search

TheHive-Project / TheHive

TheHive: a Scalable, Open Source and Free Security Incident Response Platform
https://thehive-project.org
GNU Affero General Public License v3.0
3.44k stars 625 forks source link

[Bug] - Broken Default Admin - Docker - TheHive 4.1.17-1 #2332

Closed theshiv303 closed 2 years ago

theshiv303 commented 2 years ago

Request Type

Bug

Work Environment

Question Answer
OS version (server) EC2
OS version (client) Mac
Virtualized Env. True
Dedicated RAM 32 GB
vCPU 8
TheHive version / git hash 4.1.17-1
Package Type Docker
Database Cassandra
Index type Lucene
Attachments storage Local
Browser type & version Chrome

Problem Description

Upon deploying TheHive via Docker, the default admin (admin@thehive.local) is not assigned to an org and has no permissions, there is also no "admin" button in the top menu, as outline by documentation.

{
    "_id": "~204824672",
    "_createdBy": "system@thehive.local",
    "_updatedBy": "admin@thehive.local",
    "_createdAt": 1643909724195,
    "_updatedAt": 1643911252895, <- I changed password
    "login": "admin@thehive.local",
    "name": "Default admin user",
    "hasKey": false,
    "hasPassword": true,
    "hasMFA": false,
    "locked": false,
    "profile": "admin",
    "permissions": [],
    "organisation": "no org",
    "organisations": [],
    "extraData": {}
}

Steps to Reproduce

  1. Follow steps to deploy from: https://github.com/TheHive-Project/Docker-Templates/tree/main/docker/thehive4-cortex31-nginx-https

Complementary information

All configs are default contained in ^ Git repo

docker logs thehive

1+0 records in
1+0 records out
1024 bytes (1.0 kB, 1.0 KiB) copied, 5.3262e-05 s, 19.2 MB/s
Using cassandra address = 192.168.48.3
Waiting until Cassandra DB is up
Using local storage in /data/files
Add Cortex cortex0: http://cortex:9001
[info] ScalligraphApplication [|] Loading application ...
[info] o.t.s.ScalligraphModule [|] Loading scalligraph module
[info] a.e.s.Slf4jLogger [|] Slf4jLogger started
[info] a.r.a.t.ArteryTcpTransport [|] Remoting started with transport [Artery tcp]; listening on address [akka://application@127.0.0.1:40955] with UID [8074924766190801969]
[info] a.c.Cluster [|] Cluster Node [akka://application@127.0.0.1:40955] - Starting up, Akka version [2.6.10] ...
[info] a.c.Cluster [|] Cluster Node [akka://application@127.0.0.1:40955] - Registered cluster JMX MBean [akka:type=Cluster]
[info] a.c.Cluster [|] Cluster Node [akka://application@127.0.0.1:40955] - Started up successfully
[info] a.c.Cluster [|] Cluster Node [akka://application@127.0.0.1:40955] - No seed-nodes configured, manual cluster join required, see https://doc.akka.io/docs/akka/current/typed/cluster.html#joining
[info] a.c.s.SplitBrainResolver [|] SBR started. Config: strategy [KeepMajority], stable-after [20 seconds], down-all-when-unstable [15 seconds], selfUniqueAddress [akka://application@127.0.0.1:40955#8074924766190801969], selfDc [default].
[info] o.r.Reflections [|] Reflections took 327 ms to scan 1 urls, producing 168 keys and 2531 values 
[info] o.t.t.ClusterSetup [|] Initialising cluster
[info] a.c.Cluster [|] Cluster Node [akka://application@127.0.0.1:40955] - Node [akka://application@127.0.0.1:40955] is JOINING itself (with roles [dc-default], version [0.0.0]) and forming new cluster
[info] a.c.Cluster [|] Cluster Node [akka://application@127.0.0.1:40955] - is the new leader among reachable nodes (more leaders may exist)
[info] a.c.Cluster [|] Cluster Node [akka://application@127.0.0.1:40955] - Leader is moving node [akka://application@127.0.0.1:40955] to [Up]
[info] o.t.t.ClusterListener [|] Member is Up: akka://application@127.0.0.1:40955
[info] a.c.s.SplitBrainResolver [|] This node is now the leader responsible for taking SBR decisions among the reachable nodes (more leaders may exist).
[info] a.c.s.ClusterSingletonManager [|] Singleton manager starting singleton actor [akka://application/system/singletonManagerJanusGraphClusterLeader/JanusGraphClusterLeader]
[info] a.c.s.ClusterSingletonManager [|] ClusterSingletonManager state change [Start -> Oldest]
[info] a.c.s.ClusterSingletonProxy [|] Singleton identified at [akka://application/system/singletonManagerJanusGraphClusterLeader/JanusGraphClusterLeader]
[info] c.d.driver.core [|] DataStax Java driver 3.9.0 for Apache Cassandra
[info] c.d.d.c.GuavaCompatibility [|] Detected Guava >= 19 in the classpath, using modern compatibility layer
[info] c.d.d.c.ClockFactory [|] Using native clock to generate timestamps.
[info] c.d.d.c.NettyUtil [|] Found Netty's native epoll transport in the classpath, using it
[info] c.d.d.c.p.DCAwareRoundRobinPolicy [|] Using data-center name 'datacenter1' for DCAwareRoundRobinPolicy (if this is incorrect, please provide the correct datacenter name with DCAwareRoundRobinPolicy constructor)
[info] c.d.d.c.Cluster [|] New Cassandra host cassandra/192.168.48.3:9042 added
[info] o.j.c.u.ReflectiveConfigOptionLoader [|] Loaded and initialized config classes: 8 OK out of 13 attempts in PT0.027S
[info] o.j.g.i.UniqueInstanceIdRetriever [|] Generated unique-instance-id=c0a8300521-0457d528bf921
[info] c.d.d.c.ClockFactory [|] Using native clock to generate timestamps.
[info] c.d.d.c.p.DCAwareRoundRobinPolicy [|] Using data-center name 'datacenter1' for DCAwareRoundRobinPolicy (if this is incorrect, please provide the correct datacenter name with DCAwareRoundRobinPolicy constructor)
[info] c.d.d.c.Cluster [|] New Cassandra host cassandra/192.168.48.3:9042 added
[info] o.j.d.Backend [|] Configuring index [search]
[info] o.j.d.Backend [|] Initiated backend operations thread pool of size 16
[info] o.j.d.Backend [|] Configuring total store cache size: 2207089987
[info] o.j.d.l.k.KCVSLog [|] Loaded unidentified ReadMarker start time 2022-02-03T17:35:18.341Z into org.janusgraph.diskstorage.log.kcvs.KCVSLog$MessagePuller@350e6527
[info] o.t.s.j.JanusDatabase [|] Full-text index is available (lucene:/opt/thp/thehive/index) single node
[info] o.r.Reflections [|] Reflections took 20 ms to scan 1 urls, producing 46 keys and 269 values 
[info] o.t.s.m.Database [|mgmt-2d6c29ef] Creating database schema
[info] a.c.s.ClusterSingletonManager [|] Singleton manager starting singleton actor [akka://application/user/integrityCheckSingletonManager/singleton]
[info] a.c.s.ClusterSingletonManager [|] ClusterSingletonManager state change [Start -> Oldest]
[info] a.c.s.ClusterSingletonManager [|] Singleton manager starting singleton actor [akka://application/system/singletonManagerCaseNumberLeader/CaseNumberLeader]
[info] a.c.s.ClusterSingletonManager [|] ClusterSingletonManager state change [Start -> Oldest]
[info] a.c.s.ClusterSingletonProxy [|] Singleton identified at [akka://application/system/singletonManagerCaseNumberLeader/CaseNumberLeader]
[info] a.c.s.ClusterSingletonManager [|] Singleton manager starting singleton actor [akka://application/user/flowSingletonManager/singleton]
[info] a.c.s.ClusterSingletonManager [|] ClusterSingletonManager state change [Start -> Oldest]
[info] play.api.Play [|] Application started (Prod) (no global state)
[info] p.c.s.AkkaHttpServer [|] Listening for HTTP on /0.0.0.0:9000
theshiv303 commented 2 years ago

This was a permissions issue for the cassandra directory, thehive could not access it.