000032209 - File Reader collection using VSFTPD stops processing after upgrading or reinstalling NwLogCollector in RSA Security Analytics

Document created by RSA Customer Support Employee on Jun 14, 2016Last modified by RSA Customer Support Employee on Apr 21, 2017
Version 2Show Document
  • View in full screen mode

Article Content

Article Number000032209
Applies ToRSA Product Set: Security Analytics
RSA Product/Service Type: Log Collector, Virtual Log Collector (VLC)
Platform: CentOS
O/S Version: EL5, EL6
IssueFile Reader collection configurations on VSFTPD are reverted back to default whenever the NwLogCollector RPM package is either re-installed or updated.
CauseDue to a bug in the NwlogCollector RPM package, the file /etc/vsftpd/vsftpd.conf is reverted back to its original whenever NwLogCollector is either re-installed or upgraded.
This results in the execution of the script /opt/netwitness/bin/lc_upload_support which causes the creation of the new VSFTPD file /etc/vsftpd/vsftpd.conf with the original parameters.
Example before upgraded/re-installed package:
# SSL Configuration
allow_anon_ssl=NO
force_local_data_ssl=YES
force_local_logins_ssl=YES

Example after upgraded/re-installed package:
# SSL Configuration
allow_anon_ssl=YES
force_local_data_ssl=NO
force_local_logins_ssl=NO
ResolutionReplace VSFTPD with SFTP if possible. If this not possible, use the workaround below.
WorkaroundPerform the workaround below to resolve the issue.
  1. Connect to the Log Collector or VLC via SSH as the root user.
  2. Stop the vsftpd service.
    service vsftpd stop

  3. Edit the /etc/vsftpd/vsftpd.conf file to be as follows:
    # SSL Configuration
    allow_anon_ssl=YES
    force_local_data_ssl=NO
    force_local_logins_ssl=NO

  4. Start the vsftpd service.
    service vsftpd start

Attachments

    Outcomes