ossec-server no binding on port 1514 #1061
Comments
|
The ipv6 people have had their fingers in it. Guess that's a requirement now. |
|
This is not handy on a dockerized environment, internally we speak ipv4 only. Could this bug be reopened? |
|
I'll have a go at it tomorrow or this weekend. Thanks |
|
This also fails at AWS when IPv6 is disabled, as compliancy documents require do close all unused services and interfaces, that included IPv6 when only IPv4 is used internally 😞. Managed to downgrade to 2.8.3 |
|
@margussipria Please test pull request #1259 |
|
I was able to test pull request #1259 an it solved the problem for me. |
|
I had the same issue on a SLES12 server, and the pull request #1259 fixed the issue. |
|
This issue is solved in PR 1412, and it supports both IPv4 and IPv6 on multiple interfaces. |
|
This basically renders this tool useless in AWS. you can't establish secure security groups on a VPC with IPV6 addresses. You need to have the server listening on IPV4 |
|
If your system has an IPv4 address, then this will bind to it (providing you do not use the default Linux override to MAP IPv4 over IPv6). Make sure you do not have AI_V4MAPPED defined and you should be fine. See src/os_net/os_net.c for more info. I have zero problems running OSSEC on AWS EC2 or AWS Lightsail instances. |
Hi Guys,
Tries both RPM, tgz, iptables have all the rules too, but v 2.9 just doesn't bring a listener on port 1514.
debug mode: has no useful info what so ever. If you google for similar issues >> many results for all version. This seems to be a constant pain for many people.
confusingly enough, sometimes I get a socket. once I restart service: ossec-control restart it's gone. No consistency to bring it back either.
What I'm missing here ?
Thanks in advance
#env
CentOS Linux release 7.3.1611 (Core)
3.10.0-327.4.5.el7.x86_64
#packages
[root@ossec-server bin]# rpm -qa |grep ossec
ossec-hids-server-2.9.0-49.el7.art.x86_64
ossec-hids-2.9.0-49.el7.art.x86_64
#partial config
<ossec_config>
<jsonout_output>yes</jsonout_output>
...
secure
/Update1
#Extra info
[root@ossec-server bin]# /var/ossec/bin/ossec-remoted -f
2017/02/13 23:31:19 ossec-remoted: INFO: Started (pid: 54613).
[root@ossec-server bin]# 2017/02/13 23:31:19 getaddrinfo: Name or service not known
2017/02/13 23:31:19 ossec-remoted(1206): ERROR: Unable to Bind port '1514
#Update2
Apparently, If ipv6 is disabled, one get
getaddrinfo: Name or service not known, or/and ossec-remoted(1206): ERROR: Unable to Bind port '1514' erros, hence IPV6 must be enabled !!
Once you update /etc/sysctl.conf, with
net.ipv6.conf.all.disable_ipv6 = 0
net.ipv6.conf.default.disable_ipv6 = 0
run sysctl -p and restart network service! without restarting the service it's still not binding, even though other service are listening on ipv6!
P.S.
One also need to add at least one client via manage agent too and restart the service!
The text was updated successfully, but these errors were encountered: