SHIPS
SHIPS copied to clipboard
trustedsec
Installation issue.
Installing on Debian 8 64bit Installed according to instructions up to the point of running ships.rb for the first time.
when running this command:
root@H099-SHIPS:/opt/webapp# ruby -r ./lib/identsqlite -r ./lib/identldap -r ./lib/devicevalidatorldap SHIPS.rb
I receive this error:
Encountered a fatal startup error!
Invalid binding information - /var/lib/gems/2.1.0/gems/net-ldap-0.14.0/lib/net/ldap/auth_adapter/simple.rb:14:in `bind'
I am new to ruby and am unsure what is breaking or how to diagnose it. The instructions are not the most user friendly but I have done my best. Let me know what files or outputs are needed to assist. Thank you!
Hi Amubu,
The exception is bubbling up from the net-ldap gem. The error indicates its not seeing the bind parameters (username / password). Since you are using both IdentLDAP and DeviceValidatorLDAP you may be missing one or both values in either the validatorOptions or identityOptions sections.
Check that you have both: identLDAP_username and identLDAP_password defined in identityOptions. Next check that you have both DeviceValidatorLDAP_username and DeviceValidatorLDAP_password defined in validatorOptions. Make sure they were not inadvertently commented out etc. Also double check for case and indentation (spaces not tabs), the configuration file is yaml which is both white space and case sensitive.
If the answer isn't obvious after that I would as a next step try removing the IdentLDAP and DeviceValidatorLDAP references from the app and identityOptions sections of the config. You can use DeviceValidatorAny and IdentSQLite as place holders, then start SHIPS as:
ruby -r ./lib/identsqlite SHIPS.rb
Once SHIPS is running properly without the LDAP connectors you can add them back into your config one at time to aide with troubleshooting.
Geoff Walton | Senior Security Consultant CISSP TRUSTEDSEC, LLC Cell: 440.344.8967 | US EDT (GMT -5) Staunton, VA Office Email: [email protected]:[email protected] https://www.trustedsec.comhttps://www.trustedsec.com/
"INFORMATION SECURITY MADE SIMPLE" - TRUSTEDSEC
From: amubu <[email protected]mailto:[email protected]> Reply-To: trustedsec/SHIPS <[email protected]mailto:[email protected]> Date: Tuesday, May 3, 2016 at 4:42 PM To: trustedsec/SHIPS <[email protected]mailto:[email protected]> Subject: [trustedsec/SHIPS] Installation issue. (#4)
Installing on Debian 8 64bit Installed according to instructions up to the point of running ships.rb for the first time.
when running this command:
root@H099-SHIPS:/opt/webapp# ruby -r ./lib/identsqlite -r ./lib/identldap -r ./lib/devicevalidatorldap SHIPS.rb
I receive this error:
Encountered a fatal startup error! Invalid binding information - /var/lib/gems/2.1.0/gems/net-ldap-0.14.0/lib/net/ldap/auth_adapter/simple.rb:14:in `bind'
I am new to ruby and am unsure what is breaking or how to diagnose it. The instructions are not the most user friendly but I have done my best. Let me know what files or outputs are needed to assist. Thank you!
— You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHubhttps://github.com/trustedsec/SHIPS/issues/4
Geoff,
Thank you for the assistance. After removing the LDAP references, I continue to have issues.
I have attached the conf file.
Below is terminal output and the error with the current log file.
root@H099-SHIPS:/opt/webapp# ls
clients doc etc gems lib README.md SHIPS.rb SQLiteIdentity.rb test
var
root@H099-SHIPS:/opt/webapp# ./SQLiteIdentity.rb --listUsers
root token: 1
admin token: 2
root@H099-SHIPS:/opt/webapp# ./SQLiteIdentity.rb --listGroups
root - token: 1
root@H099-SHIPS:/opt/webapp# ruby -r ./lib/identsqlite SHIPS.rb
Encountered a fatal startup error!
undefined method map' for nil:NilClass - /opt/webapp/lib/configuration.rb:14:inkeys_to_sym'
root@H099-SHIPS:/opt/webapp#
On Tue, May 3, 2016 at 5:10 PM, GeoffWalton [email protected] wrote:
Hi Amubu,
The exception is bubbling up from the net-ldap gem. The error indicates its not seeing the bind parameters (username / password). Since you are using both IdentLDAP and DeviceValidatorLDAP you may be missing one or both values in either the validatorOptions or identityOptions sections.
Check that you have both: identLDAP_username and identLDAP_password defined in identityOptions. Next check that you have both DeviceValidatorLDAP_username and DeviceValidatorLDAP_password defined in validatorOptions. Make sure they were not inadvertently commented out etc. Also double check for case and indentation (spaces not tabs), the configuration file is yaml which is both white space and case sensitive.
If the answer isn't obvious after that I would as a next step try removing the IdentLDAP and DeviceValidatorLDAP references from the app and identityOptions sections of the config. You can use DeviceValidatorAny and IdentSQLite as place holders, then start SHIPS as:
ruby -r ./lib/identsqlite SHIPS.rb
Once SHIPS is running properly without the LDAP connectors you can add them back into your config one at time to aide with troubleshooting.
Geoff Walton | Senior Security Consultant CISSP TRUSTEDSEC, LLC Cell: 440.344.8967 | US EDT (GMT -5) Staunton, VA Office Email: [email protected]:[email protected] https://www.trustedsec.comhttps://www.trustedsec.com/
"INFORMATION SECURITY MADE SIMPLE" - TRUSTEDSEC
From: amubu <[email protected]mailto:[email protected]> Reply-To: trustedsec/SHIPS <[email protected]<mailto: [email protected]>> Date: Tuesday, May 3, 2016 at 4:42 PM To: trustedsec/SHIPS <[email protected]<mailto: [email protected]>> Subject: [trustedsec/SHIPS] Installation issue. (#4)
Installing on Debian 8 64bit Installed according to instructions up to the point of running ships.rb for the first time.
when running this command:
root@H099-SHIPS:/opt/webapp# ruby -r ./lib/identsqlite -r ./lib/identldap -r ./lib/devicevalidatorldap SHIPS.rb
I receive this error:
Encountered a fatal startup error! Invalid binding information - /var/lib/gems/2.1.0/gems/net-ldap-0.14.0/lib/net/ldap/auth_adapter/simple.rb:14:in `bind'
I am new to ruby and am unsure what is breaking or how to diagnose it. The instructions are not the most user friendly but I have done my best. Let me know what files or outputs are needed to assist. Thank you!
— You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub< https://github.com/trustedsec/SHIPS/issues/4>
— You are receiving this because you authored the thread. Reply to this email directly or view it on GitHub https://github.com/trustedsec/SHIPS/issues/4#issuecomment-216665636
web: port: 443 serverName: H099-SHIPS.domain.com maxclients: 200 daemonUser: ships #SSLCertificate: /path/to/cert/pem #SSLPrivateKey: /path/to/key
data: dataPath: /var/cache/SHIPS.sqlite
styleSheet: /path/to/style/sheet
app: syslog: true sessionTimeout: 300 foreground: true superUserIdent: IdentSQLite superUserToken: "1" ACLAuthorsIdent: IdentSQLite ACLAuthorsToken: "1" defaultLoginIdent: IdentSQLite allowedLoginIdents:
- IdentSQLite
- IdentLDAP
devices: length: 20 age: 7
identityOptions:
exampleOption: exampleValue
identLDAP_host: 10.0.0.xx
identLDAP_port: 389
identLDAP_encryption: simple_tls
identLDAP_user_base: OU=IT Users,OU=IT Dept,OU=Users,OU=BaseOU,DC=domain,DC=com
identLDAP_group_base: CN=Builtin,DC=domain,DC=com
identLDAP_name_attribute: sAMAccountName
identLDAP_group_class: group
identLDAP_user_class: user
identLDAP_token_attribute: objectSid
identLDAP_group_attribute: memberOf
identLDAP_user_attribute: "member:1.2.840.113556.1.4.1941:"
identLDAP_group_required: CN=Administrators,CN=Builtin,DC=domain,DC=com
identLDAP_username: CN=LDAP,OU=Service Accounts,OU=IT Dept,OU=Users,OU=BaseOU,DC=domain,DC=com
identLDAP_password: Password
identDevice_default_folder: 2
identDevice_validators:
- DeviceValidatorLDAP
validatorOptions:
exampleOption: exampleValue
DeviceValidatorLDAP_host: 10.0.0.xx
DeviceValidatorLDAP_encryption: simple_tls
DeviceValidatorLDAP_port: 389
DeviceValidatorLDAP_base: DC=domain,DC=com
DeviceValidatorLDAP_username: CN=LDAP,OU=Service Accounts,OU=IT Dept,OU=Users,OU=BaseOU,DC=domain,DC=com
DeviceValidatorLDAP_password: Password
DeviceValidatorLDAP_class: computer
DeviceValidatorLDAP_name_attribute: name
I'm trying to run this on Windows with SQLite only to start with.
c:\Admin\SHIPS\SHIPS-master>c:\Ruby21-x64\bin\ruby.exe -r C:\Admin\SHIPS\SHIPS-master\lib\identsqlite.rb C:\Admin\SHIPS\SHIPS-master\SHIPS.rb
Encountered a fatal startup error!
undefined method map' for nil:NilClass - C:/Admin/SHIPS/SHIPS-master/lib/configuration.rb:14:inkeys_to_sym'
And if I try to run it with "daemonUser: ships-daemon" (local admin user)
Encountered a fatal startup error!
undefined method gid' for nil:NilClass - c:/Ruby21-x64/lib/ruby/2.1.0/webrick/utils.rb:46:insu'
My conf file: web: port: 443 serverName: xxx.xxx.xxx.xxx maxclients: 1000 Log: C:\Admin\SHIPS\SHIPS-master\var\log\ships.log #daemonUser: ships-daemon SSLCertificate: C:\Admin\SHIPS\SHIPS-master\etc\ships.pem SSLPrivateKey: C:\Admin\SHIPS\SHIPS-master\etc\ships.key
data: #dataPath: /var/data/SHIPS.sqlite dataPath: C:\Admin\SHIPS\SHIPS-master\var\data\SHIPS.sqlite #styleSheet: /path/to/style/sheet
app: syslog: false sessionTimeout: 300 foreground: true superUserIdent: IdentSQLite superUserToken: "1" #ACLAuthorsIdent: IdentLDAP #ACLAuthorsToken: S-1-5-21-3882956444-149478881-1526783422-2116 ACLAuthorsIdent: IdentSQLite ACLAuthorsToken: "1" defaultLoginIdent: IdentSQLite allowedLoginIdents:
- IdentSQLite #- IdentLDAP
devices: length: 20 age: 7
identityOptions: #exampleOption: exampleValue #identLDAP_host: 10.10.10.10 #identLDAP_port: 389 #identLDAP_encryption: simple_tls #identLDAP_user_base: DC=example,DC=local #identLDAP_group_base: OU=Test,DC=example,DC=local #identLDAP_name_attribute: sAMAccountName #identLDAP_group_class: group #identLDAP_user_class: user #identLDAP_token_attribute: objectSid #identLDAP_group_attribute: memberOf #identLDAP_user_attribute: "member:1.2.840.113556.1.4.1941:" #identLDAP_group_required: CN=SHIPS users,OU=Test,DC=example,DC=local #identLDAP_username: CN=ships DS. reader,OU=Test,DC=example,DC=local #identLDAP_password: SomeReallHardPassword #identDevice_default_folder: 2 #identDevice_validators: #- DeviceValidatorLDAP #- DeviceValidatorAny
validatorOptions: #exampleOption: exampleValue #DeviceValidatorLDAP_host: 10.10.10.10 #DeviceValidatorLDAP_encryption: simple_tls #DeviceValidatorLDAP_port: 389 #DeviceValidatorLDAP_base: DC=example,DC=local #DeviceValidatorLDAP_username: CN=ships DS. reader,OU=Test,DC=example,DC=local #DeviceValidatorLDAP_password: SomeReallHardPassword #DeviceValidatorLDAP_class: computer #DeviceValidatorLDAP_name_attribute: name
This is almost certainly a problem parsing the configuration file. It needs to be strict YAML syntax. I don’t know if e-mail or github has possibly eaten the formatting but the sections in the configuration file like web should be a YAML hash, so the values need to be spaced in. The error indicates the application is trying to pull a configuration value out what hash that does not exist, and the only reason for that is the YAML did not parse.
Geoff Walton | Senior Security Consultant CISSP TRUSTEDSEC, LLC Cell: 440.344.8967 | US EDT (GMT -5) Staunton, VA Office Email: [email protected]:[email protected] https://www.trustedsec.comhttps://www.trustedsec.com/
"INFORMATION SECURITY MADE SIMPLE" - TRUSTEDSEC
From: hallzi [email protected] Reply-To: trustedsec/SHIPS [email protected] Date: Tuesday, November 8, 2016 at 7:52 AM To: trustedsec/SHIPS [email protected] Cc: Geoff Walton [email protected], Comment [email protected] Subject: Re: [trustedsec/SHIPS] Installation issue. (#4)
I'm trying to run this on Windows with SQLite only to start with.
c:\Admin\SHIPS\SHIPS-master>c:\Ruby21-x64\bin\ruby.exe -r C:\Admin\SHIPS\SHIPS-master\lib\identsqlite.rb C:\Admin\SHIPS\SHIPS-master\SHIPS.rb
Encountered a fatal startup error! undefined method map' for nil:NilClass - C:/Admin/SHIPS/SHIPS-master/lib/configuration.rb:14:inkeys_to_sym'
My conf file: web: port: 443 serverName: xxx.xxx.xxx.xxx maxclients: 1000 Log: C:\Admin\SHIPS\SHIPS-master\var\log\ships.log #daemonUser: ships-daemon SSLCertificate: C:\Admin\SHIPS\SHIPS-master\etc\ships.pem SSLPrivateKey: C:\Admin\SHIPS\SHIPS-master\etc\ships.key
data: #dataPath: /var/data/SHIPS.sqlite dataPath: C:\Admin\SHIPS\SHIPS-master\var\data\SHIPS.sqlite
styleSheet: /path/to/style/sheet
app: syslog: false sessionTimeout: 300 foreground: true superUserIdent: IdentSQLite superUserToken: "1" #ACLAuthorsIdent: IdentLDAP #ACLAuthorsToken: S-1-5-21-3882956444-149478881-1526783422-2116 ACLAuthorsIdent: IdentSQLite ACLAuthorsToken: "1" defaultLoginIdent: IdentSQLite allowedLoginIdents:
- IdentSQLite #- IdentLDAP
devices: length: 20 age: 7
identityOptions:
exampleOption: exampleValue
#identLDAP_host: 10.10.10.10 #identLDAP_port: 389
identLDAP_encryption: simple_tls
#identLDAP_user_base: DC=example,DC=local #identLDAP_group_base: OU=Test,DC=example,DC=local #identLDAP_name_attribute: sAMAccountName #identLDAP_group_class: group #identLDAP_user_class: user #identLDAP_token_attribute: objectSid #identLDAP_group_attribute: memberOf #identLDAP_user_attribute: "member:1.2.840.113556.1.4.1941:" #identLDAP_group_required: CN=SHIPS users,OU=Test,DC=example,DC=local #identLDAP_username: CN=ships DS. reader,OU=Test,DC=example,DC=local #identLDAP_password: SomeReallHardPassword #identDevice_default_folder: 2 #identDevice_validators:
- DeviceValidatorLDAP
- DeviceValidatorAny
validatorOptions:
exampleOption: exampleValue
#DeviceValidatorLDAP_host: 10.10.10.10
DeviceValidatorLDAP_encryption: simple_tls
#DeviceValidatorLDAP_port: 389 #DeviceValidatorLDAP_base: DC=example,DC=local #DeviceValidatorLDAP_username: CN=ships DS. reader,OU=Test,DC=example,DC=local #DeviceValidatorLDAP_password: SomeReallHardPassword #DeviceValidatorLDAP_class: computer #DeviceValidatorLDAP_name_attribute: name
— You are receiving this because you commented. Reply to this email directly, view it on GitHubhttps://github.com/trustedsec/SHIPS/issues/4#issuecomment-259128489, or mute the threadhttps://github.com/notifications/unsubscribe-auth/AKKpBUStP1p8IfLurfwUkvlUr0RaGAvAks5q8HBxgaJpZM4IWmhH.