OPSEC LEA - opsec_putkey fail

gskorski — Fri, 06 Jul 2012 14:19:14 GMT

Hi,

I'm trying to configure Splunk with Checkpoint.
I have an error during the opsec_putkey on the splunk server :

Without the debug option:

root@splk01:linux22# ./opsec_putkey -ssl -port 18184 10.1.2.14
Please enter secret key:
Please enter secret key again:
 FW: Received new control security key from 10.1.2.14

Failed to initialize authentication with 10.1.2.14

With the debug option :

root@splk01:/linux22#./opsec_putkey -debug -ssl -port 18184 10.1.2.14
Please enter secret key:
Please enter secret key again:
[ 2047]@splk01 PM_policy_create: version 5301.
[ 2047]@splk01 PM_policy_add_name_to_group: finished successfully.
[ 2047]@splk01 PM_policy_set_local_names: () names. finished successfully.
[ 2047]@splk01 PM_policy_create: finished successfully.
[ 2047]@splk01 PM_policy_add_name_to_group: finished successfully.
[ 2047]@splk01 PM_policy_set_local_names: (local_sic_name) names. finished successfully.
[ 2047]@splk01 PM_policy_add_name_to_group: finished successfully.
[ 2047]@splk01 PM_policy_set_local_names: (127.0.0.1) names. finished successfully.
[ 2047]@splk01 PM_policy_add_name_to_group: finished successfully.
[ 2047]@splk01 PM_policy_set_local_names: ("OPSECPUTKEY") names. finished successfully.
[ 2047]@splk01 PM_apply_default_dn: finished successfully.
[ 2047]@splk01 setting fwa1 init password for 10.1.2.14 (10.1.2.14)

[ 2047]@splk01 peers addresses are
[ 2047]@splk01 127.0.1.1
[ 2047]@splk01 10.1.1.75
[ 2047]@splk01 sic_client_do_connect: no server sic name supplied, server sic name is unknown.
[ 2047]@splk01 fwasync_conn_params: <a01014b,50948> -> <a01020e,18184>
[ 2047]@splk01 fwasync_connbuf_realloc: reallocating 0 from 0 to 1028
[ 2047]@splk01 fwasync_connbuf_realloc: reallocating 0 from 0 to 1028
[ 2047]@splk01 sic_client_set_version: 6: protocol version is 59000000
[ 2047]@splk01 call_handlers_list: no conversion done, set cn=cp_mgmt,o=eminem..vyysgi as sic name
[ 2047]@splk01 PM_session_init: given session O(OPSECPUTKEY;cn=cp_mgmt,o=eminem..vyysgi;18184;ssl_opsec).
[ 2047]@splk01 PM_policy_query: input session O(OPSECPUTKEY;cn=cp_mgmt,o=eminem..vyysgi;18184;ssl_opsec).
[ 2047]@splk01 PM_policy_query: rule found (ANY;ANY;ANY;ssl_opsec;ssl(1/1)).
[ 2047]@splk01 PM_policy_query: finished successfully. 1st method = ssl
[ 2047]@splk01 PM_policy_choose: finished successfully. choose: ssl.
[ 2047]@splk01 peers addresses are
[ 2047]@splk01 10.1.2.14
[ 2047]@splk01 resolver_gethostbyaddr: Performing gethostbyaddr for 10.1.2.14
[ 2047]@splk01 fwa1 peername for 10.1.2.14 is 10.1.2.14
[ 2047]@splk01 ckpSSL_PrepareConnection: verify mode: 1
[ 2047]@splk01 My SSL Ciphers:
[ 2047]@splk01 Cipher List:
[ 2047]@splk01 0: ADH-DES-CBC3-SHA        SSLv3 Kx=DH       Au=None Enc=3DES(168) Mac=SHA1

[ 2047]@splk01 1: ADH-RC4-MD5             SSLv3 Kx=DH       Au=None Enc=RC4(128)  Mac=MD5 

[ 2047]@splk01 ckpSSL_NegotiateStep: current state = before/connect initialization
[ 2047]@splk01 is_initialized: new process or forked
[ 2047]@splk01 CkpRegDir: Environment variable CPDIR is not set.
[ 2047]@splk01 GenerateGlobalEntry: Unable to get registry path
[ 2047]@splk01 CkpRegDir: Environment variable CPDIR is not set.
[ 2047]@splk01 GenerateGlobalEntry: Unable to get registry path
[ 2047]@splk01 CkpRegDir: Environment variable CPDIR is not set.
[ 2047]@splk01 GenerateGlobalEntry: Unable to get registry path
[ 2047]@splk01 CkpRegDir: Environment variable CPDIR is not set.
[ 2047]@splk01 GenerateGlobalEntry: Unable to get registry path
[ 2047]@splk01 CkpRegDir: Environment variable CPDIR is not set.
[ 2047]@splk01 GenerateGlobalEntry: Unable to get registry path
[ 2047]@splk01 CkpRegDir: Environment variable CPDIR is not set.
[ 2047]@splk01 GenerateGlobalEntry: Unable to get registry path
[ 2047]@splk01 fwrand_write_seed: Failed to read seed
[ 2047]@splk01 CkpRegDir: Environment variable CPDIR is not set.
[ 2047]@splk01 GenerateGlobalEntry: Unable to get registry path
[ 2047]@splk01 CkpRegDir: Environment variable CPDIR is not set.
[ 2047]@splk01 GenerateGlobalEntry: Unable to get registry path
[ 2047]@splk01 fwrand_write_seed: Failed to write seed: Operation not permitted
[ 2047]@splk01 CkpRegDir: Environment variable CPDIR is not set.
[ 2047]@splk01 GenerateGlobalEntry: Unable to get registry path
[ 2047]@splk01 CkpRegDir: Environment variable CPDIR is not set.
[ 2047]@splk01 GenerateGlobalEntry: Unable to get registry path
[ 2047]@splk01 ckpSSL_fwasync_connected: no connections err -3
[ 2047]@splk01 ckpSSL_fwasync_close: start shutdown
[ 2047]@splk01 ckpSSL_ShutdownHandler: (0) SSLv2/v3 read server hello A
[ 2047]@splk01 ckpSSL_Destroy: close fd 6

Failed to initialize authentication with 10.1.2.14

[ 2047]@splk01 T_event_mainloop_e: T_event_mainloop_iter returns 0

Re: OPSEC LEA - opsec_putkey fail

Jennn — Mon, 24 Sep 2012 17:35:11 GMT

I have the same problem. Did you ever figure out how to fix this?

Re: OPSEC LEA - opsec_putkey fail

gskorski — Tue, 25 Sep 2012 08:15:41 GMT

No, I haven't retried yet

Re: OPSEC LEA - opsec_putkey fail

pnielsentrace3 — Wed, 17 Oct 2012 20:08:17 GMT

If this works the same way the put keys worked with Nortel products many years ago you have to reset the key on the firewall side too.

Re: OPSEC LEA - opsec_putkey fail

araitz — Tue, 09 Apr 2013 23:24:37 GMT

Can you try the most recent version of the app (2.0.0)? It uses sslca rather than putkey.

topic Re: OPSEC LEA - opsec_putkey fail in Getting Data In

OPSEC LEA - opsec_putkey fail

Re: OPSEC LEA - opsec_putkey fail

Re: OPSEC LEA - opsec_putkey fail

Re: OPSEC LEA - opsec_putkey fail

Re: OPSEC LEA - opsec_putkey fail