Registrations to Open-AudIT forums are now closed. To ask any new questions please visit Opmantek Community Questions.

Open-AudIT

What's on your network?
It is currently Fri Apr 19, 2024 9:55 am

View unanswered posts | View active topics


Board index » Open-AudIT » Discussion

All times are UTC + 10 hours




Forum locked This topic is locked, you cannot edit posts or make further replies.  Page 2 of 2
  [ 21 posts ]  Go to page Previous  1, 2
  Print view Previous topic | Next topic 
Author Message
r0cketman
PostPosted: Tue Apr 22, 2014 2:58 am 
Offline
Newbie
User avatar

Joined: Sat Apr 12, 2014 7:10 am
Posts: 10
Oh! And BTW, the apache user can now run the command properly:

[code]bash-4.1$ nmap -n -sU -p161 "10.0.0.1"

Starting Nmap 5.51 ( http://nmap.org ) at 2014-04-21 10:54 MDT
Nmap scan report for 10.0.0.1
Host is up (0.010s latency).
PORT STATE SERVICE
161/udp open|filtered snmp

Nmap done: 1 IP address (1 host up) scanned in 0.31 seconds[/code]

_________________
~R0cketman

Server Info:
OS : CentOS 6.x
Auditing: 1366 machines (and counting)
LDAP: OpenLDAP
Top
 Profile  
Reply with quote  
jpa
PostPosted: Tue Apr 22, 2014 3:13 am 
Offline
Moderator

Joined: Fri Jul 20, 2007 8:27 am
Posts: 1259
What's the output of the nmap command run as the apache user like you ran before but after the SUID?

[code]nmap -n -sU -p161 10.0.0.1[/code]
Top
 Profile  
Reply with quote  
r0cketman
PostPosted: Tue Apr 22, 2014 3:47 am 
Offline
Newbie
User avatar

Joined: Sat Apr 12, 2014 7:10 am
Posts: 10
[quote="jpa"]What's the output of the nmap command run as the apache user like you ran before but after the SUID?

[code]nmap -n -sU -p161 10.0.0.1[/code]

jpa: The output was as shown in the previous BTW post.

[duh]AND a correction: the real switch against which I was trying to run the SNMP discovery in the previous BTW post didn't have SNMP enabled on it.[/duh]

Running the discovery against one that does still fails. However, from the CLI, I can successfully run the nmap command AND even get valid returns when I run snmpwalk.

[code]bash-4.1$ id
uid=48(apache) gid=48(apache) groups=48(apache),501(nmis)

bash-4.1$ nmap -n -sU -p161 "10.0.0.1"
Starting Nmap 5.51 ( http://nmap.org ) at 2014-04-21 11:41 MDT
Nmap scan report for 10.0.0.1
Host is up (0.00078s latency).
PORT STATE SERVICE
161/udp open snmp

Nmap done: 1 IP address (1 host up) scanned in 0.10 seconds

bash-4.1$ snmpwalk -v2c -cstring 10.0.0.1 | head
SNMPv2-MIB::sysDescr.0 = STRING: Brocade Communications Systems, Inc. Stacking System FCX648S-PREM, IronWare Version 07.2.02eT7f3 Compiled on Oct 12 2011 at 15:18:01 labeled as FCXR07207f
SNMPv2-MIB::sysObjectID.0 = OID: SNMPv2-SMI::enterprises.1991.1.3.48.2.4
DISMAN-EVENT-MIB::sysUpTimeInstance = Timeticks: (2799543604) 324 days, 0:30:36.04
SNMPv2-MIB::sysContact.0 = STRING:
SNMPv2-MIB::sysName.0 = STRING: core
SNMPv2-MIB::sysLocation.0 = STRING: Corporate Office
SNMPv2-MIB::sysServices.0 = INTEGER: 6
SNMPv2-MIB::sysORLastChange.0 = Timeticks: (0) 0:00:00.00
SNMPv2-MIB::sysORID.1 = OID: SNMPv2-SMI::zeroDotZero
SNMPv2-MIB::sysORDescr.1 = STRING:[/code]

_________________
~R0cketman

Server Info:
OS : CentOS 6.x
Auditing: 1366 machines (and counting)
LDAP: OpenLDAP
Top
 Profile  
Reply with quote  
jpa
PostPosted: Tue Apr 22, 2014 7:11 am 
Offline
Moderator

Joined: Fri Jul 20, 2007 8:27 am
Posts: 1259
[quote="r0cketman"]jpa: The output was as shown in the previous BTW post.
Yes, I am an idiot.
I'm not sure what's going on but at this point the snmp_status is false when run against a host known to be listening on the snmp port even with nmap SUID?

Top
 Profile  
Reply with quote  
jpa
PostPosted: Thu Apr 24, 2014 7:18 am 
Offline
Moderator

Joined: Fri Jul 20, 2007 8:27 am
Posts: 1259
FYI I just downloaded the Opmantek virtual appliance bundle, imported into Virtualbox on Windows, ran a discovery of an SNMP enabled router with debug, saw that snmp_status was false in the debug output, SUID the nmap binary, ran the discovery again and got snmp_status true.
Top
 Profile  
Reply with quote  
Mark
PostPosted: Thu Apr 24, 2014 11:49 am 
Offline
Site Admin
User avatar

Joined: Mon Jun 07, 2004 11:48 am
Posts: 1964
Location: Brisbane, Australia
OK, back from no-internet camping holiday :-)

Check the file /usr/local/open-audit/code_igniter/application/controllers/discovery.php for a hard set snmp_status variable somewhere.
I do remember leaving it in accidentally at one release but I fixed it (about) 12 hours later.
Just check...

_________________
Support and Development hours available from [url=https://opmantek.com]Opmantek[/url].
Please consider a purchase to help make Open-AudIT better for everyone.
Top
 Profile  
Reply with quote  
Display posts from previous:  Sort by  
Forum locked This topic is locked, you cannot edit posts or make further replies.  Page 2 of 2
  [ 21 posts ]  Go to page Previous  1, 2

Board index » Open-AudIT » Discussion

All times are UTC + 10 hours


Who is online

Users browsing this forum: No registered users and 2 guests

You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Jump to:  
cron
Powered by phpBB® Forum Software © phpBB Group