You Are Here : Forums Tuesday, January 06, 2009
     
Activeworx.org Forums
 
  Forum  IDS Policy Mana...  IDS Policy Mana...  FTP issue
Previous Previous
 
Next Next
New Post 12/21/2006 12:14 PM
  sarma_naredla
8 posts
satyam.com
No Ranking


FTP issue 

Hi,

 

I am not able to upload the files into the linux box thorugh IDS Policy manger using FTP.

 

It is giving following error.

 

 

Gathering Information from Database : Done
Building Policy from Database : Done
Uploading to Sensor HST using ftp.
Error Uploading to Sensor : FTP protocol error. 550 Failed to change directory..

Please let me know what is mis confiugration i have done in this.

 

 
 
New Post 12/21/2006 7:02 PM
  Jeff Dell
251 posts
www.activeworx.com
1st Level Poster


Re: FTP issue 
Modified By Jeff Dell on 12/21/2006 2:03:22 PM)
I was able to find an issue that under certain conditions it would try to change directories before it was done uploading the file. This caused a 550 error in the FTP upload. The problem has been fixed in the next build and should hopefully be made available tomorrow.

Cheers,
Jeff
 
New Post 12/26/2006 8:40 AM
  sarma_naredla
8 posts
satyam.com
No Ranking


Re: FTP issue 

Hi Jeff

 

Still i am facing same issue.I upgraded to latest version.Please help me in this regard.

 

Please find the upload.status.log file.

 

 

Gathering Information from Database : Done
Building Policy from Database : Done
Uploading to Sensor HST using ftp.
Local file: C:\\Documents and Settings\\sn16993\\Application Data\\Activeworx\\IDS Policy Manager SA\\tmp\\PID4\\100
Error Creating to Directory : /../rules - Directory Could already be made
Setting Remote Path: /../rules
Error Uploading to Sensor : FTP protocol error. 550 Failed to change directory.

 

Thank You,

 

Regards

Sarma
 
New Post 12/26/2006 12:52 PM
  Jeff Dell
251 posts
www.activeworx.com
1st Level Poster


Re: FTP issue 

I see the problem you are having now.. it is because I didn't test the directory of ../rules. I tested /rules, and putting the files in the same directory as the config files.  let me do some more testing and get up a new build in the next day or so that handles backward traversal with ftp. This should just be an issue for ftp as it changes directories a little different then sftp.

 

Thanks for the feedback,

 

Jeff
 
New Post 12/28/2006 12:43 PM
  sarma_naredla
8 posts
satyam.com
No Ranking


Re: FTP issue 

Hi Jeff,

 

Thanks for the response.Please let us know if the FTP problem is resolved in IDS Policy Manger 2.0.2.9Beta.We tried downloading again same software and tried in different systems.But still same problem persists.

 

Please help us in this regard.

 

Thank You,

 

Regards

Sarma
 
New Post 1/16/2007 8:05 AM
  sarma_naredla
8 posts
satyam.com
No Ranking


Re: FTP issue 
 

Hi Jeff,

 

Please let us know if the FTP problem is resolved in IDS Policy Manger 2.0.2.10Beta(idspm.v2.0.2.10beta.exe).We tried downloading the same software and tried in different systems.But still same problem persists.

 

Please help us in this regard.

 

Thank You,

 

Please find the upload.status Log in X:\Documents and Settings\administrator\Application Data\Activeworx\IDS Policy Manager SA

 

Gathering Information from Database
 : Done
Building Policy from Database
 : Done
Uploading to Sensor Snort using ftp.
Local file: X:\\Documents and Settings\\administrator\\Application Data\\Activeworx\\IDS Policy Manager SA\\tmp\\PID1\\10
Error Creating to Directory : /pub/../rules - Directory Could already be made
Setting Remote Path: /pub/../rules
Error Uploading to Sensor : FTP protocol error. 550 Failed to change directory..

Regards

Sarma
 
New Post 1/16/2007 12:31 PM
  Jeff Dell
251 posts
www.activeworx.com
1st Level Poster


Re: FTP issue 
The problem is our FTP library doesn't understand what /pub/.../rules means. We will have to write a manual way to handle ../ directories. To resolve this issue for now... Instead of using "../rules/", If you use the directory "rules/", remove the rule group directory, or use the full path it should upload and work without any trouble.

Cheers,
Jeff
 
New Post 1/16/2007 3:05 PM
  sarma_naredla
8 posts
satyam.com
No Ranking


Re: FTP issue 
 

Hi,

 

Thanks Jeff for the Solution.We are able to upload using /rules in FTP.

 

One more thing.We are not able to restart the Snort Service using Restart Settings in the Console.

 

Those settings are not saving in the Console.

 

Please look into the same.

 

It is giving following error in Upload.log file.

 

Restarting Sensor Snort.

Error Uploading to Sensor : System error: Other end disconnected during key negotiation.

 

Thank You

 

Regards

Sarma.

 

 

 
 
New Post 1/16/2007 5:06 PM
  Jeff Dell
251 posts
www.activeworx.com
1st Level Poster


Re: FTP issue 
How are you trying to restart the sensor? via local DOS script? can you give me more information about this?

Thanks,

Jeff
 
New Post 1/22/2007 6:25 AM
  sarma_naredla
8 posts
satyam.com
No Ranking


Re: FTP issue 

Hi Jeff,

 

I am trying to restart the sensor via Script via SSH option in the Restart Settings.

 

We are unable to restart the same.

 

Thanks

Sarma


 
 
New Post 1/22/2007 12:08 PM
  Jeff Dell
251 posts
www.activeworx.com
1st Level Poster


Re: FTP issue 
How come you would use FTP to upload then SSH to restart? Why not just use sFTP/SCP to upload which uses a subsystem within SSH and is secure compared to FTP which sends user/pass in the clear. at any rate... Please look at the upload log file which is in the application data/activeworx/IDS Policy Manager SA/ directory of your user profile. This might help figure out what the problem is.

Cheers,
Jeff
 
New Post 2/19/2007 11:44 AM
  winston6071
2 posts
No Ranking


Re: FTP issue 

Hello

since i am experimenting around with snort, i tried to do the same, restart the snort daemon after uploading the policies.

it seems i hook up on the same problem. have you already found a solution for this ?

 

one solution might me to synchronize the both tasks, the upload of the new rules with the ftp server or idspm tool and 10 mins later with a cronjob to restart the snort daemon on the linux system....

 

this solution is not a good solution for me, so i would prefer to have this "after upload feature" and restart option. the problem is that i am not allowed to create a maybe needed sftp server on it, the existing server is an ftp server and the upload is working. after the selection of "restart settings" and script via ssh it stays a long time and stops with the message :

it uploads all the rules maps and whatever stuff.....

at the end it stops with this

"Error Uploading to Sensor : System error: Other end disconnected during key negotiation" in the upload log....

 

on the linux machine:

remote ssh connections are allowed for root only, does it has to do that the "restart settings" tries to authenticate also with the "authentication options" settings for the ftp ? hmmm maybe i check this also or is there another thing to do in this case ?

 

thanks for answers in advance.

 

greetings joe
 
New Post 2/20/2007 1:53 PM
  Jeff Dell
251 posts
www.activeworx.com
1st Level Poster


Re: FTP issue 
hmm.. so is SSH on the box? if so, why not use sftp? sftp is the same thing as scp. which is supported by default in openssh. if you look at the bottom of the sshd.config file you will see:

Subsystem sftp /usr/libexec/openssh/sftp-server

If you have ssh and this line in your config, please try sftp upload.

Cheers,
Jeff
 
New Post 2/20/2007 3:50 PM
  winston6071
2 posts
No Ranking


Re: FTP issue 

hey jeff !

 

thanks a lot your the king :-) i just used the standard ssh as it was installed and with the settings for sftp it works fine.

 

thanks alot this helped me out :-)

 

greetings joe
 
 Page 1 of 1
Previous Previous
 
Next Next
  Forum  IDS Policy Mana...  IDS Policy Mana...  FTP issue
 
 
Copyright 2000-2007 by Activeworx, Inc.
All trademarks and copyrights on this page are owned by their respective owners.