search

magneticstain / Inquisition

An advanced and versatile open-source network anomaly detection platform
MIT License
8 stars 4 forks source link

Offset File Cannot Be Created With Default Install #133

Closed magneticstain closed 5 years ago

magneticstain commented 5 years ago

With the default file permissions applied via the install script, inquisition.py will fail to read in a file for parsing since it's unable to create the offset file:

2018-11-17 22:39:16,603 [ ERROR ] [ lib.anatomize.Parser ] could not open file for parser :: [ PARSER ID: 1 // NAME: parser_system_logs // READING FROM LOG FILE: /var/log/syslog // OFFSET FILE: /opt/inquisition/tmp/1_parser_system_logs.offset // TOTAL LOGS PROCESSED: { 0 } ] :: [ MSG: [Errno 2] No such file or directory: '/opt/inquisition/tmp/1_parser_system_logs.offset' ]
magneticstain commented 5 years ago

Appears the reason may be due to $APP_DIR/tmp/ not being created by the install script.

sysadmin@lhr1inquisition01:~$ ls -l /opt/inquisition/
total 48
-rw-r--r-- 1 sysadmin sysadmin  416 Nov 14 13:20 composer.json
-rw-r--r-- 1 sysadmin sysadmin 2340 Nov 14 13:20 composer.lock
drwxr-xr-x 2 sysadmin www-data 4096 Nov 14 13:20 conf
-rwxr-xr-x 1 sysadmin sysadmin 5413 Nov 14 13:20 inquisition.py
drwxr-xr-x 7 sysadmin sysadmin 4096 Nov 14 13:20 lib
-rw-r--r-- 1 sysadmin sysadmin 1069 Nov 14 13:20 LICENSE
-rw-r--r-- 1 sysadmin sysadmin  888 Nov 14 13:20 phpunit.xml
-rw-r--r-- 1 sysadmin sysadmin 2912 Nov 14 13:20 README.md
-rw-r--r-- 1 sysadmin sysadmin  106 Nov 14 13:20 requirements.txt
drwxr-xr-x 4 sysadmin sysadmin 4096 Nov 14 13:25 vendor
drwxr-xr-x 5 sysadmin sysadmin 4096 Nov 14 13:20 web
sysadmin@lhr1inquisition01:~$
magneticstain commented 5 years ago

Looks like this was fixed in an earlier commit as a new install will result in creation of the tmp/ dir.

sysadmin@lhr1inquisition01:~/Inquisition$ ls -l /opt/inquisition/
total 52
-rw-r--r-- 1 sysadmin    sysadmin     416 Nov 14 13:20 composer.json
-rw-r--r-- 1 sysadmin    sysadmin    2340 Nov 14 13:20 composer.lock
drwxr-xr-x 2 sysadmin    www-data    4096 Nov 14 13:20 conf
-rwxr-xr-x 1 sysadmin    sysadmin    5413 Nov 14 13:20 inquisition.py
drwxr-xr-x 6 sysadmin    sysadmin    4096 Nov 14 13:20 lib
-rw-r--r-- 1 sysadmin    sysadmin    1069 Nov 14 13:20 LICENSE
-rw-r--r-- 1 sysadmin    sysadmin     888 Nov 14 13:20 phpunit.xml
-rw-r--r-- 1 sysadmin    sysadmin    2912 Nov 14 13:20 README.md
-rw-r--r-- 1 sysadmin    sysadmin     106 Nov 14 13:20 requirements.txt
drwxr-xr-x 2 inquisition inquisition 4096 Nov 17 22:51 tmp
drwxr-xr-x 4 sysadmin    sysadmin    4096 Nov 14 13:25 vendor
drwxr-xr-x 5 sysadmin    sysadmin    4096 Nov 14 13:20 web
sysadmin@lhr1inquisition01:~/Inquisition$ ls -l /opt/inquisition-bkp/
total 48
-rw-r--r-- 1 sysadmin sysadmin  416 Nov 14 13:20 composer.json
-rw-r--r-- 1 sysadmin sysadmin 2340 Nov 14 13:20 composer.lock
drwxr-xr-x 2 sysadmin www-data 4096 Nov 14 13:20 conf
-rwxr-xr-x 1 sysadmin sysadmin 5413 Nov 14 13:20 inquisition.py
drwxr-xr-x 7 sysadmin sysadmin 4096 Nov 14 13:20 lib
-rw-r--r-- 1 sysadmin sysadmin 1069 Nov 14 13:20 LICENSE
-rw-r--r-- 1 sysadmin sysadmin  888 Nov 14 13:20 phpunit.xml
-rw-r--r-- 1 sysadmin sysadmin 2912 Nov 14 13:20 README.md
-rw-r--r-- 1 sysadmin sysadmin  106 Nov 14 13:20 requirements.txt
drwxr-xr-x 4 sysadmin sysadmin 4096 Nov 14 13:25 vendor
drwxr-xr-x 5 sysadmin sysadmin 4096 Nov 14 13:20 web
sysadmin@lhr1inquisition01:~/Inquisition$