search

Homas / ioc2rpz

ioc2rpz is a place where threat intelligence meets DNS.
Apache License 2.0
105 stars 17 forks source link

Source error crashes ioc2rpz #49

Closed dmgeurts closed 10 months ago

dmgeurts commented 10 months ago

ioc2rpz wouldn't restart after a reboot of the server it was running on. It turns out that if a source does not return any usable data after the regex filter is applied. ioc2rpz throws a tantrum and crashes. The last log line before the crash dump indicates which source is the culprit, but it doesn't help identify why there was no content. Nor is it helpful to have the docker image crash as that takes all the other RPZ feeds down as well.

Maybe, ioc2rpz could ignore the issue with the source, disable the RPZ and log an error in the logs. If ioc2rpz.gui could subsequently show an alert, that would be the cherry on top.

That said. I can't work out why this source isn't returning anything, other than that it's using tabs instead of spaces.

Homas commented 10 months ago

Did u use the resent code? if not, please upgrade first. The images on the docker hub are deprecated. Install docker compose (or docker version with it) and use this docker compose configuration file

dmgeurts commented 10 months ago

Thank you, ioc2rpz.gui successfully built, ~but the ioc2rpz build failed: https://github.com/Homas/ioc2rpz.dc/issues/1~

dmgeurts commented 10 months ago

~Installing the docker-compose based images appears to have wiped the config. Is there a way I can import the old config rather than start over?~

I really need to check this first before thinking I don't know how to do something...

The following got the config etc like I used to have it, I just had to change the volumes and point them to /opt/ioc2rpz rather than ./ioc2rpz:

version: '3'
services:
  ioc2rpz:
    build:
      context: https://github.com/Homas/ioc2rpz.git
    ports:
      - "53:53/udp"
      - "53:53/tcp"
      - "853:853/tcp"
      - "8443:8443/tcp"
    volumes:
      - /opt/ioc2rpz/cfg:/opt/ioc2rpz/cfg
      - /opt//ioc2rpz/db:/opt/ioc2rpz/db
    restart: always
    logging:
      driver: syslog
    network_mode: "bridge"
    depends_on:
      - ioc2rpz.gui
  ioc2rpz.gui:
    build:
      context: https://github.com/Homas/ioc2rpz.gui.git
    ports:
      - "127.0.0.1:80:80/tcp"
      - "127.0.0.1:443:443/tcp"
    volumes:
      - /opt/ioc2rpz/cfg:/opt/ioc2rpz.gui/export-cfg
      - /opt/ioc2rpz/db:/opt/ioc2rpz.gui/www/io2cfg
      - /opt/ioc2rpz/ssl:/etc/apache2/ssl
    restart: always
    logging:
      driver: syslog
    network_mode: "bridge"
dmgeurts commented 10 months ago

After rebuilding both ioc2rpz and ioc2rpz.gui, I had to remove the latest source and RPZ that I added. I then recreated them and the configuration file was successfully built, no more crashes!