Forescout Secure Connector Install
Mar 19, 2007 Secure Connector Sunny Wong. ForeScout CounterACT 7 - Installation, classification, clarification - Duration: 9:39. IAITested 3,033 views. ForeScout install on the machine. As part of the Lewis University Acceptable Use Policy, pur computer must have the ForeScout Secure Connector agent installed.
In a recent deployment of the SecureConnector, we are discovering a large number of systems generating errors after the SecureConnector deployment. It is suspected the process is being spawned twice. Our install policy is very generic without any custom configurations. Has anyone experienced similar behavior or found a resolution?
6/29/15 9:16:46.339 PM sshd22462: error: Bind to port 2201 on 127.0.0.1 failed: Address already in use. 6/29/15 9:16:46.340 PM sshd22462: fatal: Cannot bind any address.
Last time I looked at SC, it was a bash script, not a real agent. It's in /var/ somewhere. I suspect you are right and it is being installed twice. The agent opens a root accessible sshd port, allowing the SC server to SSH into the workstation.
Forescout Secure Connector Install
To me, that is a big security hole. But binding to the same port twice suggests it is starting twice. Look in your LaunchDaemons/LaunchAgents; I don't remember how it started anymore. When I played with SC, I needed to download an installer from the server on each machine and couldn't deploy a package to all machines via the JSS. That change was also planned for the release about the end of the year.
Support Login
Forescout just released a massive update to their Mac agent. This is now a proper agent with less of the funny business that the previous agent used. This is not a simple update however. The usual FS plugin for Macintosh is updated and a new OS X plugin is required. Once the plugins are installed, you'll also need to push an upgrade to all your existing agents from within the EM.
Any machines without the agent can be installed using a shell script - however the system must NOT have FS installed. Check your Forescout portal for more info. I just went through the update myself. Counter strike xtreme v10. One note - they added an app to the /Applications folder which makes FS removal too easy - I would suggest at a minimum hiding the application.