sterlecki
commented
8 years ago Do you see anything in the laika errors logs
Closed ghost closed 8 years ago
sterlecki
commented
8 years ago Do you see anything in the laika errors logs
ghost
commented
8 years ago Where are those logs located?
sterlecki
commented
8 years ago I think by default they are coming out of syslog. I haven't looked in a while but maybe check /var/log/messages. I have custom syslog config so I have them coming out in my own logs.
On Sun, May 15, 2016, 4:25 PM Morgan Culbertson notifications@github.com wrote:
Where are those logs located?
— You are receiving this because you commented.
Reply to this email directly or view it on GitHub https://github.com/lmco/laikaboss/issues/42#issuecomment-219308486
ghost
commented
8 years ago May 15 20:51:46 ip-**---* laikad: ERROR 2121|si_dispatch|df170689-ecea-4509-ba76-159ba1c7eb57|||module not found: XER0X
The module's file name is scan_xer0x.py
Class definition: class SCAN_XER0X(SI_MODULE):
Dispatch Additions: rule type_is_js, rule type_is_html
-> scan_modules = "SCAN_XER0X"
sterlecki
commented
8 years ago Is scan Xerox something you created? I don't see it in the default dispatch.yara file.
On Sun, May 15, 2016, 5:04 PM Morgan Culbertson notifications@github.com wrote:
May 15 20:51:46 ip-**---* laikad: ERROR 2121|si_dispatch|df170689-ecea-4509-ba76-159ba1c7eb57|||module not found: XER0X
The module's file name is scan_xer0x.py Class definition: class SCAN_XER0X(SI_MODULE): Dispatch Additions: `rule type_is_js { meta: file_type = "js" scan_modules = "SCAN_XER0X" condition: true }
rule type_is_html { meta: file_type = "html" scan_modules = "SCAN_XER0X" condition: true }`
— You are receiving this because you commented.
Reply to this email directly or view it on GitHub https://github.com/lmco/laikaboss/issues/42#issuecomment-219310505
ghost
commented
8 years ago Correct - I added scan_xer0x to dispatch.yara. Is this not how it is intended to add a module to receive js/html files?
/_----------------------------SCANXER0X Rules---------------------------------/ rule type_is_js { meta: file_type = "js" scan_modules = "SCAN_XER0X" condition: true } rule type_is_html { meta: file_type = "html" scan_modules = "SCAN_XER0X" condition: true } /___/
ghost
commented
8 years ago I've haven't been able to debug the issue yet - any initial thoughts?
ghost
commented
8 years ago It was a problem with the build process not overwriting the build folder due to file privileges.
Platform: Operating on Ubuntu 14.04 EC2 instance Overview: Attempting to run a networked instance of laikaboss and run files through a custom module Problem: After starting a sever "./laikad.py" and attempting to use cloudscan as a client (as described here: https://github.com/lmco/laikaboss/issues/18), the output from the cloudscan request contains no module data.
Details: $ ./laika.py {file} "scanModules": ["SCAN_YARA", "META_HASH", "SCAN_TEST"] works correctly w/ added scanModules and meta data $ ./laikad.py + $ ./cloudscan.py {file} "scanModules": []
Any help would be appreciated.