pevma
commented
5 months ago If this is a fresh install the defaults should work - https://github.com/StamusNetworks/SELKS/wiki/Docker#credentials-and-log-in
Open michal25 opened 5 months ago
pevma
commented
5 months ago If this is a fresh install the defaults should work - https://github.com/StamusNetworks/SELKS/wiki/Docker#credentials-and-log-in
michal25
commented
5 months ago This is not a fresh install. It is a production install with data, updated with ./easy-setup.sh script. Default credentials not work, the password reset (or user create) script works but no logon possible.
michal25
commented
5 months ago And fresh SELKS docker install https://github.com/StamusNetworks/SELKS/wiki/Docker gives exact the same result
syst3
commented
5 months ago Hi michal25, I just tried the password reset and it works. So you updated the old SELKS containers. How did you do that ?
michal25
commented
5 months ago I updated the old SELKS containers via this script:
cd /SELKS/docker ./easy-setup.sh --non-interactive -i enp0s31f6 --iA --restart-mode always --es-memory 4G --ls-memory 4G docker-compose pull
sudo -E docker compose up -d --force-recreate
From this point the Scirius Invalid logon issue occurs.
And now: https://github.com/StamusNetworks/SELKS/wiki/Docker#password-reset
root@SELKS2:~# docker exec -it scirius bash root@aeacdffe6e9e:/# python3 /opt/scirius/manage.py changepassword selks-user CommandError: user 'selks-user' does not exist
First problem - the selks-user is not known.
so create_or_restore_scirius_superuser
root@aeacdffe6e9e:/# python3 /opt/scirius/manage.py create_or_restore_scirius_superuser -u selks-user -p selks-user root@aeacdffe6e9e:/#
Now I restarted all selks containers via portainer and try to login via selks-user / selks-user
WOW. Now I can log in this selks/suricata probe, but no data, no rulesets, nothing. Something is still wrong.
michal25
commented
5 months ago BUT! When you update the containers again, the result will be again with root@SELKS2:~# docker exec -it scirius bash root@aeacdffe6e9e:/# python3 /opt/scirius/manage.py changepassword selks-user CommandError: user 'selks-user' does not exist
michal25
commented
5 months ago One more thing. The old updater script was this:
cd /SELKS/docker ./easy-setup.sh --non-interactive -i enp0s31f6 --iA --restart-mode always --es-memory 4G --ls-memory 4G sudo -E docker-compose up -d
(Ubuntu server 64 bit 22.04)
michal25
commented
5 months ago At this time I can log to one probe (but data cleared), the second probe stll refuse the login.
michal25
commented
5 months ago After container update in the first probe: https://github.com/StamusNetworks/SELKS/issues/471#issuecomment-2192051965
Result is this: #######################
#######################
WARN[0000] /opt/SELKS/docker/docker-compose.yml: version is obsolete
[+] Pulling 34/34
✔ arkime Pulled 1.2s
✔ nginx Pulled 1.4s
✔ evebox Pulled 1.7s
✔ kibana Pulled 1.5s
✔ logstash Pulled 1.4s
✔ scirius Pulled 1.2s
✔ cron Pulled 12.4s
✔ ec99f8b99825 Already exists 0.0s
✔ 3da4f612341a Pull complete 3.2s
✔ 573b5ac68f7b Pull complete 3.3s
✔ 4bbcab15f16d Pull complete 4.7s
✔ fb41714b135e Pull complete 5.5s
✔ ee132497ed2b Pull complete 6.4s
✔ 7a116c51c9ce Pull complete 6.5s
✔ a1000f6213a9 Pull complete 6.5s
✔ 461e48505aac Pull complete 6.5s
✔ f2558ce2c794 Pull complete 7.2s
✔ 94b4b1a365ee Pull complete 7.2s
✔ bfa79ddc2d82 Pull complete 7.2s
✔ 646e00788d26 Pull complete 10.0s
✔ 0899c1bca4c0 Pull complete 10.0s
✔ 4ed4acf2a5e9 Pull complete 10.0s
✔ suricata Pulled 13.5s
✔ b47560b41596 Already exists 0.0s
✔ 4bf975ccfbeb Pull complete 9.0s
✔ 4e2af67f55aa Pull complete 10.4s
✔ 93a3ed052bbc Pull complete 10.5s
✔ f692c4c695cd Pull complete 10.5s
✔ 7a8b56d75304 Pull complete 10.5s
✔ 5471143770e0 Pull complete 10.9s
✔ a443e5318a31 Pull complete 11.4s
✔ 525315cfe71d Pull complete 11.4s
✔ 4f4fb700ef54 Pull complete 11.5s
✔ elasticsearch Pulled 1.3s
To start SELKS, run 'sudo -E docker compose up -d'
WARN[0000] /opt/SELKS/docker/docker-compose.yml: version is obsolete
[+] Running 9/9
✔ Container evebox Running 0.0s
✔ Container nginx Running 0.0s
✔ Container arkime Started 17.7s
✔ Container scirius Healthy 38.2s
✔ Container kibana Running 0.0s
✔ Container elasticsearch Running 0.0s
✔ Container cron Started 17.7s
✔ Container suricata Started 27.3s
✔ Container logstash Started 27.6s
root@suricata:~# docker exec -it scirius bash root@c90fbff3e2e6:/# python3 /opt/scirius/manage.py changepassword selks-user
You have 141 unapplied migration(s). Your project may not work properly until you apply the migrations for app(s): accounts, auth, authtoken, contenttypes, rules, sessions, suricata. Run 'python manage.py migrate' to apply them. Traceback (most recent call last): File "/root/.local/lib/python3.9/site-packages/django/db/backends/utils.py", line 84, in _execute return self.cursor.execute(sql, params) File "/root/.local/lib/python3.9/site-packages/django/db/backends/sqlite3/base.py", line 423, in execute return Database.Cursor.execute(self, query, params) sqlite3.OperationalError: no such table: auth_user
The above exception was the direct cause of the following exception:
Traceback (most recent call last):
File "/opt/scirius/manage.py", line 10, in
Of cource, I can provide python3 /opt/scirius/manage.py migrate
and this command will migrate the python rulse, but the effect is (every time), this
python3 /opt/scirius/manage.py changepassword selks-user CommandError: user 'selks-user' does not exist
And the nologin problem remains.
pevma
commented
5 months ago The upgrade should be like so https://github.com/StamusNetworks/SELKS/wiki/Docker#upgrade-all-containers
michal25
commented
5 months ago git pull reports an error and aborted
root@SELKS2:/SELKS/docker# git pull hint: Pulling without specifying how to reconcile divergent branches is hint: discouraged. You can squelch this message by running one of the following hint: commands sometime before your next pull: hint: hint: git config pull.rebase false # merge (the default strategy) hint: git config pull.rebase true # rebase hint: git config pull.ff only # fast-forward only hint: hint: You can replace "git config" with "git config --global" to set a default hint: preference for all repositories. You can also pass --rebase, --no-rebase, hint: or --ff-only on the command line to override the configured default per hint: invocation. remote: Enumerating objects: 526, done. remote: Counting objects: 100% (336/336), done. remote: Compressing objects: 100% (133/133), done. remote: Total 526 (delta 207), reused 299 (delta 198), pack-reused 190 Receiving objects: 100% (526/526), 157.77 KiB | 1.88 MiB/s, done. Resolving deltas: 100% (339/339), completed with 4 local objects. From https://github.com/StamusNetworks/SELKS 19f76ab..4af455c master -> origin/master
version is obsolete
[+] Pulling 9/9
✔ logstash Pulled 1.4s
✔ kibana Pulled 1.5s
✔ scirius Pulled 0.9s
✔ suricata Pulled 1.1s
✔ arkime Pulled 1.0s
✔ nginx Pulled 1.2s
✔ cron Pulled 1.3s
✔ elasticsearch Pulled 1.2s
✔ evebox Pulled 1.3s
root@SELKS2:/SELKS/docker# docker compose stop
WARN[0000] /SELKS/docker/docker-compose.yml: version is obsolete
[+] Stopping 9/9
✔ Container nginx Stopped 0.4s
✔ Container kibana Stopped 10.6s
✔ Container evebox Stopped 10.5s
✔ Container suricata Stopped 2.0s
✔ Container logstash Stopped 10.6s
✔ Container elasticsearch Stopped 0.0s
✔ Container arkime Stopped 0.0s
✔ Container cron Stopped 10.5s
✔ Container scirius Stopped 10.3s
root@SELKS2:/SELKS/docker# sudo -E docker compose up -d
WARN[0000] /SELKS/docker/docker-compose.yml: version is obsolete
WARN[0000] Found orphan containers ([selks-db-1]) for this project. If you removed or renamed this service in your compose file, you can run this command with the --remove-orphans flag to clean it up.
[+] Running 9/9
✔ Container scirius Healthy 7.5s
✔ Container evebox Started 0.7s
✔ Container suricata Started 7.8s
✔ Container elasticsearch Started 0.6s
✔ Container kibana Started 0.7s
✔ Container arkime Started 0.9s
✔ Container nginx Started 0.8s
✔ Container cron Started 0.6s
✔ Container logstash Started 7.9s
root@SELKS2:/SELKS/docker# The result is still the same. No login.
pevma
commented
5 months ago are all containers up and running:
docker ps -a
No way. I had to backup configuration files (suricata.yaml, selks6-addin.yaml) clean all containers, remove all containers,
Install selks/docker from scratch and recreate the selks superuser
Now I can run the new selks, create new superuser,
put back the suricata.yaml, selks6-addin.yaml parameters and restart selks and suricata caintainers. Now selks/suricata works (no data on pie graphs, but this is no problem at this time).
Here is the reinstall procedure:
` docker compose stop
Removing containers along with their data docker compose down -v
dpkg --purge docker-buildx-plugin docker-ce-cli docker-ce-rootless-extras docker-ce docker-compose-plugin docker wmdocker
Basic installation git clone https://github.com/StamusNetworks/SELKS.git cd SELKS/docker/ ./easy-setup.sh sudo -E docker compose up -d
Restarting containers sudo docker compose restart [container-name]
Password reset A password change and a reset can also be done from the command line: Attach to the Scirius docker
docker exec -it scirius bash python3 /opt/scirius/manage.py changepassword selks-user `
rfoard
commented
3 months ago Thanks @michal25, your steps worked for me too.
After docker-compose provided by this script:
!/bin/bash
cd /SELKS/docker ./easy-setup.sh --non-interactive -i enp0s31f6 --iA --restart-mode always --es-memory 4G --ls-memory 4G docker-compose pull
sudo -E docker-compose up -d
sudo -E docker-compose up -d --force-recreate
sudo -E docker compose up -d --force-recreate
Scirius results with no user/admin login possible (screenshot)
suricata-build.txt
Password reset script works, but with no result. https://github.com/StamusNetworks/SELKS/wiki/Docker#password-reset
Any idea to repair?
Best regards Michal