search

deepfence / ThreatMapper

Open Source Cloud Native Application Protection Platform (CNAPP)
https://deepfence.io
Apache License 2.0
4.82k stars 584 forks source link

Secret Scanning not working on Linux agents #2269

Open Argandov opened 3 months ago

Argandov commented 3 months ago

Technical Context

Describe the bug

  1. The Secret Scanner is not working in Linux Debian agents. I get an "Error" without any context in Deepfence Web UI as shown below:
image

What I've done to try to understand the error:

I am mostly grepping through the logs at /opt/deepfence/df-agents/copilot/var/log/supervisor/deepfenced.log 

image

I am seeing WARN errors skip <Deepfence_module> rules update already new in the logs for deepfence agents in Linux. I don't know what that means, and I don't know either if there's something wrong with my installation (I don't know either if the WARN messages are related, or if this WARN errors may indicate some other issue I'm not even aware of yet, not related to secret scanning):

image

How I installed the agent:

  1. sudo bash
  2. export MGMT_CONSOLE_URL="MY DF SERVER IP" export DEEPFENCE_KEY="MY KEY" (As per the instructions in the Web UI)
  3.  bash install_deepfence_agent.sh

Expected behavior

Secret Scanning on Linux hosts working

Thank you, I don't know what to do here, if the error lies on my side or there's something wrong with DF-agents

gnmahanth commented 3 months ago

can you please show us the deepfence-worker logs and also is it possible to restart the management console and try again

Argandov commented 3 months ago

Hi, where are the deepfence-worker logs?

TL;DR: I restarted the management console. secret scanner logs on DF agent are empty. Same error again

image

Deepfence agent on Linux

I'm on the deepfence Linux agent and I don't know where are the deepfence-worker logs:

image

the Secret_scanner.log file is empty (Even after restarting the management console and starting a secret scan again):

image

FTR: Restarting management console

I restarted the management console by:

docker-compose -f docker-compose.yml down

then up again:

docker-compose -f docker-compose.yml up --detach

Argandov commented 3 months ago

UPDATE:

I just realized you meant deepfence_worker Docker container. Here they are but I'm not sure what exactly would you like to see:

image image

If you want me to do something else with the logs please tell me so I know what exactly to show you

gnmahanth commented 3 months ago

@Argandov

I tried to run agent on Debian 12 and I was able to run all the scans successfully

can you please provide the full log file /opt/deepfence/df-agents/copilot/var/log/supervisor/deepfenced.log we should be able to see why secret scanner is not starting

meanwhile can you try to uninstall and install the agent again

if secret scanner start without any issues the secret scanner log file will have below content 

root@mahanth-debian-12:/opt/deepfence/df-agents/mahanth-debian-12/var/log/deepfenced# cat secret_scanner.log 
time="2024-07-26 04:16:05" level=error msg="open /opt/deepfence/df-agents/mahanth-debian-12/home/deepfence/bin/secret-scanner/config/config.yaml: no such file or directory"
time="2024-07-26 04:16:10" level=error msg="open /opt/deepfence/df-agents/mahanth-debian-12/home/deepfence/bin/secret-scanner/config/config.yaml: no such file or directory"
time="2024-07-26 04:16:15" level=error msg="open /opt/deepfence/df-agents/mahanth-debian-12/home/deepfence/bin/secret-scanner/config/config.yaml: no such file or directory"
INFO[2024-07-26T04:16:21Z] grpc.go:98 main: server listening at /opt/deepfence/df-agents/mahanth-debian-12/tmp/secret-scanner.sock