On Thu, Mar 13, 2008 at 3:56 PM, Rodney Oliver <Rodney_Oliver@...> wrote:
> Anyone using the opensource version of the mod security console? I have
> downloaded it and have it installed. I'm testing the trial first to see how
> it will work before purchasing a license.
Actually, Breach Security does not sell licences for ModSecurity
Console. What you have there
is free (provided you get a free licence through the Breach Security
Network), while limited to
up to three sensors. You may be looking to purchase the management
appliance, but, if you are,
you should know that the software running on it has moved on since it
was forked from the
community console more than a year and a half ago.
> I seem to
> be having trouble getting the sensors to work properly. I created a new
> sensor changed the password in both the "Sensor" section of the console and
> also in the sensor on the monitored server. I keep getting password
> authentication errors. See below the error coming from the console:
> Sensor authentication failed: Invalid password:
> com.thinkingstone.console.model.Sensor@... modsecurity
> As you can see both passwords are hashed the exact same. Why is it still
> erroring out
The error message is not showing the password authentication was
attempted with. The second field, passwordReserve, is actually there
to support smooth migration from one sensor password to another: when
you change a sensor password you have the option to allow the old
password to work for 15 more minutes, which gives you time to change
it in the sensor and do not experience any downtime.
So my guess is that that password the sensor is authenticating with is
> Rodney Oliver
> Affinity Web Team | Web Developer
> 215-773-4136 ________________________________
> CONFIDENTIALITY STATEMENT: This message is intended only for the addressee
> and may contain information that is confidential or privileged.
> Unauthorized use is strictly prohibited and may be unlawful. If you are not
> the intended recipient, or the person responsible for delivering to the
> intended recipient, you should not read, copy, disclose or otherwise use
> This SF.net email is sponsored by: Microsoft
> Defy all challenges. Microsoft(R) Visual Studio 2008.
> mod-security-users mailing list