No error but dredd doesn't run

[someonehelpplease]

Hi! I'm trying to run this: python3 dredd-cli es -r ~/Sigmaa/ -a ~/Mordorr/ -m where ~/Sigmaa/ is the path to the 2 Sigma rules I want to test, and ~/Mordorr/ is the path to the 2 Mordor datasets I want to test the Sigma rules against.

I've had to troubleshoot through 2 main errors along the way, and now it's just stuck. No errors have been outputted, yet it just "buffers" and doesn't run.

Below are the errors I ran into: AttributeError: 'function' object has no attribute 'run' this was resolved by upgrading docker-py to 2.0.0

File "/home/kali/.local/lib/python3.8/site-packages/docker/models/containers.py", line 648, in run raise RuntimeError("The options 'detach' and 'remove' cannot be " RuntimeError: The options 'detach' and 'remove' cannot be used together. based on https://github.com/docker/docker-py/issues/1477 , I decided to try resolving this error by commenting out this section in containers.py: if detach and remove: raise RuntimeError("The options 'detach' and 'remove' cannot be used together.") After I did that, I re-ran python3 dredd-cli es -r ~/Sigmaa/ -a ~/Mordorr/ -m and it led me to my problem now where there are not errors outputted but it just doesn't load....

So help!! How do I fix this? thank you so so much!

[2XXE-SRA]

Can you please provide your version of Docker and docker-py?

[someonehelpplease]

Hi thank you so much!! Docker version: 19.03.12, build 48a66213fe Docker API Version: 1.40 Docker-py version: 1.10.6 (I couldn't figure out how to check the docker-py version, so I ran pip install docker-py -v and it resulted in Successfully installed docker-py-1.10.6 )

I just ran this again: pip uninstall docker-py && pip install -U docker and it told me it uninstalled docker version 2.0.0 and installed docker-4.3.1 ^^I think 4.3.1 is the docker-py version?? I'm a bit confused if my docker-py version is 1.10.6 or 4.3.1 After this, I ran python3 dredd-cli es -r ~/Sigmaa/ -a ~/Mordorr/ -m again and it still couldn't load...

[2XXE-SRA]

To get the package version, you can do something like

python -c "import docker; print(docker.__version__)"

or

pip freeze -l | grep docker

Also, keep in mind that the package name is just "docker", not "docker-py". "docker-py"'s latest version is 1.10.6 and is from 2016 (https://pypi.org/project/docker-py/#files). Please uninstall that so you just have the "docker" package. Once you have that resolved, can you please try running the tool again and letting me know the outcome? Keep in mind that it could take some time to process the results (the demo videos took were edited as mentioned in the post - they took about 20-30 seconds).

[someonehelpplease]

Hi! So I uninstalled docker.py, and reran dredd, and a lot of errors came up, which I'll include them all below. The first error that I tried to trouleshoot is this: Traceback: File "/home/kali/.local/lib/python3.8/site-packages/docker/transport/unixconn.py", line 43, in connect sock.connect(self.unix_socket) FileNotFoundError: [Errno 2] No such file or directory From some research, I was wondering if this error is related to docker.sock? (I was led to this guess because someone had the same error and posted it on stack overflow: https://stackoverflow.com/questions/61186983/airflow-dockeroperator-connect-sock-connectself-unix-socket-filenotfounderror) So I went to check and realized I don't have docker.sock (or that I can't find it). Apparently, it's installed by default and should be at /var/run, but I couldn't find mine there. So I tried to reinstall docker both through pip3 and apt-get, and afterwards when I ran dredd, the same error came up. Could it also be permission issues...? (guessing this from the stack overflow post) Let me know your thoughts on how to solve this! thank you so much!

Error output from running dredd: `Traceback (most recent call last): File "/usr/lib/python3/dist-packages/urllib3/connectionpool.py", line 665, in urlopen httplib_response = self._make_request( File "/usr/lib/python3/dist-packages/urllib3/connectionpool.py", line 387, in _make_request conn.request(method, url, **httplib_request_kw) File "/usr/lib/python3.8/http/client.py", line 1230, in request self._send_request(method, url, body, headers, encode_chunked) File "/usr/lib/python3.8/http/client.py", line 1276, in _send_request self.endheaders(body, encode_chunked=encode_chunked) File "/usr/lib/python3.8/http/client.py", line 1225, in endheaders self._send_output(message_body, encode_chunked=encode_chunked) File "/usr/lib/python3.8/http/client.py", line 1004, in _send_output self.send(msg) File "/usr/lib/python3.8/http/client.py", line 944, in send self.connect() File "/home/kali/.local/lib/python3.8/site-packages/docker/transport/unixconn.py", line 43, in connect sock.connect(self.unix_socket) FileNotFoundError: [Errno 2] No such file or directory

During handling of the above exception, another exception occurred:

Traceback (most recent call last): File "/usr/lib/python3/dist-packages/requests/adapters.py", line 439, in send resp = conn.urlopen( File "/usr/lib/python3/dist-packages/urllib3/connectionpool.py", line 719, in urlopen retries = retries.increment( File "/usr/lib/python3/dist-packages/urllib3/util/retry.py", line 400, in increment raise six.reraise(type(error), error, _stacktrace) File "/usr/lib/python3/dist-packages/six.py", line 702, in reraise raise value.with_traceback(tb) File "/usr/lib/python3/dist-packages/urllib3/connectionpool.py", line 665, in urlopen httplib_response = self._make_request( File "/usr/lib/python3/dist-packages/urllib3/connectionpool.py", line 387, in _make_request conn.request(method, url, **httplib_request_kw) File "/usr/lib/python3.8/http/client.py", line 1230, in request self._send_request(method, url, body, headers, encode_chunked) File "/usr/lib/python3.8/http/client.py", line 1276, in _send_request self.endheaders(body, encode_chunked=encode_chunked) File "/usr/lib/python3.8/http/client.py", line 1225, in endheaders self._send_output(message_body, encode_chunked=encode_chunked) File "/usr/lib/python3.8/http/client.py", line 1004, in _send_output self.send(msg) File "/usr/lib/python3.8/http/client.py", line 944, in send self.connect() File "/home/kali/.local/lib/python3.8/site-packages/docker/transport/unixconn.py", line 43, in connect sock.connect(self.unix_socket) urllib3.exceptions.ProtocolError: ('Connection aborted.', FileNotFoundError(2, 'No such file or directory'))

During handling of the above exception, another exception occurred:

Traceback (most recent call last): File "/home/kali/.local/lib/python3.8/site-packages/docker/api/client.py", line 205, in _retrieve_server_version return self.version(api_version=False)["ApiVersion"] File "/home/kali/.local/lib/python3.8/site-packages/docker/api/daemon.py", line 181, in version return self._result(self._get(url), json=True) File "/home/kali/.local/lib/python3.8/site-packages/docker/utils/decorators.py", line 46, in inner return f(self, *args, kwargs) File "/home/kali/.local/lib/python3.8/site-packages/docker/api/client.py", line 228, in _get return self.get(url, self._set_request_timeout(kwargs)) File "/usr/lib/python3/dist-packages/requests/sessions.py", line 543, in get return self.request('GET', url, kwargs) File "/usr/lib/python3/dist-packages/requests/sessions.py", line 530, in request resp = self.send(prep, send_kwargs) File "/usr/lib/python3/dist-packages/requests/sessions.py", line 643, in send r = adapter.send(request, **kwargs) File "/usr/lib/python3/dist-packages/requests/adapters.py", line 498, in send raise ConnectionError(err, request=request) requests.exceptions.ConnectionError: ('Connection aborted.', FileNotFoundError(2, 'No such file or directory'))

During handling of the above exception, another exception occurred:

Traceback (most recent call last): File "dredd-cli", line 2, in from dredd.cli import cli File "/home/kali/dredd/dredd/cli/init.py", line 1, in from .es import es File "/home/kali/dredd/dredd/cli/es.py", line 1, in from dredd.backends import DreddES File "/home/kali/dredd/dredd/backends/init.py", line 1, in from .docker import docker_client File "/home/kali/dredd/dredd/backends/docker.py", line 3, in docker_client = docker.from_env() File "/home/kali/.local/lib/python3.8/site-packages/docker/client.py", line 84, in from_env return cls( File "/home/kali/.local/lib/python3.8/site-packages/docker/client.py", line 40, in init self.api = APIClient(*args, **kwargs) File "/home/kali/.local/lib/python3.8/site-packages/docker/api/client.py", line 188, in init self._version = self._retrieve_server_version() File "/home/kali/.local/lib/python3.8/site-packages/docker/api/client.py", line 212, in _retrieve_server_version raise DockerException( docker.errors.DockerException: Error while fetching server API version: ('Connection aborted.', FileNotFoundError(2, 'No such file or directory'))`

[2XXE-SRA]

It sounds like something might be wrong with your installation of Docker itself, not the Python package. Can you verify that Docker is working as expected? Once its working, create a new virtualenv and install this project's dependencies with pip then try running the tool again.

[someonehelpplease]

YOUR ADVISE WORKED!!!! Thank you so much, Dredd can finally run! I first stopped and started docker sudo systemctl stop docker sudo systemctl start docker checked if docker is active: sudo service docker status once I'm sure docker is active, I created a virtualenv just in my home directory, and installed the dependencies with pip (I followed this guide to create a virtualenv: https://help.dreamhost.com/hc/en-us/articles/115000695551-Installing-and-using-virtualenv-with-Python-3) and then I ran the dredd command to test sigma rules on mordor datasets, and it worked!

[2XXE-SRA]

Glad it worked! I'm closing this issue but feel free to open another if you run into other issues.