Comments (11)
Hello. Thanks for reporting this issue. I'm happy to help out here, but can you clarify what target (and port) you are scanning? Is this the Linux agent?
from oms-agent-for-linux.
Hi,
this is popping up on port 1270, which I believe is this agent.
[centos@hfd-cr-pweb1 ~]$ sudo netstat -tlupn|grep 1270
tcp 0 0 0.0.0.0:1270 0.0.0.0:* LISTEN 1204/omiserver
Thanks,
Eric
from oms-agent-for-linux.
@rubeon That's very strange. I would not expect port 1270 to be exposed unless the Operations Manager client was previously installed on this machine.
If you edit file /etc/opt/omi/conf/omiserver.conf
and change HTTPSPORT
to 0, then the OMS agent will no longer listen on port 1270. You don't need OMS to be listening for external connections to collect data on the local system (unless you're using the Operations Manager client on the same system).
from oms-agent-for-linux.
Also, if you are using Operations Manager and require TCP port 1270, you can control ciphers and SSLv3 behavior in the omiserver.conf file. NoSSLV3 is a Boolean property to toggle SSLv3 support and sslciphersuite= allows you to specify a standard OpenSSL cipher suite list (like you would for Apache's mod_ssl).
from oms-agent-for-linux.
Looks like this gets installed by the diagnostics extension in Azure. If Azure doesn't need this to be listening on port 1270, it should probably be disabled by default.
Thanks
from oms-agent-for-linux.
The intent, when Azure installs the diagnostic extension, is that it is NOT listening on port 1270.
Thanks for raising this issue, I'll bring it up with the Azure folks.
from oms-agent-for-linux.
I have committed the above fix, although the Azure team has opted to edit omiserver.conf themselves to not expose the port.
This problem should be fixed in an upcoming Azure agent release.
from oms-agent-for-linux.
I want to disable DES and 3DES sslCipherSuite in omiserver for port 1270 but it is not happening. I think, I didn't get proper syntax that used in omiserver.conf. Can anyone help me.
thanks.
from oms-agent-for-linux.
The syntax for sslCipherSuite
is identical to what the Apache HTTPD Server uses.
from oms-agent-for-linux.
from oms-agent-for-linux.
Your message isn't clear to me at all, sorry:
- What is the EXACT line that you've added to
omiserver.conf
? The format of the line above is not correct. - You say that you're trying to disable DES/3DES, and then when you try to test, OMI rejects. Isn't this correct?
- You say the same issue has been solved for port 443 by changing
ssl.conf
file. I'm not sure exactly what file you mean, but SSL doesn't drive port 443. Port 443 is an HTTPS port.
Finally, this repository isn't really the proper repository for OMI issues. Please open a new issue (with all questions above clearly addressed) to the OMI repository. That way, all of the OMI developers can chip in. I just happen to monitor the OMS issues, but OMS isn't the project I work on. Thanks for your understanding.
from oms-agent-for-linux.
Related Issues (20)
- selinux omsconfig rule does not take effact. HOT 1
- Cisco ASA Logs not parsing correctly
- Troubleshooter connectivity test
- onboard_agent.sh: Permission denied
- Understanding Cisco ASA CEF Flow HOT 1
- 1.14.23-0 installs broken version of omi
- Rate limiting
- How to enable GPU utilization from this agent?
- dsc_host crashing on Red Hat 7.9 HOT 1
- Rubrik syslog message field truncated HOT 1
- OMS agent is not collecting custom log from target path in a Linux folder HOT 1
- Agent cannot onboard
- Where is the new AzureMonitorAgent repository located? HOT 1
- error ejecucion de backup azure | /var/lib/waagent/Microsoft.EnterpriseCloud.Monitoring.OmsAgentForLinux-1.13.40/omsagent_shim.sh -install
- How to disable Azure Portal to automatically install OmsAgentForLinux on my VM?
- Rule ID 448b668a-738c-420b-b332-51ea49922933 logic
- Problems with "/etc/passwd- file permissions should be set to 0600"
- "Ensure default deny firewall policy" ignores nftables, resulting in false positives
- "Ensure lockout for failed password attempts is configured." and "Ensure password reuse is limited." don't recognize how authselect does them
- Omi and nxautomation users being created deleted and recreated weekly #766 HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from oms-agent-for-linux.