search

ciscocsirt / GOSINT

The GOSINT framework is a project used for collecting, processing, and exporting high quality indicators of compromise (IOCs).
BSD 3-Clause "New" or "Revised" License
537 stars 106 forks source link

404 page not found #4

Closed robcza closed 7 years ago

robcza commented 7 years ago

I've followed the installation guide step by step, however ended up unable to open the web application itself. Machine is Ubuntu 16.04.02 64bit Seems that gosint starts ok:

gosint@xenial:~/projects/src/GOSINT$ ./gosint 

          _____                  _______                  _____                   _____                   _____            _____          
         /\    \                /::\    \                /\    \                 /\    \                 /\    \          /\    \         
        /::\    \              /::::\    \              /::\    \               /::\    \               /::\____\        /::\    \        
       /::::\    \            /::::::\    \            /::::\    \              \:::\    \             /::::|   |        \:::\    \       
      /::::::\    \          /::::::::\    \          /::::::\    \              \:::\    \           /:::::|   |         \:::\    \      
     /:::/\:::\    \        /:::/~~\:::\    \        /:::/\:::\    \              \:::\    \         /::::::|   |          \:::\    \     
    /:::/  \:::\    \      /:::/    \:::\    \      /:::/__\:::\    \              \:::\    \       /:::/|::|   |           \:::\    \    
   /:::/    \:::\    \    /:::/    / \:::\    \     \:::\   \:::\    \             /::::\    \     /:::/ |::|   |           /::::\    \   
  /:::/    / \:::\    \  /:::/____/   \:::\____\  ___\:::\   \:::\    \   ____    /::::::\    \   /:::/  |::|   | _____    /::::::\    \  
 /:::/    /   \:::\ ___\|:::|    |     |:::|    |/\   \:::\   \:::\    \ /\   \  /:::/\:::\    \ /:::/   |::|   |/\    \  /:::/\:::\    \ 
/:::/____/  ___\:::|    |:::|____|     |:::|    /::\   \:::\   \:::\____/::\   \/:::/  \:::\____/:: /    |::|   /::\____\/:::/  \:::\____\
\:::\    \ /\  /:::|____|\:::\    \   /:::/    /\:::\   \:::\   \::/    \:::\  /:::/    \::/    \::/    /|::|  /:::/    /:::/    \::/    /
 \:::\    /::\ \::/    /  \:::\    \ /:::/    /  \:::\   \:::\   \/____/ \:::\/:::/    / \/____/ \/____/ |::| /:::/    /:::/    / \/____/ 
  \:::\   \:::\ \/____/    \:::\    /:::/    /    \:::\   \:::\    \      \::::::/    /                  |::|/:::/    /:::/    /          
   \:::\   \:::\____\       \:::\__/:::/    /      \:::\   \:::\____\      \::::/____/                   |::::::/    /:::/    /           
    \:::\  /:::/    /        \::::::::/    /        \:::\  /:::/    /       \:::\    \                   |:::::/    /\::/    /            
     \:::\/:::/    /          \::::::/    /          \:::\/:::/    /         \:::\    \                  |::::/    /  \/____/             
      \::::::/    /            \::::/    /            \::::::/    /           \:::\    \                 /:::/    /                       
       \::::/    /              \::/____/              \::::/    /             \:::\____\               /:::/    /                        
        \::/____/                ~~                     \::/    /               \::/    /               \::/    /                         
                                                         \/____/                 \/____/                 \/____/                          

2017/08/12 23:22:27 Connecting to database...
2017/08/12 23:22:27 Successfully connected to backend database.
2017/08/12 23:22:27 Feeds not running, proceeding to start.
2017/08/12 23:22:27 Missing Twitter API keys... cannot start Twitter stream.
2017/08/12 23:22:27 Orchestration started.
2017/08/12 23:22:27 Missing Alienvault OTX API key... cannot start feed.
2017/08/12 23:22:28 No feeds found.

The web application is not found: gosint404

I guess I'm missing something trivial and I'd like to adjust the install guide.

blueteam1 commented 7 years ago

Hey robcza, So this sounds to me like an issue with the NGINX configuration. If 127.0.0.1:8000 is the interface and port that NGINX is configured to run on, and the root directory is configured correctly in NGINX, at minimum you should at least see the web interface. The issue might also be a conflict in the ports being used. By default, the GOSINT binary is configured to use 127.0.0.1:8000, so if you haven't changed that (which is configured with a flag on startup), then NGINX most likely is not able to bind to that port/interface and erroring out. I would make sure that NGINX and GOSINT are not using the same interface/port (whichever one you alter doesn't matter, they just can't be the same) and check the NGINX error logs to see if there are any issues in there that need to be addressed.

As a quick test to ensure the GOSINT binary is working, you can try and navigate to http://127.0.0.1/api/pre/ with the default config and see if you get a JSON response from the GOSINT API. We plan on updating the documentation more with information explaining all the API endpoints and their uses.

user3115 commented 7 years ago

Similar issue

NGINX error log

2017/08/17 03:26:28 [error] 22130#22130: 54 connect() failed (111: Connection refused) while connecting to upstream, client: ###.###.###.###, server: someserver.yourcompany.com, request: "GET / HTTP/1.1", upstream: "http://127.0.0.1:8000/", host: "##.##.##.##" 2017/08/17 03:26:28 [error] 22130#22130: 54 open() "/usr/share/nginx/html/50x.html" failed (2: No such file or directory), client: ###.###.###.###, server: someserver.yourcompany.com, request: "GET / HTTP/1.1", upstream: "http://127.0.0.1:8000/", host: "##.##.##.##"

Output of command sudo netstat -lntup

Active Internet connections (only servers) Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name tcp 0 0 127.0.0.1:8000 0.0.0.0: LISTEN 29682/gosint tcp 0 0 127.0.0.1:27017 0.0.0.0: LISTEN 14113/mongod tcp 0 0 0.0.0.0:22 0.0.0.0: LISTEN 1341/sshd tcp 0 0 0.0.0.0:443 0.0.0.0: LISTEN 31151/nginx -g daem tcp6 0 0 :::22 :::* LISTEN 1341/sshd

Output of https://##.##.##.##/api/pre/

{"message":"none found"}

I hope the above information help to find the issue and suggest the correction actions to resolve it

robcza commented 7 years ago

It seems on my side it was really just a trivial issue as the website din't have the source files available. Working for me now. I will go with PR: https://github.com/robcza/GOSINT/commit/ac9027a50b5bdc86519c26a2782c32f0a9dd69a8

I had to copy the website source codes to a directory accessible to nginx

sudo mkdir /var/www/gosint
cp -r /home/gosint/projects/src/GOSINT/website/* /var/www/gosint/

And change the nginx configuration for root directory accordingly: root /var/www/gosint;

server {
    ssl_certificate /etc/nginx/ssl/nginx.crt;
    ssl_certificate_key /etc/nginx/ssl/nginx.key;
    listen 443 ssl;

    root /var/www/gosint;
    index index.php index.html index.htm;
    try_files $uri $uri/ @apachesite;

    server_name someserver.yourcompany.com;

    gzip on;
    gzip_proxied any;
    gzip_types
        text/css
        text/javascript
        text/xml
        text/plain
        application/javascript
        application/x-javascript
        application/json;

    #location / {
    #    try_files $uri $uri/ =404;
    #}

    error_page 404 /404.html;
    error_page 500 502 503 504 /50x.html;
    location = /50x.html {
        root /usr/share/nginx/html;
    }

    location @apachesite {
        auth_basic           "closed site";
        auth_basic_user_file /etc/nginx/.htpasswd;

        proxy_pass http://localhost:8000;
    }

    location ~ \.php$ {
        auth_basic           "closed site";
        auth_basic_user_file /etc/nginx/.htpasswd;
        try_files $uri =404;
        fastcgi_split_path_info ^(.+\.php)(/.+)$;
        fastcgi_pass unix:/var/run/php/php7.0-fpm.sock;
        fastcgi_index index.php;
        fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
        include fastcgi_params;
    }
}
alt-version commented 7 years ago

I have the same problem, but the solution of the problem proposed by @robcza did not help.

Jsitech commented 7 years ago

I have the same problem, but the solution of the problem proposed by robcza did not help.

Confirm that this is the right location on your setup for the php fpm sock file.

fastcgi_pass unix:/var/run/php/php7.0-fpm.sock

alt-version commented 7 years ago

@Jsitech I have the same location

suwitcham commented 7 years ago

have same issue, move to docker and it work ok.

iamtmehdi commented 7 years ago

Hello all, In the latest commits we have provided bash install scripts which come with pre-configured NGINX configurations to avoid this issue. You can find instructions for use at gosint.readthedocs.io/en/latest/installation.html. Another note, to load the GOSINT dashboard, http://localhost/ or http://127.0.0.1 is the correct URL to load with the default installation. As @blueteam1 mentioned, if you are able to load an API response from http://localhost/api/pre/ and get a JSON response of {"message": "none found"} then GOSINT is successfully installed and it is an issue with NGINX configuration (which again should be resolved with the latest updates). If you are still having issues please open a new issue. Thanks!

fz66 commented 6 years ago

i had the same issue,make sure you start "service php7.0-fpm" as well.It works fine after that.