EVEBOX_DATA_DIRECTORY ignored -- Was: Add authentication to HTTP frontend

[ngms17]

How can i add authentication to access the web frontend? I tried using evebox config -D /var/lib/evebox/ users rm --username teste to add a new user and enabled the authentication in the config file.

Despite this steps, it gives me "Login failed"

[jasonish]

A quick test with 0.16.0 and its working for me...

My evebox.yaml:

authentication:
  required: true
  type: usernamepassword

And then added a user like:

evebox -D /var/lib/evebox config users add --username admin --password admin

Can you verify your config and that your user exists? (evebox config users list)

[ngms17]

Forgot to mention that i am using the version 0.17.0-dev. Users exist when i run evebox config users list.

Added user

evebox -D /var/lib/evebox config users add --username admin --password admin

User exist

{"uuid":"938a8c50-370f-416c-a012-d7c84eec52e9","username":"admin"}

Error:

[jasonish]

Forgot to mention that i am using the version 0.17.0-dev. Users exist when i run evebox config users list

Oh, -D, --data-directory is always required for this stuff. I'll re-test on 0.17.0.

[ngms17]

Updated the comment above with some info

[jasonish]

Does the server provide a log message as to why? For example, if the password is bad you'll see:

2023-03-15 11:55:31  WARN evebox::server::api::login: Login failure for username=admin, error=BadPassword("admin")

Note, thats not actually the password in the BadPassword, that is the username.

[ngms17]

It provides this log message:

INFO evebox::server::main: Authentication required but no session found.
evebox[2475]: 2023-03-15 17:57:03  WARN evebox::server::api::login: Login failure for username=admin, error=UsernameNotFound("admin")

[jasonish]

Does the server have the same -D /var/lib/evebox option? If running from a Deb/RPM it should, but maybe something is wrong there.

[ngms17]

Yes. I am using -D /var/lib/evebox. Inside that directory exists a config.sqlite file

[jasonish]

Unfortunately I'm not sure whats going. I have tested this scenario with both 0.16.0 and the current git main and both worked. There are no significant changes between 0.16.0 and main that would have an affect on this either.

[ngms17]

Do i need to configure anything else rather then creating a user and add to the config file authentication: true?

[ngms17]

This is my evebox service file. Everything is ok?

cat /lib/systemd/system/evebox.service
[Unit]
Description=EveBox Server

[Service]
User=evebox
Group=evebox
ExecStart=/usr/bin/evebox server $ELASTICSEARCH_URL $CONFIG $EVEBOX_OPTS
EnvironmentFile=-/etc/default/evebox
Environment=CONFIG="-c /etc/evebox/evebox.yaml"
Environment=EVEBOX_DATA_DIRECTORY=/var/lib/evebox

[Install]
WantedBy=multi-user.target

Tried with the 0.16 version and it did not work as well. Web browser console indicates:

name: "HttpErrorResponse"
​
ok: false
​
status: 401
​
statusText: "Unauthorized"

Strange...

[jasonish]

I think I know the issue, its a bug. Please add

data-directory: /var/lib/evebox

somewhere to your /etc/evebox/evebox.yaml? I think I broke the auto-reading of env vars by name.

[ngms17]

It worked!!! Many thanks!!!

[jasonish]

Thanks for bearing with me. Its a bug that I'll fix. It should have worked given your config.

[jasonish]

Fixed in git main now. Thanks for reporting!

[ngms17]

Noticed another potential issue. When downloading a pcap, it gives me "authentication required" on the webpage

[jasonish]

Noticed another potential issue. When downloading a pcap, it gives me "authentication required" on the webpage

Thanks...

https://github.com/jasonish/evebox/issues/262

[jasonish]

Noticed another potential issue. When downloading a pcap, it gives me "authentication required" on the webpage

This is fixed in the latest development builds.