On Fri, Mar 31, 2017 at 10:36 AM, Eduardo Reichert Figueiredo
<eduardo.reich...@hotmail.com> wrote:
> Hi,
> after enable ipv6 in /boot i received other problem, the process remoted
> binding in port 1514 for ipv6 and not binding to ipv4.
>
> udp6 0 0 :::514 :::*
> 5243/bin/ossec-remo
> udp6 0 0 :::1514 :::*
> 5244/bin/ossec-remo
>
> You know this type of problem?
>
Mine shows up the same way, but I don't have IPv6 configured on this system:
udp6 0 0 :::1514 :::*
3225/ossec-remoted
My agents connect fine. Are your agents not connecting?
>
> Em quarta-feira, 29 de março de 2017 15:09:37 UTC-3, Victor Fernandez
> escreveu:
>>
>> Sorry Eduardo, maybe the method that I told you (enabling on the fly) does
>> not work properly.
>>
>> If followed those steps to disable IPv6, better undo what you did to
>> disable it.
>>
>> I have done it by editing file "/etc/sysctl.conf" and adding (to disable)
>> or removing (to enable back) these lines:
>>
>> net.ipv6.conf.all.disable_ipv6 = 1
>>
>> net.ipv6.conf.default.disable_ipv6 = 1
>>
>>
>> You probably used this method to disable IPv6, so please try to remove (or
>> comment) those lines, reboot your system and start OSSEC again.
>>
>> Best regards.
>>
>> On Wed, Mar 29, 2017 at 3:30 PM, Eduardo Reichert Figueiredo
>> <eduardo....@hotmail.com> wrote:
>>>
>>> Hi Victor,
>>> i validated and ipv6 feature is enable in my redhat 7.3, but ossec
>>> remoted continue is same error reported above.
>>>
>>> The file of installation is same that used in other installations
>>> (rhel6.8).
>>>
>>> Em quinta-feira, 23 de março de 2017 15:37:50 UTC-3, Victor Fernandez
>>> escreveu:
>>>>
>>>> Hi Eduardo,
>>>>
>>>> I agree with Dan, I tested OSSEC v2.9 on a clean CentOS 7 with your
>>>> <remote> configuration and it worked. But when I disabled IPv6 I got the
>>>> same errors you have.
>>>>
>>>> Please try to enable IPv6 on the running system with:
>>>>
>>>> sysctl -w net.ipv6.conf.all.disable_ipv6=1
>>>> sysctl -w net.ipv6.conf.default.disable_ipv6=1
>>>>
>>>>
>>>> And try to start OSSEC. If it works, consider enabling IPv6 permanently
>>>> by editing file /etc/sysctl.conf.
>>>>
>>>> Hope it help. If I find another way to run OSSEC with IPv6 disabled I
>>>> will let you know.
>>>>
>>>> Best regards.
>>>>
>>>> On Thu, Mar 23, 2017 at 11:19 AM, dan (ddp) <ddp...@gmail.com> wrote:
>>>>>
>>>>> On Thu, Mar 23, 2017 at 1:08 PM, Eduardo Reichert Figueiredo
>>>>> <eduardo....@hotmail.com> wrote:
>>>>> > Hi dan, i dont have ipv6 enabled in my system linux, so i dont have
>>>>> > inet6 in
>>>>> > my ifconfig configurations, only ipv4.
>>>>> >
>>>>> > This can caused for the problem?
>>>>> >
>>>>>
>>>>> I think having ipv6 support is necessary now. You don't need to have
>>>>> addresses or anything, but the facilities need to be available.
>>>>>
>>>>> > Em quarta-feira, 22 de março de 2017 20:30:08 UTC-3, dan (ddpbsd)
>>>>> > escreveu:
>>>>> >>
>>>>> >> On Tue, Mar 21, 2017 at 10:46 AM, Eduardo Reichert Figueiredo
>>>>> >> <eduardo....@hotmail.com> wrote:
>>>>> >> > When i install ossec 2.9.0 on rhel 7.3 (no ipv6 feature and
>>>>> >> > address) i
>>>>> >> > have
>>>>> >>
>>>>> >> Is IPv6 totally disabled for your system (support for IPv6 was
>>>>> >> removed)?
>>>>> >>
>>>>> >> > a problem to ossec-remoted and ossec-auth, this services cant bind
>>>>> >> > ports
>>>>> >> > 1514, log error below.
>>>>> >> > I generated my certificated with commands "openssl genrsa -out"
>>>>> >> > and
>>>>> >> > "openssl
>>>>> >> > req -new -x509 -key ".
>>>>> >> >
>>>>> >> > ##Log OSSEC.LOG
>>>>> >> > 2017/03/21 11:34:34 ossec-remoted: DEBUG: Forking remoted: '0'.
>>>>> >> > 2017/03/21 11:34:34 ossec-remoted: Remote syslog allowed from:
>>>>> >> > '0.0.0.0/0'
>>>>> >> > 2017/03/21 11:34:34 ossec-remoted: DEBUG: Forking remoted: '1'.
>>>>> >> > 2017/03/21 11:34:34 getaddrinfo: Name or service not known
>>>>> >> > 2017/03/21 11:34:34 getaddrinfo: Name or service not known
>>>>> >> > 2017/03/21 11:34:34 ossec-remoted(1206): ERROR: Unable to Bind
>>>>> >> > port
>>>>> >> > '1514'
>>>>> >> > 2017/03/21 11:34:34 ossec-remoted(1206): ERROR: Unable to Bind
>>>>> >> > port
>>>>> >> > '514'
>>>>> >> > 2017/03/21 11:34:41 ossec-syscheckd: INFO: Starting syscheck scan
>>>>> >> > (forwarding database).
>>>>> >> > 2017/03/21 11:34:41 ossec-syscheckd: INFO: Starting syscheck
>>>>> >> > database
>>>>> >> > (pre-scan).
>>>>> >> > 2017/03/21 11:35:47 ossec-authd: DEBUG: Starting ...
>>>>> >> > 2017/03/21 11:35:47 ossec-authd: INFO: Started (pid: 24420).
>>>>> >> > 2017/03/21 11:35:47 ossec-authd: DEBUG: Returning CTX for server.
>>>>> >> > 2017/03/21 11:35:47 getaddrinfo: Name or service not known
>>>>> >> > 2017/03/21 11:35:47 ossec-authd: Unable to bind to port 1514
>>>>> >> >
>>>>> >> > in other cases for unable to bind port 1514, my error was my
>>>>> >> > client.keys,
>>>>> >> > but now i have a new error "getaddrinfo".
>>>>> >> >
>>>>> >> > Can you help me?
>>>>> >> >
>>>>> >> > Kind regards
>>>>> >> >
>>>>> >> > --
>>>>> >> >
>>>>> >> > ---
>>>>> >> > You received this message because you are subscribed to the Google
>>>>> >> > Groups
>>>>> >> > "ossec-list" group.
>>>>> >> > To unsubscribe from this group and stop receiving emails from it,
>>>>> >> > send
>>>>> >> > an
>>>>> >> > email to ossec-list+...@googlegroups.com.
>>>>> >> > For more options, visit https://groups.google.com/d/optout.
>>>>> >
>>>>> > --
>>>>> >
>>>>> > ---
>>>>> > You received this message because you are subscribed to the Google
>>>>> > Groups
>>>>> > "ossec-list" group.
>>>>> > To unsubscribe from this group and stop receiving emails from it,
>>>>> > send an
>>>>> > email to ossec-list+...@googlegroups.com.
>>>>> > For more options, visit https://groups.google.com/d/optout.
>>>>>
>>>>> --
>>>>>
>>>>> ---
>>>>> You received this message because you are subscribed to the Google
>>>>> Groups "ossec-list" group.
>>>>> To unsubscribe from this group and stop receiving emails from it, send
>>>>> an email to ossec-list+...@googlegroups.com.
>>>>> For more options, visit https://groups.google.com/d/optout.
>>>>
>>>>
>>>>
>>>>
>>>> --
>>>> Victor M. Fernandez-Castro
>>>> IT Security Engineer
>>>> Wazuh Inc.
>>>
>>> --
>>>
>>> ---
>>> You received this message because you are subscribed to the Google Groups
>>> "ossec-list" group.
>>> To unsubscribe from this group and stop receiving emails from it, send an
>>> email to ossec-list+...@googlegroups.com.
>>> For more options, visit https://groups.google.com/d/optout.
>>
>>
>>
>>
>> --
>> Victor M. Fernandez-Castro
>> IT Security Engineer
>> Wazuh Inc.
>
> --
>
> ---
> You received this message because you are subscribed to the Google Groups
> "ossec-list" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to ossec-list+unsubscr...@googlegroups.com.
> For more options, visit https://groups.google.com/d/optout.
--
---
You received this message because you are subscribed to the Google Groups
"ossec-list" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to ossec-list+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
