wordfence-cli
wordfence-cli copied to clipboard
wordfence
When running docker version for first time, fails
With the new Voodoo Child release, the automatic license acquisition logic cannot trigger unless the docker container is launched with -it parameter.
Without that parameter, it looks like this:
$ docker run -v /var/www:/var/www wordfence-cli:latest malware-scan /var/www
Wordfence CLI cannot be used until it has been configured. Would you like to configure it now? [y/n] (default: n): Traceback (most recent call last):
File "/venv/bin/wordfence", line 8, in <module>
sys.exit(main())
^^^^^^
File "/venv/lib/python3.11/site-packages/wordfence/cli/cli.py", line 181, in main
exit_code = cli.invoke()
^^^^^^^^^^^^
File "/venv/lib/python3.11/site-packages/wordfence/cli/cli.py", line 163, in invoke
and not configurer.check_config():
^^^^^^^^^^^^^^^^^^^^^^^^^
File "/venv/lib/python3.11/site-packages/wordfence/cli/configurer.py", line 382, in check_config
self.prompt_for_missing_config()
File "/venv/lib/python3.11/site-packages/wordfence/cli/configurer.py", line 366, in prompt_for_missing_config
should_configure = prompt_yes_no(
^^^^^^^^^^^^^^
File "/venv/lib/python3.11/site-packages/wordfence/util/input.py", line 59, in prompt_yes_no
return prompt(
^^^^^^^
File "/venv/lib/python3.11/site-packages/wordfence/util/input.py", line 20, in prompt
response = input(f'{message}{default_message}: ')
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
EOFError: EOF when reading a line
And if you launch it with -it parameter, it does successfully get a license, then subsequently exits.
$ docker run -it -v /var/www:/var/www wordfence-cli:latest malware-scan /var/www
▓▓▓
▓▓▓▓▓ ▓▓▓▓▓ _ __ __ ____
▓▓▓▓▓▓▓ ▓▓▓▓▓▓▓ | | / /___ _________/ / / __/__ ____ ________
▓▓ ▓ ▓▓ | | /| / / __ \/ ___/ __ /_/ /_/ _ \/ __ \/ ___/ _ \
▓▓ ▓▓ ▓▓▓ ▓▓ ▓▓ | |/ |/ / /_/ / / / /_/ /_ __/ __/ / / / /__/ __/
▓▓ ▓ ▓ ▓ ▓▓ |__/|__/\____/_/ \____/ /_/ \___/_/ /_/\___/\___/
▓▓ ▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓ ▓▓ ____ _ ___
▓▓ ▓▓▓ ▓ ▓▓▓ ▓ ▓▓▓ ▓▓ / ___| | |_ _|
▓▓▓▓▓ ▓ ▓▓▓ ▓ ▓▓▓▓▓ | | | | | |
▓▓ ▓ ▓▓ ▓▓ ▓ ▓▓ | |___| |___ | |
▓▓▓▓▓▓▓▓▓▓▓▓ ▓▓▓▓▓▓▓▓▓▓▓▓ \____|_____|___|
Wordfence CLI cannot be used until it has been configured. Would you like to configure it now? [y/n] (default: n): y
Would you like to automatically request a free Wordfence CLI license? [y/n] (default: y): y
Your access to and use of Wordfence CLI Free edition is subject to the Wordfence CLI License Terms and Conditions set forth at https://www.wordfence.com/wordfence-cli-license-terms-and-conditions/. By entering "y" and selecting Enter, you agree that you have read and accept the Wordfence CLI License Terms and Conditions. [y/n] (default: n): y
Free Wordfence CLI license obtained successfully: 72a24fde0b99035b6c2dbd3a71d70756b50e72f2d566895496c07b3e071be3eb9d43470c883d31cd5dbd5e49f6d47a77f0627c765681f58af6b57a0586429a1866d39f61c117464bba8aea3d918b70b9e77e404e5cd72dfeed5ed02b526ce8510e746bb0620b3f6ebe03e797f1f3b870
Cache directory (default: ~/.cache/wordfence):
Number of worker processes (8 CPUs available) (default: 1): 4
Config saved to /root/.config/wordfence/wordfence-cli.ini
Wordfence CLI has been successfully configured and is now ready for use.
... leaving behind a trail of crushes hopes and dreams:
$ docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
92f8a3e8cbbd wordfence-cli:latest "wordfence malware-s…" 39 seconds ago Exited (0) 17 seconds ago inspiring_robinson
c2d856a01cba wordfence-cli:latest "wordfence malware-s…" 2 minutes ago Exited (1) 2 minutes ago magical_panini
3e592d5a43a4 wordfence-cli:latest "wordfence malware-s…" 16 minutes ago Exited (0) 15 minutes ago exciting_hypatia
be6ef23db6c9 wordfence-cli:latest "wordfence scan --ve…" 18 minutes ago Exited (1) 18 minutes ago stupefied_shamir
d6758307168e wordfence-cli:latest "wordfence scan --ve…" 18 minutes ago Exited (1) 18 minutes ago upbeat_golick
dcb2293d01e4 wordfence-cli:latest "wordfence scan --ve…" 19 minutes ago Exited (1) 18 minutes ago pedantic_sutherland
e3c8278b2e4a wordfence-cli:latest "wordfence malware-s…" 19 minutes ago Exited (0) 19 minutes ago frosty_tu
[...]
Suggested options for fix: option 1 : When running in docker mode, have it do the scan after acquiring a license
option 2: modify the execution instructions to run interactively
$ docker run -it --entrypoint bash wordfence-cli
root@83e479bb827a:/venv# wordfence malware-scan /var/www
▓▓▓
▓▓▓▓▓ ▓▓▓▓▓ _ __ __ ____
▓▓▓▓▓▓▓ ▓▓▓▓▓▓▓ | | / /___ _________/ / / __/__ ____ ________
▓▓ ▓ ▓▓ | | /| / / __ \/ ___/ __ /_/ /_/ _ \/ __ \/ ___/ _ \
▓▓ ▓▓ ▓▓▓ ▓▓ ▓▓ | |/ |/ / /_/ / / / /_/ /_ __/ __/ / / / /__/ __/
▓▓ ▓ ▓ ▓ ▓▓ |__/|__/\____/_/ \____/ /_/ \___/_/ /_/\___/\___/
▓▓ ▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓ ▓▓ ____ _ ___
▓▓ ▓▓▓ ▓ ▓▓▓ ▓ ▓▓▓ ▓▓ / ___| | |_ _|
▓▓▓▓▓ ▓ ▓▓▓ ▓ ▓▓▓▓▓ | | | | | |
▓▓ ▓ ▓▓ ▓▓ ▓ ▓▓ | |___| |___ | |
▓▓▓▓▓▓▓▓▓▓▓▓ ▓▓▓▓▓▓▓▓▓▓▓▓ \____|_____|___|
Wordfence CLI cannot be used until it has been configured. Would you like to configure it now? [y/n] (default: n): y
Would you like to automatically request a free Wordfence CLI license? [y/n] (default: y): y
Your access to and use of Wordfence CLI Free edition is subject to the Wordfence CLI License Terms and Conditions set forth at https://www.wordfence.com/wordfence-cli-license-terms-and-conditions/. By entering "y" and selecting Enter, you agree that you have read and accept the Wordfence CLI License Terms and Conditions. [y/n] (default: n): y
Free Wordfence CLI license obtained successfully: c558a814dc7d6a6afc907ef6bdaefb0fdc7cfe007e9060ae6605a4716ea19c10773b065ab54732242f50895fcfd3253dc21f6d7bec85058c700782c9b522e4f00948c6443b79000a9a24296052fe48d9a11bc4680848e73c8f9c25ae5abdc43fda975234ac9505b39214a57028a6ab0a
Cache directory (default: ~/.cache/wordfence):
Number of worker processes (8 CPUs available) (default: 1):
Config saved to /root/.config/wordfence/wordfence-cli.ini
Wordfence CLI has been successfully configured and is now ready for use.
root@83e479bb827a:/venv# wordfence malware-scan /var/www
[..great success..]
I've added #128 to add more graceful handling when CLI needs to prompt for input, but can't.
Licenses are designed to be persistent, so having it acquire a license and them run a scan immediately in one invocation is not ideal. Instead, when running under Docker, a persistent volume should be used for the config and cache directories so that multiple invocations can reuse the same config. We will be updating the documentation accordingly.
