search

packetchaos / navi

A Command-line tool which leverages the Tenable.io API to reduce the time it takes to get information that is common during remediation or a troubleshooting event
GNU General Public License v3.0
72 stars 26 forks source link

Navi error when using "tag" command to tag agents in an agent group #20

Closed tejas619 closed 3 years ago

tejas619 commented 3 years ago

I tried performing following steps:

  1. navi update full
  2. navi update assets
  3. navi tag --c "Agents" --v " --group "

However, for the last command I am getting this error 


  File "/Users/Documents/python-scripts/bin/navi", line 8, in <module>
    sys.exit(cli())
  File "/Users/Documents/python-scripts/lib/python3.8/site-packages/click/core.py", line 829, in __call__
    return self.main(*args, **kwargs)
  File "/Users/Documents/python-scripts/lib/python3.8/site-packages/click/core.py", line 782, in main
    rv = self.invoke(ctx)
  File "/Users/Documents/python-scripts/lib/python3.8/site-packages/click/core.py", line 1259, in invoke
    return _process_result(sub_ctx.command.invoke(sub_ctx))
  File "/Users/Documents/python-scripts/lib/python3.8/site-packages/click/core.py", line 1066, in invoke
    return ctx.invoke(self.callback, **ctx.params)
  File "/Users/Documents/python-scripts/lib/python3.8/site-packages/click/core.py", line 610, in invoke
    return callback(*args, **kwargs)
  File "/Users/Documents/python-scripts/lib/python3.8/site-packages/navi/plugins/tag.py", line 343, in tag
    tag_list.append(tag_uuid[0][0])
IndexError: list index out of range```

Is there any way I can use debug command to check why this process is not working for these specific agent groups I am trying? 

PS: It work on 30% of our agent groups I have tried.
packetchaos commented 3 years ago

Sorry... Bad Error correction on my part...

You need to supply the name of the Agent group you want to create the tag with... So if your Agent group was named Linux your command would look like this --> navi tag --c "Agent Group Tag Example" --v "Linux Agent Group" --group "Linux"

It is case sensitive; put it in quotes to reduce errors.

tejas619 commented 3 years ago

I see. My value to be assigned (--v) and agent group name is the same and it contains [, : and spaces as characters. Do you think that is causing a problem?

packetchaos commented 3 years ago

Yes... Enclose the agent group in double-quotes

tejas619 commented 3 years ago

But I am using the same command for other agent group names and it works completely fine. Why would few specific agent group names give me that error. This exact command gives the error navi tag --c "Agents" --v "[VM] Corp: TLV QA Labs" --group "[VM] Corp: TLV QA Labs"

packetchaos commented 3 years ago

Oh interesting... Is this a Linux machine or windows you are running Navi on?

I'll create some tags with "]" in the name to see if I can figure out the problem.

On Thu, Jul 29, 2021, 4:52 PM Tejas Khairnar @.***> wrote:

But I am using the same command for other agent group names and it works completely fine. Why would few specific agent group names give me that error. This exact command gives the error navi tag --c "Agents" --v "[VM] Corp: TLV QA Labs" --group "[VM] Corp: TLV QA Labs"

— You are receiving this because you modified the open/close state. Reply to this email directly, view it on GitHub https://github.com/packetchaos/navi/issues/20#issuecomment-889531498, or unsubscribe https://github.com/notifications/unsubscribe-auth/AHWPVTOT6KRQUPRGMOZDQDTT2HSVNANCNFSM5BFBUJEQ .

tejas619 commented 3 years ago

It is a MacOS i am running navi on. Until you figure out why it is erroring out for group names such as mine, can we keep the issue open?

packetchaos commented 3 years ago

Yes. I will reopen the ticket and hope to get it resolved shortly.

On Thu, Jul 29, 2021, 8:39 PM Tejas Khairnar @.***> wrote:

It is a MacOS i am running navi on. Until you figure out why it is erroring out for group names such as mine, can we keep the issue open?

— You are receiving this because you modified the open/close state. Reply to this email directly, view it on GitHub https://github.com/packetchaos/navi/issues/20#issuecomment-889604548, or unsubscribe https://github.com/notifications/unsubscribe-auth/AHWPVTPMI3E3D7PSX4I5OQDT2INIBANCNFSM5BFBUJEQ .

packetchaos commented 3 years ago

I tried this and it worked... Can you check to ensure you have the right name? It is case sensitive. The error you are showing happens when the query to T.io on the agent group returns a null value...Which I haven't accounted for in error correction.

image

tejas619 commented 3 years ago

So I tried to extract data out of T.io using API Keys for the same agent group name and it works completely fine. I am able to pull the agent list and also the agent group name as is. So, i have a question. Does navi first lookup for agents in the local navi.db and then query T.io or is it the other way round? Also, can you guide me through any steps to debug this? maybe open the navi.db and search for particular asset which should get tagged as result of this command?

packetchaos commented 3 years ago

Looking at the logic...It appears I am only pulling the first 50 agent groups... This is likely the issue.

That aside here is the logic:

Lines: 321 to 348 https://github.com/packetchaos/navi/blob/master/navi/plugins/tag.py

So there are two conditions where this might fail in your situation.

  1. The navi update assets or navi update full has not been run and therefore no UUIDs to pull from the DB
  2. You have over 50 Agent Groups and fit into the bug I just identified.

I'm fixing the bug now... since it is a very quick fix. I should have it released in a few hours.

packetchaos commented 3 years ago

I just pushed the new version to pip... Please uninstall and reinstall and test...

I think this should solve the issue.

packetchaos commented 3 years ago

Can you please confirm if this solved the issue you were seeing? I'd like to close the ticket.

tejas619 commented 3 years ago 


Current Navi Version: navi-6.5.12 ```

``` navi tag --c "Agents" --v "[VM] Corp: TLV QA Labs" --group "[VM] Corp: TLV QA Labs"
Traceback (most recent call last):
  File "/Users/Documents/python-scripts/bin/navi", line 8, in <module>
    sys.exit(cli())
  File "/Users/Documents/python-scripts/lib/python3.8/site-packages/click/core.py", line 829, in __call__
    return self.main(*args, **kwargs)
  File "/Users/Documents/python-scripts/lib/python3.8/site-packages/click/core.py", line 782, in main
    rv = self.invoke(ctx)
  File "/Users/Documents/python-scripts/lib/python3.8/site-packages/click/core.py", line 1259, in invoke
    return _process_result(sub_ctx.command.invoke(sub_ctx))
  File "/Users/Documents/python-scripts/lib/python3.8/site-packages/click/core.py", line 1066, in invoke
    return ctx.invoke(self.callback, **ctx.params)
  File "/Users/Documents/python-scripts/lib/python3.8/site-packages/click/core.py", line 610, in invoke
    return callback(*args, **kwargs)
  File "/Users/Documents/python-scripts/lib/python3.8/site-packages/navi/plugins/tag.py", line 343, in tag
    tag_list.append(tag_uuid[0][0])
IndexError: list index out of range ```

I am still getting the same error. 
I did run `navi update full` and `navi update assets` twice.
packetchaos commented 3 years ago

Do you see the agent group in "navi agent groups?"

How many agents are in that group?

Have they been scanned prior?

Agent's don't get a UUID until they are scanned so it is possible to get this error if all the agents in the group have yet to be scanned.

tejas619 commented 3 years ago

Yes. I see the agent group name in the output of "navi agent groups" Also, till now we have performed 6 agent scans on all 136 agents in that group. Also, in the output of "navi agent display" I can see those agents with agent UUID column populated too.

I still get the same traceback error. Do you think we can solve this issue over a conference call?

packetchaos commented 3 years ago

I stepped through the logic. It appears I had no way of dealing with agent groups that had agents that have not been scanned. So if you had 136 agents and 1 had not been scanned, navi would throw this error.

Since I can not tag an agent without a UUID, I elected to just pass over that agent silently.

I hope this resolves the issue.

I just pushed 6.5.13 to pip.

tejas619 commented 3 years ago

yes! now this commit worked. 109/136 agents got tagged! Thanks a lot for fixing this promptly. :) When should we except a version which will tag all the agent regardless of it being scanned? Because right now, we still would be dealing with the 27 agents which are not tagged and there is no way to tag them manually.

packetchaos commented 3 years ago

Tenable has plans to make an agent an asset at link time... So when that happens this should work. Hopefully in the next few months.

On Mon, Aug 2, 2021, 8:33 PM Tejas Khairnar @.***> wrote:

yes! now this commit worked. 109/136 agents got tagged! Thanks a lot for fixing this promptly. :) When should we except a version which will tag all the agent regardless of it being scanned? Because right now, we still would be dealing with the 27 agents which are not tagged and there is no way to tag them manually.

— You are receiving this because you modified the open/close state. Reply to this email directly, view it on GitHub https://github.com/packetchaos/navi/issues/20#issuecomment-891492628, or unsubscribe https://github.com/notifications/unsubscribe-auth/AHWPVTLS5NGMWOEFNVW77ITT25PQTANCNFSM5BFBUJEQ . Triage notifications on the go with GitHub Mobile for iOS https://apps.apple.com/app/apple-store/id1477376905?ct=notification-email&mt=8&pt=524675 or Android https://play.google.com/store/apps/details?id=com.github.android&utm_campaign=notification-email .

tejas619 commented 3 years ago

I have another question on same context. Can I tag multiple values to the same agent group? I tried doing that but navi says, Your tag resulted in 0 Assets, therefore the tag wasn't created

packetchaos commented 3 years ago

Yes but they would need to different tag commands. It can't be done in one command.

On Tue, Aug 10, 2021, 4:12 PM Tejas Khairnar @.***> wrote:

I have another question on same context. Can I tag multiple values to the same agent group? I tried doing that but navi says, Your tag resulted in 0 Assets, therefore the tag wasn't created

— You are receiving this because you modified the open/close state. Reply to this email directly, view it on GitHub https://github.com/packetchaos/navi/issues/20#issuecomment-896372240, or unsubscribe https://github.com/notifications/unsubscribe-auth/AHWPVTKFXTS2ZREL4MKUTI3T4GW67ANCNFSM5BFBUJEQ . Triage notifications on the go with GitHub Mobile for iOS https://apps.apple.com/app/apple-store/id1477376905?ct=notification-email&mt=8&pt=524675 or Android https://play.google.com/store/apps/details?id=com.github.android&utm_campaign=notification-email .