search

cisagov / Malcolm

Malcolm is a powerful, easily deployable network traffic analysis tool suite for full packet capture artifacts (PCAP files), Zeek logs and Suricata alerts.
https://cisagov.github.io/Malcolm/
Other
1.91k stars 319 forks source link

No Such Docker Image + Syntax Error #291

Closed AppalachianMounta1n closed 9 months ago

AppalachianMounta1n commented 9 months ago

Summary

When installing Malcolm 23.12.0 from the .zip source code, I have received two specific errors. The first error states that there is an error response from the Docker daemon, "no such image: ghcr.io/idaholab/malcolm/filebeat-oss:23.12.0" which is immediately followed by a syntax error on line 130, "error token is "> 0 ")". These issues are occurring on a fresh install of Ubuntu 22.04, with the dependencies installed ahead of time. The link in the no such image error provides a 404 page.

Update: When using docker-compose to pull the images, they do pull successfully; however, on my installation docker compose was an invalid command, but docker-compose worked when pulling from the YML file.

Steps To Reproduce

Steps to reproduce the errors:

  1. Download Malcolm-23.12.0.zip on an Ubuntu machine with python3, Docker, and docker-compose installed.
  2. Unzip the file and navigate to the scripts directory
  3. Run build.sh (this error also happens when running install.py first with python3)
  4. The errors should appear.

Expected Behavior

I expected the scripts to continue and perform the installation process as intended.

Error Output

docker: Error response from daemon: No such image: ghcr.io/idaholab/malcolm/filebeat-oss:23.12.0
See 'docker run --help'.
./build.sh: line 130: ((: > 0 : syntax error: operand expected (error token is "> 0 ")
Failed to create "user/share/filebeat/filebeat.yml" in "filebeat=oss"

Screenshots

image image

mmguero commented 9 months ago

Hmm, the image seems to exist from what I can tell:

$ docker pull ghcr.io/idaholab/malcolm/filebeat-oss:23.12.0
23.12.0: Pulling from idaholab/malcolm/filebeat-oss
70db4e7a2af7: Already exists 
fe54257333e5: Already exists 
84f6ff652aa7: Already exists 
1d63e135d1a7: Already exists 
d33f6d11c5ef: Already exists 
5612234fcf1d: Already exists 
934d8861196b: Already exists 
ac53ae111391: Already exists 
005b8f90b017: Already exists 
5c7a137e623d: Already exists 
62f0c2078ba6: Already exists 
4f4fb700ef54: Already exists 
2e56201a2d84: Pull complete 
e5c85daef6d9: Pull complete 
03ae2e0a44eb: Pull complete 
1ba3dec7f419: Pull complete 
af283c7da53c: Pull complete 
d58dc3c66369: Pull complete 
e120459b2aea: Pull complete 
c82e9135b9b5: Pull complete 
260d1371e928: Pull complete 
502278eaf067: Pull complete 
240a9381ddc8: Pull complete 
5f2b6c9e6e6d: Pull complete 
a8bac875936c: Pull complete 
264406d759a0: Pull complete 
Digest: sha256:ecc3a12c934673df58602058760cc4cdd0762acd96d64d00aaa123e63916c355
Status: Downloaded newer image for ghcr.io/idaholab/malcolm/filebeat-oss:23.12.0
ghcr.io/idaholab/malcolm/filebeat-oss:23.12.0

$ docker images | grep -P "filebeat-oss\s+23.12.0"
ghcr.io/idaholab/malcolm/filebeat-oss           23.12.0       1bed624db06a   5 days ago           386MB

I will run through the .zip-based installation again and make sure it works for me on a fresh system to see if I can reproduce it. If you manually pull the image as indicated above does it work?

AppalachianMounta1n commented 9 months ago

The docker-compose command in the quickstart guide worked once I replaced the space with a -, but I will attempt to pull them manually now!

I'm not sure what was going wrong with the build script, as with the images existing I'm uncertain what the cause of the error actually was.

AppalachianMounta1n commented 9 months ago

Manually pulling the image also worked. It seems to be an issue with build.sh on my end rather than the images not existing.

mmguero commented 9 months ago

Ah, I missed that you're trying to build the packages yourself (with build.sh). Hmmm I'm not sure. I've updated the documentation recently to change docker-compose with docker compose as docker compose as a plugin is the recommended configuration now, but it's possible that not all systems are following that convention yet.

mmguero commented 9 months ago

still i appreciate the heads-up, i'll go through the quickstart guide's instructions step by step on a 22.04 box to see if there's something I can improve in the documentation and/or error messaging.

AppalachianMounta1n commented 9 months ago

Ah, ok. That makes sense then. I appreciate the help!

mmguero commented 9 months ago

FWIW i'm going to improve things for the next release slightly:

idaholab/Malcolm#310

Going forward I'll have the install.py scripts offer to pull the images at the end.

AppalachianMounta1n commented 9 months ago

Thanks for the update! That should definitely help.