000034145 - Linux Agents Failing to Appear in UI in RSA ECAT 4.2

Document created by RSA Customer Support Employee on Nov 2, 2016Last modified by RSA Customer Support Employee on Apr 21, 2017
Version 2Show Document
  • View in full screen mode

Article Content

Article Number000034145
Applies ToRSA Product Set: ECAT
RSA Product/Service Type: ECAT Linux Agent
RSA Version/Condition: 4.2
Product Description: ECAT Host Perp License (per host)
IssueThe Linux Agent is not populating into the UI on the Machines tab despite the installation of the RPM  file on the linux agent.
CauseThe problem is that the agent is sending malformed information to the server which causes merge errors in the database, which results in incomplete data on the device. Thus, the reason for UI not displaying device.
 Alternatively, there can also be a connectivity error between the agent and server which can be determined by checking if the RC4 cipher is installed on the console server or not.
ResolutionThere are two approaches to examining the agent in 4.2.0.0 of ECAT. The first and most obvious is to determine if the RC4-MD5 cipher is installed on the console server. Without this cipher, it is impossible to connect Linux agents. The steps are highlighted below:
Installing RC4 Ciphers

WARNING! Microsoft considers RC4/MD5 ciphers weak encryption, and TLS 1.0 is an older encryption technology. Future enhancements of the ECAT software will remove these dependencies, so this is mostly only a current limitation on the Linux agents to be considered vulnerable at this time so enable these ciphers and protocols with caution.

  1. Run Regedit from the command line to open the Windows Registry
  2. Expand the following folder:  HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL
  3. Under Ciphers folder, right-click new key and type in RC4 128/128
  4. Under this new folder right-click new DWORD 32-bit value and enter DisabledByDefault and leave at 0
  5. Again, right click new DWORD 32-bit value and name this Enabled. Right-click Modify and change the Value Data from 0 to 1 to enable the cipher.
  6. This process may be needed to be repeated under the Protocols folder to enable TLS. It is still undetermined if TLS1.0 is required for communication here but should be considered.
  7. It may be necessary to reboot the console server following these changes.
Install dmidecode

  1. To enable dmidecode, first run rpm -qa | grep dmidecode* to confirm whether or not dmidecode is currently installed. If not, no further steps in this section are necessary.
  2. If nothing is found in an rpm search of dmidecode, run yum install dmidecode as user root to install the missing dependency.
  3. Confirm it has been installed and is present by rerunning rpm -qa | grep dmidecode* and from there restart the ECAT service by running as root: service ecat-agent restart
After taking these steps, the agent should populate in the Machines tab after given time to be merged with now clean data.
 

Attachments

    Outcomes