ThreatMapper
ThreatMapper copied to clipboard
deepfence
Vulnerability Scan Failing with Minimal Context
Describe the bug
Deployed a single agent on the same node running the dockers for the console which is itself an Arch LXC inside an Arch host.
Scans initiated with any option set possible fail with Vulnerability scan failed. Scan was interrupted. Please restart. which is not helpful. OS package scans can't be disabled and i highly doubt ThreatMapper has arch-audit integration... So my guess would be its failing on OS packages for lack of pacman or arch-audit interface/data (Arch has packagekit if thats a viable approach, but it does add an extra dependency to the system being scanned).
The LXC running all of this is privileged with nesting for the dockers, but there's no debugfs and sysfs in general is more locked down than ThreatMapper seems to presume (modern Grsecurity system) so i had to comment those pieces out of the docker-compose and agent script.
Thanks @sempervictus, could you please share the logs here. You could grab them from settings->diagnosis->global logs and agent logs
I would, but now i have a new bug apparently: adding extra_hosts directives to account for non-dns-resolvable hostnames in order to work around the inability to ignore cert validation (if using the IP of a registry system the cert will not match, but if its not in DNS then you need hosts entries) breaks authentication or some other back-end bits.
Had to bring down and up the docker-compose, and got the system logs but it says that there are no agent logs to download... might be related? I cant drop hostnames and IPs for the environment in a public space - i'll need to sanitize them first.
Hello @sempervictus , deploying the agents on the same system as the management console is not yet supported. We will add support for it shortly.
Neither is all in one config, I think we should totally enable that so threatmapper can be quickly tried out on a single node or a laptop.