Open GoogleCodeExporter opened 9 years ago
Hello,
Are the target systems part of a domain, or are they standalone systems? If
they are standalone systems, see the first FAQ entry here:
https://code.google.com/p/opendlp/wiki/FAQ
Original comment by andrew.O...@gmail.com
on 3 Jan 2012 at 2:13
Systems are not the part of a domain and all the other necessary modifications
has been done on both the systems.
Both the systems are Windows7 and registry level changes has been made as per
the guide. But still there is no update.
Even firewalls on the systems are switched off.
Original comment by grv.rawa...@gmail.com
on 5 Jan 2012 at 4:59
From yet another Windows system, can you try this command from a cmd.exe prompt:
net use \\1.2.3.4\ADMIN$ password /u:WORKGROUP\username
Replace "1.2.3.4" with the actual IP address of one of your non-domain Windows
7 target systems.
Original comment by andrew.O...@gmail.com
on 5 Jan 2012 at 2:06
I just released OpenDLP 0.4.3. Can you try this new version to see if this
issue is fixed? Thanks.
Original comment by andrew.O...@gmail.com
on 7 Jan 2012 at 10:46
Thanks for the information.
However, let me know if there is any option to upgrade version 0.4.2 to 0.4.3
or i have to download all the VM files again for fresh installation.
Original comment by grv.rawa...@gmail.com
on 9 Jan 2012 at 9:31
You can upgrade without downloading a new VM. Download
https://opendlp.googlecode.com/files/OpenDLP-0.4.3.tar.bz2, extract it, and
replace the 0.4.2 files in "/var/www/localhost/OpenDLP/web/bin" with the new
0.4.3 files.
Original comment by andrew.O...@gmail.com
on 9 Jan 2012 at 2:57
I have installed the new version. But the issue is same.
I have initialized the scan and waited for 30 minutes. But there is no response
in both agentless and with agent scan as told earlier.
Original comment by grv.rawa...@gmail.com
on 10 Jan 2012 at 12:28
Can you provide the configuration procedure?
I have completed all the process mentioned in README document. Do we also have
to configure apache and database for the VMs?
Kindly provide the complete configuration procedure.
Original comment by grv.rawa...@gmail.com
on 13 Jan 2012 at 5:48
If you are using the VM, you do not have to configure the database or Apache.
You only have to follow instructions in the "README-VM.txt" file.
Can you run the following command from another Windows system?
net use \\1.2.3.4\ADMIN$ "windows_password" /u:WORKGROUP\windows_username
Replace "1.2.3.4" with the IP address of your target Windows system, replace
"windows_password" with the actual account password, replace "WORKGROUP" with
the actual workgroup or domain, and replace "windows_username" with your actual
account name. If this fails, OpenDLP will not work either.
Original comment by andrew.O...@gmail.com
on 13 Jan 2012 at 2:24
Can you tell me what is the expected outcome of this command, incase the
command works?
I have tried and got the response stating "the command completed successfully."
Does it mean that command is working?
Original comment by grv.rawa...@gmail.com
on 16 Jan 2012 at 5:36
Can you also tell me about what data to provide in "SMB HASH" in profile
creation?
And 1 more detail i want to tell you that we are having 64 bit OS here. so will
it also affect?
Original comment by grv.rawa...@gmail.com
on 16 Jan 2012 at 9:39
In regard to comment 10, that is good it said "the command completed
successfully". That means you have the appropriate credentials to test the
system, and the system is sharing its drives over SMB properly.
In the policy editor, the "SMB HASH" is optional and only used when you do not
specify a password.
Can you take screenshots of two things for me:
1. Your policy
2. The screen where you are trying to start a scan
Original comment by andrew.O...@gmail.com
on 16 Jan 2012 at 2:23
Thanks for the response andrew
Please find the attached document with the screenshots u require.
Here the complete systems are on 64-bit windows and we have to copy 32-bit
sc.exe. Shall we install 64-bit sc.exe on opendlp server
Original comment by grv.rawa...@gmail.com
on 17 Jan 2012 at 5:20
Attachments:
Are you using "sc.exe" from Windows XP? If you took it from Windows Vista or
Windows 7, it may not work on older systems.
In your agent policy, can you change the installation directory to something
that does not have parentheses in it? This is just a guess, but maybe there is
a bug with installing it to directories with parentheses.
In your agentless policy, you have a forward slash ("/") in the "Directories"
option. Change this to a backslash ("\") and try it again.
Original comment by andrew.O...@gmail.com
on 17 Jan 2012 at 5:44
so shall i take 32-bit or 64 bit "sc.exe"?
I am using 32-bit sc.exe from windows XP and windows 2000?
Original comment by grv.rawa...@gmail.com
on 17 Jan 2012 at 6:01
You must use 32-bit "sc.exe". It will work for both 32-bit and 64-bit targets.
Original comment by andrew.O...@gmail.com
on 17 Jan 2012 at 2:56
Thanks for all the information and support.
What is the expected time to finish both agent and agentless scan?
I have install "sc.exe" from 32-bit Windows XP.
Original comment by grv.rawa...@gmail.com
on 18 Jan 2012 at 5:28
Are both agentless and agent scans working? If so, I will close this issue.
For an agent scan on newer systems, the agent will scan about 2 GB every hour
with the 13 default regexes selected.
For an agentless scan, it heavily depends on the number of systems being
scanned. If you are scanning 2,000 systems agentlessly, it will take about 3
months. If you are just scanning 1 system, it will go almost as fast as an
agent (perhaps 25% slower).
Original comment by andrew.O...@gmail.com
on 18 Jan 2012 at 5:52
No both of the scans are not working.
I have schedules a scan for onle 1 system and only 1 folder .. i waited for 2
hours.
The issue is as same as told earlier.
There is no improvement.
Original comment by grv.rawa...@gmail.com
on 18 Jan 2012 at 5:56
Please look at comment 14 and try those suggestions. Are both agent and
agentless failing, or does one work?
Original comment by andrew.O...@gmail.com
on 18 Jan 2012 at 6:01
i did both the changes as per your comment 14.
But unfortunately both agent and agentless scans are not working.
Original comment by grv.rawa...@gmail.com
on 18 Jan 2012 at 6:07
Can you post new screenshots of your policies and of your scan deployment
attempts?
Original comment by andrew.O...@gmail.com
on 18 Jan 2012 at 6:20
Please find the attached screenshot?
Original comment by grv.rawa...@gmail.com
on 18 Jan 2012 at 6:30
Attachments:
What if you edit your policies so you have something in the "Extensions" field?
The policies will look like this:
Scan file extensions: everything
Extensions: txt,doc
If you leave it as "everything", it will ignore the list of extensions anyway.
Original comment by andrew.O...@gmail.com
on 18 Jan 2012 at 2:44
Hi Andrew,
I was going through the error logs in OpenDLP server today.
I found few logs are getting generated when a scan is scheduled. I am attaching
the logs here.
Can you have a look at it?
Please let me know the solution.
Original comment by grv.rawa...@gmail.com
on 20 Jan 2012 at 10:01
Attachments:
Are you installing any Ubuntu system updates with the OpenDLP VM?
Original comment by andrew.O...@gmail.com
on 20 Jan 2012 at 12:34
no I have not installed any updates on VM.
Original comment by grv.rawa...@gmail.com
on 20 Jan 2012 at 6:07
Did you try what I mentioned in comment 24 (write at least some file extensions
in the policy's "Extensions" text box)?
Original comment by andrew.O...@gmail.com
on 21 Jan 2012 at 2:00
I have the same problem. Using the VM. From two different Windows machines I
can map the share successfully as well. If I look into the
/var/log/apache2/error.log, I see the same SMBClient.pm line 347 error. I'm
guessing that is related somehow.
Original comment by js69...@gmail.com
on 27 Jan 2012 at 9:33
[deleted comment]
[deleted comment]
[deleted comment]
[deleted comment]
I resolved this issue after a few hours of various debugging. One deceiving
part is that the agent receives a zero byte sc.exe which made me assume that
the file was present. Running through the winexe commands to the agent revealed
that the system could not run sc.exe (obviously). The README-VM.TXT included
this information, however it may be useful to point out to others that run
across this issue. It would also be nice to have README-VM.txt as an available
download.
Original comment by js69...@gmail.com
on 29 Jan 2012 at 7:05
Hi Andrew
i have formated the system and reinstalled everything. But the problem still
persist.
Original comment by grv.rawa...@gmail.com
on 23 Feb 2012 at 5:14
Hi Andrew,
Can you please provide me the port which is used for scan?
I have tried doing telnet from my machine to OPENDLP server on 443 and the same
is working. But when i am trying to telnet my machine from OPENDLP server on
443, it is not working.
Original comment by grv.rawa...@gmail.com
on 24 Feb 2012 at 10:28
OpenDLP's web server listens on https port 443 for connections from agents and
normal web browsers. OpenDLP pushes its agents and performs agentless scans
from its server to target Windows systems over SMB port 445.
Can you try the latest OpenDLP 0.4.4 to see if it works for you?
Original comment by andrew.O...@gmail.com
on 24 Feb 2012 at 2:18
Hi Andrew,
I have installed the latest version of OPENDLP and working on the same.
I am able to telnet WINDOWS7 machine frm VM on port 443 and 445. But telnet
from WINDOWS7 machine to VM on both the ports is not working.
Can you tell me if there is any configuration need to be done on VM as windows
firewall is off?
Original comment by grv.rawa...@gmail.com
on 27 Feb 2012 at 6:15
Nothing needs to be configured with the OpenDLP VM except to copy a Windows XP
"sc.exe" to it.
Are you running your OpenDLP VM in NAT mode or bridged mode? Be sure you are in
bridged mode.
Is the Windows 7 box a VM or a real system? If it's a VM, again be sure to run
in bridged mode.
Original comment by andrew.O...@gmail.com
on 27 Feb 2012 at 2:14
Windows7 is a real system and opendlp is on bridged mode.
i have check opened port on VM, it is not showing 445.
From my side, I have check all the configuration once again.
But the status is till same.
Original comment by grv.rawa...@gmail.com
on 1 Mar 2012 at 11:41
Hi Andrew,
I am able to scan both agent and agentless Windows7 host system.
But however, the other Windows7 system on internal LAN is not getting
initiated.
The firewalls are switched-off on both the systems.
Can you suggest any solution for the same?
Original comment by grv.rawa...@gmail.com
on 17 Apr 2012 at 5:51
You will have to figure out what is different between the two systems. From
another Windows system, can you do this to the Windows system that will not
scan (replace "1.2.3.4" with the failed Windows system's IP address):
net use \\1.2.3.4\C$ "password" /u:WORKGROUP\administrator
Original comment by andrew.O...@gmail.com
on 18 Apr 2012 at 1:13
hi Andrew,
the command completed successfully for the other system.
Is there any dependency on patches?
Original comment by grv.rawa...@gmail.com
on 20 Apr 2012 at 6:47
Hi Andrew,
I have moved to Ubuntu from Windows 2007.
I configured the OpenDLP v4.4 on the same with other configurations.
I am trying to schedule a scan for a Windows7 machine. Is there anything else
need to configured apart from the given configuration?
in windows u hav given the command to check the accessibility "net use
\\1.2.3.4\C$ "password" /u:WORKGROUP\administrator"
which command can we use for Linux?
Original comment by grv.rawa...@gmail.com
on 7 May 2012 at 10:28
Hi Andrew,
is there any particular service on Windows 2007 that need to be enabled?
Original comment by grv.rawa...@gmail.com
on 9 Jun 2012 at 10:09
If the target Windows systems are standalone and not part of a domain, you will
have to configure the Windows systems as described in the first FAQ entry here:
https://code.google.com/p/opendlp/wiki/FAQ
If the target Windows systems are part of a domain, you will not have to do
anything.
Original comment by andrew.O...@gmail.com
on 9 Jun 2012 at 2:20
hi Andrew,
I have made all the configuration. Even i am able to telnet the target system
on port 445 but not on port 443.
but still the issue issue is same. I am really confused what is pending.
Original comment by grv.rawa...@gmail.com
on 9 Jun 2012 at 5:37
Hi Andrew,
Thanks for all your support during the discussion.
However, Andrew I am not yet successful in performing the scan over network
systems. All the configurations has been done and even firewalls were made
switch off.
Yet there is no update on the issue.
Kindly requesting your expert advice on the same.
Please write me on same or my mail id "grv.rawat234@gmail.com".
Original comment by grv.rawa...@gmail.com
on 22 Jun 2012 at 5:26
Hello,
When you say "i am able to telnet the target system on port 445 but not on port
443", are you talking about trying to connect to port 443 on the target Windows
system you are trying to test? Port 443 is not opened on the target Windows
system by OpenDLP. You should be connecting to port 443 on the OpenDLP system
with HTTPS.
You should see port 445 open on the Windows system to be tested. You should see
port 443 open on the OpenDLP VM. If you cannot see either of these things,
OpenDLP will not work.
Original comment by andrew.O...@gmail.com
on 22 Jun 2012 at 2:46
[deleted comment]
Original issue reported on code.google.com by
grv.rawa...@gmail.com
on 3 Jan 2012 at 11:37