WebInspect Agent not getting detected

roopashree.manj1 · ‎2017-04-20

Hi,

We are trying to configure webinspect agent for ssc application on ubuntu host.

We followed the below steps :

1. Copy the agent installation file to the computer on which you are going to install the

agent.

Where xx.x represents the Runtime version number:

l For UNIX or Linux, the file name is

HPE_Security_WebInspect_Runtime_Agent_Java_xx.x_Linux.tar.gz

2. Expand the agent installation file:

l UNIX or Linux:

Use the following command:

tar -xzf HPE_Security_WebInspect_Runtime_Agent_Java_xx.x_Linux.tar.gz

To add the agent:

1. Open <Tomcat_home>/bin/catalina.sh.

2. Do one of the following:

To add the first agent, add the following line beneath the JAVA_OPTS section

and above the Execute The Requested Command comment:

CATALINA_OPTS="-javaagent:<install_dir>/lib/FortifyAgent.jar

$CATALINA_OPTS"

We have specified the installation directory

After this we restarted tomcat and initiated webinspect scan on SSC Application..

In the agent section it still shows as Agent not detected.

Are we missing any configuration step? Can you please help on this.

stephen.b.burri · ‎2017-04-26

Two things come to mind.

1) Make sure that the WebInspect Agent is up an running

When you start/restart Tomcat, go and look in the log directory in the agent install location. There should be a system.log file. You should see a line stating "HPE Security Fortify Runtime setup complete". This will let you know everything with the agent is working as intended.

2) Communication between WebInspect and the website

Is there a load balancer or some other defensive device that is inbetween? WebInspect and the Agent communicate with each other with HTTP headers (X-WIPP-* headers). I have seen some organizations that have the load balancer/other devices strip out the X-* headers. When we put an exception in to leave those headers alone, the Agent was detected.

roopashree.manj1 · ‎2017-05-02

Thanks Stephen for the reply

1) system.log file is not getting generated after restarting the tomcat. Is there any other way to check if the agent is running. Do we need to make any other configurations.

2) If there is load balancer , How we can put exception to leave those headers.

stephen.b.burri · ‎2017-05-04

This sounds like it is an installation/permissions issue. I am not a Linux person myself, but when I was setting up WI agent in my environment I had to do some trouble shooting. I can't remember what log it was, but there was a log telling me tomcat (I think) didn't have permissions to write to the WI Agent log file.

My current setup, I have a "tomcat" group that has owner ship on the "WI Agent" folder and "tomcat" and has write permissions for all of WI Agent. It might be a little excessive, but it works. At a minimum it would need access to write in the "log" folder (which I believe is not created at first).

roopashree.manj1 · ‎2017-05-08

Thanks Stephen for the valuable response.

Log file is getting generated now. We shifted from Linux to windows platform and now we can see the system.log file.

But still the agent is not getting detected during Web Inspect scan.

One observation is when we compared the Web Inspect scan results before installing agent and after Installing Agent, There is increase in number of vulnerabilities.

Do we need to make any configuration in web inspect for the detection of web inspect Agent?

Below is the snapshot of log file for reference :

AppDefender

WebInspect