after update `monitor` do not access other backups

[pilasguru]

All my clientes continue backuping without problem, but monitor is unable to access backups on server:

# burp -a S

 burp status                                          2020-10-06 22:07:31 -0300

   monitor                 idle  last backup: 0000000 never

#

/etc/burp.conf

cname = monitor
password = password

/etc/burp-server.conf

monitor_browse_cache = 1
super_client = monitor

Also the burp_ui shows monitor client only.

I understand that I have not configured monitor with the access to list/manage other client's backups.

[pilasguru]

SOLVED:

/etc/burp-server.conf requires:

restore_client = monitor

enabled

[pilasguru]

The templates/burp-server.conf.j2 has not replacement tag at:

# Clients that are able to list and restore files belonging to any other
# client. If this is too permissive, you may set a restore_client for
# individual original clients in the individual clientconfdir files.
# restore_client = someclient
# restore_client = someotherclient

[pilasguru]

Problem continue: monitor can't browse other clients backups:

# burp -a l -v
2020-11-02 03:30:10 -0300: burp[14960] Connecting to 127.0.0.1:4977
2020-11-02 03:30:10 -0300: burp[14960] auth ok
2020-11-02 03:30:10 -0300: burp[14960] Server version: 2.2.18
2020-11-02 03:30:10 -0300: burp[14960] nocsr ok
2020-11-02 03:30:10 -0300: burp[14960] SSL is using cipher: ECDHE-RSA-AES256-GCM-SHA384 TLSv1.2 Kx=ECDH     Au=RSA  Enc=AESGCM(256) Mac=AEAD

2020-11-02 03:30:10 -0300: burp[14960] extra_comms_begin ok:autoupgrade:incexc:orig_client:uname:counters_json:msg:forceproto=1:
2020-11-02 03:30:10 -0300: burp[14960] Server is forcing protocol 1
no backups
2020-11-02 03:30:10 -0300: burp[14960] List finished ok

/etc/burp/burp-server.conf:

monitor_browse_cache = 1
super_client = monitor

# burp -t 
                        conffile: /etc/burp/burp.conf
                            mode: client
                            [...]
            monitor_browse_cache: 0
                     monitor_exe:
                           cname: monitor
                            port: 4971

As you see monitor_browse_cache from client is 0, but it is 1 at server configuration.

Do you have any help to enable monitor to see all backups of other clients as usual ??

[pablodav]

Which is the output for burp -a S ?

https://burp.grke.org/docs/manpage.html

   -a S   Similar to '-a s', but it prints the main status monitor summary
      screen  to stdout. One application is that a script can run this
      and email an administrator  the  output  on  a  cron  job.  This
      doesn't  require  ncurses  support. There are additional options
      that can be given with both these options, listed below.

[pilasguru]

# burp -a S -v

 burp status                                          2020-11-02 14:44:52 -0300

   monitor                 idle  last backup: 0000000 never

# 

[pablodav]

Why your settings are at /etc/ and not at /etc/burp?

Did you check if you have /etc/burp/monitor.conf ?

Did you check if you have latest version of this role in use?

In these steps I have separated the client and the monitor here: https://github.com/CoffeeITWorks/ansible_burp2_server/blob/master/tasks/10_local_client.yml#L21

So you will have to use burp -c /etc/burp/monitor.conf -a S

[pilasguru]

Sorry, it was my mistake: all my server installation is at /etc/burp.

I do not have /etc/burp/monitor.conf at the server. However, I receive the following output:

TASK [coffeeitworks.burp2_server : local_client | add local client] **************************************************************
ok: [darlene]

/etc/burp# ls -al
total 84
drwxr-x---  6 root root  4096 Nov 10 11:29 .
drwxr-xr-x 98 root root 12288 Nov  8 06:06 ..
drwxr-x---  3 root root  4096 Sep 30 23:07 autoupgrade
-rw-r--r--  1 root root   819 Nov 10 11:29 burp.conf
-rw-r--r--  1 root root  7059 Nov  2 02:57 burp-server.conf
-rw-r--r--  1 root root  7091 Sep 30 23:28 .burp-server.conf.bui.init.back~
drwxr-xr-x  4 root root  4096 Nov  2 02:18 CA
drwxr-x---  2 root root  4096 Nov  2 02:18 CA-client
-rw-r-----  1 root root   781 Sep 30 23:10 CA.cnf
drwxr-x---  4 root root  4096 Oct 26 22:19 clientconfdir
-rw-------  1 root root   830 Sep 30 23:07 dhfile.pem
-rw-------  1 root root  1131 Nov  2 02:18 ssl_cert_ca-monitor.pem
-rw-r--r--  1 root root  1131 Sep 30 23:09 ssl_cert_ca-server.pem
-rw-------  1 root root  1679 Nov  2 02:18 ssl_cert-monitor.key
-rw-------  1 root root  3676 Nov  2 02:18 ssl_cert-monitor.pem
-rw-------  1 root root  1679 Sep 30 23:10 ssl_cert-server.key
-rw-r--r--  1 root root  3674 Sep 30 23:10 ssl_cert-server.pem

I just have /etc/burp/burp.conf into the server with next content:

mode = client
server = 127.0.0.1

##
## port = 4975
##
## I have fixed the client to be on burp-server because the status showns better on burpui
port = 4971
status_port = 4972
##

pidfile = /var/run/burp.pid

cname = monitor
password = password

protocol = 1

syslog = 0
stdout = 0

ca_burp_ca = /usr/local/sbin/burp_ca
ca_csr_dir = /etc/burp/CA-client
ssl_cert_ca = /etc/burp/ssl_cert_ca-monitor.pem
ssl_cert = /etc/burp/ssl_cert-monitor.pem
ssl_key = /etc/burp/ssl_cert-monitor.key
ssl_key_password = password
# This will break idempotence, so will be better
# to use lineinfile for this file.
ssl_peer_cn = darlene

# These ports are based on: https://github.com/CoffeeITWorks/ansible_burp2_server/issues/11
# Compatible since burp 2.1.10
port_restore = 4975
port_verify = 4976
port_list = 4977
port_delete = 4978

I am using the updated version:

Role: coffeeitworks.burp2_server
        description: ansible role to deploy and maintain burp backup
        active: True
        commit: af64e30bbf249f87bb003b07878c7d84b13a11ab
        commit_message: Merge pull request #75 from CoffeeITWorks/develop

        install_date: Tue Nov 10 14:04:03 2020
        installed_version: 2.4.5

[pablodav]

Hello @pilasguru , how are you doing?

Is it still valid? Do you have this issue with latests versions?