 |
Post ArzCv2q1HWpQhadfqS by [email protected] |
 |
More posts by [email protected] |
|
Post #Arz683wFnm3eCVobKq by [email protected] |
|
0 likes, 1 repeats |
|
|
|
I have a very strange issue with my VPS.I am setting up wazuh for my personal u… |
|
|
|
Post #Arz6JmLB3ZN3633kye by [email protected] |
|
0 likes, 0 repeats |
|
|
|
@phil ss -tlnpMake sure listening on the right interface |
|
|
|
Post #Arz6JmScbtKFT8Xha4 by [email protected] |
|
0 likes, 0 repeats |
|
|
|
@verita84 @phil and that there's no default firewalling getting in the way |
|
|
|
Post #Arz6JmYeFU97lpMVyS by [email protected] |
|
0 likes, 1 repeats |
|
|
|
@[email protected] @[email protected] Already done, as I mentioned, the SYN … |
|
|
|
Post #Arz6ZCwoPlVtxc1JMe by [email protected] |
|
0 likes, 0 repeats |
|
|
|
@phil @i Is selinux/app armor running ? |
|
|
|
Post #Arz6ZD3C22cMHP0PJI by [email protected] |
|
0 likes, 1 repeats |
|
|
|
@[email protected] @[email protected] It's clear as far as I can tell. I… |
|
|
|
Post #Arz6rCttKQHj1jEjke by [email protected] |
|
0 likes, 0 repeats |
|
|
|
@phil @verita84 maybe there's some authentication configuration you're … |
|
|
|
Post #Arz6rCzuy16bKQ3Y92 by [email protected] |
|
0 likes, 1 repeats |
|
|
|
@[email protected] @[email protected] Negative, the agents should register w… |
|
|
|
Post #Arz6vZiaR1GWx922Fs by [email protected] |
|
0 likes, 0 repeats |
|
|
|
@phil @i Are the ports listening on the public ip or 0.0.0.0?If its on localhos… |
|
|
|
Post #Arz6vZpK1yeZI2BPkm by [email protected] |
|
0 likes, 1 repeats |
|
|
|
@[email protected] @[email protected] Hm, that's a great point. I had as… |
|
|
|
Post #Arz7O7eXrLjgJAknh2 by [email protected] |
|
0 likes, 0 repeats |
|
|
|
@phil @i ss -tlnp |
|
|
|
Post #Arz7O7kDWGGyalPKXA by [email protected] |
|
0 likes, 1 repeats |
|
|
|
@[email protected] @[email protected] Bound to 0.0.0.0:1515 and 1514... it s… |
|
|
|
Post #Arz8BySMKHbeGTpDKy by [email protected] |
|
0 likes, 0 repeats |
|
|
|
@phil @i sudo apparmor_status |
|
|
|
Post #Arz8ByY1zC8wY4TkB6 by [email protected] |
|
0 likes, 1 repeats |
|
|
|
@[email protected] @[email protected] Don't see anything there related t… |
|
|
|
Post #Arz8gaLvzcE2UBPspc by [email protected] |
|
0 likes, 0 repeats |
|
|
|
@phil @i Its running so....disable it to see if thats interfering |
|
|
|
Post #Arz8gaRxdD2umsEhE0 by [email protected] |
|
0 likes, 1 repeats |
|
|
|
@[email protected] @[email protected] Nope, still same thing. All syn packet… |
|
|
|
Post #Arz8rhtQIbPB3ZNrBg by [email protected] |
|
0 likes, 0 repeats |
|
|
|
@phil @i Would be interesting to see if you can curl/telnet remotly to those po… |
|
|
|
Post #Arz8rhzRwCE3MGCfa4 by [email protected] |
|
0 likes, 1 repeats |
|
|
|
@[email protected] @[email protected] I can hit them, but never get a respon… |
|
|
|
Post #Arz8vCQBFfx2biN4Ea by [email protected] |
|
0 likes, 0 repeats |
|
|
|
@phil @i So you rebooted to properly disable apparmor? |
|
|
|
Post #Arz8vCVquaUKtJ1b4i by [email protected] |
|
0 likes, 1 repeats |
|
|
|
@[email protected] @[email protected] I restarted the services, can't re… |
|
|
|
Post #Arz9OKC7QjnT75gL3I by [email protected] |
|
0 likes, 0 repeats |
|
|
|
@phil @i Make sure that app armor isnt running after reboot |
|
|
|
Post #Arz9OKIV30tvQsfQzw by [email protected] |
|
0 likes, 1 repeats |
|
|
|
@[email protected] @[email protected] Not running, no. Still the same behavi… |
|
|
|
Post #ArzABz0uSDJntx7MYK by [email protected] |
|
0 likes, 0 repeats |
|
|
|
@phil @i Looking like something wrong on the application side nowCan you curl a… |
|
|
|
Post #ArzABz6a77r6BXltOS by [email protected] |
|
0 likes, 1 repeats |
|
|
|
@[email protected] @[email protected] Well, the webui works through the API,… |
|
|
|
Post #ArzAkmJFgCdsdTHy6q by [email protected] |
|
0 likes, 0 repeats |
|
|
|
@phil @i Does the app have some kind of ip allow or blacklist ? |
|
|
|
Post #ArzAkmPdITkKxGH43U by [email protected] |
|
0 likes, 1 repeats |
|
|
|
@[email protected] @[email protected] Not as far as I know. Even if it did, … |
|
|
|
Post #ArzBLwnjdQ1RtDGqUy by [email protected] |
|
0 likes, 0 repeats |
|
|
|
@phil @i Some apps do that for security, only this range of IPs can connect |
|
|
|
Post #ArzBLwtPIKYkAnvNL6 by [email protected] |
|
0 likes, 1 repeats |
|
|
|
@[email protected] @[email protected] Nope, nothing referring to my IP, ISP,… |
|
|
|
Post #ArzCA8cfxMGv261xJY by [email protected] |
|
0 likes, 1 repeats |
|
|
|
@[email protected] @[email protected] Even stranger, running the wazuh-authd… |
|
|
|
Post #ArzCv2q1HWpQhadfqS by [email protected] |
|
0 likes, 0 repeats |
|
|
|
@phil @verita84 those ports aren't for http requests, so it's understan… |
|
|
|
Post #ArzCv2vKxl58y57v8K by [email protected] |
|
0 likes, 1 repeats |
|
|
|
@[email protected] @[email protected] Sure, but the problem is, the wazuh-ag… |
|
|
|
Post #ArzDmpfiRvBXVOT2Ia by [email protected] |
|
0 likes, 0 repeats |
|
|
|
@phil @verita84 try going through the https://documentation.wazuh.com/current/u… |
|
|
|
Post #ArzDmpm64CHzpBS8FE by [email protected] |
|
0 likes, 1 repeats |
|
|
|
@[email protected] @[email protected] Already done. I've been on this fo… |
|
|
|
Post #ArzE2BsOAyz4iNibDs by [email protected] |
|
0 likes, 0 repeats |
|
|
|
@phil @verita84 try the docker deployment method then, so the ghussy is contain… |
|
|
|
Post #ArzE2By3ptWMzyN840 by [email protected] |
|
0 likes, 1 repeats |
|
|
|
@[email protected] @[email protected] I'd rather not, when I have a perf… |
|
|
|
Post #As0VIBYR27PujFYddo by [email protected] |
|
0 likes, 0 repeats |
|
|
|
@phil sounds like a firewall may be filtering the incoming traffic.N.B. tcpdump… |
|
|
|
Post #As0VIBeoeOWN32XjaS by [email protected] |
|
0 likes, 1 repeats |
|
|
|
@[email protected] Yeah, it was nftables.I genuinely believed that UFW&#… |
