kirklatslalom / opendlp

Automatically exported from code.google.com/p/opendlp
0 stars 0 forks source link

Scan is not initializing #39

Open GoogleCodeExporter opened 9 years ago

GoogleCodeExporter commented 9 years ago
What steps will reproduce the problem?
1.
2.
3.

What is the expected output? What do you see instead?
After initializing the scan, there is no output. Only response is the following:
"192.168.X.X: Trying to deploy (0 systems remain in queue)"

What version of the product are you using? On what operating system?
I m using OpenDLP 0.4.2 on windows7 (server) and windows 2003 and 2007(client).

Please provide any additional information below.

Original issue reported on code.google.com by grv.rawa...@gmail.com on 3 Jan 2012 at 11:37

GoogleCodeExporter commented 9 years ago
Hello,

Are the target systems part of a domain, or are they standalone systems? If 
they are standalone systems, see the first FAQ entry here: 
https://code.google.com/p/opendlp/wiki/FAQ

Original comment by andrew.O...@gmail.com on 3 Jan 2012 at 2:13

GoogleCodeExporter commented 9 years ago
Systems are not the part of a domain and all the other necessary modifications 
has been done on both the systems.
Both the systems are Windows7 and registry level changes has been made as per 
the guide. But still there is no update. 

Even firewalls on the systems are switched off. 

Original comment by grv.rawa...@gmail.com on 5 Jan 2012 at 4:59

GoogleCodeExporter commented 9 years ago
From yet another Windows system, can you try this command from a cmd.exe prompt:

net use \\1.2.3.4\ADMIN$ password /u:WORKGROUP\username

Replace "1.2.3.4" with the actual IP address of one of your non-domain Windows 
7 target systems.

Original comment by andrew.O...@gmail.com on 5 Jan 2012 at 2:06

GoogleCodeExporter commented 9 years ago
I just released OpenDLP 0.4.3. Can you try this new version to see if this 
issue is fixed? Thanks.

Original comment by andrew.O...@gmail.com on 7 Jan 2012 at 10:46

GoogleCodeExporter commented 9 years ago
Thanks for the information. 
However, let me know if there is any option to upgrade version 0.4.2 to 0.4.3 
or i have to download all the VM files again for fresh installation.

Original comment by grv.rawa...@gmail.com on 9 Jan 2012 at 9:31

GoogleCodeExporter commented 9 years ago
You can upgrade without downloading a new VM. Download 
https://opendlp.googlecode.com/files/OpenDLP-0.4.3.tar.bz2, extract it, and 
replace the 0.4.2 files in "/var/www/localhost/OpenDLP/web/bin" with the new 
0.4.3 files.

Original comment by andrew.O...@gmail.com on 9 Jan 2012 at 2:57

GoogleCodeExporter commented 9 years ago
I have installed the new version. But the issue is same.
I have initialized the scan and waited for 30 minutes. But there is no response 
in both agentless and with agent scan as told earlier.

Original comment by grv.rawa...@gmail.com on 10 Jan 2012 at 12:28

GoogleCodeExporter commented 9 years ago
Can you provide the configuration procedure?
I have completed all the process mentioned in README document. Do we also have 
to configure apache and database for the VMs?

Kindly provide the complete configuration procedure.

Original comment by grv.rawa...@gmail.com on 13 Jan 2012 at 5:48

GoogleCodeExporter commented 9 years ago
If you are using the VM, you do not have to configure the database or Apache. 
You only have to follow instructions in the "README-VM.txt" file.

Can you run the following command from another Windows system?

net use \\1.2.3.4\ADMIN$ "windows_password" /u:WORKGROUP\windows_username

Replace "1.2.3.4" with the IP address of your target Windows system, replace 
"windows_password" with the actual account password, replace "WORKGROUP" with 
the actual workgroup or domain, and replace "windows_username" with your actual 
account name. If this fails, OpenDLP will not work either.

Original comment by andrew.O...@gmail.com on 13 Jan 2012 at 2:24

GoogleCodeExporter commented 9 years ago
Can you tell me what is the expected outcome of this command, incase the 
command works?

I have tried and got the response stating "the command completed successfully."
Does it mean that command is working?

Original comment by grv.rawa...@gmail.com on 16 Jan 2012 at 5:36

GoogleCodeExporter commented 9 years ago
Can you also tell me about what data to provide in "SMB HASH" in profile 
creation?
And 1 more detail i want to tell you that we are having 64 bit OS here. so will 
it also affect?

Original comment by grv.rawa...@gmail.com on 16 Jan 2012 at 9:39

GoogleCodeExporter commented 9 years ago
In regard to comment 10, that is good it said "the command completed 
successfully". That means you have the appropriate credentials to test the 
system, and the system is sharing its drives over SMB properly.

In the policy editor, the "SMB HASH" is optional and only used when you do not 
specify a password.

Can you take screenshots of two things for me:
1. Your policy
2. The screen where you are trying to start a scan

Original comment by andrew.O...@gmail.com on 16 Jan 2012 at 2:23

GoogleCodeExporter commented 9 years ago
Thanks for the response andrew
Please find the attached document with the screenshots u require.

Here the complete systems are on 64-bit windows and we have to copy 32-bit 
sc.exe. Shall we install 64-bit sc.exe on opendlp server

Original comment by grv.rawa...@gmail.com on 17 Jan 2012 at 5:20

Attachments:

GoogleCodeExporter commented 9 years ago
Are you using "sc.exe" from Windows XP? If you took it from Windows Vista or 
Windows 7, it may not work on older systems.

In your agent policy, can you change the installation directory to something 
that does not have parentheses in it? This is just a guess, but maybe there is 
a bug with installing it to directories with parentheses.

In your agentless policy, you have a forward slash ("/") in the "Directories" 
option. Change this to a backslash ("\") and try it again.

Original comment by andrew.O...@gmail.com on 17 Jan 2012 at 5:44

GoogleCodeExporter commented 9 years ago
so shall i take 32-bit or 64 bit "sc.exe"?

I am using 32-bit sc.exe from windows XP and windows 2000?

Original comment by grv.rawa...@gmail.com on 17 Jan 2012 at 6:01

GoogleCodeExporter commented 9 years ago
You must use 32-bit "sc.exe". It will work for both 32-bit and 64-bit targets.

Original comment by andrew.O...@gmail.com on 17 Jan 2012 at 2:56

GoogleCodeExporter commented 9 years ago
Thanks for all the information and support.
What is the expected time to finish both agent and agentless scan?

I have install "sc.exe" from 32-bit Windows XP.

Original comment by grv.rawa...@gmail.com on 18 Jan 2012 at 5:28

GoogleCodeExporter commented 9 years ago
Are both agentless and agent scans working? If so, I will close this issue.

For an agent scan on newer systems, the agent will scan about 2 GB every hour 
with the 13 default regexes selected.

For an agentless scan, it heavily depends on the number of systems being 
scanned. If you are scanning 2,000 systems agentlessly, it will take about 3 
months. If you are just scanning 1 system, it will go almost as fast as an 
agent (perhaps 25% slower).

Original comment by andrew.O...@gmail.com on 18 Jan 2012 at 5:52

GoogleCodeExporter commented 9 years ago
No both of the scans are not working. 
I have schedules a scan for onle 1 system and only 1 folder .. i waited for 2 
hours. 

The issue is as same as told earlier. 
There is no improvement.

Original comment by grv.rawa...@gmail.com on 18 Jan 2012 at 5:56

GoogleCodeExporter commented 9 years ago
Please look at comment 14 and try those suggestions. Are both agent and 
agentless failing, or does one work?

Original comment by andrew.O...@gmail.com on 18 Jan 2012 at 6:01

GoogleCodeExporter commented 9 years ago
i did both the changes as per your comment 14.
But unfortunately both agent and agentless scans are not working. 

Original comment by grv.rawa...@gmail.com on 18 Jan 2012 at 6:07

GoogleCodeExporter commented 9 years ago
Can you post new screenshots of your policies and of your scan deployment 
attempts?

Original comment by andrew.O...@gmail.com on 18 Jan 2012 at 6:20

GoogleCodeExporter commented 9 years ago
Please find the attached screenshot?

Original comment by grv.rawa...@gmail.com on 18 Jan 2012 at 6:30

Attachments:

GoogleCodeExporter commented 9 years ago
What if you edit your policies so you have something in the "Extensions" field? 
The policies will look like this:

Scan file extensions: everything
Extensions: txt,doc

If you leave it as "everything", it will ignore the list of extensions anyway.

Original comment by andrew.O...@gmail.com on 18 Jan 2012 at 2:44

GoogleCodeExporter commented 9 years ago
Hi Andrew,

I was going through the error logs in OpenDLP server today. 
I found few logs are getting generated when a scan is scheduled. I am attaching 
the logs here. 
Can you have a look at it?
Please let me know the solution.

Original comment by grv.rawa...@gmail.com on 20 Jan 2012 at 10:01

Attachments:

GoogleCodeExporter commented 9 years ago
Are you installing any Ubuntu system updates with the OpenDLP VM?

Original comment by andrew.O...@gmail.com on 20 Jan 2012 at 12:34

GoogleCodeExporter commented 9 years ago
no I have not installed any updates on VM.

Original comment by grv.rawa...@gmail.com on 20 Jan 2012 at 6:07

GoogleCodeExporter commented 9 years ago
Did you try what I mentioned in comment 24 (write at least some file extensions 
in the policy's "Extensions" text box)?

Original comment by andrew.O...@gmail.com on 21 Jan 2012 at 2:00

GoogleCodeExporter commented 9 years ago
I have the same problem. Using the VM. From two different Windows machines I 
can map the share successfully as well. If I look into the 
/var/log/apache2/error.log, I see the same SMBClient.pm line 347 error. I'm 
guessing that is related somehow.

Original comment by js69...@gmail.com on 27 Jan 2012 at 9:33

GoogleCodeExporter commented 9 years ago
[deleted comment]
GoogleCodeExporter commented 9 years ago
[deleted comment]
GoogleCodeExporter commented 9 years ago
[deleted comment]
GoogleCodeExporter commented 9 years ago
[deleted comment]
GoogleCodeExporter commented 9 years ago
I resolved this issue after a few hours of various debugging. One deceiving 
part is that the agent receives a zero byte sc.exe which made me assume that 
the file was present. Running through the winexe commands to the agent revealed 
that the system could not run sc.exe (obviously). The README-VM.TXT included 
this information, however it may be useful to point out to others that run 
across this issue. It would also be nice to have README-VM.txt as an available 
download.

Original comment by js69...@gmail.com on 29 Jan 2012 at 7:05

GoogleCodeExporter commented 9 years ago
Hi Andrew
i have formated the system and reinstalled everything. But the problem still 
persist.

Original comment by grv.rawa...@gmail.com on 23 Feb 2012 at 5:14

GoogleCodeExporter commented 9 years ago
Hi Andrew,

Can you please provide me the port which is used for scan?
I have tried doing telnet from my machine to OPENDLP server on 443 and the same 
is working. But when i am trying to telnet my machine from OPENDLP server on 
443, it is not working. 

Original comment by grv.rawa...@gmail.com on 24 Feb 2012 at 10:28

GoogleCodeExporter commented 9 years ago
OpenDLP's web server listens on https port 443 for connections from agents and 
normal web browsers. OpenDLP pushes its agents and performs agentless scans 
from its server to target Windows systems over SMB port 445.

Can you try the latest OpenDLP 0.4.4 to see if it works for you?

Original comment by andrew.O...@gmail.com on 24 Feb 2012 at 2:18

GoogleCodeExporter commented 9 years ago
Hi Andrew,

I have installed the latest version of OPENDLP and working on the same. 

I am able to telnet WINDOWS7 machine frm VM on port 443 and 445. But telnet 
from WINDOWS7 machine to VM on both the ports is not working.

Can you tell me if there is any configuration need to be done on VM as windows 
firewall is off? 

Original comment by grv.rawa...@gmail.com on 27 Feb 2012 at 6:15

GoogleCodeExporter commented 9 years ago
Nothing needs to be configured with the OpenDLP VM except to copy a Windows XP 
"sc.exe" to it.

Are you running your OpenDLP VM in NAT mode or bridged mode? Be sure you are in 
bridged mode.

Is the Windows 7 box a VM or a real system? If it's a VM, again be sure to run 
in bridged mode.

Original comment by andrew.O...@gmail.com on 27 Feb 2012 at 2:14

GoogleCodeExporter commented 9 years ago
Windows7 is a real system and opendlp is on bridged mode.
i have check opened port on VM, it is not showing 445. 

From my side, I have check all the configuration once again.
But the status is till same.

Original comment by grv.rawa...@gmail.com on 1 Mar 2012 at 11:41

GoogleCodeExporter commented 9 years ago
Hi Andrew, 

I am able to scan both agent and agentless Windows7 host system. 
But however, the other Windows7 system on internal LAN is not getting 
initiated. 

The firewalls are switched-off on both the systems.
Can you suggest any solution for the same?

Original comment by grv.rawa...@gmail.com on 17 Apr 2012 at 5:51

GoogleCodeExporter commented 9 years ago
You will have to figure out what is different between the two systems. From 
another Windows system, can you do this to the Windows system that will not 
scan (replace "1.2.3.4" with the failed Windows system's IP address):

net use \\1.2.3.4\C$ "password" /u:WORKGROUP\administrator

Original comment by andrew.O...@gmail.com on 18 Apr 2012 at 1:13

GoogleCodeExporter commented 9 years ago
hi Andrew,

the command completed successfully for the other system.
Is there any dependency on patches?

Original comment by grv.rawa...@gmail.com on 20 Apr 2012 at 6:47

GoogleCodeExporter commented 9 years ago
Hi Andrew,

I have moved to Ubuntu from Windows 2007.
I configured the OpenDLP v4.4 on the same with other configurations.

I am trying to schedule a scan for a Windows7 machine. Is there anything else 
need to configured apart from the given configuration?

in windows u hav given the command to check the accessibility "net use 
\\1.2.3.4\C$ "password" /u:WORKGROUP\administrator"
which command can we use for Linux?

Original comment by grv.rawa...@gmail.com on 7 May 2012 at 10:28

GoogleCodeExporter commented 9 years ago
Hi Andrew,
is there any particular service on Windows 2007 that need to be enabled?

Original comment by grv.rawa...@gmail.com on 9 Jun 2012 at 10:09

GoogleCodeExporter commented 9 years ago
If the target Windows systems are standalone and not part of a domain, you will 
have to configure the Windows systems as described in the first FAQ entry here: 
https://code.google.com/p/opendlp/wiki/FAQ

If the target Windows systems are part of a domain, you will not have to do 
anything.

Original comment by andrew.O...@gmail.com on 9 Jun 2012 at 2:20

GoogleCodeExporter commented 9 years ago
hi Andrew,

I have made all the configuration. Even i am able to telnet the target system 
on port 445 but not on port 443. 
but still the issue issue is same. I am really confused what is pending.

Original comment by grv.rawa...@gmail.com on 9 Jun 2012 at 5:37

GoogleCodeExporter commented 9 years ago
Hi Andrew,

Thanks for all your support during the discussion. 
However, Andrew I am not yet successful in performing the scan over network 
systems. All the configurations has been done and even firewalls were made 
switch off.

Yet there is no update on the issue.

Kindly requesting your expert advice on the same. 
Please write me on same or my mail id "grv.rawat234@gmail.com".

Original comment by grv.rawa...@gmail.com on 22 Jun 2012 at 5:26

GoogleCodeExporter commented 9 years ago
Hello,

When you say "i am able to telnet the target system on port 445 but not on port 
443", are you talking about trying to connect to port 443 on the target Windows 
system you are trying to test? Port 443 is not opened on the target Windows 
system by OpenDLP. You should be connecting to port 443 on the OpenDLP system 
with HTTPS.

You should see port 445 open on the Windows system to be tested. You should see 
port 443 open on the OpenDLP VM. If you cannot see either of these things, 
OpenDLP will not work.

Original comment by andrew.O...@gmail.com on 22 Jun 2012 at 2:46

GoogleCodeExporter commented 9 years ago
[deleted comment]