search

TheHive-Project / TheHiveDocs

Documentation of TheHive
https://docs.strangebee.com/
GNU Affero General Public License v3.0
393 stars 280 forks source link

Missing authentication credentials for REST request #188

Open Hams3c opened 4 years ago

Hams3c commented 4 years ago

Problem

Attempting to connect to TH with a fresh install of TH 3.4.2, running Ubuntu returns the following error:

App: Unknown error: ElasticError(security_exception,missing authentication credentials for REST request [/the_hive_15/_search],None,None,None,List(ElasticError(security_exception,missing authentication credentials for REST request [/the_hive_15/_search],None,None,None,null,None)),None)

OS Info

Distributor ID: Ubuntu Description: Ubuntu 18.04.5 LTS Release: 18.04 Codename: bionic

Hive info

● thehive.service - TheHive
   Loaded: loaded (/usr/lib/systemd/system/thehive.service; enabled; vendor preset: enabled)
   Active: active (running) since Mon 2020-09-21 19:58:03 EDT; 7min ago
     Docs: https://thehive-project.org
 Main PID: 27814 (java)
    Tasks: 55 (limit: 4915)
   CGroup: /system.slice/thehive.service
           └─27814 java -Duser.dir=/opt/thehive -Dconfig.file=/etc/thehive/application.conf -Dlogger.file=/etc/thehive/logback.xml -Dpidfile.path=/dev/null -cp /opt/thehive/lib/../conf/:/opt/thehive/lib/org.thehive-project.thehive-3.4.2-1-sans-externalized.jar:
/opt/thehive/lib/org.thehive-project.thehivebackend-3.4.2-1.jar:
/opt/thehive/lib/org.thehive-project.thehivemisp-3.4.2-1.jar:
/opt/thehive/lib/org.thehive-project.thehivecortex-3.4.2-1.jar:
/opt/thehive/lib/com.typesafe.play.play-netty-utils-2.6.23.jar:
/opt/thehive/lib/com.typesafe.play.play-exceptions-2.6.23.jar:
/opt/thehive/lib/com.typesafe.akka.akka-parsing_2.12-10.0.15.jar:
/opt/thehive/lib/com.sksamuel.elastic4s.elastic4s-core_2.12-6.5.1.jar:
/opt/thehive/lib/io.jsonwebtoken.jjwt-0.7.0.jar:
/opt/thehive/lib/com.typesafe.play.play-ahc-ws_2.12-2.6.23.jar:
/opt/thehive/lib/com.google.inject.guice-4.2.2.jar:
/opt/thehive/lib/javax.cache.cache-api-1.0.0.jar:
/opt/thehive/lib/com.fasterxml.jackson.module.jackson-module-scala_2.12-2.9.6.jar:
/opt/thehive/lib/com.typesafe.play.play_2.12-2.6.23.jar:
/opt/thehive/lib/com.typesafe.play.play-functional_2.12-2.6.12.jar:
/opt/thehive/lib/ch.qos.logback.logback-core-1.2.3.jar:
/opt/thehive/lib/org.ehcache.jcache-1.0.1.jar:
/opt/thehive/lib/com.typesafe.play.play-server_2.12-2.6.23.jar:
/opt/thehive/lib/javax.activation.javax.activation-api-1.2.0.jar:
/opt/thehive/lib/org.scala-lang.scala-library-2.12.6.jar:
/opt/thehive/lib/com.typesafe.play.play-json_2.12-2.6.12.jar:
/opt/thehive/lib/org.slf4j.jcl-over-slf4j-1.7.25.jar:
/opt/thehive/lib/ch.qos.logback.logback-classic-1.2.3.jar:
/opt/thehive/lib/com.typesafe.play.play-ws-standalone-json_2.12-1.1.13.jar:
/opt/thehive/lib/org.scala-lang.modules.scala-xml_2.12-1.0.6.jar:
/opt/thehive/lib/joda-time.joda-time-2.9.9.jar:
/opt/thehive/lib/org.thehive-project.elastic4play_2.12-1.11.5.jar:
/opt/thehive/lib/com.typesafe.akka.akka-cluster-tools_2.12-2.5.21.jar:
/opt/thehive/lib/com.typesafe.akka.akka-stream_2.12-2.5.21.jar:
/opt/thehive/lib/org.checkerframework.checker-compat-qual-2.0.0.jar:
/opt/thehive/lib/org.typelevel.macro-compat_2.12-1.1.1.jar:
/opt/thehive/lib/com.typesafe.play.play-ahc-ws-standalone_2.12-1.1.13.jar:
/opt/thehive/lib/org.elasticsearch.client.elasticsearch-rest-client-6.5.2.jar:
/opt/thehive/lib/org.reflections.reflections-0.9.11.jar:
/opt/thehive/lib/org.apache.logging.log4j.log4j-api-2.9.1.jar:
/opt/thehive/lib/org.bouncycastle.bcprov-jdk15on-1.58.jar:
/opt/thehive/lib/com.typesafe.play.play-ws-standalone_2.12-1.1.13.jar:
/opt/thehive/lib/net.sf.ehcache.ehcache-2.10.6.jar:
/opt/thehive/lib/org.slf4j.jul-to-slf4j-1.7.25.jar:
/opt/thehive/lib/org.apache.httpcomponents.httpcore-nio-4.4.5.jar:
/opt/thehive/lib/com.typesafe.akka.akka-cluster_2.12-2.5.21.jar:
/opt/thehive/lib/com.sksamuel.elastic4s.elastic4s-http-streams_2.12-6.5.1.jar:
/opt/thehive/lib/io.aeron.aeron-driver-1.15.1.jar:
/opt/thehive/lib/javax.xml.bind.jaxb-api-2.3.1.jar:
/opt/thehive/lib/org.agrona.agrona-0.9.31.jar:
/opt/thehive/lib/io.aeron.aeron-client-1.15.1.jar:
/opt/thehive/lib/com.thoughtworks.paranamer.paranamer-2.8.jar:
/opt/thehive/lib/org.slf4j.slf4j-api-1.7.25.jar:
/opt/thehive/lib/com.fasterxml.jackson.module.jackson-module-paranamer-2.9.6.jar:
/opt/thehive/lib/commons-logging.commons-logging-1.2.jar:
/opt/thehive/lib/com.fasterxml.jackson.datatype.jackson-datatype-jsr310-2.8.11.jar:
/opt/thehive/lib/com.typesafe.play.play-akka-http2-support_2.12-2.6.23.jar:
/opt/thehive/lib/com.google.errorprone.error_prone_annotations-2.1.3.jar:
/opt/thehive/lib/com.typesafe.play.shaded-oauth-1.1.13.jar:
/opt/thehive/lib/org.apache.httpcomponents.httpclient-4.5.3.jar:
/opt/thehive/lib/org.reactivestreams.reactive-streams-1.0.2.jar:
/opt/thehive/lib/net.lingala.zip4j.zip4j-1.3.2.jar:
/opt/thehive/lib/com.typesafe.play.play-ws-standalone-xml_2.12-1.1.13.jar:
/opt/thehive/lib/com.google.code.findbugs.jsr305-3.0.2.jar:
/opt/thehive/lib/com.typesafe.akka.akka-protobuf_2.12-2.5.21.jar:
/opt/thehive/lib/com.typesafe.play.filters-helpers_2.12-2.6.23.jar:
/opt/thehive/lib/com.twitter.hpack-1.0.2.jar:
/opt/thehive/lib/com.typesafe.play.play-guice_2.12-2.6.23.jar:
/opt/thehive/lib/org.codehaus.mojo.animal-sniffer-annotations-1.14.jar:
/opt/thehive/lib/aopalliance.aopalliance-1.0.jar:
/opt/thehive/lib/com.fasterxml.jackson.core.jackson-core-2.9.6.jar:
/opt/thehive/lib/org.scala-lang.scala-reflect-2.12.6.jar:
/opt/thehive/lib/org.scalactic.scalactic_2.12-3.0.5.jar:
/opt/thehive/lib/com.typesafe.akka.akka-actor_2.12-2.5.21.jar:
/opt/thehive/lib/com.typesafe.play.play-streams_2.12-2.6.23.jar:
/opt/thehive/lib/org.scala-lang.modules.scala-java8-compat_2.12-0.8.0.jar:
/opt/thehive/lib/org.apache.commons.commons-lang3-3.6.jar:
/opt/thehive/lib/com.sksamuel.exts.exts_2.12-1.60.0.jar:
/opt/thehive/lib/javax.inject.javax.inject-1.jar:
/opt/thehive/lib/net.codingwell.scala-guice_2.12-4.2.3.jar:
/opt/thehive/lib/javax.transaction.jta-1.1.jar:
/opt/thehive/lib/org.apache.httpcomponents.httpasyncclient-4.1.2.jar:
/opt/thehive/lib/com.typesafe.akka.akka-remote_2.12-2.5.21.jar:
/opt/thehive/lib/com.typesafe.play.play-ehcache_2.12-2.6.23.jar:
/opt/thehive/lib/com.typesafe.config-1.3.3.jar:
/opt/thehive/lib/org.eclipse.jetty.alpn.alpn-api-1.1.3.v20160715.jar:
/opt/thehive/lib/org.apache.httpcomponents.httpcore-4.4.6.jar:
/opt/thehive/lib/com.google.inject.extensions.guice-assistedinject-4.1.0.jar:
/opt/thehive/lib/io.netty.netty-3.10.6.Final.jar:
/opt/thehive/lib/com.google.guava.guava-25.1-android.jar:
/opt/thehive/lib/com.typesafe.play.cachecontrol_2.12-1.1.4.jar:
/opt/thehive/lib/com.typesafe.play.play-ws_2.12-2.6.23.jar:
/opt/thehive/lib/org.scala-lang.modules.scala-parser-combinators_2.12-1.1.1.jar:
/opt/thehive/lib/com.typesafe.play.play-cache_2.12-2.6.23.jar:
/opt/thehive/lib/com.google.j2objc.j2objc-annotations-1.1.jar:
/opt/thehive/lib/com.typesafe.play.shaded-asynchttpclient-1.1.13.jar:
/opt/thehive/lib/org.joda.joda-convert-1.9.2.jar:
/opt/thehive/lib/com.typesafe.akka.akka-http2-support_2.12-10.0.15.jar:
/opt/thehive/lib/com.typesafe.akka.akka-http-core_2.12-10.0.15.jar:
/opt/thehive/lib/com.fasterxml.jackson.datatype.jackson-datatype-jdk8-2.8.11.jar:
/opt/thehive/lib/com.fasterxml.jackson.core.jackson-databind-2.9.6.jar:
/opt/thehive/lib/com.sksamuel.elastic4s.elastic4s-http_2.12-6.5.1.jar:
/opt/thehive/lib/org.javassist.javassist-3.21.0-GA.jar:
/opt/thehive/lib/com.typesafe.akka.akka-slf4j_2.12-2.5.21.jar:
/opt/thehive/lib/commons-codec.commons-codec-1.11.jar:
/opt/thehive/lib/com.typesafe.play.build-link-2.6.23.jar:
/opt/thehive/lib/com.typesafe.play.play-akka-http-server_2.12-2.6.23.jar:
/opt/thehive/lib/com.typesafe.ssl-config-core_2.12-0.3.7.jar:
/opt/thehive/lib/org.apache.logging.log4j.log4j-to-slf4j-2.9.1.jar:
/opt/thehive/lib/com.fasterxml.jackson.core.jackson-annotations-2.9.6.jar:
/opt/thehive/lib/com.typesafe.play.twirl-api_2.12-1.3.15.jar:
/opt/thehive/lib/com.typesafe.play.play-logback_2.12-2.6.23.jar:
/opt/thehive/lib/org.thehive-project.thehive-3.4.2-1-assets.jar play.core.server.ProdServerStart

Sep 21 19:58:03 ubuntu.myserver.com systemd[1]: Started TheHive.

/var/log/thehive/application.log

2020-09-21 19:58:28,958 [ERROR] from org.elastic4play.database.DBConfiguration in application-akka.actor.default-dispatcher-2 - ElasticSearch request failure: POST:/the_hive_15/_search?
StringEntity({"query":{"match":{"relations":{"query":"user"}}},"size":0},Some(application/json))
 => ElasticError(security_exception,missing authentication credentials for REST request [/the_hive_15/_search],None,None,None,List(ElasticError(security_exception,missing authentication credentials for REST request [/the_hive_15/_search],None,None,None,null,None)),None)
2020-09-21 19:58:28,968 [ERROR] from org.elastic4play.database.DBConfiguration in application-akka.actor.default-dispatcher-2 - ElasticSearch request failure: POST:/the_hive_15/_search?scroll=60000ms
StringEntity({"version":"true","query":{"bool":{"must":[{"term":{"relations":{"value":"dblist"}}},{"term":{"dblist":{"value":"ui_settings"}}}]}},"from":0,"sort":[{"_id":{"order":"desc"}}]},Some(application/json))
 => ElasticError(security_exception,missing authentication credentials for REST request [/the_hive_15/_search?scroll=60000ms],None,None,None,List(ElasticError(security_exception,missing authentication credentials for REST request [/the_hive_15/_search?scroll=60000ms],None,None,None,null,None)),None)
2020-09-21 19:58:28,968 [WARN] from org.elastic4play.database.SearchWithScroll in application-akka.actor.default-dispatcher-2 - Search error
org.elastic4play.InternalError: Unknown error: ElasticError(security_exception,missing authentication credentials for REST request [/the_hive_15/_search?scroll=60000ms],None,None,None,List(ElasticError(security_exception,missing authentication credentials for REST request [/the_hive_15/_search?scroll=60000ms],None,None,None,null,None)),None)
        at org.elastic4play.database.DBConfiguration.$anonfun$execute$2(DBConfiguration.scala:148)
        at scala.concurrent.Future.$anonfun$flatMap$1(Future.scala:303)
        at scala.concurrent.impl.Promise.$anonfun$transformWith$1(Promise.scala:37)
        at scala.concurrent.impl.CallbackRunnable.run(Promise.scala:60)
        at akka.dispatch.BatchingExecutor$AbstractBatch.processBatch(BatchingExecutor.scala:55)
        at akka.dispatch.BatchingExecutor$BlockableBatch.$anonfun$run$1(BatchingExecutor.scala:91)
        at scala.runtime.java8.JFunction0$mcV$sp.apply(JFunction0$mcV$sp.java:12)
        at scala.concurrent.BlockContext$.withBlockContext(BlockContext.scala:81)
        at akka.dispatch.BatchingExecutor$BlockableBatch.run(BatchingExecutor.scala:91)
        at akka.dispatch.TaskInvocation.run(AbstractDispatcher.scala:40)
        at akka.dispatch.ForkJoinExecutorConfigurator$AkkaForkJoinTask.exec(ForkJoinExecutorConfigurator.scala:44)
        at akka.dispatch.forkjoin.ForkJoinTask.doExec(ForkJoinTask.java:260)
        at akka.dispatch.forkjoin.ForkJoinPool$WorkQueue.runTask(ForkJoinPool.java:1339)
        at akka.dispatch.forkjoin.ForkJoinPool.runWorker(ForkJoinPool.java:1979)
        at akka.dispatch.forkjoin.ForkJoinWorkerThread.run(ForkJoinWorkerThread.java:107)
2020-09-21 19:59:17,196 [ERROR] from org.elastic4play.database.DBConfiguration in application-akka.actor.default-dispatcher-5 - ElasticSearch request failure: GET:/_cluster/health/the_hive_15?
 => ElasticError(security_exception,missing authentication credentials for REST request [/_cluster/health/the_hive_15],None,None,None,List(ElasticError(security_exception,missing authentication credentials for REST request [/_cluster/health/the_hive_15],None,None,None,null,None)),None)

/etc/thehive/application.conf pertinent info

# Secret Key
# The secret key is used to secure cryptographic functions.
# WARNING: If you deploy your application on several servers, make sure to use the same key.
play.http.secret.key="mysecretkey"

# Elasticsearch
search {
  ## Basic configuration
  # Index name.
  index = the_hive
  # ElasticSearch instance address.
  uri = "http://192.168.20.20:9200/"

  ## Advanced configuration
  # Scroll keepalive.
  #keepalive = 1m

  # Scroll page size.
  #pagesize = 50

  # Number of shards
  #nbshards = 5

  # Number of replicas
  #nbreplicas = 1

  # Arbitrary settings
  #settings {
  #  # Maximum number of nested fields
  #  mapping.nested_fields.limit = 100
  #}

  ## Authentication configuration
  search.username = "elastic"
  search.password = "myElasticPasswd"

  ## SSL configuration
  #search.keyStore {
  #  path = "/path/to/trustStore"
  #  type = "JKS" # JKS or PKCS12
  #  password = ""
  #}
  #search.trustStore {
  #  path = "/path/to/trustStore"
  #  type = "JKS" # JKS or PKCS12
  #  password = ""
  #}
}

# Authentication
auth {
  # "provider" parameter contains authentication provider. It can be multi-valued (useful for migration)
  # available auth types are:
  # services.LocalAuthSrv : passwords are stored in user entity (in Elasticsearch). No configuration is required.
  # ad : use ActiveDirectory to authenticate users. Configuration is under "auth.ad" key
  # ldap : use LDAP to authenticate users. Configuration is under "auth.ldap" key
  # oauth2 : use OAuth/OIDC to authenticate users. Configuration is under "auth.oauth2" and "auth.sso" keys
  provider = [local]

  # By default, basic authentication is disabled. You can enable it by setting "method.basic" to true.
  #method.basic = true

...
}

...

<EOF>
filipzag commented 4 years ago

Same here...

1earch commented 4 years ago

Please try removing search. from the Elastic authentication config part :

  ## Authentication configuration
  user = "elastic"
  password = "myElasticPasswd"

EDIT: in addition, you need to modify username to user