TheHive icon indicating copy to clipboard operation
TheHive copied to clipboard

Published 20 hours ago verified publisher icon TheHive-Project

[Bug]

Open littleautomaton opened this issue 2 years ago • 2 comments

Request Type

Bug

Work Environment

Question Answer
OS version (server) RedHat
OS version (client) 8.6
Virtualized Env. True
Dedicated RAM 16 GB
vCPU 4
TheHive version / git hash 4.1.23-1
Package Type RPM
Database Cassandra
Index type Lucene
Attachments storage Local
Browser type & version NA

Problem Description

TheHive4 fails to start, gives "Error injecting constructor, java.lang.NoClassDefFoundError: Could not initialize class org.thp.thehive.models.User$" on new install.

Steps to Reproduce

  1. I followed the step-by-step guide, installed java (java-1.8.0-openjdk-headless-1.8.0.342.b07-2.el8_6.x86_64)
  2. Installed cassandra and configured according to the step-by-step guide
  3. Installed TheHive4 via rpm and edited application.conf according to guide
  4. TheHive failed to start with above error, I have attached the full log with error and .conf

Complementary information

application_log.txt application_conf.txt

littleautomaton avatar Aug 03 '22 15:08 littleautomaton

I've encountered the exact same issue and error with identical configuration, except on Oracle Linux 8 no RHEL8.

Entropy903 avatar Oct 28 '22 18:10 Entropy903

I've encountered the exact same issue and error with identical configuration, except on Oracle Linux 8 no RHEL8.

In my case, It's seems to have something to with FIPS, GNUTLS, and pcscd.

Oct 31 18:40:22 --- pcscd[2901]: 00000000 auth.c:139:IsClientAuthorized() Process 2822 (user: 987) is NOT authorized for action: access_pcsc
Oct 31 18:40:22 --- pcscd[2901]: 00000175 winscard_svc.c:335:ContextThread() Rejected unauthorized PC/SC client

I fixed the pcscd issue^ by adding some polkit rules: https://www.redhat.com/en/blog/controlling-access-smart-cards

Afterwards, I still can't get thehive service to start while FIPS mode is active. Disabling FIPS entirely seems to fix the issue.

Upon further investigation, it seems that my java FIPS policy is causing the issue.

jdk.tls.ephemeralDHKeySize=2048
jdk.certpath.disabledAlgorithms=MD2, SHA1, MD5, DSA, RSA keySize < 2048
jdk.tls.disabledAlgorithms=DH keySize < 2048, TLSv1.1, TLSv1, SSLv3, SSLv2, TLS_RSA_WITH_AES_256_CBC_SHA256, TLS_RSA_WITH_AES_256_CBC_SHA, TLS_RSA_WITH_AES_128_CBC_SHA256, TLS_RSA_WITH_AES_128_CBC_SHA, TLS_RSA_WITH_AES_256_GCM_SHA384, TLS_RSA_WITH_AES_128_GCM_SHA256, DHE_DSS, RSA_EXPORT, DHE_DSS_EXPORT, DHE_RSA_EXPORT, DH_DSS_EXPORT, DH_RSA_EXPORT, DH_anon, ECDH_anon, DH_RSA, DH_DSS, ECDH, 3DES_EDE_CBC, DES_CBC, RC4_40, RC4_128, DES40_CBC, RC2, HmacMD5
jdk.tls.legacyAlgorithms=

Specifically, I think disabling MD5 might be the problem. Take a look at this issue: https://github.com/akkadotnet/akka.net/issues/4082

The VectorClock Object in the java akka.cluster package uses MD5 to hash the name of itself, I think... Honestly, I'm not really sure why or for what purpose. I assume to use as key in scala.collection.immutable.TreeMap data structure.

https://github.com/akka/akka/blob/7abc41cf4e7e8827393b181cd06c5f8ea684e696/akka-cluster/src/main/scala/akka/cluster/VectorClock.scala

Entropy903 avatar Oct 31 '22 19:10 Entropy903