crowdsec icon indicating copy to clipboard operation
crowdsec copied to clipboard

Published 20 hours ago verified publisher icon crowdsecurity

Access denied on Geolite2-City.mmdb when running cscli hub upgrade while Crowdsec is running on Windows Platform

Open cstisa opened this issue 4 months ago • 2 comments

What happened?

Dear Crowdsec Community,

When we perform a cscli hub upgrade or cscli hub upgrade --force on a host running Windows Server Operating System we have the following error :

C:\Windows\system32>cscli hub upgrade
level=info msg="Upgrading parsers"
level=info msg="crowdsecurity/http-logs: up-to-date"
level=info msg="crowdsecurity/mssql-logs: up-to-date"
level=info msg="crowdsecurity/dateparse-enrich: up-to-date"
level=info msg="crowdsecurity/geoip-enrich: up-to-date"
level=error msg="Failed to remove destination file before renaming: remove C:\\ProgramData\\CrowdSec\\data\\GeoLite2-City.mmdb: Access is denied." url="https://hub-data.crowdsec.net/mmdb_update/GeoLite2-City.mmdb"
level=fatal msg="crowdsecurity/geoip-enrich: download failed: while downloading data for C:\\ProgramData\\CrowdSec\\config\\parsers\\s02-enrich\\geoip-enrich.yaml: while getting data: remove C:\\ProgramData\\CrowdSec\\data\\GeoLite2-City.mmdb: Access is denied."

C:\Windows\system32>cscli hub upgrade --force
level=info msg="Upgrading parsers"
level=info msg="crowdsecurity/geoip-enrich: up-to-date"
level=error msg="Failed to remove destination file before renaming: remove C:\\ProgramData\\CrowdSec\\data\\GeoLite2-City.mmdb: Access is denied." url="https://hub-data.crowdsec.net/mmdb_update/GeoLite2-City.mmdb"
level=fatal msg="crowdsecurity/geoip-enrich: download failed: while downloading data for C:\\ProgramData\\CrowdSec\\config\\parsers\\s02-enrich\\geoip-enrich.yaml: while getting data: remove C:\\ProgramData\\CrowdSec\\data\\GeoLite2-City.mmdb: Access is denied."

It seems that it can not remove the GeoLite2-City.mmdb while Crowdsec Service is running

After stopping the service and running again the command the process is working as expected.

When there are no update of this mmdb Geolite file the process is working as expected.

What did you expect to happen?

The process of running cscli hub upgrade should work without any intervention (stopping) on the service.

How can we reproduce it (as minimally and precisely as possible)?

Perform a cscli hub upgrade on a command prompt with administrator privilege while crowdsec is running and the Geolite files are not up to date.

Anything else we need to know?

No response

Crowdsec version

C:\Windows\system32>cscli version
version: v1.6.3-188f580f
Codename: alphaga
BuildDate: 2024-09-13_09:47:13
GoVersion: 1.22.6
Platform: windows
libre2: WebAssembly
User-Agent: crowdsec/v1.6.3-188f580f-windows
Constraint_parser: >= 1.0, <= 3.0
Constraint_scenario: >= 1.0, <= 3.0
Constraint_api: v1
Constraint_acquis: >= 1.0, < 2.0

OS version


# On Windows:
C:\Windows\system32>wmic os get Caption, Version, BuildNumber, OSArchitecture
BuildNumber  Caption                                 OSArchitecture  Version
17763        Microsoft Windows Server 2019 Standard  64-bit          10.0.17763

Enabled collections and parsers

$ cscli hub list -o raw
# paste output here

Acquisition config

```console # On Linux: $ cat /etc/crowdsec/acquis.yaml /etc/crowdsec/acquis.d/* # paste output here

On Windows:

C:> Get-Content C:\ProgramData\CrowdSec\config\acquis.yaml

paste output here

Config show

No response

Prometheus metrics

No response

Related custom configs versions (if applicable) : notification plugins, custom scenarios, parsers etc.

No response

Thanks for the help and support !

Have a nice day

Edouard Fazenda for CSTI SA.

cstisa avatar Oct 03 '24 07:10 cstisa