deepfence
Secret Scanning not working on Linux agents
Technical Context
- Components/Services affected: Deepfence agent (Linux)
- Affected Module: Secret Scanning
- OS version: Debian GNU/Linux 12 (bookworm), AMD64
- Deepfence agent version: I have no idea; I am not familiar with the agents' architecture but the installer was
deepfence-agent-amd64-2.2.2.tar.gz
Describe the bug
- The Secret Scanner is not working in Linux Debian agents. I get an "Error" without any context in Deepfence Web UI as shown below:
What I've done to try to understand the error:
I am mostly grepping through the logs at /opt/deepfence/df-agents/copilot/var/log/supervisor/deepfenced.log
I am seeing WARN errors skip <Deepfence_module> rules update already new in the logs for deepfence agents in Linux. I don't know what that means, and I don't know either if there's something wrong with my installation (I don't know either if the WARN messages are related, or if this WARN errors may indicate some other issue I'm not even aware of yet, not related to secret scanning):
How I installed the agent:
sudo bashexport MGMT_CONSOLE_URL="MY DF SERVER IP"export DEEPFENCE_KEY="MY KEY"(As per the instructions in the Web UI)bash install_deepfence_agent.sh
Expected behavior
Secret Scanning on Linux hosts working
Thank you, I don't know what to do here, if the error lies on my side or there's something wrong with DF-agents
can you please show us the deepfence-worker logs and also is it possible to restart the management console and try again
Hi, where are the deepfence-worker logs?
TL;DR: I restarted the management console. secret scanner logs on DF agent are empty. Same error again
Deepfence agent on Linux
I'm on the deepfence Linux agent and I don't know where are the deepfence-worker logs:
the Secret_scanner.log file is empty (Even after restarting the management console and starting a secret scan again):
FTR: Restarting management console
I restarted the management console by:
docker-compose -f docker-compose.yml down
then up again:
docker-compose -f docker-compose.yml up --detach
UPDATE:
I just realized you meant deepfence_worker Docker container. Here they are but I'm not sure what exactly would you like to see:
If you want me to do something else with the logs please tell me so I know what exactly to show you
@Argandov
I tried to run agent on Debian 12 and I was able to run all the scans successfully
can you please provide the full log file /opt/deepfence/df-agents/copilot/var/log/supervisor/deepfenced.log we should be able to see why secret scanner is not starting
meanwhile can you try to uninstall and install the agent again
if secret scanner start without any issues the secret scanner log file will have below content
root@mahanth-debian-12:/opt/deepfence/df-agents/mahanth-debian-12/var/log/deepfenced# cat secret_scanner.log
time="2024-07-26 04:16:05" level=error msg="open /opt/deepfence/df-agents/mahanth-debian-12/home/deepfence/bin/secret-scanner/config/config.yaml: no such file or directory"
time="2024-07-26 04:16:10" level=error msg="open /opt/deepfence/df-agents/mahanth-debian-12/home/deepfence/bin/secret-scanner/config/config.yaml: no such file or directory"
time="2024-07-26 04:16:15" level=error msg="open /opt/deepfence/df-agents/mahanth-debian-12/home/deepfence/bin/secret-scanner/config/config.yaml: no such file or directory"
INFO[2024-07-26T04:16:21Z] grpc.go:98 main: server listening at /opt/deepfence/df-agents/mahanth-debian-12/tmp/secret-scanner.sock