search

center-for-threat-informed-defense / tram

TRAM is an open-source platform designed to advance research into automating the mapping of cyber threat intelligence reports to MITRE ATT&CK®.
https://ctid.mitre-engenuity.org/our-work/tram/
Apache License 2.0
435 stars 93 forks source link

Login issues #204

Open V0lundr opened 11 months ago

V0lundr commented 11 months ago

Hi, I encountered an issue after installing TRAM. When attempting to log in, I see the initial screen. However, after entering the default username and password, TRAM doesn't accept it and returns to the initial login screen.

image

My Docker is using the default configuration because I also attempted to change the password, but without luck.

version: '3.5'
services:
  tram:
    image: ghcr.io/center-for-threat-informed-defense/tram:latest
    environment:
      - DATA_DIRECTORY=/tram/data
      - ALLOWED_HOSTS=["192.168.88.56", "localhost"]
      - DJANGO_SUPERUSER_USERNAME=djangoSuperuser
      - DJANGO_SUPERUSER_PASSWORD=LEGITPassword1234
      - DJANGO_SUPERUSER_EMAIL=test@example.com
    volumes:
      - tram:/tram/data
      - tram_static:/tram/src/tram/staticfiles
  nginx:
    image: ghcr.io/center-for-threat-informed-defense/tram-nginx:latest
    ports:
      - "8000:80"
    volumes:
      - tram:/tram/data:ro
      - tram_static:/tram/src/tram/staticfiles:ro

volumes:
  tram:
  tram_static:

TRAM logs:

No changes detected in app 'tram'
Operations to perform:
  Apply all migrations: admin, auth, contenttypes, database, sessions, tram
Running migrations:
  No migrations to apply.
Superuser creation skipped, user already exists.
[2023-10-28 15:55:27 +0000] [19] [INFO] Starting gunicorn 20.1.0
[2023-10-28 15:55:27 +0000] [19] [INFO] Listening at: http://0.0.0.0:8000 (19)
[2023-10-28 15:55:27 +0000] [19] [INFO] Using worker: sync
[2023-10-28 15:55:27 +0000] [22] [INFO] Booting worker with pid: 22
[2023-10-28 15:55:30] INFO [tram.ml.base] BERTClassifierModel loaded from __init__
[2023-10-28 15:55:30] INFO [tram.management.commands.pipeline] Running ML Pipeline with Model: bert

NGINX logs:

/docker-entrypoint.sh: /docker-entrypoint.d/ is not empty, will attempt to perform configuration
/docker-entrypoint.sh: Looking for shell scripts in /docker-entrypoint.d/
/docker-entrypoint.sh: Launching /docker-entrypoint.d/10-listen-on-ipv6-by-default.sh
10-listen-on-ipv6-by-default.sh: info: Getting the checksum of /etc/nginx/conf.d/default.conf
10-listen-on-ipv6-by-default.sh: info: /etc/nginx/conf.d/default.conf differs from the packaged version
/docker-entrypoint.sh: Launching /docker-entrypoint.d/20-envsubst-on-templates.sh
/docker-entrypoint.sh: Launching /docker-entrypoint.d/30-tune-worker-processes.sh
/docker-entrypoint.sh: Configuration complete; ready for start up
2023/10/28 15:55:19 [notice] 1#1: using the "epoll" event method
2023/10/28 15:55:19 [notice] 1#1: nginx/1.21.5
2023/10/28 15:55:19 [notice] 1#1: built by gcc 10.3.1 20211027 (Alpine 10.3.1_git20211027) 
2023/10/28 15:55:19 [notice] 1#1: OS: Linux 5.15.0-84-generic
2023/10/28 15:55:19 [notice] 1#1: getrlimit(RLIMIT_NOFILE): 1048576:1048576
2023/10/28 15:55:19 [notice] 1#1: start worker processes
2023/10/28 15:55:19 [notice] 1#1: start worker process 31
2023/10/28 15:55:19 [notice] 1#1: start worker process 32
10.20.30.140 - - [29/Oct/2023:10:47:52 +0000] "GET / HTTP/1.1" 302 0 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/119.0" "-"
10.20.30.140 - - [29/Oct/2023:10:47:52 +0000] "GET /login/?next=/ HTTP/1.1" 200 2628 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/119.0" "-"
10.20.30.140 - - [29/Oct/2023:10:47:52 +0000] "GET /static/css/fas-all.min.css HTTP/1.1" 200 59344 "http://192.168.88.56:8000/login/?next=/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/119.0" "-"
10.20.30.140 - - [29/Oct/2023:10:47:52 +0000] "GET /static/css/tram.css HTTP/1.1" 200 214 "http://192.168.88.56:8000/login/?next=/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/119.0" "-"
10.20.30.140 - - [29/Oct/2023:10:47:52 +0000] "GET /static/js/bootstrap.min.js HTTP/1.1" 200 59219 "http://192.168.88.56:8000/login/?next=/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/119.0" "-"
10.20.30.140 - - [29/Oct/2023:10:47:52 +0000] "GET /static/js/popper.min.js HTTP/1.1" 200 19735 "http://192.168.88.56:8000/login/?next=/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/119.0" "-"
10.20.30.140 - - [29/Oct/2023:10:47:52 +0000] "GET /static/css/bootstrap.min.css HTTP/1.1" 200 163873 "http://192.168.88.56:8000/login/?next=/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/119.0" "-"
10.20.30.140 - - [29/Oct/2023:10:47:52 +0000] "GET /static/js/jquery-3.5.1.min.js HTTP/1.1" 200 89476 "http://192.168.88.56:8000/login/?next=/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/119.0" "-"
10.20.30.140 - - [29/Oct/2023:10:47:52 +0000] "GET /static/img/me_300x300.jpeg HTTP/1.1" 200 41505 "http://192.168.88.56:8000/login/?next=/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/119.0" "-"
10.20.30.140 - - [29/Oct/2023:10:47:52 +0000] "GET /static/img/favicon-32x32.png HTTP/1.1" 200 358 "http://192.168.88.56:8000/login/?next=/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/119.0" "-"
10.20.30.140 - - [29/Oct/2023:10:47:59 +0000] "POST /login/?next=/ HTTP/1.1" 200 2628 "http://192.168.88.56:8000/login/?next=/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/119.0" "-"

I don't know if I'm doing something wrong or?

Any help is valuable.

Thanks a lot

mehaase commented 11 months ago

Hmm, I haven't seen that happen before. Try these things in order:

  1. Are you using the account name djangoSuperuser?
  2. Clear browser cookies.
  3. Change the TRAM log level: add DJANGO_LOG_LEVEL=DEBUG to the TRAM environment variables, restart the tram container, and see if it produces any additional logs.
  4. Are you accessing TRAM at http://192.168.88.56/? Set ALLOWED_HOSTS to ['*'] temporarily to check if this is a contributing factor.
  5. Recreate the containers with docker compose down -v followed by docker compose up.
V0lundr commented 11 months ago

Hi, yes, I tried your recommendations, and still experiencing the same :(

image.

Also, DEBUG log level does not provide any info.

mehaase commented 6 months ago

Sorry @V0lundr I lost track of this thread. I'm not sure what the problem could be here. Can you check your cookies in the web inspector? There should be a sessionid and a csrftoken created when you log in.