search

MISP / misp-modules

Modules for expansion services, enrichment, import and export in MISP and other tools.
http://misp.github.io/misp-modules
GNU Affero General Public License v3.0
344 stars 233 forks source link

misp-modules rc.local startup #132

Closed elreydetoda closed 7 years ago

elreydetoda commented 7 years ago

Alright, I have no idea what is going on with this now. We got the misp-modules to be executed from any user (from a previous issue), but now when I try and start it at boot from rc.local it doesn't stay up...

So when I execute it after I start up the misp application sudo -u www-data bash /var/www/MISP/app/Console/worker/start.sh then it won't show up in my log at all by the way this is my rc.local file (has extra stuff for debugging)

#!/bin/sh -e
#
# rc.local
#
# This script is executed at the end of each multiuser runlevel.
# Make sure that the script will "exit 0" on success or any other
# value on error.
#
# In order to enable or disable this script just change the execution
# bits.
#
# By default this script does nothing.
exec 2> /tmp/rc.local.log  # send stderr from rc.local to a log file
exec 1>&2                      # send stdout to the same log file
set -x
# nohup sudo -u www-data /usr/local/bin/misp-modules &
# echo $!
# sleep 5
sudo -u www-data bash /var/www/MISP/app/Console/worker/start.sh
sudo -u www-data /usr/local/bin/misp-modules &

#misp-modules &
exit 0

this is the way the /tmp/rc.local.log file looks

+ sudo -u www-data bash /var/www/MISP/app/Console/worker/start.sh
Stopping workers
   There is no workers to stop ...

Creating workers
Starting worker ... Done

Creating workers
Starting worker ... Done

Creating workers
Starting worker ... Done

Creating workers
Starting worker ... Done

Creating the scheduler workers
The scheduler worker is already running

but if I swap around the times that it is executed and my rc.local file looks like this

#!/bin/sh -e
#
# rc.local
#
# This script is executed at the end of each multiuser runlevel.
# Make sure that the script will "exit 0" on success or any other
# value on error.
#
# In order to enable or disable this script just change the execution
# bits.
#
# By default this script does nothing.
exec 2> /tmp/rc.local.log  # send stderr from rc.local to a log file
exec 1>&2                      # send stdout to the same log file
set -x
nohup sudo -u www-data /usr/local/bin/misp-modules &
echo $!
sleep 5
sudo -u www-data bash /var/www/MISP/app/Console/worker/start.sh
# sudo -u www-data /usr/local/bin/misp-modules &

#misp-modules &
exit 0

then my debug data from /tmp/rc.local.log look like this... (took out timestamps)

cat /tmp/rc.local.log
+ sleep 5
+ sudo -u www-data /usr/bin/python3 /usr/local/bin/misp-modules
misp-modules - INFO - Launch MISP modules server from current directory.
misp-modules - INFO - Helpers loaded cache.py
misp-modules - INFO - MISP modules openiocimport imported
misp-modules - INFO - MISP modules stiximport imported
misp-modules - INFO - MISP modules vmray_import imported
misp-modules - INFO - MISP modules testimport imported
misp-modules - INFO - MISP modules cuckooimport imported
misp-modules - INFO - MISP modules email_import imported
misp-modules - INFO - MISP modules ocr imported
misp-modules - INFO - MISP modules mispjson imported
misp-modules - INFO - MISP modules passivetotal imported
misp-modules - INFO - MISP modules asn_history imported
misp-modules - INFO - MISP modules cve imported
misp-modules - INFO - MISP modules reversedns imported
misp-modules - INFO - MISP modules countrycode imported
misp-modules - INFO - MISP modules wiki imported
misp-modules - INFO - MISP modules shodan imported
misp-modules - INFO - MISP modules circl_passivedns imported
misp-modules - INFO - MISP modules eupi imported
misp-modules - INFO - MISP modules whois imported
misp-modules - INFO - MISP modules xforceexchange imported
misp-modules - INFO - MISP modules threatminer imported
misp-modules - INFO - MISP modules sourcecache imported
misp-modules - INFO - MISP modules iprep imported
misp-modules - INFO - MISP modules circl_passivessl imported
misp-modules - INFO - MISP modules vmray_submit imported
misp-modules - INFO - MISP modules threatcrowd imported
misp-modules - INFO - MISP modules ipasn imported
misp-modules - INFO - MISP modules dns imported
misp-modules - INFO - MISP modules otx imported
misp-modules - INFO - MISP modules domaintools imported
misp-modules - INFO - MISP modules geoip_country imported
misp-modules - INFO - MISP modules virustotal imported
misp-modules - INFO - MISP modules liteexport imported
misp-modules - INFO - MISP modules cef_export imported
misp-modules - INFO - MISP modules testexport imported
misp-modules - INFO - MISP modules server started on 127.0.0.1 port 6666
+ sudo -u www-data bash /var/www/MISP/app/Console/worker/start.sh
Stopping workers
   There is no workers to stop ...

Creating workers
Starting worker ... Done

Creating workers
Starting worker ... Done

Creating workers
Starting worker ... Done

Creating workers
Starting worker ... Done

Creating the scheduler workers
The scheduler worker is already running

so I would think that it is executed, but when I check netstat (and on the misp application) it isn't running. The process is dead and gone...so any ideas what could be possibly happening?

elreydetoda commented 7 years ago

Nevermind instead of rc.local I just set it in my crontab for root as the following @reboot /usr/bin/sudo -u www-data /usr/local/bin/misp-modules & and all is well now. You might want to take a look at doing this instead of rc.local because I couldn't get it to work properly at all in mine for an ubuntu 16.04 Linux 4.4.0-83-generic #106-Ubuntu SMP x86_64 x86_64 x86_64 GNU/Linux