Threat Report: Exposing Malware in Linux-Based Multi-Cloud Environments | Download Now

Incorrect Iptables Rules Prevent Cluster From Communicating Correctly

Incorrect Iptables Rules Prevent Cluster From Communicating Correctly

Version

Cb Response 5.x, 6.x

Issue

Iptables is missing entries preventing a Cb Response Cluster from communicating correctly

Cause

Iptables or configuration settings were manually altered after the Cb Response Server was deployed. Alternatively, during initial install the option for cbinit to customize iptables was rejected.

Solution

The Cbcheck utility adds additional entries based off /etc/cb/cb.conf and /etc/cb/cluster.conf that are necessary for a standalone server or a cluster implementation.

Note: For more information on which ports are added, check out:

Warning: The cbcheck utility doesn’t automatically add default deny rules. Check here for more information: Cb Response Server Is Accepting Traffic On All Ports

Complete these steps on all nodes:

  1. Check for issues:
    /usr/share/cb/cbcheck iptables -l
  2. Apply any new rules if needed:
    /usr/share/cb/cbcheck iptables -a

Note: For general information on iptables rules, check here: https://www.digitalocean.com/community/tutorials/how-to-set-up-a-basic-iptables-firewall-on-centos-6

Labels (1)
Was this article helpful? Yes No
No ratings
Article Information
Author:
Creation Date:
‎02-21-2017
Views:
1365
Contributors