Posted

It would appear this is still BUG on Linux distributions.

 

There is KB Solution ID: SOLN3674 and on the bottom of page it says:

 

 

I have installed ESET Rogue Detection Sensor in my virtual environment, but rogue computers are not detected—how can I resolve this issue?
Early builds of ESET Rogue Detection Sensor (RD Sensor) had a known issue that prevented them from finding rogue computers when RD Sensor was installed on a virtual machine. This issue has been resolved in version 6.1.28 and later of RD Sensor, released Feb. 25th, 2015. Visit the ESET Rogue Detection Sensor download page to get the latest version of RD Sensor.

 

 

My Ubuntu 14.04. is virtual machine...any update from support?

Posted

I've just downloaded the Agent a few days ago, it's version 6.1.450.0. So this bug shouldn't appear anymore ... ?????

Posted

I've just downloaded the Agent a few days ago, it's version 6.1.450.0. So this bug shouldn't appear anymore ... ?????

 

It's Rogue Detection Sensor 1.0.728.0 for Linux distributions that's in question, not Agent.

Posted

Of course, I've installed both. Agent and Detection Sensor in the same VM.

Posted

Of course, I've installed both. Agent and Detection Sensor in the same VM.

 

Yes but only RD Sensor appears to be having problem. They've apparently only fixed Windows version. Not Linux.

Posted

Four hours ago I've asked ESET support, but I got no reply yet.

Posted

Four hours ago I've asked ESET support, but I got no reply yet.

 

We can only wait for them to reply.

My luck is that I'm just testing v6 for now.

  • Administrators
Posted
Yes but only RD Sensor appears to be having problem. They've apparently only fixed Windows version. Not Linux.

 

The bug didn't affect Windows systems. Are those undetected computers in the same network with no firewall between computers and virtual appliance? Also just to make sure, SELinux is disabled, isn't it?

Posted

 

Yes but only RD Sensor appears to be having problem. They've apparently only fixed Windows version. Not Linux.

 

The bug didn't affect Windows systems. Are those undetected computers in the same network with no firewall between computers and virtual appliance? Also just to make sure, SELinux is disabled, isn't it?

 

 

It's just Ubuntu server 14.4.2 LTS guest on Hyper-V 2012 host. Windows guest detected all Machines on network.

I can Access network and Internet from Ubuntu guest ping and ping any host on network.

SELinux was enabled. I disabled it. Restarted server and only era is in detected list. So far...

Posted

 

Yes but only RD Sensor appears to be having problem. They've apparently only fixed Windows version. Not Linux.

 

The bug didn't affect Windows systems. Are those undetected computers in the same network with no firewall between computers and virtual appliance? Also just to make sure, SELinux is disabled, isn't it?

 

They're in the same network. There's no firewall between. In /var/log/eset/RogueDetectionSensor/trace.log scans are logged.

 

SELinux isn't enabled. The VM is Debian Jessie.

Posted

 

Of course, I've installed both. Agent and Detection Sensor in the same VM.

 

Yes but only RD Sensor appears to be having problem. They've apparently only fixed Windows version. Not Linux.

 

 

I don't know if this is a RD Sensor or Linux-Agent problem. At least, there are some errors in the agent-logfile. Maybe they help to narrow down the issue:

 

2015-04-22 06:11:31 Error: CSystemConnectorModule [Thread 7f06377f6700]: Failed to get system update state

2015-04-22 07:01:26 Error: CRDSensorConnectorModule [Thread 7f06367f4700]: IPCClientConnector: Data received callback, errCat: Generic, errCode: 103, errMsg: Connection aborted, clientState: Disconnecting, receivedBytes: 0

2015-04-22 07:39:30 Error: CReplicationModule [Thread 7f0634de6700]: CReplicationManager: Failed to start replication, connection for replication link '00000000-0000-0000-7007-000000000001' (Automatic replication (OUT_OF_ORDER)) is already pending

 

Posted (edited)

I've already tried reinstalling the agent as suggested in Topic 4048 but this didn't change anything. The VM with rogue detection service is shown in the console with a green checkmark.

 

According to status.html Agent replication is working, so maybe it's a RD issue?

Edited by chris375
Posted

I've already tried reinstalling the agent as suggested in Topic 4048 but this didn't change anything. The VM with rogue detection service is shown in the console with a green checkmark.

 

According to status.html Agent replication is working, so maybe it's a RD issue?

 

Same here.

Posted

@bbahes: I've turned the VM network interface into promiscuous mode. The KVM-Host Bridge also. The packages are shown in tcpdump, but the RD Sensors isn't working. I wonder what else the difference between a VM and a physical machine could be.

 

The German Support isn't answering anymore. They don't seem to have a solution.

Posted

I have tried that too, but didn't look at tcpdump output. RD Sensor still didn't work.

I have feeling it has something to do with supported OS version, as you can see on attached image.

 

 

post-5358-0-95705700-1430124251_thumb.png

Posted

Will someone from support comment this?

Is this a bug or are we doing something wrong?

  • 2 weeks later...
  • ESET Staff
Posted

From the RDSensor detection log that chris375 posted, it seems that OS detection probes are not returning. If OS can not be detected for a network device, then it won't be sent to ERA as a computer. Idea was that network devices (printers, routers) should be filtered out.

 

RDSensor was compiled with libpcap version 1.3.0, please verify that you have this version installed on your system. Second requirement is bridged network from virtual machine where RDSensor is installed. If all those requirements are met, you can try to run nmap with OS detection (hxxp://nmap.org/book/osdetect-usage.html) to see whether it can detect OS on some computer. If not then RDSensor will no be able to that too.

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...