@ptonni - thanks for the information.
To “HCL”: might it be an idea to have something where the whitelist can be updated?
When I installed the plugin it generated this:
-rw------- 1 root root 132 Jun 27 2018 DownloadWhitelist.txt
[root@bigfix config]# cat DownloadWhitelist.txt
http://iwm.dhe.ibm.com/.*
AIXProtocolR2://.*
http://download4.boulder.ibm.com/.*
http://delivery04.dhe.ibm.com/.*
AIXProtocol://.*
So, I see why AIXProtocol is “always” working, but AIXProtocolR2 is not.
FYI: I tried re-configuring the R2 plugin, but that did not update the whitelist either.
What I also notice is that the HTTP proxy I use does still get used when AIXProtocol makes it’s call, but the R2 does not.
::::::::::::::
AIXProtocol/plugin.ini
::::::::::::::
[Logger]
verbose = 1
logfile = logs/AIXPlugin.log
timestampLogfile = 1
timestampMsgs = 1
debug = 2
maxAgeLogFiles = 14
maxSizeLogFiles = 52428800
[UA]
proxy = http://192.168.129.64:8080
proxyUser =
proxyPass =
BFArchiveEXE = /var/opt/BESServer/DownloadPlugins/AIXProtocol/BFArchive
::::::::::::::
AIXProtocolR2/plugin.ini
::::::::::::::
[Logger]
file = logs/AIXPluginR2.log
level = INFO
[UA]
Username = MyLittle@secretname.net
Password = HowAboutImprovedHaskAlgorithm==
proxy = http://192.168.129.64:8080
proxyUser =
proxyPass =
primaryRepoListFile =
extendedRepoListFile =
onlyUseExtendedRepoListFile= no
localCache =
localCacheOnly = no
rootCertDir = certs
So, from my proxy log - I used to see:
e.g.:
…
192.168.129.2 - - [15/Feb/2019:13:19:22 +0000] “GET http://delivery04.dhe.ibm.com/sar/CMA/AXA/02rqq/1/U847654.bff HTTP/1.1” 206 713728
192.168.129.2 - - [15/Feb/2019:13:19:23 +0000] “GET http://delivery04.dhe.ibm.com/sar/CMA/AXA/02rc7/0/U838516.bff HTTP/1.1” 206 161792
…
But now only see the Protocol(R1) stuff:
Note line with eccgw01.boulder.ibm.com
192.168.129.2 - - [06/Oct/2019:21:07:00 +0000] "CONNECT sync.bigfix.com:443 HTTP/1.1" 200 -
192.168.129.2 - - [06/Oct/2019:21:15:54 +0000] "GET http://sync.bigfix.com/cgi-bin/bfgather/bessupport HTTP/1.1" 200 740709
192.168.129.2 - - [06/Oct/2019:21:24:55 +0000] "GET http://esupport.ibm.com/eccedge/gateway/services/projects/ecc/serviceProviderIBMnetV2.gz
ip HTTP/1.1" 200 4875
192.168.129.2 - - [06/Oct/2019:21:24:58 +0000] "CONNECT eccgw01.boulder.ibm.com:443 HTTP/1.0" 200 -
192.168.129.2 - - [06/Oct/2019:21:25:59 +0000] "GET http://sync.bigfix.com/cgi-bin/bfgather/bessupport HTTP/1.1" 200 740709
192.168.129.2 - - [06/Oct/2019:21:31:06 +0000] "CONNECT sync.bigfix.com:443 HTTP/1.1" 200 -
Any ideas why the proxy is not being contacted (at least it looks that way!)
Update:
Now that the whitelist is updated the previously missed files are being fetched and logged at the proxy. But, before this MANY (of the 20 listed) where showing as - ah YES - still in cache! and nothing else was being downloaded.
Proxy question solved!
So, to bring a little attention to something else. The HASH used for the R2 password hash is HORRIBLE. Please update to something such as sha256 or sha512. What it is now is frightful - and worthy of a CVE report - inho. (not that I’ll make that report, but someone else trolling might!)