Permission denied on syslog-ng build

amitn322 / blackesk

BLACK ESK SIEM is a SIEM platform built with Elasticsearch, Syslog-Ng and Kibana

29 stars 12 forks source link

Permission denied on syslog-ng build #9

Closed vibrion121 closed 2 years ago

vibrion121 commented 2 years ago

Hi! im getting this error: /bin/sh: /tmp/syslog-ng-3.34.1/: Permission denied tryed different approcahes without success (tryed this approach too https://vsupalov.com/docker-shared-permissions/) thanks Martin!

amitn322 commented 2 years ago

Can you put some more messages around that error and or a screenshot ? That would help me figure out where in the cod eit is erroring out.

Thank You, Amit

vibrion121 commented 2 years ago

This is more simple: https://asciinema.org/a/ZaB1rIsDSqnmZRAFiy8dpVLTd ;) Thanks Martin

benempson commented 2 years ago

I'm getting the same... Thanks for your work, wishing I could try it out!

2021-12-03_18-01-06

amitn322 commented 2 years ago

Hi @benempson sorry about the delay, what version of operating system are you using ? I can try it out and see if I can replicate the issue.

benempson commented 2 years ago

Hi there, I tried this on Synology DSM 7.

0xJs commented 2 years ago

Got the same error on debian 11 and ubuntu 20.04

0xJs commented 2 years ago

But there is nothing in the /tmp/ directory. No syslog-ng file.

amitn322 commented 2 years ago

@0xJs @benempson @vibrion121 apologies for the delay , but do you have the latest code ? Please try to pull the latest code from github and try to run again. That issue should have been caused by the Selinux being enabled on the system. I have since updated the nodes file to use Z flag. If that does not work , can you try disabling Selinux and see if that works ? YOu can then re-enable Selinux but just to check and make sure it's not related to that.

Disable Selinux :

setenforce 0

Enable Selinux:

setenforce 1

BosmanSander commented 2 years ago

@amitn322 I've pulled the latest code from your Github, but I've still got permission issues. I've given the /tmp/syslog folder all the permissions and changed ownership to root.

I also don't seem to have Selinux installed in either my docker container or my host that I run the docker on. This is the error that I get when starting or installing the docker:

error

Here are my permissions and as you can see there isn't any setenforce command available:

perm+setenf setenf

I've tried your SIEM on both debian 11 and ubuntu 20.04.

amitn322 commented 2 years ago

@0xJs @benempson @vibrion121 , this issue should have been fixed. I have updated the code to use the latest Kibana, Elasticsearch and syslog-ng as well as latest alpine linux. Please let me know if you encounter any issues.

vibrion121 commented 2 years ago

Thanks @amitn322! At this moment im not in access to the equimpent (february maybe). Thanks again for your work and commitment

benempson commented 2 years ago

Thanks @amitn322, I'll try this out ASAP and get back to you, will be next week at the latest.

BosmanSander commented 2 years ago

Thank you, @amitn322! It works perfectly now in Debian 11.