3.1(1)S22 install issues via idsupdate

seth.leone · ‎05-15-2002

I have had an issue with using idsupdate to update my sensors (from 3.0.5S21)..

It seems that the install ran ok and everything is updated, EXCEPT I cannot access the IDM. I restarted the cidServer and checked the cidwebserver was running. Any HTTPS connection attempts showed TIME_WAIT instead of established. port 443 is listed as listening...

????

Any help or additional documentation on this software version will be helpful.

marcabal · ‎05-15-2002

Here are a few trouble shooting tips that may or may not help you.

Troubleshooting tips:

1) Run nrvers - check to see if all the processes are responding and what version the sensor is running.

netrangr@qsensor-58:/usr/nr

>nrvers

Application Versions for qsensor-58.cisco

The Version of the Sensor is: 3.1(1)S22

postoffice v220 (Release) 01/12/14-20:01

logger v220 (Release) 01/12/14-19:59

fileXfer v175 (Release) 01/07/11-21:48

sensor v262 (Release) 02/05/08-17:28

2) Run "ps -ef | grep web" and see if the cidswebserver is running

netrangr@qsensor-58:/usr/nr

>ps -ef | grep web

netrangr 2975 2859 0 11:49:07 pts/1 0:00 grep web

root 27394 1 0 May 10 ? 0:03 /usr/nr/idsRoot/bin/cidwebserver -d

3) Run "cidServer version" as user root

# cidServer version

cidwebserver v33 (Release) 02/04/26-01:32

cidwebserver (27394) is running.

4) Run sysconfig-sensor option 11 to ensure IDM is enabled

IDS Device Manager

Current Mode: Enabled

1 - Disable

x - Exit

Selection:

5) Run sysconfig-sensor option 5 to ensure the user's ipaddress/network is listed (IDM will only allow connection from the addresses listed)

Current list:

10.

64.

6) Attempt to telnet to the sensor from the same machine that the web browser is running from

Telnet and web connections are both restricted by option 5 of sysconfig-sensor above.

7) Be sure the user is using a supported web browser:

http://www.cisco.com/univercd/cc/td/doc/product/iaabu/csids/csids8/13876_01.htm#xtocid5

8) Be sure that the web browser is configured to accept cookies:

http://www.cisco.com/univercd/cc/td/doc/product/iaabu/csids/csids8/13876_01.htm#40768

9) Be sure the user is typing "https://sensoripaddress" the "s" on the end of the http is very important.

10) In a worst case you can log in as root and execute:

snoop -d port 443

And see if the connection is being established.

It could be that a firewall or router may be blocking either 443 or port 80 traffic to the sensor, in which case the user would need to change their firewall or router config.

11) You could also try the following:

a) Login as root

b) cidServer stop

c) cd /usr/nr/idsRoot/etc

d) cp cidwebserver.conf cidwebserver.conf.bak

e) vi cidwebserver.conf

f) within vi change the "ports=443" to 80

g) within vi change the "tlsEnabled=1"to 0

h) cidServer start

i) Now try to connect to the sensor using http://ipaddress without the "s" after http

seth.leone · ‎05-15-2002

yup.

I had forgotten that I originally installed limited Telnet/FTP access in the HOSTS ALLOW (sysconfig-sensor, option 5).

While I'm not keen on giving access to the any subnet ranges, i did make the modification to allow my admin box direct connections to my sensors.

This resolved my issues Big thanks!

1 down, 44 more to update

marcabal · ‎05-15-2002

The telnet/ftp access are not required by IDM. I just used telnet in my tip because most people are use to using it.

SSH also relies on the hosts.allow file.

So if you can ssh to the box then you should be allowed to https into the box.

Telnet and ftp can be disabled from within IDM for those who may be interested:

http://www.cisco.com/univercd/cc/td/doc/product/iaabu/csids/csids8/13876_01.htm#xtocid22

vpoole · ‎05-15-2002

I had a very similar problem and ended up moving everything back to S21. Uninstalling S22 was very easy and worked without any problems on the sensors. However, this was not the case with the Policy Manager, and I had to re-install CSPM before I could get it to work correctly again. Good luck.