search

google / timesketch

Collaborative forensic timeline analysis
Apache License 2.0
2.6k stars 590 forks source link

TimeSketch config file change and causing errors #851

Closed orlikoski closed 4 years ago

orlikoski commented 5 years ago

The configuration file changed in the latest version that is causing errors when upgrading using pip as the update process only updates /usr/local/share/timesketch/timesketch.conf and leaves /etc/timesketch.conf the same as it was.

Here is a listing of all of the variables that have changed with a diff between the default configuration file of the current version timesketch.conf.new and the previous version timesketch.conf.old.

skadi@skadi:~$ diff timesketch.conf.new timesketch.conf.old
18c18
< SECRET_KEY = '<KEY_GOES_HERE>'
---
> SECRET_KEY = u'<KEY_GOES_HERE>'
35c35
< ELASTIC_HOST = '127.0.0.1'
---
> ELASTIC_HOST = u'127.0.0.1'
47c47
< SSO_USER_ENV_VARIABLE = 'REMOTE_USER'
---
> SSO_USER_ENV_VARIABLE = u'REMOTE_USER'
57c57
< SSO_GROUP_SEPARATOR = ';'
---
> SSO_GROUP_SEPARATOR = u';'
61c61
< # '-'.
---
> # u'-'.
80,81c80,81
< GOOGLE_IAP_PROJECT_NUMBER = ''
< GOOGLE_IAP_BACKEND_ID = ''
---
> GOOGLE_IAP_PROJECT_NUMBER = u''
> GOOGLE_IAP_BACKEND_ID = u''
85c85
< GOOGLE_IAP_AUDIENCE = '/projects/{}/global/backendServices/{}'.format(
---
> GOOGLE_IAP_AUDIENCE = u'/projects/{}/global/backendServices/{}'.format(
90,92c90,92
< GOOGLE_IAP_ALGORITHM = 'ES256'
< GOOGLE_IAP_ISSUER = 'https://cloud.google.com/iap'
< GOOGLE_IAP_PUBLIC_KEY_URL = 'https://www.gstatic.com/iap/verify/public_key'
---
> GOOGLE_IAP_ALGORITHM = u'ES256'
> GOOGLE_IAP_ISSUER = u'https://cloud.google.com/iap'
> GOOGLE_IAP_PUBLIC_KEY_URL = u'https://www.gstatic.com/iap/verify/public_key'
124c124
< UPLOAD_FOLDER = '/tmp'
---
> UPLOAD_FOLDER = u'/tmp'
133c133
< #PLASO_DATA_LOCATION = '/path/to/dir/with/plaso/data/files'
---
> #PLASO_DATA_LOCATION = u'/path/to/dir/with/plaso/data/files'
141c141
< NEO4J_HOST = '127.0.0.1'
---
> NEO4J_HOST = u'127.0.0.1'
143,144c143,144
skadi@skadi:~$ diff timesketch.conf.new timesketch.conf.old
18c18
< SECRET_KEY = '<KEY_GOES_HERE>'
---
> SECRET_KEY = u'<KEY_GOES_HERE>'
35c35
< ELASTIC_HOST = '127.0.0.1'
---
> ELASTIC_HOST = u'127.0.0.1'
47c47
< SSO_USER_ENV_VARIABLE = 'REMOTE_USER'
---
> SSO_USER_ENV_VARIABLE = u'REMOTE_USER'
57c57
< SSO_GROUP_SEPARATOR = ';'
---
> SSO_GROUP_SEPARATOR = u';'
61c61
< # '-'.
---
> # u'-'.
80,81c80,81
< GOOGLE_IAP_PROJECT_NUMBER = ''
< GOOGLE_IAP_BACKEND_ID = ''
---
> GOOGLE_IAP_PROJECT_NUMBER = u''
> GOOGLE_IAP_BACKEND_ID = u''
85c85
< GOOGLE_IAP_AUDIENCE = '/projects/{}/global/backendServices/{}'.format(
---
> GOOGLE_IAP_AUDIENCE = u'/projects/{}/global/backendServices/{}'.format(
90,92c90,92
< GOOGLE_IAP_ALGORITHM = 'ES256'
< GOOGLE_IAP_ISSUER = 'https://cloud.google.com/iap'
< GOOGLE_IAP_PUBLIC_KEY_URL = 'https://www.gstatic.com/iap/verify/public_key'
---
> GOOGLE_IAP_ALGORITHM = u'ES256'
> GOOGLE_IAP_ISSUER = u'https://cloud.google.com/iap'
> GOOGLE_IAP_PUBLIC_KEY_URL = u'https://www.gstatic.com/iap/verify/public_key'
124c124
< UPLOAD_FOLDER = '/tmp'
---
> UPLOAD_FOLDER = u'/tmp'
133c133
< #PLASO_DATA_LOCATION = '/path/to/dir/with/plaso/data/files'
---
> #PLASO_DATA_LOCATION = u'/path/to/dir/with/plaso/data/files'
141c141
< NEO4J_HOST = '127.0.0.1'
---
> NEO4J_HOST = u'127.0.0.1'
143,144c143,144
< NEO4J_USERNAME = 'neo4j'
< NEO4J_PASSWORD = '<NEO4J_PASSWORD>'
---
> NEO4J_USERNAME = u'neo4j'
> NEO4J_PASSWORD = u'<N4J_PASSWORD>'
154,156d153
< #-------------------------------------------------------------------------------
< # Analyzers specific configuration.
<
160,180d156
< # Add all domains that are relevant to your enterprise here.
< # All domains in this list are added to the list of watched
< # domains and compared to other domains in the timeline to
< # attempt to spot "phishy" domains.
< DOMAIN_ANALYZER_WATCHED_DOMAINS = []
<
< # Defines how deep into the most frequently visited top
< # level domains the analyzer should include in its watch list.
< DOMAIN_ANALYZER_WATCHED_DOMAINS_THRESHOLD = 10
<
< # The minimum Jaccard distance for a domain to be considered
< # similar to the domains in the watch list. The lower this number
< # is the more domains will be included in the "phishy" domain
< # category.
< DOMAIN_ANALYZER_WATCHED_DOMAINS_SCORE_THRESHOLD = 0.75
<
< # A list of domains that are frequent source of false positives
< # in the "phishy" domain comparison, mostly CDNs and similar.
< DOMAIN_ANALYZER_WHITELISTED_DOMAINS = ['ytimg.com', 'gstatic.com', 'yimg.com', 'akamaized.net', 'akamaihd.net', 's-microsoft.com', 'images-amazon.com', 'ssl-images-amazon.com', 'wikimedia.org', 'redditmedia.com', 'googleusercontent.com', 'googleapis.com']
<
<
185,198d160
<
< #-------------------------------------------------------------------------------
< # Email notifications.
<
< ENABLE_EMAIL_NOTIFICATIONS = False
< EMAIL_DOMAIN = 'localhost'
< EMAIL_FROM_USER = 'nobody'
< EMAIL_SMTP_SERVER = 'localhost'
<
< # Only send emails to these users.
< EMAIL_USER_WHITELIST = []
<
< # Configuration to construct URLs for resources.
< EXTERNAL_HOST_URL = 'https://localhost'
kiddinn commented 5 years ago

is this not fixed by now? There has been an update since then

berggren commented 4 years ago

We have introduced checks for when config changes. that being said, keeping your deployed configuration file up2date is the responsibility of the server admin.

We need to write documentation for this though. Closing this out and track the documentation task separately