Knowledge Base

Ask A Question

Questions

3

Cannon install Insight Agent

I am unable to install the Insight agent on a Windows 2012 R2 server - the agent installs but the service fails to start so the install never completes. Seems a bit basic that the agent won't even install - the only thing I can see is the following error in the log for the ir_agent: Python could not construct the class instance Traceback (most recent call last): File "E:\jenkins\WORKSP~1\PY-FOR~2\agent\persistence\winsvc.py", line 26, in __init__ File "E:\jenkins\WORKSP~1\PY-FOR~2\agent\agent.py", line 234, in __init__ File "E:\jenkins\WORKSP~1\PY-FOR~2\agent\agent.py", line 95, in __init__ File "E:\jenkins\WORKSP~1\PY-FOR~2\agent\platforms\windows\mixins.py", line 144, in _agent_shutdown File "E:\jenkins\WORKSP~1\PY-FOR~2\agent\platforms\base\mixins.py", line 135, in _agent_shutdown SystemExit: 1 %2: %3 And the following in the agent.log in the Agent directory: 2018-10-31 22:55:23,540 [INFO] [agent.agent]: Registered as singleton. PID: Unavailable 2018-10-31 22:55:23,540 [INFO] [agent.platforms.windows.mixins]: Unable to obtain uuid using method FIRMWARE_API - AgentID '00000000-0000-0000-0000-000000000000' is invalid 2018-10-31 22:55:23,571 [INFO] [agent.platforms.windows.mixins]: Unable to obtain uuid using method WMI - AgentID '00000000-0000-0000-0000-000000000000' is invalid 2018-10-31 22:55:23,571 [ERROR] [agent.platforms.windows.mixins]: Unable to obtain uuid from any known methods - attempt random generation ONLY if config allows 2018-10-31 22:55:23,571 [ERROR] [agent.agent]: Exception occurred while retrieving/caching agent id: Agent config is prevents random agentid Traceback (most recent call last): File "E:\jenkins\WORKSP~1\PY-FOR~2\agent\agent.py", line 84, in __init__ File "E:\jenkins\WORKSP~1\PY-FOR~2\agent\common.py", line 333, in __get__ File "E:\jenkins\WORKSP~1\PY-FOR~2\agent\platforms\windows\mixins.py", line 135, in plat_hostId File "E:\jenkins\WORKSP~1\PY-FOR~2\agent\platforms\base\mixins.py", line 72, in _agentid_random agent.exceptions.InvalidAgentidException: Agent config is prevents random agentid Any ideas? thanks Barry

Posted by Barry Smith 5 months ago

8

Locating libssh to triage CVE-2018-10933

Looking through Nexpose for libssh server banners I haven't seen the banners being fingerprinted. I've done initial triage with SQL reports Via SSH banners but I was curious if anyone else has already written a solid libssh fingerprint that I can borrow to write a basic vulnerability check? https://www.libssh.org/security/advisories/CVE-2018-10933.txt https://arstechnica.com/information-technology/2018/10/bug-in-libssh-makes-it-amazingly-easy-for-hackers-to-gain-root-access/ My Initial libssh banner report: ``` WITH asset_ips AS ( SELECT asset_id, ip_address, type FROM dim_asset_ip_address dips ), asset_addresses AS ( SELECT da.asset_id, (SELECT array_to_string(array_agg(ip_address), ',') FROM asset_ips WHERE asset_id = da.asset_id AND type = 'IPv4') AS ipv4s, (SELECT array_to_string(array_agg(ip_address), ',') FROM asset_ips WHERE asset_id = da.asset_id AND type = 'IPv6') AS ipv6s, (SELECT array_to_string(array_agg(mac_address), ',') FROM dim_asset_mac_address WHERE asset_id = da.asset_id) AS macs FROM dim_asset da JOIN asset_ips USING (asset_id) ), asset_names AS ( SELECT asset_id, array_to_string(array_agg(host_name), ',') AS names FROM dim_asset_host_name GROUP BY asset_id ), banners AS ( SELECT da.asset_id AS asset_id, dasc.port AS port, ds.name AS ds_name, ' [' || dasc.name::text || ': ' || array_to_string(array_agg(dasc.value),', ')::text || ']' AS banner_info FROM dim_asset da JOIN dim_asset_service_configuration dasc USING (asset_id) JOIN dim_service ds USING (service_id) GROUP BY da.asset_id, da.ip_address, dasc.port, ds.name, dasc.name ) SELECT da.ip_address AS "Asset IP Address", an.names AS "Asset Names", csv(ds.name) AS "Sites", banners.port, banners.ds_name, csv(banners.banner_info) AS "Banner Info" FROM dim_asset da LEFT OUTER JOIN asset_addresses aa USING (asset_id) LEFT OUTER JOIN asset_names an USING (asset_id) JOIN banners using (asset_id) JOIN dim_site_asset using (asset_id) JOIN dim_site ds USING (site_id) WHERE banners.banner_info ilike '%libssh%' GROUP BY da.ip_address, da.ip_address, ds.name, banners.port, banners.ds_name, an.names, ds.name ORDER BY da.ip_address, banners.port ```

Posted by BrianWGray 6 months ago