Hello everyone,
I'm trying to use SCSP to perform HIDS on my ESXi (5.5) systems. I've deployed a SCSP Collector on a dedicated VM and added the host to monitor:
# ./rfs_config.sh -addHost -server=<MY_SERVER> -username=<MY_USER> -password=<MY_PWD>
Using default protocol https for the host <MY_SERVER>.
Using default port 443 for protocol https for the host <MY_SERVER>.
Adding ESXi Host Information . Please wait...
New entry added successfully
Configuring ESXi Host <MY_SERVER> for Syslog forwarding. Please wait...
ESXi Host <MY_SERVER> is added.
At the end of setup, I've applied the vSphere ESXi Detection Policy from the SCSP Console. But when I try to run the first syncronization, I always get the following error:
# ./rfs_config.sh -runrfs
Starting Synchronization with ESXi Host - <MY_SERVER>
mkdir /opt/Symantec/sdcssagent/IDS/bin/esxi_fim/data/<MY_SERVER>
Connecting to ESXi Host <MY_SERVER>
...
GET https://<MY_SERVER>/host/ssh_host_rsa_key unsuccessful : 405 Method Not Allowed
GET https://<MY_SERVER>/host/ssl_key unsuccessful : 405 Method Not Allowed
GET https://<MY_SERVER>/host/ssh_host_dsa_key unsuccessful : 405 Method Not Allowed
...
# ./rfs_config.sh -runrfs
Starting Synchronization with ESXi Host - <MY_SERVER>
ESXi Detection Policy not enabled. ESXi Host <MY_SERVER> is already synced once. Not further synchronization for <MY_SERVER>
No data is sent to my SCSP Console, even if the collector is recognised as enabled. NOTE: I registered the ESXi host with administrator credentials (<MY_USER>, <MY_PWD>).
Why isn't the ESXi Detection Policy not enabled? Why cannot encryption keys be retrieved?
Thank you in advance.