When you install a scan node and apply the license file ( sudo dotnet ScanNodeAgent.dll apply-license ), the "Central directory corrupt" error is output. Also, applying the license fails.
The installation was done as root ( su - root ) ¨which causes problems for the Microsoft dotnet package installation. To fix the issue, do the following:
Uninstall the scan node: sudo apt remove --purge fsecure-radar-scan-node-agent Uninstall the dotnet package: dpkg -r packages-microsoft-prod Reinstall the product. Restart the system. Try the installation again but this time do the installation by using sudo instead of root ( su - root ).
The installation should now finish without errors. For more information on installing Radar scan nodes on Linux systems, see our online help documentation.
Article no: 000015921
F-Secure Radar Discovery Scan not finding any hosts
General instructions for troubleshooting:
Keep "Process if no PING" option turned on. Create a new Discovery Scan template, port scan mode i.e: for TOP 100 ports and with debug / verbose mode enabled. Attach your newly created DS template to your new discovery scan record and run it. This will tell you much more about the details of the scan execution and can enclose the root cause. Check gateways. In case the scan node server has more than one network interface / IP address, check if the scanner can for some unknown reason choose another gateway. On the "Scanning Performance" drop-down, try choosing "polite" or "sneaky". Don't only ping the given host (i.e. 192.168.99.71) from the scan node. Try to also access some services (f.ex: if there is a www service, try to access it with a web browser from the scan node)
Consider checking what account with what type of permissions you are running. Are your local account permissions the same as the permissions of the service account that Radar scan node is using? If your user account is coming from AD, while Radar has a local user account - does it change anything in your network setup with regards to what you can / can't access over the network?
Radar uses Nmap for port scanning, which is an industry-standard tool. You can see the exact command line parameters in the scan log that Radar uses to run a specific port scan. You can try to download namp https://nmap.org/download.html, run a port scan using nmap GUI, and compare command line params and results. Check the system proxy settings. Notice that the proxy settings can be different for the Scan Node Agent service account (local user?) and for a personal user account that is coming from AD. In some scenarios, disabling ARP-ping is required to allow the scan node agent installed in the same subnet to find hosts. To edit an existing discovery scan template (host discovery or port discovery), use the instructions below:
Create new discovery scan template Name it as you wish (eg. "Host Discovery (no ARP ping)") or from the scan mode select "Host discovery" or "port scan." Click Finish and Save. Download the new template by selecting it on the templates list (click on the checkbox.) Click "Download scan settings". Edit the downloaded file by adding ' --disable-arp-ping' node within '' (see screenshot). Click "Upload scan settings' on the Radar templates list. Browse for your edited file and click "Upload." Use your new template in discovery scans.
If none of the above helped, you should re-install Radar discovery scan node.
Article no: 000007245