Re: [Os-sim-support] OSSIM-server not listening on port 40001

[David W. <dw...@ad...>]

1) I installed from your ISO.
2) I have run ossim-setup several times, and selected all-in-one.  I
tried different hostnames and ips.  No dice.
3) ossim.conf hostname like so?

idsmanager:~# find /etc -name ossim.conf
/etc/apache2/conf.d/ossim.conf
/etc/ossim/framework/ossim.conf
idsmanager:~# grep -i host /etc/ossim/framework/ossim.conf
ossim_host=127.0.0.1
phpgacl_host=127.0.0.1
email_alert=root@localhost
email_sender=ossim@localhost
# snort_host=
# opennms_host=
# backup_host=
# nessus_host=
# Whether to ignore nessus_host & distribute the scans between sensors
(1 = YES, 0 = NO)
# rrdpath_host=

4) I did run an apt update/upgrade and I tried it with and without
keeping the config files. Still no dice.
5) I have not put any packages on the machine.

When I said "should I use the source?" I meant "should I read and
comprehend the source code so that I could debug the problem?"

Regards,
-Dave


-----Original Message-----
From: Ritter, Nicholas [mailto:Nic...@am...] 
Sent: Tuesday, September 29, 2009 6:35 PM
To: David Wilson
Cc: os-...@li...
Subject: RE: [Os-sim-support] OSSIM-server not listening on port 40001

I'm sorry...got busy with some tasks at work.....

If you installed with the ISO, things should just work. So if there is
an issue where the box is not listening on port 40001....I would first
run ossim-setup, select modify profile, then select all-in-one setup.
This will cause the ossim install to set itself up the way it should.
The other thing to check either before or after this step is the
hostname setting in ossim.conf file (make sure it is set to
"localhost".)

You should not need the source because compiling it on the same system
whose libraries the binaries you are currently using would yield the
same binaries....unless you modified the some system libraries.

After the install from the OSSIM iso, did you do any of the following:

1) apt-get update
2) apt-get dist-upgrade
     a.) if you did this step, did you say "N" to the prompts for
modifing config files?
3) install or otherwise compile and install and progams other than
ossim?

I think you said this already, but you did a "netstat -an"? 

Nick


-----Original Message-----
From: David Wilson [mailto:dw...@ad...]
Sent: Tue 9/29/2009 6:08 PM
To: os-...@li...
Subject: Re: [Os-sim-support] OSSIM-server not listening on port 40001
 
Any thoughts guys?  Do I need to use the source?

 

Thanks,

-Dave

 

 

________________________________

From: David Wilson [mailto:dw...@ad...] 
Sent: Thursday, September 24, 2009 4:47 PM
To: os-...@li...
Subject: Re: [Os-sim-support] OSSIM-server not listening on port 40001

 

OK so I'm poking around a little bit more and I try this:

 

 


idsmanager:~# find /var/lib/mysql -type f -exec grep -l OLD_IP_REDACTED
{} \;

/var/lib/mysql/ib_logfile0

/var/lib/mysql/ossim/event.MYD

/var/lib/mysql/ossim/log_action.MYI

/var/lib/mysql/ossim/log_action.MYD

/var/lib/mysql/ossim/sensor_agent_info.MYD

/var/lib/mysql/ossim/sensor_agent_info.MYI

/var/lib/mysql/ossim/event_tmp.MYD

/var/lib/mysql/ibdata1

 

So I check that table and I see:

 

mysql> select * from sensor_agent_info;

+-----------------+---------+

| ip              | version |

+-----------------+---------+

| OLD_IP_REDACTED | 2.1     |

| NEW_IP_REDACTED | 2.1     |

+-----------------+---------+

2 rows in set (0.01 sec)

 

The sensor should be listening on 127.0.0.1 no?

Why is my old IP still in there, and does it do anything?

 

Can I get the server to be more verbose?

 

-Dave