On Fri, Mar 31, 2017 at 10:36 AM, Eduardo Reichert Figueiredo <eduardo.reich...@hotmail.com> wrote: > Hi, > after enable ipv6 in /boot i received other problem, the process remoted > binding in port 1514 for ipv6 and not binding to ipv4. > > udp6 0 0 :::514 :::* > 5243/bin/ossec-remo > udp6 0 0 :::1514 :::* > 5244/bin/ossec-remo > > You know this type of problem? >
Mine shows up the same way, but I don't have IPv6 configured on this system: udp6 0 0 :::1514 :::* 3225/ossec-remoted My agents connect fine. Are your agents not connecting? > > Em quarta-feira, 29 de março de 2017 15:09:37 UTC-3, Victor Fernandez > escreveu: >> >> Sorry Eduardo, maybe the method that I told you (enabling on the fly) does >> not work properly. >> >> If followed those steps to disable IPv6, better undo what you did to >> disable it. >> >> I have done it by editing file "/etc/sysctl.conf" and adding (to disable) >> or removing (to enable back) these lines: >> >> net.ipv6.conf.all.disable_ipv6 = 1 >> >> net.ipv6.conf.default.disable_ipv6 = 1 >> >> >> You probably used this method to disable IPv6, so please try to remove (or >> comment) those lines, reboot your system and start OSSEC again. >> >> Best regards. >> >> On Wed, Mar 29, 2017 at 3:30 PM, Eduardo Reichert Figueiredo >> <eduardo....@hotmail.com> wrote: >>> >>> Hi Victor, >>> i validated and ipv6 feature is enable in my redhat 7.3, but ossec >>> remoted continue is same error reported above. >>> >>> The file of installation is same that used in other installations >>> (rhel6.8). >>> >>> Em quinta-feira, 23 de março de 2017 15:37:50 UTC-3, Victor Fernandez >>> escreveu: >>>> >>>> Hi Eduardo, >>>> >>>> I agree with Dan, I tested OSSEC v2.9 on a clean CentOS 7 with your >>>> <remote> configuration and it worked. But when I disabled IPv6 I got the >>>> same errors you have. >>>> >>>> Please try to enable IPv6 on the running system with: >>>> >>>> sysctl -w net.ipv6.conf.all.disable_ipv6=1 >>>> sysctl -w net.ipv6.conf.default.disable_ipv6=1 >>>> >>>> >>>> And try to start OSSEC. If it works, consider enabling IPv6 permanently >>>> by editing file /etc/sysctl.conf. >>>> >>>> Hope it help. If I find another way to run OSSEC with IPv6 disabled I >>>> will let you know. >>>> >>>> Best regards. >>>> >>>> On Thu, Mar 23, 2017 at 11:19 AM, dan (ddp) <ddp...@gmail.com> wrote: >>>>> >>>>> On Thu, Mar 23, 2017 at 1:08 PM, Eduardo Reichert Figueiredo >>>>> <eduardo....@hotmail.com> wrote: >>>>> > Hi dan, i dont have ipv6 enabled in my system linux, so i dont have >>>>> > inet6 in >>>>> > my ifconfig configurations, only ipv4. >>>>> > >>>>> > This can caused for the problem? >>>>> > >>>>> >>>>> I think having ipv6 support is necessary now. You don't need to have >>>>> addresses or anything, but the facilities need to be available. >>>>> >>>>> > Em quarta-feira, 22 de março de 2017 20:30:08 UTC-3, dan (ddpbsd) >>>>> > escreveu: >>>>> >> >>>>> >> On Tue, Mar 21, 2017 at 10:46 AM, Eduardo Reichert Figueiredo >>>>> >> <eduardo....@hotmail.com> wrote: >>>>> >> > When i install ossec 2.9.0 on rhel 7.3 (no ipv6 feature and >>>>> >> > address) i >>>>> >> > have >>>>> >> >>>>> >> Is IPv6 totally disabled for your system (support for IPv6 was >>>>> >> removed)? >>>>> >> >>>>> >> > a problem to ossec-remoted and ossec-auth, this services cant bind >>>>> >> > ports >>>>> >> > 1514, log error below. >>>>> >> > I generated my certificated with commands "openssl genrsa -out" >>>>> >> > and >>>>> >> > "openssl >>>>> >> > req -new -x509 -key ". >>>>> >> > >>>>> >> > ##Log OSSEC.LOG >>>>> >> > 2017/03/21 11:34:34 ossec-remoted: DEBUG: Forking remoted: '0'. >>>>> >> > 2017/03/21 11:34:34 ossec-remoted: Remote syslog allowed from: >>>>> >> > '0.0.0.0/0' >>>>> >> > 2017/03/21 11:34:34 ossec-remoted: DEBUG: Forking remoted: '1'. >>>>> >> > 2017/03/21 11:34:34 getaddrinfo: Name or service not known >>>>> >> > 2017/03/21 11:34:34 getaddrinfo: Name or service not known >>>>> >> > 2017/03/21 11:34:34 ossec-remoted(1206): ERROR: Unable to Bind >>>>> >> > port >>>>> >> > '1514' >>>>> >> > 2017/03/21 11:34:34 ossec-remoted(1206): ERROR: Unable to Bind >>>>> >> > port >>>>> >> > '514' >>>>> >> > 2017/03/21 11:34:41 ossec-syscheckd: INFO: Starting syscheck scan >>>>> >> > (forwarding database). >>>>> >> > 2017/03/21 11:34:41 ossec-syscheckd: INFO: Starting syscheck >>>>> >> > database >>>>> >> > (pre-scan). >>>>> >> > 2017/03/21 11:35:47 ossec-authd: DEBUG: Starting ... >>>>> >> > 2017/03/21 11:35:47 ossec-authd: INFO: Started (pid: 24420). >>>>> >> > 2017/03/21 11:35:47 ossec-authd: DEBUG: Returning CTX for server. >>>>> >> > 2017/03/21 11:35:47 getaddrinfo: Name or service not known >>>>> >> > 2017/03/21 11:35:47 ossec-authd: Unable to bind to port 1514 >>>>> >> > >>>>> >> > in other cases for unable to bind port 1514, my error was my >>>>> >> > client.keys, >>>>> >> > but now i have a new error "getaddrinfo". >>>>> >> > >>>>> >> > Can you help me? >>>>> >> > >>>>> >> > Kind regards >>>>> >> > >>>>> >> > -- >>>>> >> > >>>>> >> > --- >>>>> >> > You received this message because you are subscribed to the Google >>>>> >> > Groups >>>>> >> > "ossec-list" group. >>>>> >> > To unsubscribe from this group and stop receiving emails from it, >>>>> >> > send >>>>> >> > an >>>>> >> > email to ossec-list+...@googlegroups.com. >>>>> >> > For more options, visit https://groups.google.com/d/optout. >>>>> > >>>>> > -- >>>>> > >>>>> > --- >>>>> > You received this message because you are subscribed to the Google >>>>> > Groups >>>>> > "ossec-list" group. >>>>> > To unsubscribe from this group and stop receiving emails from it, >>>>> > send an >>>>> > email to ossec-list+...@googlegroups.com. >>>>> > For more options, visit https://groups.google.com/d/optout. >>>>> >>>>> -- >>>>> >>>>> --- >>>>> You received this message because you are subscribed to the Google >>>>> Groups "ossec-list" group. >>>>> To unsubscribe from this group and stop receiving emails from it, send >>>>> an email to ossec-list+...@googlegroups.com. >>>>> For more options, visit https://groups.google.com/d/optout. >>>> >>>> >>>> >>>> >>>> -- >>>> Victor M. Fernandez-Castro >>>> IT Security Engineer >>>> Wazuh Inc. >>> >>> -- >>> >>> --- >>> You received this message because you are subscribed to the Google Groups >>> "ossec-list" group. >>> To unsubscribe from this group and stop receiving emails from it, send an >>> email to ossec-list+...@googlegroups.com. >>> For more options, visit https://groups.google.com/d/optout. >> >> >> >> >> -- >> Victor M. Fernandez-Castro >> IT Security Engineer >> Wazuh Inc. > > -- > > --- > You received this message because you are subscribed to the Google Groups > "ossec-list" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to ossec-list+unsubscr...@googlegroups.com. > For more options, visit https://groups.google.com/d/optout. -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to ossec-list+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.