[prev in list] [next in list] [prev in thread] [next in thread]
List: osiris-devel
Subject: Re: [osiris-devel] 2.4.0-rc2 - conclusion
From: "Alexei_Roudnev" <Alexei_Roudnev () exigengroup ! com>
Date: 2003-12-20 1:01:52
Message-ID: 0c9701c3c694$dad99d60$267f300a () exigengroup ! com
[Download RAW message or body]
No need for now.
----- Original Message -----
From: "Alexei_Roudnev" <Alexei_Roudnev@exigengroup.com>
To: "Osiris Developers" <osiris-devel@lists.shmoo.com>
Sent: Friday, December 19, 2003 4:35 PM
Subject: Re: [osiris-devel] 2.4.0-rc2 - conclusion
> Can you post windows build (.exe) so that I can eliminate a difference in
> the local build environment(s)?
>
> ----- Original Message -----
> From: "Brian Wotring" <brian@shmoo.com>
> To: "Osiris Developers" <osiris-devel@lists.shmoo.com>
> Sent: Friday, December 19, 2003 4:09 PM
> Subject: Re: [osiris-devel] 2.4.0-rc2 - conclusion
>
>
> >
> > I've done some more sanity checks on FreeBSD, Mac OS X, and Linux. No
> > problems. If there is anything funky, it appears to be Windows only.
> > Even still, I will postpone the release.
> >
> > I will fire up some Windows machines to do some more
> > testing/verification.
> >
> > On Dec 19, 2003, at 4:29 PM, Alexei_Roudnev wrote:
> >
> > > Ok, with the scanner.
> > >
> > > My actions:
> > > - install new osirisi onto the management system secmon1, and into 3
> > > development systems (scanner only) imxwf01, imxwf03, imxwf04.
> > > - next morning, I have such reports:
> > > 01:00 scan log - [6042 changes][host: secmon1] Osiris IDS
> > > December 18, 03
> > > 22:50 scan log - [12 changes][host: imxwf04] Osiris IDS
> > > 22:45 scan log - [12 changes][host: imxwf03] Osiris IDS
> > > 22:41 scan log - [3853 changes][host: imxwf01] Osiris IDS
> > > 22:29 failed to start scheduled scan [host: imxprwf04] Osiris
IDS
> > > 22:29 failed to start scheduled scan [host: clxprwf01] Osiris
IDS
> > > 22:15 scan log - [25 changes][host: nms1] Osiris IDS
> > > 20:43 scan log - [18 changes][host: clxstgwf01] Osiris IDS
> > > 20:27 failed to start scheduled scan [host: sjcswf04] Osiris IDS
> > > 01:08 scan log - [0 changes][host: secmon1] Osiris IDS
> > >
> > >
> > >
> > > 2 scans failed because I renamed their config file, trying to get rid
> > > of
> > > diuplicated names, so forget about it (I fixed it for 1 system, and
> > > doing
> > > this, had a lot of fun, trying do not forget any of this 10 actions
> > > which
> > > are required to change a config - edit, (name? ), push (name?), scan,
> > > view
> > > log (name?), set db (easy)... instead of just saying _set active name
> > > xxxxx_.). Anyway, see next 4 messages.
> > >
> > > 2 scans with 12 changes are about 'new osirisd', so they works
correct.
> > > secmon1 and imxwf01 reported simular problem (I cut most of the
> > > output, dont
> > > worry):
> > >
> > > [imxwf01][missing][c:\winnt\inf\dcup5.inf]
> > > [imxwf01][missing][c:\winnt\ServicePackFiles\i386\gameenum.sys]
> > > [imxwf01][missing][c:\winnt\system32\avtapi.dll]
> > > [imxwf01][missing][c:\winnt\system32\danim.dll]
> > > [imxwf01][missing][c:\winnt\system32\mstlsapi.dll]
> > > [imxwf01][missing][c:\winnt\system32\mswsock.dll]
> > > [imxwf01][missing][c:\winnt\ServicePackFiles\i386\ibmtrp.sys]
> > > [imxwf01][missing][c:\winnt\system32\export\instndi5.dll]
> > > [imxwf01][missing][c:\winnt\system32\msltus40.dll]
> > > [imxwf01][missing][c:\winnt\system32\wbem\fastprox.dll]
> > > [imxwf01][missing][c:\winnt\inf\mdmrock.inf]
> > > [imxwf01][missing][c:\winnt\ServicePackFiles\i386\hlink.dll]
> > > [imxwf01][missing][c:\winnt\system32\d3dramp.dll]
> > > [imxwf01][missing][c:\winnt\system32\FORMAT.COM]
> > > [imxwf01][missing][c:\winnt\ServicePackFiles\i386\rsvpsp.dll]
> > > [imxwf01][missing][c:\winnt\system32\drivers\otman4.sys]
> > > [imxwf01][missing][c:\winnt\system32\dxmrtp.dll]
> > > [imxwf01][missing][c:\winnt\$NtUninstallQ329115$\user32.dll]
> > > [imxwf01][missing][c:\winnt\ServicePackFiles\i386\rasl2tp.sys]
> > > [imxwf01][missing][c:\winnt\system32\polstore.dll]
> > > [imxwf01][missing][c:\winnt\inf\disk.inf]
> > > [imxwf01][missing][c:\winnt\inf\mdac.inf]
> > > [imxwf01][missing][c:\winnt\ServicePackFiles\i386\rdpwd.sys]
> > > [imxwf01][missing][c:\winnt\system32\netapi.dll]
> > > [imxwf01][missing][c:
> > > \winnt\assembly\GAC\VisiFLOW.VO.Clump.PIA\5.4.1.14280__
> > > 1a9743be2bf57690\__AssemblyInfo__.ini]
> > > [imxwf01][missing][c:\winnt\inf\mdmmix.inf]
> > > [imxwf01][missing][c:\winnt\ServicePackFiles\i386\hypertrm.exe]
> > > [imxwf01][missing][c:\winnt\ServicePackFiles\i386\unsecapp.exe]
> > > [imxwf01][missing][c:\winnt\inf\dgasync.inf]
> > > [imxwf01][missing][c:\winnt\inf\netoce4m.inf]
> > > [imxwf01][missing][c:\winnt\ServicePackFiles\i386\adsldp.dll]
> > > [imxwf01][missing][c:\winnt\system32\hardware.inf]
> > > [imxwf01][missing][c:\winnt\system32\kbdne.dll]
> > > [imxwf01][missing][c:\winnt\system32\regwiz.exe]
> > > [imxwf01][missing][c:\winnt\ServicePackFiles\i386\thumbvw.dll]
> > > [imxwf01][missing][c:\winnt\system32\msidpe.dll]
> > > [imxwf01][missing][c:\winnt\system32\rasgprxy.dll]
> > > [imxwf01][missing][c:\winnt\inf\mdmaus.inf]
> > > [imxwf01][missing][c:\winnt\inf\mdmsrt.inf]
> > >
[imxwf01][missing][c:\winnt\Microsoft.NET\Framework\v1.0.3705\ngen.exe]
> > > [imxwf01][missing][c:\winnt\system32\AUTOCHK.EXE]
> > > [imxwf01][missing][c:\winnt\system32\eudcedit.exe]
> > > [imxwf01][missing][c:\winnt\ServicePackFiles\i386\hidparse.sys]
> > > [imxwf01][missing][c:\winnt\ServicePackFiles\i386\mqmailoa.dll]
> > > [imxwf01][missing][c:\winnt\ServicePackFiles\i386\scrobj.dll]
> > > [imxwf01][missing][c:\winnt\ServicePackFiles\i386\userinit.exe]
> > > [imxwf01][missing][c:\winnt\system32\cdm.dll]
> > > [imxwf01][missing][c:\winnt\system32\stisvc.exe]
> > > [imxwf01][missing][c:\winnt\inf\licenoc.inf]
> > > [imxwf01][missing][c:\winnt\ServicePackFiles\i386\dsadmin.dll]
> > > [imxwf01][missing][c:\winnt\ServicePackFiles\i386\polstore.dll]
> > > [imxwf01][missing][c:\winnt\ServicePackFiles\i386\rdpwsx.dll]
> > > [imxwf01][missing][c:\winnt\system32\convmsg.dll]
> > > [imxwf01][missing][c:\winnt\inf\wmqfe.inf]
> > > [imxwf01][missing][c:\winnt\ServicePackFiles\i386\activeds.dll]
> > > [imxwf01][missing][c:\winnt\ServicePackFiles\i386\bhp018.dll]
> > > [imxwf01][missing][c:\winnt\ServicePackFiles\i386\ohci1394.sys]
> > > [imxwf01][missing][c:
> > > \winnt\system32\clients\tsclient\net\win16\conman.exe]
> > > [imxwf01][missing][c:\winnt\system32\mtxdm.dll]
> > > [imxwf01][missing][c:\winnt\inf\netirda.inf]
> > > [imxwf01][missing][c:\winnt\ServicePackFiles\i386\autofmt.exe]
> > > [imxwf01][missing][c:\winnt\ServicePackFiles\i386\cryptsvc.dll]
> > > [imxwf01][missing][c:\winnt\ServicePackFiles\i386\sfmsvc.exe]
> > > [imxwf01][missing][c:\winnt\ServicePackFiles\i386\winhttp.dll]
> > > [imxwf01][missing][c:\winnt\system32\himem.sys]
> > >
[imxwf01][missing][c:\winnt\$NtUninstallQ328310$\spuninst\spuninst.exe]
> > > [imxwf01][missing][c:\winnt\system32\clipbrd.exe]
> > > [imxwf01][missing][c:\winnt\system32\rastapi.dll]
> > > [imxwf01][missing][c:\winnt\ServicePackFiles\i386\occache.dll]
> > > [imxwf01][missing][c:\winnt\ServicePackFiles\i386\wmicore.dll]
> > > [imxwf01][missing][c:\winnt\system32\print.exe]
> > > [imxwf01][missing][c:\winnt\inf\mdmgl009.inf]
> > > [imxwf01][missing][c:\winnt\ServicePackFiles\i386\iis.dll]
> > > [imxwf01][missing][c:\winnt\ServicePackFiles\i386\kbdca.dll]
> > > [imxwf01][missing][c:\winnt\ServicePackFiles\i386\nlhtml.dll]
> > > [imxwf01][missing][c:\winnt\ServicePackFiles\i386\rsabase.dll]
> > > [imxwf01][missing][c:\winnt\ServicePackFiles\i386\startrom.com]
> > > [imxwf01][missing][c:\winnt\ServicePackFiles\i386\storprop.dll]
> > > [imxwf01][missing][c:\winnt\system32\dfscore.dll]
> > > [imxwf01][missing][c:\winnt\system32\mshtmler.dll]
> > > [imxwf01][missing][c:\winnt\system32\ntmsmgr.dll]
> > > [imxwf01][missing][c:\winnt\system32\winchat.exe]
> > > [imxwf01][missing][c:\winnt\ServicePackFiles\i386\rasscrpt.dll]
> > > [imxwf01][missing][c:\winnt\system32\drivers\nwlnkspx.sys]
> > > [imxwf01][missing][c:\winnt\system32\drivers\serenum.sys]
> > > [imxwf01][missing][c:\winnt\system32\kbdusr.dll]
> > > [imxwf01][missing][c:\winnt\system32\ntdsutil.exe]
> > > [imxwf01][missing][c:\winnt\ServicePackFiles\i386\ipsnap.dll]
> > > [imxwf01][missing][c:\winnt\ServicePackFiles\i386\winhstb.exe]
> > > [imxwf01][missing][c:\winnt\system32\atkctrs.dll]
> > > [imxwf01][missing][c:\winnt\system32\iaspipe.dll]
> > > [imxwf01][missing][c:\winnt\system32\MFC30.DLL]
> > > [imxwf01][missing][c:\winnt\system32\psxdll.dll]
> > > [imxwf01][missing][c:\winnt\system32\qwinsta.exe]
> > > [imxwf01][missing][c:\winnt\inf\mdmnokia.inf]
> > > [imxwf01][missing][c:\winnt\ServicePackFiles\i386\comctl32.dll]
> > > [imxwf01][missing][c:\winnt\system32\chgusr.exe]
> > > [imxwf01][missing][c:\winnt\system32\mnmsrvc.exe]
> > > [imxwf01][missing][c:\winnt\inf\mdmpbit.inf]
> > > [imxwf01][missing][c:\winnt\inf\netw926.inf]
> > > [imxwf01][missing][c:\winnt\ServicePackFiles\i386\clusiis4.dll]
> > > [imxwf01][missing][c:
> > > \winnt\system32\clients\tsclient\net\win16\ole2nls.dll]
> > > [imxwf01][missing][c:\winnt\system32\igmpagnt.dll]
> > > [imxwf01][missing][c:\winnt\system32\key01.sys]
> > > [imxwf01][missing][c:\winnt\system32\sethc.exe]
> > > [imxwf01][missing][c:\winnt\inf\drvindex.inf]
> > > [imxwf01][missing][c:\winnt\system32\MSSIGN32.DLL]
> > > [imxwf01][missing][c:\winnt\system32\sfmapi.dll]
> > > [imxwf01][missing][c:\winnt\system32\URTTemp\mscorsn.dll]
> > > [imxwf01][missing][c:\winnt\inf\machine.inf]
> > > [imxwf01][missing][c:\winnt\inf\mstts.inf]
> > > [imxwf01][missing][c:\winnt\ServicePackFiles\i386\ddsmc.sys]
> > > [imxwf01][missing][c:\winnt\ServicePackFiles\i386\txfaux.dll]
> > > [imxwf01][missing][c:\winnt\inf\iisdbg.inf]
> > > [imxwf01][missing][c:\winnt\inf\mdmar1.inf]
> > > [imxwf01][missing][c:\winnt\inf\netctmva.inf]
> > > [imxwf01][missing][c:
> > > \winnt\Microsoft.NET\Framework\v1.0.3705\System.Web.dll
> > > ]
> > > [imxwf01][missing][c:\winnt\system32\d3dim700.dll]
> > > [imxwf01][missing][c:\winnt\inf\cfmcanon.inf]
> > > .....
> > > [imxwf01][missing][c:\winnt\inf\mdmsnit1.inf]
> > > [imxwf01][missing][c:\winnt\ServicePackFiles\i386\dbmsadsn.dll]
> > > [imxwf01][missing][c:\winnt\ServicePackFiles\i386\hivesft.inf]
> > > [imxwf01][missing][c:
> > > \winnt\system32\clients\tsclient\win32\disks\disk1\comm
> > > on98.dll]
> > > [imxwf01][missing][c:\winnt\system32\dfrgui.dll]
> > > [imxwf01][missing][c:\winnt\system32\dsound.dll]
> > > [imxwf01][missing][c:
> > > \winnt\assembly\GAC\IEExecRemote\1.0.3300.0__b03f5f7f11
> > > d50a3a\__AssemblyInfo__.ini]
> > > [imxwf01][missing][c:\winnt\system32\ole2.dll]
> > >
> > >
> > > Change Statistics:
> > > ----------------------------------
> > >
> > > checksums: 0
> > > SUID files: 0
> > > root-owned files: 0
> > > file permissions: 0
> > > new files: 0
> > > missing files: 3853
> > >
> > > total differences: 3853
> > >
> > > The same for secmon1, with exception of number of files:
> > >
> > > Change Statistics:
> > > ----------------------------------
> > >
> > > checksums: 0
> > > SUID files: 0
> > > root-owned files: 0
> > > file permissions: 0
> > > new files: 0
> > > missing files: 6042
> > >
> > > total differences: 6042
> > >
> > > I did a few experiments, using other case (C:\ instead of c:\),
> > > removing
> > > description of <Directory C:\> section, etc - it does not help.
> > > Installing
> > > rc2 version instead of last one did not helped. Then I instaleld
> > > 2.1beta2
> > > scanner, and (without changing configuration) everything restored:
> > >
> > >
> > > <https://secmon1.amc.portera.com:2267?
> > > action=v&host=imxwf01&base_db=12&log=l
> > > og.temp>
> > >
> > > compare time: Fri Dec 19 13:11:48 2003
> > > host: imxwf01
> > > scan config: devlab
> > > log file: no log file generated, see system log.
> > > base db: 11
> > > compare db: 12
> > >
> > > [imxwf01][cmp][c:
> > > \winnt\osiris\uninstall_osiris.exe][checksum][dade2b830c08a
> > > 0358e05cffd4c8cf787,940e7c24d1c5c17bfec3f5889ffee57a]
> > > [imxwf01][cmp][c:\winnt\osiris\uninstall_osiris.exe][mtime][Fri Oct 10
> > > 20:07:50 2003,Fri Dec 19 13:02:40 2003]
> > > [imxwf01][cmp][c:
> > > \winnt\osiris\uninstall_osiris.exe][file_attributes][+archi
> > > ve,-normal]
> > > [imxwf01][cmp][c:
> > > \winnt\system32\osirisd.exe][checksum][bfb81bcda3f4a1e2b04a
> > > 64a2398f707f,1e90a3edd3d77f7e01c6de6aa82503da]
> > > [imxwf01][cmp][c:\winnt\system32\osirisd.exe][mtime][Fri Oct 10
> > > 18:58:24
> > > 2003,Mon Nov 03 17:13:14 2003]
> > > [imxwf01][cmp][c:\winnt\system32\osirisd.exe][ctime][Fri Oct 10
> > > 18:58:24
> > > 2003,Mon Nov 03 17:13:14 2003]
> > > [imxwf01][cmp][c:
> > > \winnt\system32\osirisd.exe][file_attributes][+archive,-nor
> > > mal]
> > >
> > > I can make a few experiments, setting up config from imxwf01 onto
> > > imxwf03
> > > (which have new osiris scanner) and see, what's happen (but - it's
just
> > > again like feeding a crocodile - all this mistical commands instead of
> > > 'host imxwf03;set-config Win2K.conf;start-scan;set-config devlab;'
> > > ), and let you know about results.
> > >
> > > Alex
> > >
> > >
> > > ----- Original Message -----
> > > From: "Brian Wotring" <brian@shmoo.com>
> > > To: "Osiris Developers" <osiris-devel@lists.shmoo.com>
> > > Sent: Friday, December 19, 2003 2:56 PM
> > > Subject: Re: [osiris-devel] 2.4.0-rc2 - conclusion
> > >
> > >
> > >>
> > >> With respect to the usage model, I disagree, but that is something
> > >> that
> > >> we can debate later. The usage model is not going to be changed for
> > >> this release. Right now the important thing is to track down the
> > >> alleged problems.
> > >>
> > >> What, specifically, are you seeing wrong with the scanner?
> > >>
> > >> On Dec 19, 2003, at 3:38 PM, Alexei_Roudnev wrote:
> > >>
> > >>> I think that it is a bad idea to release this version as it is now.
> > >>>
> > >>> First of all, there is mistical bug in WinNT. Of course, it is only
a
> > >>> mater
> > >>> of time to find it, and it is not expected to be something
> > >>> comlicated.
> > >>>
> > >>> Second, all CLU commands must be verified - I found a problem in
> > >>> print-db,
> > >>> when trying to use it, and I suspect that many otehr commands have
> > >>> small
> > >>> bugs as well.
> > >>>
> > >>> But, most important, we have not convenient interface yet. Global
> > >>> configs
> > >>> and common config repository are a great thing, but it reveals all
> > >>> problems
> > >>> with config naming and work schema.
> > >>> It is absolutely impossible to use current schema because:
> > >>> - when I run 'edit-config', I expect to have a default 'current
> > >>> config';
> > >>> - everyone who worked with such things as Osiris expect that every
> > >>> host have
> > >>> Current or Active config, and that start-scan automatically pushs
> > >>> this
> > >>> config, and edit-config
> > >>> automatically select this config. It is very difficult to understand
> > >>> current
> > >>> schema, which is:
> > >>> - host have not active config
> > >>> - scanner can have loaded config, but it require explicit
command.
> > >>> Scheduled scan re-load config. When scanner starts, it does not load
> > >>> any
> > >>> config.
> > >>> When I want to set up a new config, I must make some mistical
> > >>> commands
> > >>> (push, scan, set up data base) to make in known for scheduled
> > >>> scans...
> > >>>
> > >>> All this is TOO COMPLEX. Schema should be much simpler:
> > >>> - host have CURRENT SCAN (ok, use scan saved in data base)
> > >>> - start-scan automatically push this config;
> > >>> - edit-config automatically prompt this config
> > >>> - if you edit-config in the host context and this is not Active
> > >>> config,
> > >>> system prompt you t change active config
> > >>> - list-configs smark current config by '*'
> > >>> - print-db and other commands shows configuration name, not mistical
> > >>> ID
> > >>> - print-log have a default _last log_ (log.temp or ##)
> > >>>
> > >>> In this case, no one will make so many mistakes as now - I can
> > >>> predict, that
> > >>> if we release such version, then we will have a huge heap of dumb
> > >>> questions
> > >>> _how can I
> > >>> change active config_, _I edited configuration and run scan, but
next
> > >>> day,
> > >>> schedule runned another config; why?_, and so on...
> > >>>
> > >>> I work with scanner problem; any ideas why it could happen. problem
> > >>> existed
> > >>> in previous Release Candidate as well, I think that it resulted from
> > >>> the
> > >>> change, related to NoEntry (but do not know yet, why it have so
> > >>> strange
> > >>> behavior).
> > >>>
> > >>>
> > >>>
> > >>> _______________________________________________
> > >>> osiris-devel mailing list
> > >>> osiris-devel@lists.shmoo.com
> > >>> https://lists.shmoo.com/mailman/listinfo/osiris-devel
> > >>>
> > >>>
> > >> --
> > >> Brian Wotring ( brian@shmoo.com )
> > >> PGP KeyID: 0x9674763D
> > >>
> > >> _______________________________________________
> > >> osiris-devel mailing list
> > >> osiris-devel@lists.shmoo.com
> > >> https://lists.shmoo.com/mailman/listinfo/osiris-devel
> > >>
> > >
> > > _______________________________________________
> > > osiris-devel mailing list
> > > osiris-devel@lists.shmoo.com
> > > https://lists.shmoo.com/mailman/listinfo/osiris-devel
> > >
> > >
> > --
> > Brian Wotring ( brian@shmoo.com )
> > PGP KeyID: 0x9674763D
> >
> > _______________________________________________
> > osiris-devel mailing list
> > osiris-devel@lists.shmoo.com
> > https://lists.shmoo.com/mailman/listinfo/osiris-devel
> >
>
> _______________________________________________
> osiris-devel mailing list
> osiris-devel@lists.shmoo.com
> https://lists.shmoo.com/mailman/listinfo/osiris-devel
>
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic