search

infobyte / faraday

Open Source Vulnerability Management Platform
https://www.faradaysec.com
GNU General Public License v3.0
4.87k stars 893 forks source link

FARADAY v3.8 (PRO) - Could not connect to PostgreSQL. #366

Closed NotSoEthical closed 5 years ago

NotSoEthical commented 5 years ago

Issue Type

Faraday version

v 3.8 (commercial version)

Steps to reproduce

./faraday-server

Debugging tracebacks (current results)

Could not connect to PostgreSQL.
Please check: 
  * if database is running 
  * configuration settings are correct. 

For first time installations execute: 

  faraday-manage initdb

2019-06-20 08:37:38,606 - faraday-server.__main__ - WARNING {MainThread} [start_server.py:160 - check_alembic_version() ]  You are using an unknown schema version. If you are a developer, this probably happened because you used branch with a schema migration not merged yet. If you are a normal user, consider reporting this bug back to us                                          
2019-06-20 08:37:38,610 - faraday-server.__main__ - ERROR {MainThread} [start_server.py:130 - check_postgresql() ]

Screenshots

The error:

Screenshot

Posgresql Is currently runned

image

Environment information

OS Kali-Linux psql (PostgreSQL) 10.3 (Debian 10.3-2) Python 2.7.14+

OS

$ cat /etc/lsb-release DISTRIB_ID=Kali DISTRIB_RELEASE=kali-rolling DISTRIB_CODENAME=kali-rolling DISTRIB_DESCRIPTION="Kali GNU/Linux Rolling"

NotSoEthical commented 5 years ago

Other Issue

I have determined that my server.ini does not have connection string. But I don't know password for faraday_postgresql user. When I am changing the password from psql under postgres user, the faraday-manage tool brokes...

The another case which I have tried to is that I have remove all ~/.faraday dir and reinstall faraday-server from debian packet apt-get purge faraday-server , deleted faraday-postgresql role and faraday database from postgresql and tried to faraday-manage initdb again. But after all re-installations the server.ini still without db connection string Please give some direction or advises how to fix. Thank you.

NotSoEthical commented 5 years ago

Temporary fixed via adding postgresql user with permissions to manage faraday DB and putting credentials to the connection string in server.ini file.

llazzaro commented 5 years ago

Hi, If you have the commercial version we can arrange a call to help you. I will like to review your case. Please check: https://support.faradaysec.com/portal/home If you can send us the error of the initdb that could be very helpful. Also we have the faraday-manage support command that will create a .zip files with logs to troubleshoot this problem.

Thanks! Leonardo

jfarl commented 3 years ago

They make it impossibly difficult to set up in order to coerce an upgrade to the professional version. @NotSoEthical you are absolutely correct - The "faraday_postgresql" user and table is successfully initialized on install/first run but the user's password is not disclosed and no database connection string is created in the server.ini file. In fact, there's no documented reference to [database] in the .ini file or on their official documentation or FAQs (from what I can see) to even know that it should exist - making debugging near impossible.

The other possibility is utter incompetence. Good luck getting this project to install from either source (too many broken or depreciated dependencies - attempted on both OSX and Linux) or from the precompiled .deb file. Garbage, garbage, garbage. Was hoping to demo the product prior to pitching a license purchase but at this point I'm getting the idea this is "one of those" projects.

Like, excuse me? (Just one of about 4 examples of broken/incomplete build instructions) [Linux Source Install] image image

pip2 is depreciated since Jan 2020...... [OSX Source Install] image Also, instructions are outdated. The requirements files have changed. The above instructions are incorrect. image

Again, Python2/pip2 are depreciated for nearly a year now [OSX source install] image

This is literally one of those projects that you spend hours configuring but will never work- It's just one problem after the other. OSX source install not working --> move to Linux source install on Kali. That fails --> install from .deb file. DB connection issue. Spend hours debugging that too. Fix that issue (no help from official documents, have to crawl through similar issues) and project still doesn't connect: image image

??

aenima-x commented 3 years ago

@jfarl If you have problems with the commercial version please contact out support.

We are currently updating the documentation. Our current version (3.12) runs in python3 so I don't understand the pip2 comment. Related to the postgres error did you tried to connect with that user from the command line?

If you like open a new issue and explain me your problems. I dont have any problem running the latest version in OSX

jfarl commented 3 years ago

Hey I made a typo in that screenshot above but it doesn't matter. That's not the point. The correct username results in yet another error with the initdb command.

You get the honor of "one of those projects" when the documentation and build process is so broken that every conceivable way to building the project fails. A process this bad requiring so much debugging is also bound to result in user error such as above, compounding the issue. - I wonder how many people have sunk an entire evening into building this but ultimately gave up?

Your own dev install guide references pip2 and python2 -- https://github.com/infobyte/faraday/wiki/Development-Installation-OSX

Fix this: $ pip2 install -r requirements_server.txt -U $ pip2 install -r requirements.txt -U to $ pip install -r requirements.txt -U

$ brew install pygobject3 --with-python@2 to $ brew install pygobject3

Normal OSX install: https://github.com/infobyte/faraday/wiki/Install-Guide#macos $ pip install faradaysec

image

Good luck with all that.

Install from git repo instructions are broken:

image

Broken link: https://virtualenv.pypa.io/en/latest/userguide/

image

In conclusion, I'm not opening another issue because I'm no longer interested in creating a working project. I'm leaving this here as both a warning for wayward travelers and as a lever of work for improvements for your team. I'm already way past the "fail fast" cutoff I set for myself when building a new project - I let myself get carried away because this one seemed promising. I've sunk enough hours into getting a working version of this product for the point of demoing it to upper management to receive buyin for a purchase agreement. Even Dradis was able to get up and running with some minor config.

I'm coming from a previous client with a medium sized pentest team where in ~2017 we build a similar in-house platform for findings and test case tracking with built-in bi-directional Jira sync (major headache) for SDLC pentesting. The current client does not have the dev resources and I'm not willing to undertake a similar effort for a second time. Hence, looking for some commercial off-the-shelf product.