Nothing to see

GregAlexandre

Hi,
I have same issue.
I have an "access denied" to server (translation from french sentence) in the secteer.log
Any idea.
Regards;
[2018-05-19 21:04:40.011+0120] Waiting 6 minutes before retrying
[2018-05-19 21:10:40.014+0120] Connecting to server: carma.secteer.com
[2018-05-19 21:10:40.394+0120] Server returned 401 =>
[2018-05-19 21:10:40.397+0120] Server response body: Unauthorized
[2018-05-19 21:10:40.397+0120] Failed to check in with server: italicised textaccess denied*

Tom

@gregalexandre Did you approve the agent in the "Configuration" at https://carma.secteer.com/personal-carma/#/configuration
I just ran my agent, and it got the expected response. Let me know and perhaps you can send me the full log tomorrow to tom [at] @vulndetect dot com

Ted

@vulndetect Hi Tom,

To be honest with you, I don't know that for sure if it came in a bundle with CS6. I know if I uninstall QuickTime there are some errors using PS/LR.
There are a lot of file extensions using QuickTime associated with CS6. So, this isn't an option to uninstall.

VulnDetect

@ted It's fine, we'll try to sort it out, soon.

Ted

@vulndetect Hi Tom,

Thank you.

KI108

@Tom
I have this same issue. I reported it earlier, but I don't see my post anywhere.
Log shows same message every 3 minutes

[2018-12-20 04:30:32.119-0360] Current configuration:
version:: 0.10.11.0
server : agent.vulndetect.com
guid1::
guid2::
guid3::
checkInInterval : 180 seconds
checkInRetryDelay : 60 seconds
maxCheckInRetryCount : 2
dataRetryDelay : 600 seconds
inspectionWindow : 21600 seconds
timezoneOffset : -360 minutes
serverTime : 2018-12-20 04:30:33 (UTC)
nextInspectionTime : 2018-12-20 13:10:00 (local time)
checkInNow:: false
noFilesystem : false
noRegistry : false
noWinUpdate : false
noSystem : false
noPackage:: true
[2018-12-20 04:30:32.119-0360] No tasks to perform.

Tom

@KI108 It appears that only the admin user is notified about post awaiting approval. And we don't usually use the admin account - so we didn't see it. Sorry. I've changed some settings and hope that my "Moderator" user will see it.
But now I will "up vote" your posts, and if someone else also does that, then you can post without approval next time.

nak

I'm having the same issue. There appear to be a few issues that I can see:

Looking at "c:\windows\logs\secteer\secteer.log" "nextInspectionTime" is always a day ahead (even when the next inspection is set on the web site). For example, if I set the web site "hour of day to run inspection" to be an hour from now, the web site will display "next inspection time" of "an hour", but the local agent thinks it is 25 hours from now.

(I'm in GMT-7 time zone if that makes a difference).

The other issue is: after a reboot the nextInspectionTime is set to be more than 24 hours away. Here's the logs from today after a reboot (auth tokens and names removed):

[2018-12-20 18:54:10.198-0480] SecTeer Agent v0.10.11.0 starting in launch mode^M
[2018-12-20 18:54:10.198-0480] Launching SecTeer Agent^M
[2018-12-20 18:54:10.202-0480] Agent main loop starting^M
[2018-12-20 18:54:10.202-0480] Initial configuration:
             version:: 0.10.11.0
              server : agent.vulndetect.com
               guid1::
               guid2::
               guid3::
     checkInInterval:: 3600 seconds
   checkInRetryDelay:: 360 seconds
maxCheckInRetryCount:: 10
      dataRetryDelay:: 1800 seconds
    inspectionWindow:: 21600 seconds
      timezoneOffset : -480 minutes
          checkInNow:: false
        noFilesystem:: false
          noRegistry:: false
         noWinUpdate:: false
            noSystem:: false
           noPackage:: true^M
[2018-12-20 19:51:50.929-0480] Checking in with server^M
[2018-12-20 19:51:50.929-0480]  Server = > 'agent.vulndetect.com'^M
[2018-12-20 19:51:50.929-0480] Waiting 27 minutes before first check-in^M
[2018-12-20 20:18:59.940-0480] Found 'computerName' = 'xxxx'^M
[2018-12-20 20:18:59.947-0480] Connecting to server: agent.vulndetect.com^M
[2018-12-20 20:19:00.652-0480] Server returned 201 =>^M
[2018-12-20 20:19:00.671-0480] Check-in complete^M
[2018-12-20 20:19:00.671-0480] Next scheduled check-in is in 3 minutes^M
[2018-12-20 20:19:00.672-0480] Current configuration:
             version:: 0.10.11.0
              server : agent.vulndetect.com
               guid1::
               guid2::
               guid3::
     checkInInterval : 180 seconds
   checkInRetryDelay : 60 seconds
maxCheckInRetryCount : 2
      dataRetryDelay : 600 seconds
    inspectionWindow : 21600 seconds
      timezoneOffset : -480 minutes
          serverTime : 2018-12-20 20:18:59 (UTC)
  nextInspectionTime : 2018-12-21 14:00:00 (local time)
          checkInNow:: false
        noFilesystem : false
          noRegistry : false
         noWinUpdate : false
            noSystem : false
           noPackage:: true^M
[2018-12-20 20:19:00.672-0480] No tasks to perform.^M

The previous nextInspectionTime was 2018-12-20 14:00:00 (local time). So the next inspection time jumped a day.

I believe this happens after a hibernate too, but I don't have the logs to prove it. In my case though it means even though the agent has been installed for weeks, my system never gets inspected unless I leave the system running 24x7.

I think there is a bug in your time arithmetic for setting nextInspectionTime.

Tom

@nak Could you send both your secteer.log files from c:\windows\logs\secteer via email to tom at vulndetect dot com

And can you tell me if the nextInspectionTime corresponds with what you see in the UI?

Tom

@nak We believe we found the cause of this issue. The developers have just released a fix:
https://vulndetect.org/topic/472/release-secteer-vulndetect-personal-and-backend-2018-12-28

Please let me know if this fixes it (you only need to wait and see if it runs the inspection at the next "inspectionWindow").