Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

ERROR: SSL read (unable to receive message) OSSEC #2099

Open
manoj0772 opened this issue Aug 24, 2023 · 1 comment
Open

ERROR: SSL read (unable to receive message) OSSEC #2099

manoj0772 opened this issue Aug 24, 2023 · 1 comment

Comments

@manoj0772
Copy link

From OSSEC Server :-
[root@psappl215 ~]# /services/ossec/bin/ossec-authd -p 1515
[root@psappl215 ~]#

LOGS BELOW :-
023/08/24 13:57:10 ossec-authd: INFO: Started (pid: 2034).
2023/08/24 13:57:10 Accepting connections. Using password specified on file: /services/ossec//etc/authd.pass
2023/08/24 13:57:10 IPv4: 0.0.0.0 on port 1515
2023/08/24 13:57:10 Request for TCP listen() succeeded.
2023/08/24 13:57:10 Socket bound for IPv4: 0.0.0.0 on port 1515

[root@psappl215 logs]# netstat -tuplen | grep ossec
tcp 0 0 0.0.0.0:1515 0.0.0.0:* LISTEN 0 36054 2034/ossec-authd
[root@psappl215 logs]#

From OSSEC Agent :-

[root@psappl216 ~]# /var/ossec/bin/agent-auth -m 10.x.x.x -p 1515 -P /var/ossec/etc/authd.pass
2023/08/24 13:59:17 ossec-authd: INFO: Started (pid: 2122).
INFO: Using specified password.
2023/08/24 13:59:17 INFO: Connected to 10.x.x.x at address 10.x.x.x, port 1515
INFO: Connected to 10.x.x.x.:1515
INFO: Using agent name as: psappl216.jewelry.acn
INFO: Send request to manager. Waiting for reply.
INFO: Received response with agent key
INFO: Valid key created. Finished.
ERROR: SSL read (unable to receive message)
[root@psappl216 ~]#

Agent logs shows only this infor :
2023/08/24 13:59:17 ossec-authd: INFO: Started (pid: 2122).
2023/08/24 13:59:17 INFO: Connected to 10.x.x.x at address 10.x.x.x, port 1515

Any idea about error "ERROR: SSL read (unable to receive message)" ? I have check all logs and debug but no much information. I can see client key is created on ossec server but it is having issue sending data and communication back.

Running latest OSSEC version 3.7 on both SERVER and AGENT.

[root@psappl216 ~]# cat /var/ossec/etc/ossec-init.conf
DIRECTORY="/var/ossec"
VERSION="v3.7.0"
DATE="Wed Aug 23 02:03:53 PM EDT 2023"
TYPE="agent"
@manoj0772 manoj0772 mentioned this issue Aug 29, 2023
Open
@rolf-d2i
Copy link

rolf-d2i commented Nov 9, 2023

You can replicate this error on docker running on M2 mac when emulating AMD64 (because ARM support is missing). Probably the error can be replicated in any docker environment with a default docker network.
Install an OSSEC server and a client on two different docker instance and try

/var/ossec/bin/agent-auth -m -A 023/11/09 12:26:30 ossec-authd: INFO: Started (pid: 133).
WARN: No authentication password provided. Insecure mode started.
2023/11/09 12:26:30 INFO: Connected to at address 10.1.0.18, port 1515
INFO: Connected to :1515
INFO: Using agent name as:
INFO: Send request to manager. Waiting for reply.
INFO: Received response with agent key
INFO: Valid key created. Finished.
ERROR: SSL read (unable to receive message)

The key is created on the server correctly it appears as that can be listed on the ossec-server.
The issue was not present in the previous version of OSSEC.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@rolf-d2i @manoj0772