SELKS
SELKS copied to clipboard
Published
20 hours ago •
StamusNetworks
StamusNetworks
Good day. SELKS issue on installation and docker
this issue apears when i try to deploy docker following guide also it has bug in verification of docker version, need to remove this check or exit command
thanks
Hello @vulnz, Thanks for trying out SELKS, I'll try to help you out
Could you please specify what is the issue with the docker version verification ? What is the behavior and messages you get ? How is it unconsistent ?
What is your docker version and setup ? (standalone, swarm ?) docker version
What version of docker-compose do you have ? docker-compose -v
Thanks
docker version is latest one. it is ubuntu machine. docker compose is the latest version as well.
git clone https://github.com/StamusNetworks/SELKS.git cd SELKS/docker/ ./easy-setup.sh docker-compose up -d
this is what i do basically on empty ubuntu machine with latest docker and docker compose
Thanks for those informations
What exactly is wrong with verification of docker version ?
on debian ( kali)
For what I can tell from your screenshot, you are trying to re-install SELKS over an existing install, that have running containers. There is also some unset variables which shows that the setup script has beeni interrupted at some point.
You have been trying on both kali or ubuntu ? What problem happenned on which distribution ?
In order to do a clean install, please delete all running containers allong with their volumes:
sudo docker-compose down -v && sudo docker system prune -f --volumes
remove the SELKS folder :
cd ../../
rm -rf SELKS
and then redo the install process
git clone https://github.com/StamusNetworks/SELKS.git
cd SELKS/docker/
./easy-setup.sh
docker-compose up -d
at that point, if you get some errors, please copy-paste the whole terminal prompt of the script execution so I can really undestand what's happening.
Did you try the remove/reinstall process in the message above? What version of Debian/Ubuntu OS are you trying it on ?
Did you try the remove/reinstall process in the message above? What version of Debian/Ubuntu OS are you trying it on ?
I have solved that problem, and now a new problem appears
Did you run the easy_setup script and did it complete successfully ?
You might want to test out:
sudo docker-compose down -v && sudo docker system prune -f --volumes
cd ../../
rm -rf SELKS
git clone https://github.com/StamusNetworks/SELKS.git
cd SELKS/docker/
./easy-setup.sh
After it completes , run
docker-compose up -d
Would that work?
What Ubuntu version are you testing this on ?
The above issue has been solved
That should be the final question
Ubuntu 20.04.5 LTS (GNU/Linux 5.15.0-56-generic x86_64)
Hi, sorry what is the final question ?
Error response from daemon: failed to mount local volume: mount ./containers-data/suricata/logrotate:/var/lib/docker/volumes/selks_suricata-logrotate/_data, flags: 0x1000: no such file or directory
How much RAM/CPUs you have on the host - might be related if under resourced. Also maybe make sure you stop any previous instances and do
docker-compose down -v
then run it again.
How much RAM/CPUs you have on the host - might be related if under resourced. Also maybe make sure you stop any previous instances and do
docker-compose down -vthen run it again.
https://ip to 502,scirius is not starting properly
什么作用
docker log scirius显示?
docker logs scirius
Operations to perform:
Apply all migrations: accounts, auth, authtoken, contenttypes, rules, sessions, suricata
Running migrations:
Applying contenttypes.0001_initial... OK
Applying auth.0001_initial... OK
Applying accounts.0001_initial... OK
Applying accounts.0002_auto_20151110_1657... OK
Applying accounts.0003_timezone... OK
Applying contenttypes.0002_remove_content_type_name... OK
Applying auth.0002_alter_permission_name_max_length... OK
Applying auth.0003_alter_user_email_max_length... OK
Applying auth.0004_alter_user_username_opts... OK
Applying auth.0005_alter_user_last_login_null... OK
Applying auth.0006_require_contenttypes_0002... OK
Applying auth.0007_alter_validators_add_error_messages... OK
Applying auth.0008_alter_user_username_max_length... OK
Applying auth.0009_alter_user_last_name_max_length... OK
Applying auth.0010_alter_group_name_max_length... OK
Applying auth.0011_update_proxy_permissions... OK
Applying authtoken.0001_initial... OK
Applying authtoken.0002_auto_20160226_1747... OK
Applying authtoken.0003_tokenproxy... OK
Applying rules.0001_initial... OK
Applying rules.0002_auto_20141207_1824... OK
Applying rules.0003_auto_20141210_1421... OK
Applying rules.0004_auto_20141210_1525... OK
Applying rules.0005_auto_20141210_1734... OK
Applying rules.0006_auto_20141210_1846... OK
Applying rules.0007_auto_20141210_2037... OK
Applying rules.0008_auto_20141210_2057... OK
Applying rules.0009_auto_20141214_1203... OK
Applying rules.0010_auto_20141222_1209... OK
Applying rules.0011_auto_20141222_1304... OK
Applying rules.0012_auto_20141222_1306... OK
Applying rules.0013_auto_20141229_1527... OK
Applying rules.0014_auto_20141229_1528... OK
Applying rules.0015_auto_20141229_1610... OK
Applying rules.0016_auto_20141229_1629... OK
Applying rules.0017_auto_20141229_1716... OK
Applying rules.0018_auto_20141229_1716... OK
Applying rules.0019_auto_20141229_1719... OK
Applying rules.0020_auto_20141229_1852... OK
Applying rules.0021_auto_20141229_1853... OK
Applying rules.0022_auto_20141229_1858... OK
Applying rules.0023_auto_20141229_1903... OK
Applying rules.0024_auto_20141229_2204... OK
Applying rules.0025_auto_20141230_0812... OK
Applying rules.0026_auto_20141231_0948... OK
Applying rules.0027_auto_20141231_0953... OK
Applying rules.0028_auto_20150101_2305... OK
Applying rules.0029_auto_20150102_1212... OK
Applying rules.0030_auto_20150103_1136... OK
Applying rules.0031_auto_20150103_1138... OK
Applying rules.0032_auto_20150103_1255... OK
Applying rules.0033_auto_20150109_2319... OK
Applying rules.0034_auto_20150111_2200... OK
Applying rules.0035_auto_20150202_0937... OK
Applying rules.0036_auto_20150203_1421... OK
Applying rules.0037_auto_20150407_2040... OK
Applying rules.0038_auto_20150516_0912... OK
Applying rules.0039_auto_20150805_1737... OK
Applying rules.0040_ruleset_rules_count... OK
Applying rules.0041_source_authkey... OK
Applying rules.0042_rule_state_in_source... OK
Applying rules.0043_threshold... OK
Applying rules.0044_flowbit_type... OK
Applying rules.0045_auto_20160405_1300... OK
Applying rules.0046_source_cert_verif... OK
Applying rules.0047_proxy_validation... OK
Applying rules.0048_custom_es... OK
Applying rules.0049_auto_20161121_2342... OK
Applying rules.0050_auto_20161128_2110... OK
Applying rules.0051_auto_20161207_0758... OK
Applying rules.0052_useraction_user... OK
Applying rules.0053_unique_none_rules... OK
Applying rules.0054_login_action... OK
Applying rules.0055_auto_20180213_1723... OK
Applying rules.0056_auto_20180223_0823... OK
Applying rules.0057_auto_20180302_1312... OK
Applying rules.0058_source_public_source... OK
Applying rules.0059_auto_20180309_2012... OK
Applying rules.0060_auto_20180403_0921... OK
Applying rules.0061_auto_20180507_1410... OK
Applying rules.0062_useraction_username... OK
Applying rules.0063_ruleprocessingfilter_ruleprocessingfilterdef... OK
Applying rules.0064_ruleprocessingfilter_rulesets... OK
Applying rules.0061_auto_20180503_2200... OK
Applying rules.0063_merge_20180718_0118... OK
Applying rules.0065_merge_20180719_1505... OK
Applying rules.0066_auto_20180807_1428... OK
Applying rules.0067_source_use_iprep... OK
Applying rules.0068_auto_20180818_2204... OK
Applying rules.0069_auto_20190220_1500... OK
Applying rules.0070_ruleprocessingfilterdef_full_string... OK
Applying rules.0071_filterset... OK
Applying rules.0072_send_mail... OK
Applying rules.0073_filterset_description... OK
Applying rules.0074_redlights_useraction... OK
Applying rules.0075_suppress_validator... OK
Applying rules.0075_custom_es_no_empty... OK
Applying rules.0076_merge_20190926_1233... OK
Applying rules.0077_auto_20191002_0820... OK
Applying rules.0078_auto_20200206_1648... OK
Applying rules.0079_source_remove_choice... OK
Applying rules.0080_source_version... OK
Applying rules.0081_django-2... OK
Applying rules.0082_source_use_sys_proxy... OK
Applying sessions.0001_initial... OK
Applying suricata.0001_initial... OK
Applying suricata.0002_auto_20151110_1657... OK
Applying suricata.0003_suricata_yaml_file... OK
Applying suricata.0004_auto_20160316_0844... OK
Applying suricata.0005_django-2... OK
Successfully created source "ETOpen Ruleset"
Successfully updated source "ETOpen Ruleset"
Successfully created source "SSLBL abuse.ch"
Successfully updated source "SSLBL abuse.ch"
Successfully created source "PT Research Ruleset"
Traceback (most recent call last):
File "/usr/local/lib/python3.8/site-packages/urllib3/connection.py", line 169, in _new_conn
conn = connection.create_connection(
File "/usr/local/lib/python3.8/site-packages/urllib3/util/connection.py", line 96, in create_connection
raise err
File "/usr/local/lib/python3.8/site-packages/urllib3/util/connection.py", line 86, in create_connection
sock.connect(sa)
ConnectionRefusedError: [Errno 111] Connection refused
During handling of the above exception, another exception occurred:
Traceback (most recent call last):
File "/usr/local/lib/python3.8/site-packages/urllib3/connectionpool.py", line 699, in urlopen
httplib_response = self._make_request(
File "/usr/local/lib/python3.8/site-packages/urllib3/connectionpool.py", line 382, in _make_request
self._validate_conn(conn)
File "/usr/local/lib/python3.8/site-packages/urllib3/connectionpool.py", line 1010, in _validate_conn
conn.connect()
File "/usr/local/lib/python3.8/site-packages/urllib3/connection.py", line 353, in connect
conn = self._new_conn()
File "/usr/local/lib/python3.8/site-packages/urllib3/connection.py", line 181, in _new_conn
raise NewConnectionError(
urllib3.exceptions.NewConnectionError: <urllib3.connection.HTTPSConnection object at 0x7fc28c203fd0>: Failed to establish a new connection: [Errno 111] Connection refused
During handling of the above exception, another exception occurred:
Traceback (most recent call last):
File "/usr/local/lib/python3.8/site-packages/requests/adapters.py", line 439, in send
resp = conn.urlopen(
File "/usr/local/lib/python3.8/site-packages/urllib3/connectionpool.py", line 755, in urlopen
retries = retries.increment(
File "/usr/local/lib/python3.8/site-packages/urllib3/util/retry.py", line 573, in increment
raise MaxRetryError(_pool, url, error or ResponseError(cause))
urllib3.exceptions.MaxRetryError: HTTPSConnectionPool(host='raw.githubusercontent.com', port=443): Max retries exceeded with url: /ptresearch/AttackDetection/master/pt.rules.tar.gz (Caused by NewConnectionError('<urllib3.connection.HTTPSConnection object at 0x7fc28c203fd0>: Failed to establish a new connection: [Errno 111] Connection refused'))
During handling of the above exception, another exception occurred:
Traceback (most recent call last):
File "/opt/scirius/rules/models.py", line 1239, in update_ruleset_http
resp = requests.get(self.uri, proxies = proxy_params, headers = hdrs, verify = self.cert_verif)
File "/usr/local/lib/python3.8/site-packages/requests/api.py", line 76, in get
return request('get', url, params=params, **kwargs)
File "/usr/local/lib/python3.8/site-packages/requests/api.py", line 61, in request
return session.request(method=method, url=url, **kwargs)
File "/usr/local/lib/python3.8/site-packages/requests/sessions.py", line 542, in request
resp = self.send(prep, **send_kwargs)
File "/usr/local/lib/python3.8/site-packages/requests/sessions.py", line 677, in send
history = [resp for resp in gen]
File "/usr/local/lib/python3.8/site-packages/requests/sessions.py", line 677, in <listcomp>
history = [resp for resp in gen]
File "/usr/local/lib/python3.8/site-packages/requests/sessions.py", line 237, in resolve_redirects
resp = self.send(
File "/usr/local/lib/python3.8/site-packages/requests/sessions.py", line 655, in send
r = adapter.send(request, **kwargs)
File "/usr/local/lib/python3.8/site-packages/requests/adapters.py", line 516, in send
raise ConnectionError(e, request=request)
requests.exceptions.ConnectionError: HTTPSConnectionPool(host='raw.githubusercontent.com', port=443): Max retries exceeded with url: /ptresearch/AttackDetection/master/pt.rules.tar.gz (Caused by NewConnectionError('<urllib3.connection.HTTPSConnection object at 0x7fc28c203fd0>: Failed to establish a new connection: [Errno 111] Connection refused'))
During handling of the above exception, another exception occurred:
Traceback (most recent call last):
File "manage.py", line 10, in <module>
execute_from_command_line(sys.argv)
File "/usr/local/lib/python3.8/site-packages/django/core/management/__init__.py", line 381, in execute_from_command_line
utility.execute()
File "/usr/local/lib/python3.8/site-packages/django/core/management/__init__.py", line 375, in execute
self.fetch_command(subcommand).run_from_argv(self.argv)
File "/usr/local/lib/python3.8/site-packages/django/core/management/base.py", line 323, in run_from_argv
self.execute(*args, **cmd_options)
File "/usr/local/lib/python3.8/site-packages/django/core/management/base.py", line 364, in execute
output = self.handle(*args, **options)
File "/opt/scirius/rules/management/commands/addsource.py", line 56, in handle
source.update()
File "/usr/local/lib/python3.8/contextlib.py", line 75, in inner
return func(*args, **kwds)
File "/opt/scirius/rules/models.py", line 1139, in update
need_update = self.update_ruleset(f)
File "/opt/scirius/rules/models.py", line 1254, in update_ruleset_http
raise IOError("Connection error '%s'" % (e))
OSError: Connection error 'HTTPSConnectionPool(host='raw.githubusercontent.com', port=443): Max retries exceeded with url: /ptresearch/AttackDetection/master/pt.rules.tar.gz (Caused by NewConnectionError('<urllib3.connection.HTTPSConnection object at 0x7fc28c203fd0>: Failed to establish a new connection: [Errno 111] Connection refused'))'
Successfully created default ruleset "Default ruleset"
Successfully removed "stream-events" from ruleset "Default ruleset"
Successfully created suricata "suricata"
Successfully pushed ruleset to suricata "suricata"
153 static files copied to '/static'.
CLI for webpack must be installed.
webpack-cli (https://github.com/webpack/webpack-cli)
We will use "npm" to install the CLI via "npm install -D webpack-cli".
> [email protected] build
> npm run copy-fonts && npm run copy-img && npm run build-css && npm run build-js
> [email protected] copy-fonts /opt/scirius/hunt
> mkdir -p src/fonts && cp node_modules/patternfly/dist/fonts/* src/fonts
> [email protected] copy-img /opt/scirius/hunt
> cp node_modules/patternfly/dist/img/* src/img
> [email protected] build-css /opt/scirius/hunt
> node-sass-chokidar --importer=node_modules/node-sass-tilde-importer --include-path ./src --include-path ./node_modules --include-path ./node_modules/patternfly/node_modules/ --include-path=node_modules/patternfly/dist/sass/ --include-path=node_modules/bootstrap-sass/assets/stylesheets/ --include-path=node_modules/font-awesome-sass/assets/stylesheets/ --include-path=node_modules/react-grid-layout/css/ --include-path=node_modules/react-resizable/css/ --include-path=node_modules/patternfly-react/dist/sass/ src/ -o src/css/; mv src/css/containers/App/App.css src/css/
Rendering Complete, saving .css file...
Wrote CSS to /opt/scirius/hunt/src/css/containers/App/App.css
Do you want to install 'webpack-cli' (yes/no): Wrote 1 CSS files to /opt/scirius/hunt/src/css/
> [email protected] build-js /opt/scirius/hunt
> node scripts/build.js
Creating an optimized production build...
@Cy0ne - is it a case where it needs more time to start or it does not start at all ?
@Cy0ne - is it a case where it needs more time to start or it does not start at all ?
it does not start at all
Some more questions, just to confirm:
1 - you have internet connection - aka the rule set updates work
2 - Can you try upgrading all containers as per the procedure here please - https://github.com/StamusNetworks/SELKS/wiki/Docker#upgrade-all-containers
hi help me scirius logs(docker)
File "/opt/scirius/manage.py", line 10, in <module>
execute_from_command_line(sys.argv)
File "/root/.local/lib/python3.9/site-packages/django/core/management/__init__.py", line 381, in execute_from_command_line
utility.execute()
File "/root/.local/lib/python3.9/site-packages/django/core/management/__init__.py", line 375, in execute
self.fetch_command(subcommand).run_from_argv(self.argv)
File "/root/.local/lib/python3.9/site-packages/django/core/management/__init__.py", line 211, in fetch_command
settings.INSTALLED_APPS
File "/root/.local/lib/python3.9/site-packages/django/conf/__init__.py", line 79, in __getattr__
self._setup(name)
File "/root/.local/lib/python3.9/site-packages/django/conf/__init__.py", line 66, in _setup
self._wrapped = Settings(settings_module)
File "/root/.local/lib/python3.9/site-packages/django/conf/__init__.py", line 176, in __init__
raise ImproperlyConfigured("The SECRET_KEY setting must not be empty.")
django.core.exceptions.ImproperlyConfigured: The SECRET_KEY setting must not be empty.
Kibana dashboards reset: Elasticsearch not ready, retrying in 10 seconds.
Kibana dashboards reset: Elasticsearch not ready, retrying in 10 seconds.
Kibana dashboards reset: Elasticsearch not ready, retrying in 10 seconds.
Kibana dashboards reset: Elasticsearch not ready, retrying in 10 seconds.
Kibana dashboards reset: Elasticsearch not ready, retrying in 10 seconds.
Kibana dashboards reset: Elasticsearch not ready, retrying in 10 seconds.
Kibana dashboards reset: Elasticsearch not ready, retrying in 10 seconds.
Kibana dashboards reset: Elasticsearch not ready, retrying in 10 seconds.
嗨,帮帮我 Scirius 日志(码头工人)
File "/opt/scirius/manage.py", line 10, in <module> execute_from_command_line(sys.argv) File "/root/.local/lib/python3.9/site-packages/django/core/management/__init__.py", line 381, in execute_from_command_line utility.execute() File "/root/.local/lib/python3.9/site-packages/django/core/management/__init__.py", line 375, in execute self.fetch_command(subcommand).run_from_argv(self.argv) File "/root/.local/lib/python3.9/site-packages/django/core/management/__init__.py", line 211, in fetch_command settings.INSTALLED_APPS File "/root/.local/lib/python3.9/site-packages/django/conf/__init__.py", line 79, in __getattr__ self._setup(name) File "/root/.local/lib/python3.9/site-packages/django/conf/__init__.py", line 66, in _setup self._wrapped = Settings(settings_module) File "/root/.local/lib/python3.9/site-packages/django/conf/__init__.py", line 176, in __init__ raise ImproperlyConfigured("The SECRET_KEY setting must not be empty.") django.core.exceptions.ImproperlyConfigured: The SECRET_KEY setting must not be empty. Kibana dashboards reset: Elasticsearch not ready, retrying in 10 seconds. Kibana dashboards reset: Elasticsearch not ready, retrying in 10 seconds. Kibana dashboards reset: Elasticsearch not ready, retrying in 10 seconds. Kibana dashboards reset: Elasticsearch not ready, retrying in 10 seconds. Kibana dashboards reset: Elasticsearch not ready, retrying in 10 seconds. Kibana dashboards reset: Elasticsearch not ready, retrying in 10 seconds. Kibana dashboards reset: Elasticsearch not ready, retrying in 10 seconds. Kibana dashboards reset: Elasticsearch not ready, retrying in 10 seconds.
kibana logs
{"type":"response","@timestamp":"2023-01-13T07:39:52+00:00","tags":[],"pid":7,"method":"get","statusCode":302,"req":{"url":"/","method":"get","headers":{"host":"localhost:5601","user-agent":"curl/7.61.1","accept":"*/*"},"remoteAddress":"127.0.0.1","userAgent":"curl/7.61.1"},"res":{"statusCode":302,"responseTime":7},"message":"GET / 302 7ms"}
{"type":"response","@timestamp":"2023-01-13T07:40:22+00:00","tags":[],"pid":7,"method":"get","statusCode":302,"req":{"url":"/","method":"get","headers":{"host":"localhost:5601","user-agent":"curl/7.61.1","accept":"*/*"},"remoteAddress":"127.0.0.1","userAgent":"curl/7.61.1"},"res":{"statusCode":302,"responseTime":7},"message":"GET / 302 7ms"}
{"type":"response","@timestamp":"2023-01-13T07:40:52+00:00","tags":[],"pid":7,"method":"get","statusCode":302,"req":{"url":"/","method":"get","headers":{"host":"localhost:5601","user-agent":"curl/7.61.1","accept":"*/*"},"remoteAddress":"127.0.0.1","userAgent":"curl/7.61.1"},"res":{"statusCode":302,"responseTime":10},"message":"GET / 302 10ms"}
{"type":"response","@timestamp":"2023-01-13T07:41:22+00:00","tags":[],"pid":7,"method":"get","statusCode":302,"req":{"url":"/","method":"get","headers":{"host":"localhost:5601","user-agent":"curl/7.61.1","accept":"*/*"},"remoteAddress":"127.0.0.1","userAgent":"curl/7.61.1"},"res":{"statusCode":302,"responseTime":7},"message":"GET / 302 7ms"}
{"type":"response","@timestamp":"2023-01-13T07:41:52+00:00","tags":[],"pid":7,"method":"get","statusCode":302,"req":{"url":"/","method":"get","headers":{"host":"localhost:5601","user-agent":"curl/7.61.1","accept":"*/*"},"remoteAddress":"127.0.0.1","userAgent":"curl/7.61.1"},"res":{"statusCode":302,"responseTime":8},"message":"GET / 302 8ms"}
{"type":"response","@timestamp":"2023-01-13T07:42:22+00:00","tags":[],"pid":7,"method":"get","statusCode":302,"req":{"url":"/","method":"get","headers":{"host":"localhost:5601","user-agent":"curl/7.61.1","accept":"*/*"},"remoteAddress":"127.0.0.1","userAgent":"curl/7.61.1"},"res":{"statusCode":302,"responseTime":12},"message":"GET / 302 12ms"}
{"type":"response","@timestamp":"2023-01-13T07:42:52+00:00","tags":[],"pid":7,"method":"get","statusCode":302,"req":{"url":"/","method":"get","headers":{"host":"localhost:5601","user-agent":"curl/7.61.1","accept":"*/*"},"remoteAddress":"127.0.0.1","userAgent":"curl/7.61.1"},"res":{"statusCode":302,"responseTime":8},"message":"GET / 302 8ms"}