Just Published! Threat Report: Exposing Malware in Linux-Based Multi-Cloud Environments | Download Now

Receiving 404 error when trying to access a host through Carbon Black Live Response

Receiving 404 error when trying to access a host through Carbon Black Live Response

Version

This solution applies to Carbon Black 5.0 and later.

Issue

When attempting to establish a new session From the Carbon Black UI (Respond -> _Go Live), a 404 error message is observed:

[CB Live]# session new 2

error: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2 FINAL//EN">

<title>404 Not Found</title>

<h1>Not Found</h1>

[CB Live]#

When hovering over the "Go Live>_" button in the UI, the popup message is also present:

error: NOT FOUND-

The requested URL was not found on the server.

If you entered the URL manually please check your spelling and try again.

Cause

5.0 introduces new configuration for Nginx related to the Go Live feature. Following the upgrade and restarting the services, the User is prompted to reconcile the differences between the file /etc/cb/nginx/conf.d/cb.conf.rpmnew and the existing used .conf file (cb.conf or cb-multihome.conf). The 404 message indicates these steps were not completed.

Solution

To resolve the issue, insert the new endpoints "/sensor/cblr/" and "/api/v1/cblr/", specific to the CB Go Live feature:

1. For the default file: /etc/cb/nginx/conf.d/cb.conf:

server

{

    [...]

    # match everything to /sensor/cblr/*

    location /sensor/cblr/ {

        # Live Response sensor backend access layer

        include /var/cb/nginx/props/nginx.runtime.cblr_sensor.proxy_pass.prop;

        expires                0;

        proxy_set_header       Host             $host;

        proxy_set_header       X-Real-IP        $remote_addr;

        proxy_set_header       X-Forwarded-For  $proxy_add_x_forwarded_for;

        proxy_set_header       X-Client-Cert-Id $ssl_client_serial;

        proxy_set_header       X-Ssl-Protocol   $ssl_protocol;

        proxy_read_timeout     3600;

        proxy_send_timeout     3600;

    }

    [...]

    # match everything to /api/v1/cblr/*

    location /api/v1/cblr/ {

        # Live Response api backend access layer

        include /var/cb/nginx/props/nginx.runtime.cblr_api.proxy_pass.prop;

        include /var/cb/nginx/props/nginx.runtime.cblr_api.client_body_temp_path.prop;

        expires                0;

        proxy_set_header       Host             $host;

        proxy_set_header       X-Real-IP        $remote_addr;

        proxy_set_header       X-Forwarded-For  $proxy_add_x_forwarded_for;

        proxy_set_header       X-Client-Cert-Id $ssl_client_serial;

        proxy_set_header       X-Ssl-Protocol   $ssl_protocol;

        proxy_read_timeout     3600;

        proxy_send_timeout     3600;

        client_max_body_size   0;

    }

    [...]

}

2. For the segmented UI & Sensor ports file: /etc/cb/nginx/conf.d/cb-multihome.conf:

server

{

    # This server configuration is used for communications between the sensors

    # and the server.

    [...]

    # match everything to /sensor/cblr/*

    location /sensor/cblr/ {

        # Live Response sensor backend access layer

        include /var/cb/nginx/props/nginx.runtime.cblr_sensor.proxy_pass.prop;

        expires                0;

        proxy_set_header       Host             $host;

        proxy_set_header       X-Real-IP        $remote_addr;

        proxy_set_header       X-Forwarded-For  $proxy_add_x_forwarded_for;

        proxy_set_header       X-Client-Cert-Id $ssl_client_serial;

        proxy_set_header       X-Ssl-Protocol   $ssl_protocol;

        proxy_read_timeout     3600;

        proxy_send_timeout     3600;

    }

}

server

{

    # This server configuration is used for CB Enterprise Server's Web UI

    [...]

    # match everything to /api/v1/cblr/*

    location /api/v1/cblr/ {

        # Live Response api backend access layer

        include /var/cb/nginx/props/nginx.runtime.cblr_api.proxy_pass.prop;

        include /var/cb/nginx/props/nginx.runtime.cblr_api.client_body_temp_path.prop;

        expires                0;

        proxy_set_header       Host             $host;

        proxy_set_header       X-Real-IP        $remote_addr;

        proxy_set_header       X-Forwarded-For  $proxy_add_x_forwarded_for;

        proxy_set_header       X-Client-Cert-Id $ssl_client_serial;

        proxy_set_header       X-Ssl-Protocol   $ssl_protocol;

        proxy_read_timeout     3600;

        proxy_send_timeout     3600;

        client_max_body_size   0;

    }

    [...]

}

     Note: It is recommended to make the above changes to both cb.conf and cb-multihome.conf files in the case that the unused file is enabled in the future.

3. After including the above changes in cb.conf or cb-multihome.conf, restart the Nginx service:

service cb-nginx restart
Labels (1)
Tags (3)
Was this article helpful? Yes No
No ratings
Article Information
Author:
Creation Date:
‎04-03-2015
Views:
1171
Contributors