Just Published! Threat Report: Exposing Malware in Linux-Based Multi-Cloud Environments | Download Now

Multihome Configuration Troubleshooting

Multihome Configuration Troubleshooting

Enviroment

  • Cb Response 5.2.x
  • Cb Response 6.1.x

Issue

Unable to access the UI after changing over to a signed cert or port 8443 for the UI

Steps

  1. Verify that all changes have been made here: Migrating to a 5.2/6.1 Multihome Configuration File
  2. Verify this change has been made in the master configuration file /etc/cb/cb.conf. Add this line if it doesn't exist:
    NginxWebApiHttpPort=8443
    Note: Services need to be restarted if you have made any configuration changes to /etc/cb/cb.conf
  3. Verify that iptables has the allow rule to permit 8443 traffic through
    /usr/share/cb/cbcheck iptables -a
    1. Check that this line is present in /etc/sysconfig/iptables:
      -A INPUT -m state --state NEW -m tcp -p tcp --dport 8443 -j ACCEPT

      Note: This line should be before the default deny lines

      Note: 443 traffic should still be permitted for sensor traffic

    2. Restart services to commit changes if needed:
      service iptables reload
  4. If cb-nginx won't start, check the bottom of /var/log/cb/nginx/startup.log for errors:
    tail /var/log/cb/nginx/startup.log

Note: Multihome configurations are not necessary on the minions

Labels (1)
Was this article helpful? Yes No
No ratings
Article Information
Author:
Creation Date:
‎11-04-2016
Views:
1364
Contributors