traut
commented
5 years ago @Tanushree543 it looks like you can not connect to the server. Is your web-server (nginx for example) in front of gunicorn properly configured?
Closed Tanushree543 closed 5 years ago
traut
commented
5 years ago @Tanushree543 it looks like you can not connect to the server. Is your web-server (nginx for example) in front of gunicorn properly configured?
Tanushree543
commented
5 years ago Thanks for the reply Traut, I am executing the below command to push data, but observed the errors at client and server. Also I want to know why http is redirecting to https (https://localhost:9000/services/discovery). As I used http only, I have not configured nginx server, only gunicorn is configured.
Executed command:
sudo taxii-push --host localhost --port 9000 --http --discovery /services/discovery --content-file stuxnet.stix.xml --binding "urn:stix.mitre.org:xml:1.1.1" --subtype custom-subtyp
Error at client:
2019-08-23 14:56:35,028 INFO: Sending Discovery_Request to https://localhost:9000/services/discovery 2019-08-23 14:57:05,247 ERROR: ('Connection aborted.', error(0, 'Error'))
Error at Gunicorn Server:
{"timestamp": "2019-08-23T09:27:05.246056Z", "logger": "gunicorn.error", "event": "WORKER TIMEOUT (pid:9259)", "level": "critical"} {"timestamp": "2019-08-23T09:27:05.246600Z", "logger": "gunicorn.error", "event": "Worker exiting (pid: 9259)", "level": "info"} {"timestamp": "2019-08-23T09:27:05.357021Z", "logger": "gunicorn.error", "event": "Booting worker with pid: 9284", "level": "info"}
traut
commented
5 years ago @Tanushree543 did you use only HTTP transport bindings in your service configuration?
Also, gunicorn says worker timed out. Do you have OpenTAXII logs?
Tanushree543
commented
5 years ago Where can I search for OpenTAXII logs? Please you guide me.
Tanushree543
commented
5 years ago Can you guide me where and how to authorise a client to access TAXII server?
Tanushree543
commented
5 years ago @Tanushree543 did you use only HTTP transport bindings in your service configuration?
Also, gunicorn says worker timed out. Do you have OpenTAXII logs?
Yes I am using only HTTP transport bindings.
Also can you please guide on the below error as we are facing same issue after reinstallation. Do I have to do any additional settings other than installation steps provided in the Link(https://opentaxii.readthedocs.io/en/stable/installation.html)?
Executed command:
sudo taxii-push --host localhost --port 9000 --http --discovery /services/discovery --content-file stuxnet.stix.xml --binding "urn:stix.mitre.org:xml:1.1.1" --subtype custom-subtyp
Error at client:
2019-08-30 16:55:35,028 INFO: Sending Discovery_Request to https://localhost:9000/services/discovery 2019-08-30 16:55:05,247 ERROR: ('Connection aborted.', error(0, 'Error'))
arcsector
commented
5 years ago @Tanushree543 please post your opentaxii config.
Tanushree543
commented
5 years ago config.txt I attached the config.py file.
traut
commented
5 years ago @Tanushree543 that's not your config, that's python file that loads the config. Please share your yaml config file (example)
Tanushree543
commented
5 years ago data-configuration.yml.txt I attached defaults.yml and data-configuration.yml file. The db_connection I used my Postgresql database credentials. I have one more query i.e., Through telnet I'm not able to access 9000 port how to access 9000 port or is there any other alternative?
traut
commented
5 years ago @Tanushree543 in your data configuration config I see you have HTTP and HTTPS bindings for your discovery service. Judging from the command you posted:
sudo taxii-push --host localhost --port 9000 --http --discovery /services/discovery --content-file stuxnet.stix.xml --binding "urn:stix.mitre.org:xml:1.1.1" --subtype custom-subtypeyou're using discovery service to discover inbox to push data through (there are no exact path for a inbox service).
btw, --http is not a valid options, only --https is, and it is false by default
Tanushree543
commented
5 years ago @Traut, Please let me know, is there any configuration to be done in GUNICORN server. Also let me know whether https is mandatory? i.e., for the same do we need to setup NGINX server? I digged through the code and observed that I am getting "ProtocolError" by adding print statement in the below file, please can you help me to understand this. print is written in the method (urlopen) which is in the file "/usr/lib/python2.7/dist-packages/urllib3/connectionpool.py"
Whether my command is correct or is there any change to be done.
taxii-push --host localhost --port 9000 --https --discovery /read-write/services/inbox --content-file /usr/local/lib/python2.7/dist-packages/opentaxii/examples/stix/stuxnet.stix.xml --binding "urn:stix.mitre.org:xml:1.1.1" --subtype custom-subtype
or provide me a sample command which is suitable for push operation. I have followed the above one from opentaxii document.
please I am seeking help.
traut
commented
5 years ago @Tanushree543 if you want to push data into our TAXII server, Inbox is the way to do that. If you have access to the DB, you can try storing it directly in the DB
Tanushree543
commented
5 years ago @traut I tried, but there are multiple foreign key values to be inserted. FYI I'm using python2.7 in ubuntu 18.04.
traut
commented
5 years ago @Tanushree543 I would recommend starting with new DB and carefully review services configuration before you sync them into DB. If this doesn't help and your original command still does not work, try using exact path to the inbox (don't use --discovery but provide exact path with --path)
The error you've posted is a connection error, so something is clearly wrong with your setup
arcsector
commented
5 years ago @Tanushree543 I would also recommend using https://test.taxiistand.com to make sure your queries work; it's a fully fledged OpenTAXII server that you can use to make sure your commands work.
Tanushree543
commented
5 years ago Now I am using following command : "taxii-push --host [My IP] --port 9000 --https --path /read-write/services/discovery --content-file /usr/local/lib/python2.7/dist-packages/opentaxii/examples/stix/stuxnet.stix.xml --binding "urn:stix.mitre.org:xml:1.1.1" --subtype custom-subtype" and observe the below error: "ERROR: HTTPSConnectionPool(host='My IP', port=9000): Max retries exceeded with url: /read-write/services/discovery (Caused by ProxyError('Cannot connect to proxy.', error(0, 'Error')))"
arcsector
commented
5 years ago @Tanushree543 Can you format your code correctly with the backticks (`)? Helps us read it better.
Second, please try and push with cabby to https://test.taxiistand.com so that you understand the way cabby and opentaxii work.
If you would have read the documentation you would know that the --path flag with a discovery url and the --https flag are incompatible (also incompatible with the --port and --host flags). If you want to specify a discovery path instead of an inbox path, use the --discovery flag.
Also you shouldn't be using /read-write/services/discovery unless it's in your yaml config; that is a https://test.taxiistand.com link.
@traut is correct in that it seems like your issue is with HTTPS; try the following:
santra-schema
commented
5 years ago I am facing the same error while trying with push command.
I have tried to push with cabby to https://test.taxiistand.com with below command
taxii-push --host test.taxiistand.com --https --path /read-write/services/inbox-all --content-file /usr/local/lib/python2.7/dist-packages/opentaxii/sample/stixobj.xml --binding "urn:stix.mitre.org:xml:1.1.1" --subtype custom-subtype
I have observed below error
_11:53:08,204 ERROR: DESTINATION_COLLECTION_ERROR: ACCEPTABLE_DESTINATION=[u'any-data']; A Destination_Collection_Name is required and none were specified_
Using a verified proxy settings in working environment, I had execute below command to hit my OPENTAXII Server.
taxii-push --host hostname --port 9000--https --path /read-write/services/inbox-b --content-file /usr/local/lib/python2.7/dist-packages/opentaxii/sample/stixobj.xml --binding "urn:stix.mitre.org:xml:1.1.1" --subtype custom-subtype
I have observed below error
11:57:21,506 ERROR: HTTPSConnectionPool(host='hostname', port=9000): Max retries exceeded with url: /read-write/services/inbox-b (Caused by ProxyError('Cannot connect to proxy.', error(0, 'Error')))
Please suggest me if I need to set proxy particular to OPENTAXII server. Can you please guide me about ProxyError - HTTPSConnectionPool Please check if I need to modify connectionpool.py connectionpool.txt
arcsector
commented
5 years ago @santra-schema You posed two problems. I will answer them both.
ERROR: DESTINATION_COLLECTION_ERRORHave you tried... Adding a collection name? If you're attempting to use cabby without reading the TAXII spec, you may want to read that first: https://taxiiproject.github.io/releases/1.0/TAXII_Services_Specification.pdf
In section 3.4.10 you will see the Inbox Message specification which lists a Feed Name as a request parameter, and it is required. From this you should glean that you need a collection (in fact you should have gleaned that from the error message itself). Please read all the TAXII 1.0 specs first before commenting.
You also did not read my above comment:
If you would have read the documentation you would know that the
--pathflag with a discovery url and the--httpsflag are incompatible (also incompatible with the--portand--hostflags). If you want to specify a discovery path instead of an inbox path, use the--discoveryflag.
ERROR: HTTPSConnectionPoolThis also would not have been solved if you had read my above comment:
Also you shouldn't be using
/read-write/services/discoveryunless it's in your yaml config; that is a https://test.taxiistand.com link.
You did the exact same thing the OP did. If you'd like more info on taxii-push and cabby, please consult the cabby documentation. If you have problems with the way cabby works, submit an issue on their Github repo.
santra-schema
commented
5 years ago @arcsector Thanks a lot for your guidance.
By providing collection and understanding the --path , I am successfully able to push content in inboxservice.
@Tanushree543 Try with --dest in your push command to provide collection service name. In --path variable, specify /inbox service instead of /discovery. It works fine for me.
Tanushree543
commented
5 years ago Thanks all. Now I am able to push data by using --dest in taxii-push command.
I started opentaxii server through gunicorn in production mode. Then proceeded with following steps:-1.Opened a new terminal and successfully executed Opentaxii-sync-data command.