Could not run HELK via docker-compose file helk-kibana-analysis-alert-basic.yml (Error Code: 1).

[priamai]

Describe the problem

I am running helk_install.sh for the firs time.

Provide the output of the following commands

NAME="Ubuntu"
VERSION="20.04.1 LTS (Focal Fossa)"
ID=ubuntu
ID_LIKE=debian
PRETTY_NAME="Ubuntu 20.04.1 LTS"
VERSION_ID="20.04"
HOME_URL="https://www.ubuntu.com/"
SUPPORT_URL="https://help.ubuntu.com/"
BUG_REPORT_URL="https://bugs.launchpad.net/ubuntu/"
PRIVACY_POLICY_URL="https://www.ubuntu.com/legal/terms-and-policies/privacy-policy"
VERSION_CODENAME=focal
UBUNTU_CODENAME=focal

Get disk space, memory, processor cores, and docker storage  

Docker Space:
Filesystem      Size  Used Avail Use% Mounted on
/dev/sda1       458G  139G  296G  32% /media/robomotic/bumbledisk

Memory:
              total        used        free      shared  buff/cache   available
Mem:             15           1           2           0          11          13
Swap:             1           0           1

Cores:
4

Empty.

Provide the HELK installation logs located at /var/log/helk-install.log if you are having install errors

Hit:1 http://gb.archive.ubuntu.com/ubuntu focal InRelease
Get:2 http://gb.archive.ubuntu.com/ubuntu focal-updates InRelease [114 kB]
Get:3 http://gb.archive.ubuntu.com/ubuntu focal-backports InRelease [101 kB]
Hit:4 https://download.docker.com/linux/ubuntu focal InRelease
Hit:5 https://nvidia.github.io/libnvidia-container/stable/ubuntu18.04/amd64  InRelease
Hit:6 https://nvidia.github.io/nvidia-container-runtime/stable/ubuntu18.04/amd64  InRelease
Hit:7 https://nvidia.github.io/nvidia-docker/ubuntu18.04/amd64  InRelease
Hit:8 http://security.ubuntu.com/ubuntu focal-security InRelease
Get:9 http://gb.archive.ubuntu.com/ubuntu focal-updates/main amd64 DEP-11 Metadata [236 kB]
Get:10 http://gb.archive.ubuntu.com/ubuntu focal-updates/main DEP-11 48x48 Icons [51.6 kB]
Get:11 http://gb.archive.ubuntu.com/ubuntu focal-updates/universe amd64 DEP-11 Metadata [205 kB]
Get:12 http://gb.archive.ubuntu.com/ubuntu focal-updates/multiverse amd64 DEP-11 Metadata [2,468 B]
Get:13 http://gb.archive.ubuntu.com/ubuntu focal-backports/universe amd64 DEP-11 Metadata [1,764 B]
Fetched 711 kB in 1s (739 kB/s)
Reading package lists...

WARNING: apt does not have a stable CLI interface. Use with caution in scripts.

Reading package lists...
Building dependency tree...
Reading state information...
The following package was automatically installed and is no longer required:
  libfprint-2-tod1
Use 'sudo apt autoremove' to remove it.
The following additional packages will be installed:
  libapr1 libaprutil1
The following NEW packages will be installed
  apache2-utils libapr1 libaprutil1
0 to upgrade, 3 to newly install, 0 to remove and 2 not to upgrade.
Need to get 260 kB of archives.
After this operation, 968 kB of additional disk space will be used.
Get:1 http://gb.archive.ubuntu.com/ubuntu focal/main amd64 libapr1 amd64 1.6.5-1ubuntu1 [91.4 kB]
Get:2 http://gb.archive.ubuntu.com/ubuntu focal/main amd64 libaprutil1 amd64 1.6.1-4ubuntu2 [84.7 kB]
Get:3 http://gb.archive.ubuntu.com/ubuntu focal-updates/main amd64 apache2-utils amd64 2.4.41-4ubuntu3.1 [83.8 kB]
Fetched 260 kB in 0s (539 kB/s)
Selecting previously unselected package libapr1:amd64.
(Reading database ... 202952 files and directories currently installed.)
Preparing to unpack .../libapr1_1.6.5-1ubuntu1_amd64.deb ...
Unpacking libapr1:amd64 (1.6.5-1ubuntu1) ...
Selecting previously unselected package libaprutil1:amd64.
Preparing to unpack .../libaprutil1_1.6.1-4ubuntu2_amd64.deb ...
Unpacking libaprutil1:amd64 (1.6.1-4ubuntu2) ...
Selecting previously unselected package apache2-utils.
Preparing to unpack .../apache2-utils_2.4.41-4ubuntu3.1_amd64.deb ...
Unpacking apache2-utils (2.4.41-4ubuntu3.1) ...
Setting up libapr1:amd64 (1.6.5-1ubuntu1) ...
Setting up libaprutil1:amd64 (1.6.1-4ubuntu2) ...
Setting up apache2-utils (2.4.41-4ubuntu3.1) ...
Processing triggers for man-db (2.9.1-1) ...
Processing triggers for libc-bin (2.31-0ubuntu9.1) ...
Adding password for user helk
Creating network "docker_helk" with driver "bridge"
Creating volume "docker_esdata" with local driver
Pulling helk-elasticsearch (docker.elastic.co/elasticsearch/elasticsearch:7.6.2)...
7.6.2: Pulling from elasticsearch/elasticsearch
error pulling image configuration: Get https://d2iks1dkcwqcbx.cloudfront.net/docker/registry/v2/blobs/sha256/f2/f29a1ee41030e3963026369105f3bee76d75fdecbeca07932ac054126be7bff9/data?Expires=1607381893&Signature=nB1QDZs6Mbqu-TNdMNI1j0QNY0NNlbKmEuZjlKw1oKfI~lySBQwZBXSyVc2hZmPSFhMQeSgyed5MUqTlDsrPW~nLUwCJ9IioF9hWzhjYz2xGbdnC19bOC3ufn99vWgZygekBFS2~NWgPLRhbYRO-k2-gdmqxgSaVb5S49m5lQzSdR6JwuY580DZc6x2B6KywgztJZzQvVystaXkqhqHCf~dOv~PuN~SoIdvefmNxOyKbSDksHW6q8XGF4TnXmJCmoDKWfYyANqKtJZYwtk3XfimZtp0bfDrE2-sHc62VCy1Zm3GtA9W8knroT2rswvI9BZR1oyG5uhTfqCkVIXTBdA__&Key-Pair-Id=APKAIVAVKHB6SNHJAJQQ: x509: certificate signed by unknown authority

What version of HELK are you using

8f5643e5457b0b903107670b167ce39a8e6cd713

Any additional context or input you have

Hmmm the logs seems to suggest is an invalid certificate?

[priamai]

Closing this as is related I discovered to my SSL inspection firewall.

[Kronos-C]

Hello @priamai! How did you solve SSL's invalid certificate? I see I have the same problem.