search

certtools / intelmq-api

FastAPI-based API for the IntelMQ project
https://docs.intelmq.org/latest/user/api/
1 stars 7 forks source link

Fails when pam_lastlog is used #33

Closed grodriguezl closed 3 years ago

grodriguezl commented 4 years ago

I'm running CentOS 7.

When lastlog is used in the PAM modules stack of sudo , it breaks all the data retrieved as it adds a string like Last login: Fri Feb 7 17:21:07 -03 2020 at the end every time sudo is used

Examples: Management tab:

5:26 PM Error error botnet: {"cymru-whois-expert": "stopped",..., "url2fqdn-expert": "stopped"} Last Login: Fri Feb 7 17:26:44 -03 2020 SyntaxError: JSON.parse: unexpected non-whitespace character after JSON data at line 2 column 1 of the JSON data

Check tab: Screenshot from 2020-02-07 17-21-52

Of course I can remove lastlog module but maybe this error can be fixed easily

ghost commented 4 years ago

Does pam_lastlog print to the stdout or stderr?

grodriguezl commented 4 years ago

It looks like it prints to stdout

ghost commented 4 years ago

You could add the code filtering this out somewhere here: https://github.com/certtools/intelmq-manager/blob/4cee3eb61c90a6f813a8dcbee7a5b0cbebac1fe8/intelmq-manager/php/controller.php#L159-L163

ghost commented 3 years ago

Does this also apply to the new Python-based backend?

grodriguezl commented 3 years ago

Hi, I switched jobs so I'm not working with intelmq any more :(

ghost commented 3 years ago

Ok. I'm closing here then. If the issue appears again for someone else, we can re-open.