Post ArzCv2q1HWpQhadfqS by [email protected] | |
More posts by [email protected] | |
Post #Arz683wFnm3eCVobKq by [email protected] | |
0 likes, 1 repeats | |
I have a very strange issue with my VPS.I am setting up wazuh for my personal u… | |
Post #Arz6JmLB3ZN3633kye by [email protected] | |
0 likes, 0 repeats | |
@phil ss -tlnpMake sure listening on the right interface | |
Post #Arz6JmScbtKFT8Xha4 by [email protected] | |
0 likes, 0 repeats | |
@verita84 @phil and that there's no default firewalling getting in the way | |
Post #Arz6JmYeFU97lpMVyS by [email protected] | |
0 likes, 1 repeats | |
@[email protected] @[email protected] Already done, as I mentioned, the SYN … | |
Post #Arz6ZCwoPlVtxc1JMe by [email protected] | |
0 likes, 0 repeats | |
@phil @i Is selinux/app armor running ? | |
Post #Arz6ZD3C22cMHP0PJI by [email protected] | |
0 likes, 1 repeats | |
@[email protected] @[email protected] It's clear as far as I can tell. I… | |
Post #Arz6rCttKQHj1jEjke by [email protected] | |
0 likes, 0 repeats | |
@phil @verita84 maybe there's some authentication configuration you're … | |
Post #Arz6rCzuy16bKQ3Y92 by [email protected] | |
0 likes, 1 repeats | |
@[email protected] @[email protected] Negative, the agents should register w… | |
Post #Arz6vZiaR1GWx922Fs by [email protected] | |
0 likes, 0 repeats | |
@phil @i Are the ports listening on the public ip or 0.0.0.0?If its on localhos… | |
Post #Arz6vZpK1yeZI2BPkm by [email protected] | |
0 likes, 1 repeats | |
@[email protected] @[email protected] Hm, that's a great point. I had as… | |
Post #Arz7O7eXrLjgJAknh2 by [email protected] | |
0 likes, 0 repeats | |
@phil @i ss -tlnp | |
Post #Arz7O7kDWGGyalPKXA by [email protected] | |
0 likes, 1 repeats | |
@[email protected] @[email protected] Bound to 0.0.0.0:1515 and 1514... it s… | |
Post #Arz8BySMKHbeGTpDKy by [email protected] | |
0 likes, 0 repeats | |
@phil @i sudo apparmor_status | |
Post #Arz8ByY1zC8wY4TkB6 by [email protected] | |
0 likes, 1 repeats | |
@[email protected] @[email protected] Don't see anything there related t… | |
Post #Arz8gaLvzcE2UBPspc by [email protected] | |
0 likes, 0 repeats | |
@phil @i Its running so....disable it to see if thats interfering | |
Post #Arz8gaRxdD2umsEhE0 by [email protected] | |
0 likes, 1 repeats | |
@[email protected] @[email protected] Nope, still same thing. All syn packet… | |
Post #Arz8rhtQIbPB3ZNrBg by [email protected] | |
0 likes, 0 repeats | |
@phil @i Would be interesting to see if you can curl/telnet remotly to those po… | |
Post #Arz8rhzRwCE3MGCfa4 by [email protected] | |
0 likes, 1 repeats | |
@[email protected] @[email protected] I can hit them, but never get a respon… | |
Post #Arz8vCQBFfx2biN4Ea by [email protected] | |
0 likes, 0 repeats | |
@phil @i So you rebooted to properly disable apparmor? | |
Post #Arz8vCVquaUKtJ1b4i by [email protected] | |
0 likes, 1 repeats | |
@[email protected] @[email protected] I restarted the services, can't re… | |
Post #Arz9OKC7QjnT75gL3I by [email protected] | |
0 likes, 0 repeats | |
@phil @i Make sure that app armor isnt running after reboot | |
Post #Arz9OKIV30tvQsfQzw by [email protected] | |
0 likes, 1 repeats | |
@[email protected] @[email protected] Not running, no. Still the same behavi… | |
Post #ArzABz0uSDJntx7MYK by [email protected] | |
0 likes, 0 repeats | |
@phil @i Looking like something wrong on the application side nowCan you curl a… | |
Post #ArzABz6a77r6BXltOS by [email protected] | |
0 likes, 1 repeats | |
@[email protected] @[email protected] Well, the webui works through the API,… | |
Post #ArzAkmJFgCdsdTHy6q by [email protected] | |
0 likes, 0 repeats | |
@phil @i Does the app have some kind of ip allow or blacklist ? | |
Post #ArzAkmPdITkKxGH43U by [email protected] | |
0 likes, 1 repeats | |
@[email protected] @[email protected] Not as far as I know. Even if it did, … | |
Post #ArzBLwnjdQ1RtDGqUy by [email protected] | |
0 likes, 0 repeats | |
@phil @i Some apps do that for security, only this range of IPs can connect | |
Post #ArzBLwtPIKYkAnvNL6 by [email protected] | |
0 likes, 1 repeats | |
@[email protected] @[email protected] Nope, nothing referring to my IP, ISP,… | |
Post #ArzCA8cfxMGv261xJY by [email protected] | |
0 likes, 1 repeats | |
@[email protected] @[email protected] Even stranger, running the wazuh-authd… | |
Post #ArzCv2q1HWpQhadfqS by [email protected] | |
0 likes, 0 repeats | |
@phil @verita84 those ports aren't for http requests, so it's understan… | |
Post #ArzCv2vKxl58y57v8K by [email protected] | |
0 likes, 1 repeats | |
@[email protected] @[email protected] Sure, but the problem is, the wazuh-ag… | |
Post #ArzDmpfiRvBXVOT2Ia by [email protected] | |
0 likes, 0 repeats | |
@phil @verita84 try going through the https://documentation.wazuh.com/current/u… | |
Post #ArzDmpm64CHzpBS8FE by [email protected] | |
0 likes, 1 repeats | |
@[email protected] @[email protected] Already done. I've been on this fo… | |
Post #ArzE2BsOAyz4iNibDs by [email protected] | |
0 likes, 0 repeats | |
@phil @verita84 try the docker deployment method then, so the ghussy is contain… | |
Post #ArzE2By3ptWMzyN840 by [email protected] | |
0 likes, 1 repeats | |
@[email protected] @[email protected] I'd rather not, when I have a perf… | |
Post #As0VIBYR27PujFYddo by [email protected] | |
0 likes, 0 repeats | |
@phil sounds like a firewall may be filtering the incoming traffic.N.B. tcpdump… | |
Post #As0VIBeoeOWN32XjaS by [email protected] | |
0 likes, 1 repeats | |
@[email protected] Yeah, it was nftables.I genuinely believed that UFW&#… |