SELKS 6 upgrade - Githubissues

ManuelFFF commented 4 years ago

Hi,

I did not find any documentation available for the upgrade from SELKS 5 to SELKS 6 in https://github.com/StamusNetworks/SELKS/wiki#selks-major-upgrades.

I want to start testing SELKS 6 ASAP, but I need to import some current settings from SELKS 5, due to all the time spent on those:

Current status of sources, rulsets, categories and rules from Scirius.
Custom dashboards from Kibana. I know there is a way to export/import dashboards, I just need to know if dashboards made in Kibana 6.8.8 are compatible with Kibana 7.

Thank you

pevma commented 4 years ago

You should export all your visualizations and dashboards as a back up. Then try the upgrade procedure here in your test/QA environment - https://github.com/StamusNetworks/SELKS/wiki/SELKS-5.0-to-SELKS-6RC1

ManuelFFF commented 4 years ago

I am having a difficult time using the Xfce environment. Previous desktop environment (LXDE) was much easier (for me at least). I know many things like user or network management can be done via CLI, but still I installed the desktop version to be able to use some GUIs rather that CLI.

User management GUI is missing (or I can't find it)
I can't enable/disable the network interface like I used to on SELKS 5 desktop.

ManuelFFF commented 4 years ago

I installed LXDE desktop environment to resolve the issue above. Now I can find the tools I need right where they were ;).

pevma commented 4 years ago

ok - so all good now? :)

ManuelFFF commented 4 years ago

Yeah, this interface is easier to handle (at least for me ;) ). Thank you

I already reported another issue, but since that once is more specific than just my thoughts or feedback about the new SELKS, I opened a new report. Not sure if would be easier for you or your team to have all this in the same thread. Just let me know

ManuelFFF commented 4 years ago

Hi,

I followed steps described in https://github.com/StamusNetworks/SELKS/wiki/SELKS-5.0-to-SELKS-6RC1. After that restarted the server and after checking ELK it is still showing running version 6.8.10. Did I miss a step or config? Should I run any other command to finally upgrade to ELK 7?

Thanks

pevma commented 4 years ago

I think you should also use the selks-upgrade command. Final stable 6 release is planned very shortly by the way so should be really close.

ManuelFFF commented 4 years ago

Oh, I also tried the upgrade command after my previous post, but nothing changed. Perhaps the machine was experiencing other issues with ELK, that's why I am installing SELKS 5 and trying the upgrade to SELKS 6 again.

It's good to know the stable version of SELKS 6 it's almost here!! I am very excited!!

ManuelFFF commented 4 years ago

Reinstalled SLEKS 5 and attempted upgrade to SELKS 6 (test environment to be sure before applying upgrade to production server):

1- Ran selks-upgrade_stamus. Successfully upgraded from ELK 6.8.9 to 6.8.10 2- Rebooted PC 3- Fallowed instructions from https://github.com/StamusNetworks/SELKS/wiki/SELKS-5.0-to-SELKS-6RC1

Issues: 1- When I run selks-upgrade_stamus Moloch is upgraded to version 2.3.1-1, but when running the upgrade from SELKS 5 to 6, Moloch is downgraded 2- Three times in a row the script get stuck deploying Moloch and won't move forward

user1@server1:~$ sudo SELKS/scripts/SELKS5-SELKS6/SN-S5-S6-Upgrade.sh
+ ((  0 != 0  ))
+ mkdir -p /opt/selks/preupgrade
+ mkdir -p /opt/selks/preupgrade/elasticsearch/etc/elasticsearch
+ mkdir -p /opt/selks/preupgrade/elasticsearch/etc/default/
+ mv /etc/alternatives/desktop-background /opt/selks/preupgrade
mv: cannot stat '/etc/alternatives/desktop-background': No such file or directory
+ /bin/systemctl stop elasticsearch
+ /bin/systemctl stop kibana
+ /bin/systemctl stop logstash
+ /bin/systemctl stop suricata
+ /usr/bin/supervisorctl stop scirius
scirius: stopped
+ '[' -f /etc/apt/sources.list.d/curator5.list ']'
+ mv /etc/apt/sources.list.d/curator5.list /opt/selks/preupgrade/curator5.list.orig
+ cat
+ '[' -f /etc/nginx/sites-available/default ']'
+ rm -rf /etc/nginx/sites-enabled/default
+ '[' -f /etc/nginx/sites-available/selks5.conf ']'
+ rm -rf /etc/nginx/sites-available/selks5.conf
+ rm -rf /etc/nginx/sites-enabled/selks5.conf
+ '[' -f /etc/nginx/sites-available/selks5.conf ']'
+ cat
+ ln -s /etc/nginx/sites-available/selks6.conf /etc/nginx/sites-enabled/selks6.conf
ln: failed to create symbolic link '/etc/nginx/sites-enabled/selks6.conf': File exists
+ /bin/systemctl restart nginx
Job for nginx.service failed because the control process exited with error code.
See "systemctl status nginx.service" and "journalctl -xe" for details.
+ '[' -f /etc/logstash/conf.d/logstash.conf ']'
+ mv /etc/logstash/conf.d/logstash.conf /opt/selks/preupgrade/logstash.conf.orig
+ cat
+ '[' -f /etc/logstash/elasticsearch6-template.json ']'
+ cat
+ '[' -f /etc/apt/sources.list.d/selks5.list ']'
+ cat
+ wget -qO - http://packages.stamus-networks.com/packages.selks6.stamus-networks.com.gpg.key
+ apt-key add -
OK
+ /bin/systemctl stop kibana
+ '[' -f /usr/lib/systemd/system/elasticsearch.service ']'
+ cp /usr/lib/systemd/system/elasticsearch.service /opt/selks/preupgrade/elasticsearch.service.orig
+ cp -r /etc/elasticsearch/elasticsearch.keystore /etc/elasticsearch/elasticsearch.yml /etc/elasticsearch/elasticsearch.yml.save /etc/elasticsearch/jvm.options /etc/elasticsearch/jvm.options.dpkg-old /etc/elasticsearch/log4j2.properties /etc/elasticsearch/role_mapping.yml /etc/elasticsearch/roles.yml /etc/elasticsearch/users /etc/elasticsearch/users_roles /opt/selks/preupgrade/elasticsearch/etc/
+ cp /etc/default/elasticsearch /opt/selks/preupgrade/elasticsearch/etc/default/
+ sed -i s/stretch/buster/g /etc/apt/sources.list
+ apt-get update
Hit:1 http://repository.veeam.com/backup/linux/agent/dpkg/debian/public stable InRelease
Hit:2 http://ftp.us.debian.org/debian buster InRelease
Hit:3 http://security.debian.org/debian-security buster/updates InRelease
Hit:5 http://ftp.us.debian.org/debian buster-updates InRelease
Hit:6 https://artifacts.elastic.co/packages/6.x/apt stable InRelease
Hit:7 https://packages.elastic.co/curator/5/debian9 stable InRelease
Hit:4 http://evebox.org/files/debian stable InRelease
Hit:8 http://packages.stamus-networks.com/selks5/debian buster InRelease
Hit:9 http://packages.stamus-networks.com/selks5/debian-kernel buster InRelease
Hit:10 http://packages.stamus-networks.com/selks6/debian buster InRelease
Hit:11 http://packages.stamus-networks.com/selks6/debian-kernel buster InRelease
Reading package lists... Done
W: Target Packages (main/binary-amd64/Packages) is configured multiple times in /etc/apt/sources.list.d/selks6.list:12 and /etc/apt/sources.list.d/selks6.list:19
W: Target Packages (main/binary-all/Packages) is configured multiple times in /etc/apt/sources.list.d/selks6.list:12 and /etc/apt/sources.list.d/selks6.list:19
W: Target Translations (main/i18n/Translation-en) is configured multiple times in /etc/apt/sources.list.d/selks6.list:12 and /etc/apt/sources.list.d/selks6.list:19
W: Target Packages (main/binary-amd64/Packages) is configured multiple times in /etc/apt/sources.list.d/selks6.list:12 and /etc/apt/sources.list.d/selks6.list:26
W: Target Packages (main/binary-all/Packages) is configured multiple times in /etc/apt/sources.list.d/selks6.list:12 and /etc/apt/sources.list.d/selks6.list:26
W: Target Translations (main/i18n/Translation-en) is configured multiple times in /etc/apt/sources.list.d/selks6.list:12 and /etc/apt/sources.list.d/selks6.list:26
W: Target Packages (main/binary-amd64/Packages) is configured multiple times in /etc/apt/sources.list.d/selks6.list:13 and /etc/apt/sources.list.d/selks6.list:20
W: Target Packages (main/binary-all/Packages) is configured multiple times in /etc/apt/sources.list.d/selks6.list:13 and /etc/apt/sources.list.d/selks6.list:20
W: Target Translations (main/i18n/Translation-en) is configured multiple times in /etc/apt/sources.list.d/selks6.list:13 and /etc/apt/sources.list.d/selks6.list:20
W: Target Packages (main/binary-amd64/Packages) is configured multiple times in /etc/apt/sources.list.d/selks6.list:13 and /etc/apt/sources.list.d/selks6.list:27
W: Target Packages (main/binary-all/Packages) is configured multiple times in /etc/apt/sources.list.d/selks6.list:13 and /etc/apt/sources.list.d/selks6.list:27
W: Target Translations (main/i18n/Translation-en) is configured multiple times in /etc/apt/sources.list.d/selks6.list:13 and /etc/apt/sources.list.d/selks6.list:27
W: Target Packages (main/binary-amd64/Packages) is configured multiple times in /etc/apt/sources.list.d/selks6.list:12 and /etc/apt/sources.list.d/selks6.list:19
W: Target Packages (main/binary-all/Packages) is configured multiple times in /etc/apt/sources.list.d/selks6.list:12 and /etc/apt/sources.list.d/selks6.list:19
W: Target Translations (main/i18n/Translation-en) is configured multiple times in /etc/apt/sources.list.d/selks6.list:12 and /etc/apt/sources.list.d/selks6.list:19
W: Target Packages (main/binary-amd64/Packages) is configured multiple times in /etc/apt/sources.list.d/selks6.list:12 and /etc/apt/sources.list.d/selks6.list:26
W: Target Packages (main/binary-all/Packages) is configured multiple times in /etc/apt/sources.list.d/selks6.list:12 and /etc/apt/sources.list.d/selks6.list:26
W: Target Translations (main/i18n/Translation-en) is configured multiple times in /etc/apt/sources.list.d/selks6.list:12 and /etc/apt/sources.list.d/selks6.list:26
W: Target Packages (main/binary-amd64/Packages) is configured multiple times in /etc/apt/sources.list.d/selks6.list:13 and /etc/apt/sources.list.d/selks6.list:20
W: Target Packages (main/binary-all/Packages) is configured multiple times in /etc/apt/sources.list.d/selks6.list:13 and /etc/apt/sources.list.d/selks6.list:20
W: Target Translations (main/i18n/Translation-en) is configured multiple times in /etc/apt/sources.list.d/selks6.list:13 and /etc/apt/sources.list.d/selks6.list:20
W: Target Packages (main/binary-amd64/Packages) is configured multiple times in /etc/apt/sources.list.d/selks6.list:13 and /etc/apt/sources.list.d/selks6.list:27
W: Target Packages (main/binary-all/Packages) is configured multiple times in /etc/apt/sources.list.d/selks6.list:13 and /etc/apt/sources.list.d/selks6.list:27
W: Target Translations (main/i18n/Translation-en) is configured multiple times in /etc/apt/sources.list.d/selks6.list:13 and /etc/apt/sources.list.d/selks6.list:27
+ DEBIAN_FRONTEND=noninteractive
+ apt-get -o Dpkg::Options::=--force-confold -o Dpkg::Options::=--force-confdef -y dist-upgrade
Reading package lists... Done
Building dependency tree
Reading state information... Done
E: The package moloch needs to be reinstalled, but I can't find an archive for it.
+ exit_status=100
+ [[ 100 -ne 0 ]]
+ rm -f '/var/lib/dpkg/info/python-minimal*'
+ rm -f '/var/lib/dpkg/info/python2-minimal*'
+ apt --fix-broken -y install
Reading package lists... Done
Building dependency tree
Reading state information... Done
E: The package moloch needs to be reinstalled, but I can't find an archive for it.
+ apt-get update
Hit:1 http://security.debian.org/debian-security buster/updates InRelease
Hit:2 http://repository.veeam.com/backup/linux/agent/dpkg/debian/public stable InRelease
Hit:4 http://ftp.us.debian.org/debian buster InRelease
Hit:5 http://ftp.us.debian.org/debian buster-updates InRelease
Hit:6 https://artifacts.elastic.co/packages/6.x/apt stable InRelease
Hit:7 https://packages.elastic.co/curator/5/debian9 stable InRelease
Hit:8 http://packages.stamus-networks.com/selks5/debian buster InRelease
Hit:9 http://packages.stamus-networks.com/selks5/debian-kernel buster InRelease
Hit:10 http://packages.stamus-networks.com/selks6/debian buster InRelease
Hit:11 http://packages.stamus-networks.com/selks6/debian-kernel buster InRelease
Hit:3 http://evebox.org/files/debian stable InRelease
Reading package lists... Done
W: Target Packages (main/binary-amd64/Packages) is configured multiple times in /etc/apt/sources.list.d/selks6.list:12 and /etc/apt/sources.list.d/selks6.list:19
W: Target Packages (main/binary-all/Packages) is configured multiple times in /etc/apt/sources.list.d/selks6.list:12 and /etc/apt/sources.list.d/selks6.list:19
W: Target Translations (main/i18n/Translation-en) is configured multiple times in /etc/apt/sources.list.d/selks6.list:12 and /etc/apt/sources.list.d/selks6.list:19
W: Target Packages (main/binary-amd64/Packages) is configured multiple times in /etc/apt/sources.list.d/selks6.list:12 and /etc/apt/sources.list.d/selks6.list:26
W: Target Packages (main/binary-all/Packages) is configured multiple times in /etc/apt/sources.list.d/selks6.list:12 and /etc/apt/sources.list.d/selks6.list:26
W: Target Translations (main/i18n/Translation-en) is configured multiple times in /etc/apt/sources.list.d/selks6.list:12 and /etc/apt/sources.list.d/selks6.list:26
W: Target Packages (main/binary-amd64/Packages) is configured multiple times in /etc/apt/sources.list.d/selks6.list:13 and /etc/apt/sources.list.d/selks6.list:20
W: Target Packages (main/binary-all/Packages) is configured multiple times in /etc/apt/sources.list.d/selks6.list:13 and /etc/apt/sources.list.d/selks6.list:20
W: Target Translations (main/i18n/Translation-en) is configured multiple times in /etc/apt/sources.list.d/selks6.list:13 and /etc/apt/sources.list.d/selks6.list:20
W: Target Packages (main/binary-amd64/Packages) is configured multiple times in /etc/apt/sources.list.d/selks6.list:13 and /etc/apt/sources.list.d/selks6.list:27
W: Target Packages (main/binary-all/Packages) is configured multiple times in /etc/apt/sources.list.d/selks6.list:13 and /etc/apt/sources.list.d/selks6.list:27
W: Target Translations (main/i18n/Translation-en) is configured multiple times in /etc/apt/sources.list.d/selks6.list:13 and /etc/apt/sources.list.d/selks6.list:27
W: Target Packages (main/binary-amd64/Packages) is configured multiple times in /etc/apt/sources.list.d/selks6.list:12 and /etc/apt/sources.list.d/selks6.list:19
W: Target Packages (main/binary-all/Packages) is configured multiple times in /etc/apt/sources.list.d/selks6.list:12 and /etc/apt/sources.list.d/selks6.list:19
W: Target Translations (main/i18n/Translation-en) is configured multiple times in /etc/apt/sources.list.d/selks6.list:12 and /etc/apt/sources.list.d/selks6.list:19
W: Target Packages (main/binary-amd64/Packages) is configured multiple times in /etc/apt/sources.list.d/selks6.list:12 and /etc/apt/sources.list.d/selks6.list:26
W: Target Packages (main/binary-all/Packages) is configured multiple times in /etc/apt/sources.list.d/selks6.list:12 and /etc/apt/sources.list.d/selks6.list:26
W: Target Translations (main/i18n/Translation-en) is configured multiple times in /etc/apt/sources.list.d/selks6.list:12 and /etc/apt/sources.list.d/selks6.list:26
W: Target Packages (main/binary-amd64/Packages) is configured multiple times in /etc/apt/sources.list.d/selks6.list:13 and /etc/apt/sources.list.d/selks6.list:20
W: Target Packages (main/binary-all/Packages) is configured multiple times in /etc/apt/sources.list.d/selks6.list:13 and /etc/apt/sources.list.d/selks6.list:20
W: Target Translations (main/i18n/Translation-en) is configured multiple times in /etc/apt/sources.list.d/selks6.list:13 and /etc/apt/sources.list.d/selks6.list:20
W: Target Packages (main/binary-amd64/Packages) is configured multiple times in /etc/apt/sources.list.d/selks6.list:13 and /etc/apt/sources.list.d/selks6.list:27
W: Target Packages (main/binary-all/Packages) is configured multiple times in /etc/apt/sources.list.d/selks6.list:13 and /etc/apt/sources.list.d/selks6.list:27
W: Target Translations (main/i18n/Translation-en) is configured multiple times in /etc/apt/sources.list.d/selks6.list:13 and /etc/apt/sources.list.d/selks6.list:27
+ DEBIAN_FRONTEND=noninteractive
+ apt-get -o Dpkg::Options::=--force-confold -o Dpkg::Options::=--force-confdef -y dist-upgrade
Reading package lists... Done
Building dependency tree
Reading state information... Done
E: The package moloch needs to be reinstalled, but I can't find an archive for it.
+ chown root:elasticsearch /etc/default/elasticsearch
+ '[' -f /usr/lib/systemd/system/elasticsearch.service.dpkg-new ']'
+ '[' -f /etc/default/elasticsearch.dpkg-new ']'
+ chown -R kibana /usr/share/kibana/optimize/
+ /bin/systemctl restart elasticsearch
+ /bin/systemctl restart kibana
+ /usr/share/logstash/bin/logstash-plugin install logstash-filter-geoip
Validating logstash-filter-geoip
Installing logstash-filter-geoip
Installation successful
+ /bin/systemctl restart logstash
+ chown logstash -R /data/nsm/
+ /bin/systemctl restart suricata
+ /usr/bin/supervisorctl restart scirius
scirius: ERROR (not running)
scirius: started
+ sleep 30
+ apt-get update
Hit:1 http://repository.veeam.com/backup/linux/agent/dpkg/debian/public stable InRelease
Hit:2 http://security.debian.org/debian-security buster/updates InRelease
Hit:4 http://ftp.us.debian.org/debian buster InRelease
Hit:5 http://ftp.us.debian.org/debian buster-updates InRelease
Hit:6 https://artifacts.elastic.co/packages/6.x/apt stable InRelease
Hit:7 https://packages.elastic.co/curator/5/debian9 stable InRelease
Hit:3 http://evebox.org/files/debian stable InRelease
Hit:8 http://packages.stamus-networks.com/selks5/debian buster InRelease
Hit:9 http://packages.stamus-networks.com/selks5/debian-kernel buster InRelease
Hit:10 http://packages.stamus-networks.com/selks6/debian buster InRelease
Hit:11 http://packages.stamus-networks.com/selks6/debian-kernel buster InRelease
Reading package lists... Done
W: Target Packages (main/binary-amd64/Packages) is configured multiple times in /etc/apt/sources.list.d/selks6.list:12 and /etc/apt/sources.list.d/selks6.list:19
W: Target Packages (main/binary-all/Packages) is configured multiple times in /etc/apt/sources.list.d/selks6.list:12 and /etc/apt/sources.list.d/selks6.list:19
W: Target Translations (main/i18n/Translation-en) is configured multiple times in /etc/apt/sources.list.d/selks6.list:12 and /etc/apt/sources.list.d/selks6.list:19
W: Target Packages (main/binary-amd64/Packages) is configured multiple times in /etc/apt/sources.list.d/selks6.list:12 and /etc/apt/sources.list.d/selks6.list:26
W: Target Packages (main/binary-all/Packages) is configured multiple times in /etc/apt/sources.list.d/selks6.list:12 and /etc/apt/sources.list.d/selks6.list:26
W: Target Translations (main/i18n/Translation-en) is configured multiple times in /etc/apt/sources.list.d/selks6.list:12 and /etc/apt/sources.list.d/selks6.list:26
W: Target Packages (main/binary-amd64/Packages) is configured multiple times in /etc/apt/sources.list.d/selks6.list:13 and /etc/apt/sources.list.d/selks6.list:20
W: Target Packages (main/binary-all/Packages) is configured multiple times in /etc/apt/sources.list.d/selks6.list:13 and /etc/apt/sources.list.d/selks6.list:20
W: Target Translations (main/i18n/Translation-en) is configured multiple times in /etc/apt/sources.list.d/selks6.list:13 and /etc/apt/sources.list.d/selks6.list:20
W: Target Packages (main/binary-amd64/Packages) is configured multiple times in /etc/apt/sources.list.d/selks6.list:13 and /etc/apt/sources.list.d/selks6.list:27
W: Target Packages (main/binary-all/Packages) is configured multiple times in /etc/apt/sources.list.d/selks6.list:13 and /etc/apt/sources.list.d/selks6.list:27
W: Target Translations (main/i18n/Translation-en) is configured multiple times in /etc/apt/sources.list.d/selks6.list:13 and /etc/apt/sources.list.d/selks6.list:27
W: Target Packages (main/binary-amd64/Packages) is configured multiple times in /etc/apt/sources.list.d/selks6.list:12 and /etc/apt/sources.list.d/selks6.list:19
W: Target Packages (main/binary-all/Packages) is configured multiple times in /etc/apt/sources.list.d/selks6.list:12 and /etc/apt/sources.list.d/selks6.list:19
W: Target Translations (main/i18n/Translation-en) is configured multiple times in /etc/apt/sources.list.d/selks6.list:12 and /etc/apt/sources.list.d/selks6.list:19
W: Target Packages (main/binary-amd64/Packages) is configured multiple times in /etc/apt/sources.list.d/selks6.list:12 and /etc/apt/sources.list.d/selks6.list:26
W: Target Packages (main/binary-all/Packages) is configured multiple times in /etc/apt/sources.list.d/selks6.list:12 and /etc/apt/sources.list.d/selks6.list:26
W: Target Translations (main/i18n/Translation-en) is configured multiple times in /etc/apt/sources.list.d/selks6.list:12 and /etc/apt/sources.list.d/selks6.list:26
W: Target Packages (main/binary-amd64/Packages) is configured multiple times in /etc/apt/sources.list.d/selks6.list:13 and /etc/apt/sources.list.d/selks6.list:20
W: Target Packages (main/binary-all/Packages) is configured multiple times in /etc/apt/sources.list.d/selks6.list:13 and /etc/apt/sources.list.d/selks6.list:20
W: Target Translations (main/i18n/Translation-en) is configured multiple times in /etc/apt/sources.list.d/selks6.list:13 and /etc/apt/sources.list.d/selks6.list:20
W: Target Packages (main/binary-amd64/Packages) is configured multiple times in /etc/apt/sources.list.d/selks6.list:13 and /etc/apt/sources.list.d/selks6.list:27
W: Target Packages (main/binary-all/Packages) is configured multiple times in /etc/apt/sources.list.d/selks6.list:13 and /etc/apt/sources.list.d/selks6.list:27
W: Target Translations (main/i18n/Translation-en) is configured multiple times in /etc/apt/sources.list.d/selks6.list:13 and /etc/apt/sources.list.d/selks6.list:27
+ apt-get -y install elasticsearch-curator
Reading package lists... Done
Building dependency tree
Reading state information... Done
E: The package moloch needs to be reinstalled, but I can't find an archive for it.
+ mv /opt/selks/delete-old-logs.sh /opt/selks/preupgrade/delete-old-logs.sh
+ cat
+ mkdir -p /opt/molochtmp
+ cd /opt/molochtmp/
+ apt-get -y install libwww-perl libjson-perl libyaml-dev libcrypto++6
Reading package lists... Done
Building dependency tree
Reading state information... Done
E: The package moloch needs to be reinstalled, but I can't find an archive for it.
+ wget https://files.molo.ch/builds/ubuntu-18.04/moloch_2.2.3-1_amd64.deb
--2020-06-11 10:40:40--  https://files.molo.ch/builds/ubuntu-18.04/moloch_2.2.3-1_amd64.deb
Resolving files.molo.ch (files.molo.ch)... 13.35.112.3, 13.35.112.94, 13.35.112.20, ...
Connecting to files.molo.ch (files.molo.ch)|13.35.112.3|:443... connected.
HTTP request sent, awaiting response... 200 OK
Length: 82686856 (79M) [application/x-debian-package]
Saving to: ‘moloch_2.2.3-1_amd64.deb.2’

moloch_2.2.3-1_amd64.deb.2                      100%[======================================================================================================>]  78.86M  2.21MB/s    in 37s

2020-06-11 10:41:17 (2.13 MB/s) - ‘moloch_2.2.3-1_amd64.deb.2’ saved [82686856/82686856]

+ dpkg -i moloch_2.2.3-1_amd64.deb
dpkg: warning: files list file for package 'python-minimal' missing; assuming package has no files currently installed
dpkg: warning: files list file for package 'python2-minimal' missing; assuming package has no files currently installed
(Reading database ... 272362 files and directories currently installed.)
Preparing to unpack moloch_2.2.3-1_amd64.deb ...
Unpacking moloch (2.2.3-1) over (2.3.1-1) ...

ManuelFFF commented 4 years ago

After 30 mins or so the script finished, but with errors. Here is the output:

+ ((  0 != 0  ))
+ mkdir -p /opt/selks/preupgrade
+ mkdir -p /opt/selks/preupgrade/elasticsearch/etc/elasticsearch
+ mkdir -p /opt/selks/preupgrade/elasticsearch/etc/default/
+ mv /etc/alternatives/desktop-background /opt/selks/preupgrade
mv: cannot stat '/etc/alternatives/desktop-background': No such file or directory
+ /bin/systemctl stop elasticsearch
+ /bin/systemctl stop kibana
+ /bin/systemctl stop logstash
+ /bin/systemctl stop suricata
+ /usr/bin/supervisorctl stop scirius
scirius: stopped
+ '[' -f /etc/apt/sources.list.d/curator5.list ']'
+ mv /etc/apt/sources.list.d/curator5.list /opt/selks/preupgrade/curator5.list.orig
+ cat
+ '[' -f /etc/nginx/sites-available/default ']'
+ rm -rf /etc/nginx/sites-enabled/default
+ '[' -f /etc/nginx/sites-available/selks5.conf ']'
+ rm -rf /etc/nginx/sites-available/selks5.conf
+ rm -rf /etc/nginx/sites-enabled/selks5.conf
+ '[' -f /etc/nginx/sites-available/selks5.conf ']'
+ cat
+ ln -s /etc/nginx/sites-available/selks6.conf /etc/nginx/sites-enabled/selks6.conf
ln: failed to create symbolic link '/etc/nginx/sites-enabled/selks6.conf': File exists
+ /bin/systemctl restart nginx
Job for nginx.service failed because the control process exited with error code.
See "systemctl status nginx.service" and "journalctl -xe" for details.
+ '[' -f /etc/logstash/conf.d/logstash.conf ']'
+ mv /etc/logstash/conf.d/logstash.conf /opt/selks/preupgrade/logstash.conf.orig
+ cat
+ '[' -f /etc/logstash/elasticsearch6-template.json ']'
+ cat
+ '[' -f /etc/apt/sources.list.d/selks5.list ']'
+ cat
+ wget -qO - http://packages.stamus-networks.com/packages.selks6.stamus-networks.com.gpg.key
+ apt-key add -
OK
+ /bin/systemctl stop kibana
+ '[' -f /usr/lib/systemd/system/elasticsearch.service ']'
+ cp /usr/lib/systemd/system/elasticsearch.service /opt/selks/preupgrade/elasticsearch.service.orig
+ cp -r /etc/elasticsearch/elasticsearch.keystore /etc/elasticsearch/elasticsearch.yml /etc/elasticsearch/elasticsearch.yml.save /etc/elasticsearch/jvm.options /etc/elasticsearch/jvm.options.dpkg-old /etc/elasticsearch/log4j2.properties /etc/elasticsearch/role_mapping.yml /etc/elasticsearch/roles.yml /etc/elasticsearch/users /etc/elasticsearch/users_roles /opt/selks/preupgrade/elasticsearch/etc/
+ cp /etc/default/elasticsearch /opt/selks/preupgrade/elasticsearch/etc/default/
+ sed -i s/stretch/buster/g /etc/apt/sources.list
+ apt-get update
Hit:1 http://repository.veeam.com/backup/linux/agent/dpkg/debian/public stable InRelease
Hit:2 http://ftp.us.debian.org/debian buster InRelease
Hit:3 http://security.debian.org/debian-security buster/updates InRelease
Hit:5 http://ftp.us.debian.org/debian buster-updates InRelease
Hit:6 https://artifacts.elastic.co/packages/6.x/apt stable InRelease
Hit:7 https://packages.elastic.co/curator/5/debian9 stable InRelease
Hit:4 http://evebox.org/files/debian stable InRelease
Hit:8 http://packages.stamus-networks.com/selks5/debian buster InRelease
Hit:9 http://packages.stamus-networks.com/selks5/debian-kernel buster InRelease
Hit:10 http://packages.stamus-networks.com/selks6/debian buster InRelease
Hit:11 http://packages.stamus-networks.com/selks6/debian-kernel buster InRelease
Reading package lists... Done
W: Target Packages (main/binary-amd64/Packages) is configured multiple times in /etc/apt/sources.list.d/selks6.list:12 and /etc/apt/sources.list.d/selks6.list:19
W: Target Packages (main/binary-all/Packages) is configured multiple times in /etc/apt/sources.list.d/selks6.list:12 and /etc/apt/sources.list.d/selks6.list:19
W: Target Translations (main/i18n/Translation-en) is configured multiple times in /etc/apt/sources.list.d/selks6.list:12 and /etc/apt/sources.list.d/selks6.list:19
W: Target Packages (main/binary-amd64/Packages) is configured multiple times in /etc/apt/sources.list.d/selks6.list:12 and /etc/apt/sources.list.d/selks6.list:26
W: Target Packages (main/binary-all/Packages) is configured multiple times in /etc/apt/sources.list.d/selks6.list:12 and /etc/apt/sources.list.d/selks6.list:26
W: Target Translations (main/i18n/Translation-en) is configured multiple times in /etc/apt/sources.list.d/selks6.list:12 and /etc/apt/sources.list.d/selks6.list:26
W: Target Packages (main/binary-amd64/Packages) is configured multiple times in /etc/apt/sources.list.d/selks6.list:13 and /etc/apt/sources.list.d/selks6.list:20
W: Target Packages (main/binary-all/Packages) is configured multiple times in /etc/apt/sources.list.d/selks6.list:13 and /etc/apt/sources.list.d/selks6.list:20
W: Target Translations (main/i18n/Translation-en) is configured multiple times in /etc/apt/sources.list.d/selks6.list:13 and /etc/apt/sources.list.d/selks6.list:20
W: Target Packages (main/binary-amd64/Packages) is configured multiple times in /etc/apt/sources.list.d/selks6.list:13 and /etc/apt/sources.list.d/selks6.list:27
W: Target Packages (main/binary-all/Packages) is configured multiple times in /etc/apt/sources.list.d/selks6.list:13 and /etc/apt/sources.list.d/selks6.list:27
W: Target Translations (main/i18n/Translation-en) is configured multiple times in /etc/apt/sources.list.d/selks6.list:13 and /etc/apt/sources.list.d/selks6.list:27
W: Target Packages (main/binary-amd64/Packages) is configured multiple times in /etc/apt/sources.list.d/selks6.list:12 and /etc/apt/sources.list.d/selks6.list:19
W: Target Packages (main/binary-all/Packages) is configured multiple times in /etc/apt/sources.list.d/selks6.list:12 and /etc/apt/sources.list.d/selks6.list:19
W: Target Translations (main/i18n/Translation-en) is configured multiple times in /etc/apt/sources.list.d/selks6.list:12 and /etc/apt/sources.list.d/selks6.list:19
W: Target Packages (main/binary-amd64/Packages) is configured multiple times in /etc/apt/sources.list.d/selks6.list:12 and /etc/apt/sources.list.d/selks6.list:26
W: Target Packages (main/binary-all/Packages) is configured multiple times in /etc/apt/sources.list.d/selks6.list:12 and /etc/apt/sources.list.d/selks6.list:26
W: Target Translations (main/i18n/Translation-en) is configured multiple times in /etc/apt/sources.list.d/selks6.list:12 and /etc/apt/sources.list.d/selks6.list:26
W: Target Packages (main/binary-amd64/Packages) is configured multiple times in /etc/apt/sources.list.d/selks6.list:13 and /etc/apt/sources.list.d/selks6.list:20
W: Target Packages (main/binary-all/Packages) is configured multiple times in /etc/apt/sources.list.d/selks6.list:13 and /etc/apt/sources.list.d/selks6.list:20
W: Target Translations (main/i18n/Translation-en) is configured multiple times in /etc/apt/sources.list.d/selks6.list:13 and /etc/apt/sources.list.d/selks6.list:20
W: Target Packages (main/binary-amd64/Packages) is configured multiple times in /etc/apt/sources.list.d/selks6.list:13 and /etc/apt/sources.list.d/selks6.list:27
W: Target Packages (main/binary-all/Packages) is configured multiple times in /etc/apt/sources.list.d/selks6.list:13 and /etc/apt/sources.list.d/selks6.list:27
W: Target Translations (main/i18n/Translation-en) is configured multiple times in /etc/apt/sources.list.d/selks6.list:13 and /etc/apt/sources.list.d/selks6.list:27
+ DEBIAN_FRONTEND=noninteractive
+ apt-get -o Dpkg::Options::=--force-confold -o Dpkg::Options::=--force-confdef -y dist-upgrade
Reading package lists... Done
Building dependency tree
Reading state information... Done
E: The package moloch needs to be reinstalled, but I can't find an archive for it.
+ exit_status=100
+ [[ 100 -ne 0 ]]
+ rm -f '/var/lib/dpkg/info/python-minimal*'
+ rm -f '/var/lib/dpkg/info/python2-minimal*'
+ apt --fix-broken -y install
Reading package lists... Done
Building dependency tree
Reading state information... Done
E: The package moloch needs to be reinstalled, but I can't find an archive for it.
+ apt-get update
Hit:1 http://security.debian.org/debian-security buster/updates InRelease
Hit:2 http://repository.veeam.com/backup/linux/agent/dpkg/debian/public stable InRelease
Hit:4 http://ftp.us.debian.org/debian buster InRelease
Hit:5 http://ftp.us.debian.org/debian buster-updates InRelease
Hit:6 https://artifacts.elastic.co/packages/6.x/apt stable InRelease
Hit:7 https://packages.elastic.co/curator/5/debian9 stable InRelease
Hit:8 http://packages.stamus-networks.com/selks5/debian buster InRelease
Hit:9 http://packages.stamus-networks.com/selks5/debian-kernel buster InRelease
Hit:10 http://packages.stamus-networks.com/selks6/debian buster InRelease
Hit:11 http://packages.stamus-networks.com/selks6/debian-kernel buster InRelease
Hit:3 http://evebox.org/files/debian stable InRelease
Reading package lists... Done
W: Target Packages (main/binary-amd64/Packages) is configured multiple times in /etc/apt/sources.list.d/selks6.list:12 and /etc/apt/sources.list.d/selks6.list:19
W: Target Packages (main/binary-all/Packages) is configured multiple times in /etc/apt/sources.list.d/selks6.list:12 and /etc/apt/sources.list.d/selks6.list:19
W: Target Translations (main/i18n/Translation-en) is configured multiple times in /etc/apt/sources.list.d/selks6.list:12 and /etc/apt/sources.list.d/selks6.list:19
W: Target Packages (main/binary-amd64/Packages) is configured multiple times in /etc/apt/sources.list.d/selks6.list:12 and /etc/apt/sources.list.d/selks6.list:26
W: Target Packages (main/binary-all/Packages) is configured multiple times in /etc/apt/sources.list.d/selks6.list:12 and /etc/apt/sources.list.d/selks6.list:26
W: Target Translations (main/i18n/Translation-en) is configured multiple times in /etc/apt/sources.list.d/selks6.list:12 and /etc/apt/sources.list.d/selks6.list:26
W: Target Packages (main/binary-amd64/Packages) is configured multiple times in /etc/apt/sources.list.d/selks6.list:13 and /etc/apt/sources.list.d/selks6.list:20
W: Target Packages (main/binary-all/Packages) is configured multiple times in /etc/apt/sources.list.d/selks6.list:13 and /etc/apt/sources.list.d/selks6.list:20
W: Target Translations (main/i18n/Translation-en) is configured multiple times in /etc/apt/sources.list.d/selks6.list:13 and /etc/apt/sources.list.d/selks6.list:20
W: Target Packages (main/binary-amd64/Packages) is configured multiple times in /etc/apt/sources.list.d/selks6.list:13 and /etc/apt/sources.list.d/selks6.list:27
W: Target Packages (main/binary-all/Packages) is configured multiple times in /etc/apt/sources.list.d/selks6.list:13 and /etc/apt/sources.list.d/selks6.list:27
W: Target Translations (main/i18n/Translation-en) is configured multiple times in /etc/apt/sources.list.d/selks6.list:13 and /etc/apt/sources.list.d/selks6.list:27
W: Target Packages (main/binary-amd64/Packages) is configured multiple times in /etc/apt/sources.list.d/selks6.list:12 and /etc/apt/sources.list.d/selks6.list:19
W: Target Packages (main/binary-all/Packages) is configured multiple times in /etc/apt/sources.list.d/selks6.list:12 and /etc/apt/sources.list.d/selks6.list:19
W: Target Translations (main/i18n/Translation-en) is configured multiple times in /etc/apt/sources.list.d/selks6.list:12 and /etc/apt/sources.list.d/selks6.list:19
W: Target Packages (main/binary-amd64/Packages) is configured multiple times in /etc/apt/sources.list.d/selks6.list:12 and /etc/apt/sources.list.d/selks6.list:26
W: Target Packages (main/binary-all/Packages) is configured multiple times in /etc/apt/sources.list.d/selks6.list:12 and /etc/apt/sources.list.d/selks6.list:26
W: Target Translations (main/i18n/Translation-en) is configured multiple times in /etc/apt/sources.list.d/selks6.list:12 and /etc/apt/sources.list.d/selks6.list:26
W: Target Packages (main/binary-amd64/Packages) is configured multiple times in /etc/apt/sources.list.d/selks6.list:13 and /etc/apt/sources.list.d/selks6.list:20
W: Target Packages (main/binary-all/Packages) is configured multiple times in /etc/apt/sources.list.d/selks6.list:13 and /etc/apt/sources.list.d/selks6.list:20
W: Target Translations (main/i18n/Translation-en) is configured multiple times in /etc/apt/sources.list.d/selks6.list:13 and /etc/apt/sources.list.d/selks6.list:20
W: Target Packages (main/binary-amd64/Packages) is configured multiple times in /etc/apt/sources.list.d/selks6.list:13 and /etc/apt/sources.list.d/selks6.list:27
W: Target Packages (main/binary-all/Packages) is configured multiple times in /etc/apt/sources.list.d/selks6.list:13 and /etc/apt/sources.list.d/selks6.list:27
W: Target Translations (main/i18n/Translation-en) is configured multiple times in /etc/apt/sources.list.d/selks6.list:13 and /etc/apt/sources.list.d/selks6.list:27
+ DEBIAN_FRONTEND=noninteractive
+ apt-get -o Dpkg::Options::=--force-confold -o Dpkg::Options::=--force-confdef -y dist-upgrade
Reading package lists... Done
Building dependency tree
Reading state information... Done
E: The package moloch needs to be reinstalled, but I can't find an archive for it.
+ chown root:elasticsearch /etc/default/elasticsearch
+ '[' -f /usr/lib/systemd/system/elasticsearch.service.dpkg-new ']'
+ '[' -f /etc/default/elasticsearch.dpkg-new ']'
+ chown -R kibana /usr/share/kibana/optimize/
+ /bin/systemctl restart elasticsearch
+ /bin/systemctl restart kibana
+ /usr/share/logstash/bin/logstash-plugin install logstash-filter-geoip
Validating logstash-filter-geoip
Installing logstash-filter-geoip
Installation successful
+ /bin/systemctl restart logstash
+ chown logstash -R /data/nsm/
+ /bin/systemctl restart suricata
+ /usr/bin/supervisorctl restart scirius
scirius: ERROR (not running)
scirius: started
+ sleep 30
+ apt-get update
Hit:1 http://repository.veeam.com/backup/linux/agent/dpkg/debian/public stable InRelease
Hit:2 http://security.debian.org/debian-security buster/updates InRelease
Hit:4 http://ftp.us.debian.org/debian buster InRelease
Hit:5 http://ftp.us.debian.org/debian buster-updates InRelease
Hit:6 https://artifacts.elastic.co/packages/6.x/apt stable InRelease
Hit:7 https://packages.elastic.co/curator/5/debian9 stable InRelease
Hit:3 http://evebox.org/files/debian stable InRelease
Hit:8 http://packages.stamus-networks.com/selks5/debian buster InRelease
Hit:9 http://packages.stamus-networks.com/selks5/debian-kernel buster InRelease
Hit:10 http://packages.stamus-networks.com/selks6/debian buster InRelease
Hit:11 http://packages.stamus-networks.com/selks6/debian-kernel buster InRelease
Reading package lists... Done
W: Target Packages (main/binary-amd64/Packages) is configured multiple times in /etc/apt/sources.list.d/selks6.list:12 and /etc/apt/sources.list.d/selks6.list:19
W: Target Packages (main/binary-all/Packages) is configured multiple times in /etc/apt/sources.list.d/selks6.list:12 and /etc/apt/sources.list.d/selks6.list:19
W: Target Translations (main/i18n/Translation-en) is configured multiple times in /etc/apt/sources.list.d/selks6.list:12 and /etc/apt/sources.list.d/selks6.list:19
W: Target Packages (main/binary-amd64/Packages) is configured multiple times in /etc/apt/sources.list.d/selks6.list:12 and /etc/apt/sources.list.d/selks6.list:26
W: Target Packages (main/binary-all/Packages) is configured multiple times in /etc/apt/sources.list.d/selks6.list:12 and /etc/apt/sources.list.d/selks6.list:26
W: Target Translations (main/i18n/Translation-en) is configured multiple times in /etc/apt/sources.list.d/selks6.list:12 and /etc/apt/sources.list.d/selks6.list:26
W: Target Packages (main/binary-amd64/Packages) is configured multiple times in /etc/apt/sources.list.d/selks6.list:13 and /etc/apt/sources.list.d/selks6.list:20
W: Target Packages (main/binary-all/Packages) is configured multiple times in /etc/apt/sources.list.d/selks6.list:13 and /etc/apt/sources.list.d/selks6.list:20
W: Target Translations (main/i18n/Translation-en) is configured multiple times in /etc/apt/sources.list.d/selks6.list:13 and /etc/apt/sources.list.d/selks6.list:20
W: Target Packages (main/binary-amd64/Packages) is configured multiple times in /etc/apt/sources.list.d/selks6.list:13 and /etc/apt/sources.list.d/selks6.list:27
W: Target Packages (main/binary-all/Packages) is configured multiple times in /etc/apt/sources.list.d/selks6.list:13 and /etc/apt/sources.list.d/selks6.list:27
W: Target Translations (main/i18n/Translation-en) is configured multiple times in /etc/apt/sources.list.d/selks6.list:13 and /etc/apt/sources.list.d/selks6.list:27
W: Target Packages (main/binary-amd64/Packages) is configured multiple times in /etc/apt/sources.list.d/selks6.list:12 and /etc/apt/sources.list.d/selks6.list:19
W: Target Packages (main/binary-all/Packages) is configured multiple times in /etc/apt/sources.list.d/selks6.list:12 and /etc/apt/sources.list.d/selks6.list:19
W: Target Translations (main/i18n/Translation-en) is configured multiple times in /etc/apt/sources.list.d/selks6.list:12 and /etc/apt/sources.list.d/selks6.list:19
W: Target Packages (main/binary-amd64/Packages) is configured multiple times in /etc/apt/sources.list.d/selks6.list:12 and /etc/apt/sources.list.d/selks6.list:26
W: Target Packages (main/binary-all/Packages) is configured multiple times in /etc/apt/sources.list.d/selks6.list:12 and /etc/apt/sources.list.d/selks6.list:26
W: Target Translations (main/i18n/Translation-en) is configured multiple times in /etc/apt/sources.list.d/selks6.list:12 and /etc/apt/sources.list.d/selks6.list:26
W: Target Packages (main/binary-amd64/Packages) is configured multiple times in /etc/apt/sources.list.d/selks6.list:13 and /etc/apt/sources.list.d/selks6.list:20
W: Target Packages (main/binary-all/Packages) is configured multiple times in /etc/apt/sources.list.d/selks6.list:13 and /etc/apt/sources.list.d/selks6.list:20
W: Target Translations (main/i18n/Translation-en) is configured multiple times in /etc/apt/sources.list.d/selks6.list:13 and /etc/apt/sources.list.d/selks6.list:20
W: Target Packages (main/binary-amd64/Packages) is configured multiple times in /etc/apt/sources.list.d/selks6.list:13 and /etc/apt/sources.list.d/selks6.list:27
W: Target Packages (main/binary-all/Packages) is configured multiple times in /etc/apt/sources.list.d/selks6.list:13 and /etc/apt/sources.list.d/selks6.list:27
W: Target Translations (main/i18n/Translation-en) is configured multiple times in /etc/apt/sources.list.d/selks6.list:13 and /etc/apt/sources.list.d/selks6.list:27
+ apt-get -y install elasticsearch-curator
Reading package lists... Done
Building dependency tree
Reading state information... Done
E: The package moloch needs to be reinstalled, but I can't find an archive for it.
+ mv /opt/selks/delete-old-logs.sh /opt/selks/preupgrade/delete-old-logs.sh
+ cat
+ mkdir -p /opt/molochtmp
+ cd /opt/molochtmp/
+ apt-get -y install libwww-perl libjson-perl libyaml-dev libcrypto++6
Reading package lists... Done
Building dependency tree
Reading state information... Done
E: The package moloch needs to be reinstalled, but I can't find an archive for it.
+ wget https://files.molo.ch/builds/ubuntu-18.04/moloch_2.2.3-1_amd64.deb
--2020-06-11 10:40:40--  https://files.molo.ch/builds/ubuntu-18.04/moloch_2.2.3-1_amd64.deb
Resolving files.molo.ch (files.molo.ch)... 13.35.112.3, 13.35.112.94, 13.35.112.20, ...
Connecting to files.molo.ch (files.molo.ch)|13.35.112.3|:443... connected.
HTTP request sent, awaiting response... 200 OK
Length: 82686856 (79M) [application/x-debian-package]
Saving to: ‘moloch_2.2.3-1_amd64.deb.2’

moloch_2.2.3-1_amd64.deb.2                      100%[======================================================================================================>]  78.86M  2.21MB/s    in 37s

2020-06-11 10:41:17 (2.13 MB/s) - ‘moloch_2.2.3-1_amd64.deb.2’ saved [82686856/82686856]

+ dpkg -i moloch_2.2.3-1_amd64.deb
dpkg: warning: files list file for package 'python-minimal' missing; assuming package has no files currently installed
dpkg: warning: files list file for package 'python2-minimal' missing; assuming package has no files currently installed
(Reading database ... 272362 files and directories currently installed.)
Preparing to unpack moloch_2.2.3-1_amd64.deb ...
Unpacking moloch (2.2.3-1) over (2.3.1-1) ...
Setting up moloch (2.2.3-1) ...
READ /data/moloch/README.txt and RUN /data/moloch/bin/Configure
+ cd /opt/
+ rm /opt/molochtmp -r
+ apt-mark hold moloch
moloch set on hold.
+ echo '0 3 * * * root ( /data/moloch/db/db.pl http://127.0.0.1:9200 expire daily 14 )'
+ sed -i 's/ELASTICSEARCH_VERSION = 6/ELASTICSEARCH_VERSION = 7/g' /etc/scirius/local_settings.py
+ sed -i 's/KIBANA_VERSION = 6/KIBANA_VERSION = 7/g' /etc/scirius/local_settings.py
+ sed -i 's/KIBANA_INDEX = "kibana-int"/KIBANA_INDEX = ".kibana"/g' /etc/scirius/local_settings.py
+ sed -i 's/KIBANA6_DASHBOARDS_PATH = "\/opt\/selks\/kibana6-dashboards\/"/KIBANA6_DASHBOARDS_PATH = "\/opt\/selks\/kibana7-dashboards\/"/g' /etc/scirius/local_settings.py
+ echo 'ELASTICSEARCH_KEYWORD = "keyword"'
+ echo 'USE_MOLOCH = True'
+ echo 'MOLOCH_URL = "http://localhost:8005"'
+ /usr/bin/supervisorctl restart scirius
scirius: stopped
scirius: started
+ curl -XDELETE 'http://localhost:9200/.kibana*'
{"acknowledged":true}+ /bin/systemctl restart kibana
+ sleep 20
+ selks-first-time-setup_stamus
START of first time setup script - Thu Jun 11 11:09:50 EDT 2020

### Setting up sniffing interface  ###

Please supply a network interface(s) to set up SELKS Suricata IDPS thread detection on
0: enp2s0
1: lo
Please type in interface or space delimited interfaces below and hit "Enter".
Example: eth1
OR
Example: eth1 eth2 eth3

Configure threat detection for INTERFACE(S):
enp2s0

The supplied network interface(s):  enp2s0

DONE!
FPC - Full Packet Capture. Suricata will rotate and delete the pcap captured files.
FPC_Retain - Full Packet Capture with having Moloch's pcap retention/rotation. Keeps the pcaps as long as there is space available.
None - disable packet capture

1) FPC
2) FPC_Retain
3) NONE
Please choose an option. Type in a number and hit "Enter" 2
Enable Full Pcacket Capture with pcap retaining

### Starting Moloch DB set up ###

  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
100   408  100   408    0     0   7285      0 --:--:-- --:--:-- --:--:--  7285
{"cluster_name":"elasticsearch","status":"yellow","timed_out":false,"number_of_nodes":1,"number_of_data_nodes":1,"active_primary_shards":1297,"active_shards":1297,"relocating_shards":0,"initializing_shards":0,"unassigned_shards":9,"delayed_unassigned_shards":0,"number_of_pending_tasks":0,"number_of_in_flight_fetch":0,"task_max_waiting_in_queue_millis":0,"active_shards_percent_as_number":99.31087289433384}

### Setting up Moloch ###

WARNING elasticsearch health is 'yellow' instead of 'green', things may be broken

It is STRONGLY recommended that you stop ALL moloch captures and viewers before proceeding.  Use 'db.pl http://localhost:9200 backup' to backup db first.

There is 1 elastic search data node, if you expect more please fix first before proceeding.

It appears this elastic search cluster already has moloch installed (version 64), this will delete ALL data in elastic search! (It does not delete the pcap files on disk.)

Type "INIT" to continue - do you want to erase everything??
Erasing
Creating

Finished
Found interfaces: enp2s0;lo
Semicolon ';' seperated list of interfaces to monitor [eth1] Install Elasticsearch server locally for demo, must have at least 3G of memory, NOT recommended for production use (yes or no) [no] Elasticsearch server URL [http://localhost:9200] Password to encrypt S2S and other things [no-default] Moloch - Creating configuration files
Not overwriting /data/moloch/etc/config.ini, delete and run again if update required (usually not), or edit by hand
Installing systemd start files, use systemctl
Download GEO files? (yes or no) [yes] Moloch - Downloading GEO files
2020-06-11 11:22:40 URL:https://www.iana.org/assignments/ipv4-address-space/ipv4-address-space.csv [23322/23322] -> "ipv4-address-space.csv" [1]
2020-06-11 11:22:41 URL:https://raw.githubusercontent.com/wireshark/wireshark/master/manuf [1713858/1713858] -> "oui.txt" [1]

Moloch - Configured - Now continue with step 4 in /data/moloch/README.txt

      /sbin/start elasticsearch # for upstart/Centos 6/Ubuntu 14.04
      systemctl start elasticsearch.service # for systemd/Centos 7/Ubuntu 16.04
 5) Initialize/Upgrade Elasticsearch Moloch configuration
  a) If this is the first install, or want to delete all data
      /data/moloch/db/db.pl http://ESHOST:9200 init
  b) If this is an update to moloch package
      /data/moloch/db/db.pl http://ESHOST:9200 upgrade
 6) Add an admin user if a new install or after an init
      /data/moloch/bin/moloch_add_user.sh admin "Admin User" THEPASSWORD --admin
 7) Start everything
   a) If using upstart (Centos 6 or sometimes Ubuntu 14.04):
      /sbin/start molochcapture
      /sbin/start molochviewer
   b) If using systemd (Centos 7 or Ubuntu 16.04 or sometimes Ubuntu 14.04)
      systemctl start molochcapture.service
      systemctl start molochviewer.service
 8) Look at log files for errors
      /data/moloch/logs/viewer.log
      /data/moloch/logs/capture.log
 9) Visit http://MOLOCHHOST:8005 with your favorite browser.
      user: admin
      password: THEPASSWORD from step #6

If you want IP -> Geo/ASN to work, you need to setup a maxmind account and the geoipupdate program.
See https://molo.ch/faq#maxmind

Any configuration changes can be made to /data/moloch/etc/config.ini
See https://molo.ch/faq#moloch-is-not-working for issues

Additional information can be found at:
  * https://molo.ch/faq
  * https://molo.ch/settings
Added

### Setting up Moloch configs and services ###

Would you like to setup a retention policy now? (y/n)
n

### Setting up and restarting services ###

### Setting up Scirius/Moloch proxy user ###

Added
While processing /opt/selks/kibana7-dashboards/dashboards/index-pattern/index-pattern:logstash-tls-*.json:

Traceback (most recent call last):
  File "bin/manage.py", line 10, in <module>
    execute_from_command_line(sys.argv)
  File "/usr/share/python/scirius/local/lib/python2.7/site-packages/django/core/management/__init__.py", line 364, in execute_from_command_line
    utility.execute()
  File "/usr/share/python/scirius/local/lib/python2.7/site-packages/django/core/management/__init__.py", line 356, in execute
    self.fetch_command(subcommand).run_from_argv(self.argv)
  File "/usr/share/python/scirius/local/lib/python2.7/site-packages/django/core/management/base.py", line 283, in run_from_argv
    self.execute(*args, **cmd_options)
  File "/usr/share/python/scirius/local/lib/python2.7/site-packages/django/core/management/base.py", line 330, in execute
    output = self.handle(*args, **options)
  File "/usr/share/python/scirius/local/lib/python2.7/site-packages/rules/management/commands/kibana_reset.py", line 38, in handle
    self.kibana_reset()
  File "/usr/share/python/scirius/local/lib/python2.7/site-packages/rules/es_data.py", line 1987, in kibana_reset
    self._kibana_inject(_type, _file)
  File "/usr/share/python/scirius/local/lib/python2.7/site-packages/rules/es_data.py", line 1876, in _kibana_inject
    self.client.create(index='.kibana', doc_type=doc_type, id=name, body=content, refresh=True)
  File "/usr/share/python/scirius/local/lib/python2.7/site-packages/elasticsearch/client/utils.py", line 84, in _wrapped
    return func(*args, params=params, **kwargs)
  File "/usr/share/python/scirius/local/lib/python2.7/site-packages/elasticsearch/client/__init__.py", line 293, in create
    "PUT", _make_path(index, doc_type, id, "_create"), params=params, body=body
  File "/usr/share/python/scirius/local/lib/python2.7/site-packages/elasticsearch/transport.py", line 358, in perform_request
    timeout=timeout,
  File "/usr/share/python/scirius/local/lib/python2.7/site-packages/elasticsearch/connection/http_urllib3.py", line 231, in perform_request
    self._raise_error(response.status, raw_data)
  File "/usr/share/python/scirius/local/lib/python2.7/site-packages/elasticsearch/connection/base.py", line 230, in _raise_error
    status_code, error_message, additional_info
elasticsearch.exceptions.RequestError: RequestError(400, u'strict_dynamic_mapping_exception', u'mapping set to strict, dynamic introduction of [references] within [doc] is not allowed')
Dashboards loading set up job failed...Exiting...
### Exited with ERROR  ###

FINISH of first time setup script - Thu Jun 11 11:23:10 EDT 2020

Exited with FAILED
Full log located at - /opt/selks/log/selks-first-time-setup_stamus.log
Press enter to continue

ManuelFFF commented 4 years ago

Now I can't connect to Scirius nor Kibana.

Running selks-health-check_stamus shows all services are up and with green state.
File elasticsearch.yml is showing the IP assigned. Even tried localhost with not results
http://localhost:9200 it works
http://private_IP:9200 it works
https://localhost it does not works
https://private_IP it does not works
http://localhost:5601 Kibana server is not ready yet
http://private_IP:5601 Kibana server is not ready yet

ManuelFFF commented 4 years ago

Good new! I was able to detect and fix most of the issue.

Although individually the services related to ELK or SELKS were reporting a good state and no errors, I was still unable to access the Scirus or Kibana interface after upgrade to SELKS 6. Which led me to think of Nginx.

After checking the status of the service, I noticed that Nginx was not running. I tried to force start or restart it several times without success.

Upon reviewing the file "/etc/nginx/sites-available/selks6.conf" I discovered that the "server" section was duplicated 3 times in the same file. After making sure that the 3 "server" configuration blocks contained exactly the same, I did the following:

I removed the duplicate blocks and left only the first "server" block.
I started Nginx
I restarted Kibana

Results:

I can now access Scirus, Hunting, Evebox
I still can't access Kibana. Continues to display the error "Kibana server is not ready yet", so basically I can't use ELK. Telnet to host:9200 is good, telnet to host:5601 is good, so I tend to think Kibana might not be connecting to Elasticsearch, but I am not sure.
Scirus keep showing the current version of ELK is 6.8.10 instead of 7.x

ManuelFFF commented 4 years ago

(Update) Checking service and journal outputs I found "Another Kibana instance appears to be migrating the index. Waiting for that migration to complete...". I was waiting for a long time, but keep getting message "Kibana server is not ready yet". So I did the following:

Deleted Kibana indexes curl -XDELETE http://localhost:9200/.kibana*
Restarted Kibana service

Results:

After doing that I was able to access Kibana UI, but all the data was gone (included Stamus N.). I was able to restore many of the visualizations from backup. Still lost around 6, some of those related to Suricata.
ELK did not upgrade to version 7.x, since is still showing 6.8.10 (on Scirius and Kibana). During the upgrade process I did not see included the repository for elastic 7.x, but only for the 6.x. Perhaps elastic 7.x repository need to be added to the "selks-upgrade_stamus" script.

Hit:10 https://artifacts.elastic.co/packages/6.x/apt stable InRelease

Kibana after upgrade SELKS 6

Note: -Like happened to Moloch installation, it might take a long time for Kibana to complete that "migration". Do you think I should have waited any longer for Kibana to end?

Summarizing:

Upgrade process did not run smoothly.
It might need some tweaking before me or other users can apply it on the production environment

As usual I am available for feedback, testing, help...

Thank you

pevma commented 4 years ago

First and foremost - - thank you very much for the testing and detailed feedback!

I think what failed is the dashboards rested on the command line https://github.com/StamusNetworks/SELKS/blob/SELKS6-ELK7-wip/scripts/SELKS5-SELKS6/SN-S5-S6-Upgrade.sh#L475
as part of the first time setup script. That's why you had to do it again (the XDELETE). Then there was 3 times of running the upgrade script that created extra entries in th econf files, that were not needed.

Can you try the following please:
1 - try resetting the dashboards again via the GUI as explained here - https://github.com/StamusNetworks/SELKS/wiki/How-to-load-or-update-dashboards#from-scirius You dont need to edit local settings as it was already done by the upgrade process.

2 - try to reset those via the command line as root as explained here https://github.com/StamusNetworks/SELKS/wiki/How-to-load-or-update-dashboards#from-the-command-line

ManuelFFF commented 4 years ago

Hi,

So far I have not had the time to try the fixes for the "upgrade" process, but since I saw you released the stable version I decided to give it a try. Found some issues that for now make me hesitate to switch to SELKS 6:

With the problems found so far, I was not sure to keep moving forward and and try more things, since my time for testing is limited. I hope you can fix theses issues soon, since we are now talking about the "stable" version.

Do not hesitate if you need more feedback.

Thanks

Graphic installation

I am using a small PC that does not have a CD unit. With SELKS 5 I installation was smoothly when installing from USB device created with Rufus. With SELKS 6 the setup fails to mount the CD and gets stuck. I won't move forward even If I force re-try. I had to create a booteable USB device using the "DD" method. Then, installer still cannot mount CD, but after manual re-try it will find and load the files to continue with the installation.
During the installation process, the network is not auto-configured. Setup process just skips the network settings, so I have to go back and retry network settings. Only then the setup realize the DHCP is not available and offers a manual IP setup.
After the first reboot SELKS machine cannot connect to the network. Graphic network handler included with XFCE desktop environment shows all settings I entered during the installation, but I am not able to disconnect/connect the network like I can with LXDE. Also if I check /etc/network/interfaces there is nothing but the loopback interface configured. So the graphic app to manage the network is not writing anything here, or maybe it's going somewhere else? Result: no network after restart.
When rebooting SELKS, Logstash termination job will be running for more than 15 mins! and it says unlimited. In SELKS 5 it is limited to only 1:30 mins.

pevma commented 4 years ago

Thank you for the feedback!

The first two points seem to be related entirely to regular/default OS install process as nothing has been changed or touched there. So it seems strange indeed.

There was doc update on the last issues Logstash https://github.com/StamusNetworks/SELKS/wiki/A-stop-job-running-for-logstash-takes-too-long-on-shutdown

Management interface https://github.com/StamusNetworks/SELKS/wiki/First-time-setup#management-interface

ManuelFFF commented 4 years ago

Hi @pevma ,

I am not sure if something was recently changed in the OS files for Debian 10, but I can tell that lately I have used the same app "Rufus" to create booteable USB memory and install Debian 10 without any issues. Also same method to continue deploying SELKS 5 machines. Installation runs smoothly on both cases. No error attempting to mount or read from a CD drive. This is only happening to me when I install SELKS 6 with graphics. Remember that SELKS 5 comes with Debian 9, so there is a possibility that Debian 10 has included or modified OS files that SELKS 6 uses, and that might be causing the issue. There are no issues with initial boot when I turn on the machine. It will load the SELKS main menu to select to run Live CD or install SELKS. If you select install with graphics it will fall into that issue. I have not tried witout graphics. Since is the SELKS menu handling the rest of the installation, I tend to think that the issue comes from SELKS or the resources that it loads from the OS. Perhaps something needs to be updated within the installation script to include changes with some libraries on Debian 10, that where working just fine with Debian 9.

As for Logstach, I think the documented solution will fix the issue with the termination job timing. I haven't tried yet, but I will do next. Question: Do you plan to include this fix, and make it a permanent change that will update the SELKS 6 .ISO file available to download, or this is something users will need to do every time SELKS 6 is deployed?

I haven't tried the other documented solution, but I will do next and will provide feedback.

I forgot to add it before:

SELKS 5 + ELK 6.8.9

When running the selks-upgrade_stamus script, everything works fine, except for the last step: upgrade Moloch. It will take a long time and at the end it looks like it enter into a loop and I have to interrupt the process. Please see the screenshot below.

Selks_upgrade_script 3

SELKS update-moloch

After that , I ran script selks-health-check_stamus, and even if both Moloch services are up and showing green status, there is a new error when attempt access to socket.py file. File is owned by root. I changed permissions to 777, but access error persist.

Jun 26 10:26:51 server1 systemd[1]: Started Moloch Pcap Read.
error: <class 'socket.error'>, [Errno 13] Permission denied: file: /usr/lib/python2.7/socket.py line: 228

● molochviewer-selks.service - Moloch Viewer
   Loaded: loaded (/etc/systemd/system/molochviewer-selks.service; enabled; vendor preset: enabled)
   Active: active (running) since Fri 2020-06-26 10:26:45 EDT; 15s ago
 Main PID: 5473 (sh)
    Tasks: 12 (limit: 4915)
   Memory: 53.3M
   CGroup: /system.slice/molochviewer-selks.service
           ├─5473 /bin/sh -c /data/moloch/bin/node viewer.js -c /data/moloch/etc/config.ini >> /data/moloch/logs/viewer.log 2>&1
           └─5474 /data/moloch/bin/node viewer.js -c /data/moloch/etc/config.ini

Jun 26 10:26:45 server1 systemd[1]: Started Moloch Viewer.
● molochpcapread-selks.service - Moloch Pcap Read
   Loaded: loaded (/etc/systemd/system/molochpcapread-selks.service; enabled; vendor preset: enabled)
   Active: active (running) since Fri 2020-06-26 10:26:51 EDT; 9s ago
 Main PID: 5490 (sh)
    Tasks: 5 (limit: 4915)
   Memory: 141.5M
   CGroup: /system.slice/molochpcapread-selks.service
           ├─5490 /bin/sh -c /data/moloch/bin/moloch-capture -c /data/moloch/etc/config.ini -m --copy --delete -R /data/nsm/  >> /data/moloch/logs/capture.log 2>&1
           └─5491 /data/moloch/bin/moloch-capture -c /data/moloch/etc/config.ini -m --copy --delete -R /data/nsm/

Jun 26 10:26:51 server1 systemd[1]: Started Moloch Pcap Read.
error: <class 'socket.error'>, [Errno 13] Permission denied: file: /usr/lib/python2.7/socket.py line: 228
ii  elasticsearch                        6.8.10                              all          Elasticsearch is a distributed RESTful search engine built for the cloud. Reference documentation can be found at https://www.elastic.co/guide/en/elasticsearch/reference/current/index.html and the 'Elasticsearch: The Definitive Guide' book can be found at https://www.elastic.co/guide/en/elasticsearch/guide/current/index.html
ii  elasticsearch-curator                5.8.1                               amd64        Have indices in Elasticsearch? This is the tool for you!\n\nLike a museum curator manages the exhibits and collections on display, \nElasticsearch Curator helps you curate, or manage your indices.
ii  evebox                               1:0.11.1                            amd64        no description given
ii  kibana                               6.8.10                              amd64        Explore and visualize your Elasticsearch data
ii  kibana-dashboards-stamus             2019081202                          amd64        Kibana 6 dashboard templates.
ii  logstash                             1:6.8.10-1                          all          An extensible logging pipeline
ii  moloch                               2.3.1-1                             amd64        Moloch Full Packet System
ii  scirius                              3.4.0-5                             amd64        Django application to manage Suricata ruleset
ii  suricata                             1:2020033001-0stamus0               amd64        Suricata open source multi-thread IDS/IPS/NSM system.
Filesystem     Type      Size  Used Avail Use% Mounted on
udev           devtmpfs  5.9G     0  5.9G   0% /dev
tmpfs          tmpfs     1.2G   24M  1.2G   3% /run
/dev/sda1      ext4      450G   81G  347G  19% /
tmpfs          tmpfs     5.9G     0  5.9G   0% /dev/shm
tmpfs          tmpfs     5.0M     0  5.0M   0% /run/lock
tmpfs          tmpfs     5.9G     0  5.9G   0% /sys/fs/cgroup
tmpfs          tmpfs     1.2G  4.0K  1.2G   1% /run/user/112
tmpfs          tmpfs     1.2G     0  1.2G   0% /run/user/1001

Thank you

ManuelFFF commented 4 years ago

Hi @pevma ,

Any update on this?

Thank you

pevma commented 4 years ago

This is with respect to only SELK5-SELKS6 upgrade right ? It seems it is not upgraded properly as it stays on ELK 6 ? Did you try the lattes upgrade scripts from the main branch - https://github.com/StamusNetworks/SELKS/tree/master/scripts/SELKS5-SELKS6 ?

ManuelFFF commented 4 years ago

Hi @pevma ,

Answering your question: yes. I do my best on trying to keep the issues separate on different threads. This is only regarding the upgrade from SELKS 5 to SELKS 6.

I believe I have tried that script already. In fact, it is the script that your team offered to be able to upgrade from SELKS 5 to SELKS 6. On that occasion, they told me to follow this link:

https://github.com/StamusNetworks/SELKS/wiki/SELKS-5.0-to-SELKS-6.0

It is found in the SELKS Major Upgrades section:

https://github.com/StamusNetworks/SELKS/wiki#selks-major-upgrades

And although I think we are talking about the same script here, I see that the one you mentioned was updated just 27 days ago, so maybe it have been improved since the last time I used it.

I will test it on another test PC running SELKS 5 and I will tell you how it went this time.

Thank you

ManuelFFF commented 4 years ago

I gave up trying the upgrade. Will be trying fresh SELKS 6 install, then content migration from SELKS 5.

StamusNetworks / SELKS

SELKS 6 upgrade #223

Graphic installation