Rita runs under sudo, so it should be able to access any file on the system. Instead, when handed a directory of log files with mode 600 it returns "no valid log files found". (Confirmed that when the log files modes are changed to 644 the rita import command runs successfully and builds the database.)
Command used: rita import --database pi_zeek_2024_04_29 -l /home/wstearns/pizeek/2024-04-29/
Version tested: 5.0.8
The section in question appears to be https://github.com/activecm/rita/blob/93b2dc566cfac5aab83d050ed8eec7def15181e9/cmd/import.go#L421
It's unclear to me why line 422 ", err := afs.Open(path)" returns an error as rita running as root should be able to read this. Is it some oddity where it's running as root on the host but inside the docker container it's not (meaning the files truly are unreadable)?
Could we at least warn the user that the mode is the problem (and all files should be world readable) instead of saying "no valid log files found"?
Rita runs under sudo, so it should be able to access any file on the system. Instead, when handed a directory of log files with mode 600 it returns "no valid log files found". (Confirmed that when the log files modes are changed to 644 the rita import command runs successfully and builds the database.) Command used: rita import --database pi_zeek_2024_04_29 -l /home/wstearns/pizeek/2024-04-29/ Version tested: 5.0.8 The section in question appears to be https://github.com/activecm/rita/blob/93b2dc566cfac5aab83d050ed8eec7def15181e9/cmd/import.go#L421 It's unclear to me why line 422 ", err := afs.Open(path)" returns an error as rita running as root should be able to read this. Is it some oddity where it's running as root on the host but inside the docker container it's not (meaning the files truly are unreadable)? Could we at least warn the user that the mode is the problem (and all files should be world readable) instead of saying "no valid log files found"?