E-Dawg
10/14/2020, 6:31 PMosqueri
. I can connect to the web interface from both machines.
I have the Enroll Secret on the mac in /etc/osquery/enrollment_secret
I have downloaded the server.pem certificate onto the mac, and copied it to /var/osquery/server.pem
, also I have added it to the System in Keychain Access and set to Always Trust
I am attempting to enroll from the mac with this command:
sudo osqueryd --enroll_secret_path=/etc/osquery/enrollment_secret --tls_server_certs=/var/osquery/server.pem --tls_hostname=192.168.1.115:8080 --host_identifier=elliott_macbookpro --enroll_tls_endpoint=/api/v1/osquery/enroll --config_plugin=tls --config_tls_endpoint=/api/v1/osquery/config --config_refresh=10 --disable_distributed=false --distributed_plugin=tls --distributed_interval=3 --distributed_tls_max_attempts=3 --distributed_tls_read_endpoint=/api/v1/osquery/distributed/read --distributed_tls_write_endpoint=/api/v1/osquery/distributed/write --logger_plugin=tls --logger_tls_endpoint=/api/v1/osquery/log --logger_tls_period=10
When I run that, I get the following error:
W1014 14:15:37.995653 377294272 tls_enroll.cpp:76] Failed enrollment request to <https://192.168.1.115:8080/api/v1/osquery/enroll> (Request error: certificate verify failed) retrying...
The server stdout shows:
2020/10/14 14:15:37 http: TLS handshake error from 192.168.1.104:54237: local error: tls: bad record MAC
Any pointers as to how to get the handshake to succeed?sundsta
10/14/2020, 7:16 PMbad record MAC
would indicate the data has been tampered with or corrupted in some way. See https://github.com/googleapis/google-cloud-go/issues/1581#issuecomment-531817165E-Dawg
10/14/2020, 7:25 PMkentd
10/14/2020, 8:48 PME-Dawg
10/14/2020, 9:33 PMsundsta
10/14/2020, 11:01 PMtls
, it more likely refers to the TLS Message Authentication Code (aka checksum). See the MAC
heading here https://www.acunetix.com/blog/articles/tls-ssl-terminology-basics-part-3zwass
ytonui
10/23/2020, 11:35 AM