Open nitrogen17 opened 5 years ago
I did not do a fresh installation on my Ubuntu 16.04 as i had made a second fresh installation in May 2019, however I followed the instructions given by @d1str0 ( and past help support from @jatrost). Unfortunately I only got this mhn-collector: ERROR
Looking at my logs in mhn-collector.log and mhn-collector.err
sudo tail /var/log/mhn/mhn-collector.log File "/opt/mhn/env/src/hpfeeds-logger/hpfeedslogger/processors.py", line 77, in geo_intel AttributeError: 'Location' object has no attribute 'lattitude' 2019-06-20 14:32:51,633 - collector - ERROR - 'Location' object has no attribute 'lattitude' Traceback (most recent call last): File "collector_v2.py", line 100, in on_message results = processor.process(identifier, channel, payload, ignore_errors=True) File "/opt/mhn/env/src/hpfeeds-logger/hpfeedslogger/processors.py", line 631, in process File "/opt/mhn/env/src/hpfeeds-logger/hpfeedslogger/processors.py", line 607, in geo_intelligence_enrichment File "/opt/mhn/env/src/hpfeeds-logger/hpfeedslogger/processors.py", line 77, in geo_intel AttributeError: 'Location' object has no attribute 'lattitude'
sudo tail /var/log/mhn/mhn-collector.err
src_ip=dec.src_ip,
^
SyntaxError: invalid syntax
Traceback (most recent call last):
File "collector_v2.py", line 5, in
sudo supervisorctl restart all
mhn-collector: ERROR (spawn error) cowrie: ERROR (spawn error) suricata: started snort: started mhn-celery-beat: started hpfeeds-broker: started mnemosyne: started geoloc: started mhn-uwsgi: started mhn-celery-worker: started honeymap: started
sudo tail -f **/var/log/mhn/geoloc.***
==> /var/log/mhn/geoloc.err <== error: [Errno 111] Connection refused connected to @hp2 Parsing config file: /opt/hpfeeds/geoloc.json Traceback (most recent call last): File "/opt/hpfeeds/env/local/lib/python2.7/site-packages/hpfeeds.py", line 137, in connect self.s.connect((addr, self.port)) File "/usr/lib/python2.7/socket.py", line 228, in meth return getattr(self._sock,name)(*args) error: [Errno 111] Connection refused connected to @hp2
==> /var/log/mhn/geoloc.log <== File "/opt/hpfeeds/env/local/lib/python2.7/site-packages/geoip2/database.py", line 114, in city return self._model_for(geoip2.models.City, 'City', ip_address) File "/opt/hpfeeds/env/local/lib/python2.7/site-packages/geoip2/database.py", line 195, in _model_for record = self._get(types, ip_address) File "/opt/hpfeeds/env/local/lib/python2.7/site-packages/geoip2/database.py", line 191, in _get "The address %s is not in the database." % ip_address) AddressNotFoundError: The address 10.2.2.74 is not in the database. invalid message {"sensor": "21d0126a-8f53-11e9-a264-d4ae52c399cf", "timestamp": "2019/06/20 16:16:13.146814", "tcp_seq": "0xC0B4F9C", "proto": "TCP", "ip_tos": 0, "destination_ip": "10.2.2.74", "source_ip": "185.176.26.27", "ip_ttl": 238, "ip_id": 62164, "eth_src": "50:57:A8:D4:A5:84", "eth_dst": "D4:AE:52:C3:99:CF", "tcp_len": 20, "eth_type": "0x800", "eth_len": "0x3C", "tcp_ack": "0x0", "tcp_win": "0x4000000", "source_port": 42837, "signature_id": 2402000, "destination_port": 3333, "tcp_flags": "**S*", "action": "allowed", "signature_rev": 5189, "signature": "ET DROP Dshield Block Listed Source group 1"} Traceback (most recent call last): File "/opt/hpfeeds/examples/geoloc/geoloc.py", line 84, in
Honneymapo not show the map https://github.com/threatstream/mhn/issues/246
I tried that @tiancu1980 but no luck. Anyway I have an idea based on that #246 .
Instead of
sudo tcpdump -A -nnNN 'tcp port 10000' | grep -o '\{.*' --line-buffered
Try to use
sudo tcpdump -A -nnNN 'tcp port 3000' | grep -o '\{.*' --line-buffered
port 3000 indicates to the Honeymap page, i used that 3000 to sniff if theres packet received in that port and yes, i got packets
https://i.imgur.com/xsdMIAV.png
{\"city\":\"Xinpu\",\"city2\":\"Singapore\",\"countrycode\":\"CN\",\"countrycode2\":\"SG\",\"latitude\":34.5997,\"latitude2\":1.2929,\"longitude\":119.1594,\"longitude2\":103.8547,\"type\":\"snort.alerts\"}
I found the culprit! It seems that there's a problem when you deploy mhn server or sensor in a Singapore Public IP. This issue is exact as my problem #256.
https://i.imgur.com/wpD7D4w.png As you can see, theres no SG in mapData.paths indicating Singapore object and it returns undefined.
The temporary fix is to make the return of function(e) parameter into already exisiting objects and the honeymap will work. https://i.imgur.com/0EM7BxL.png
@nitrogen17 kindly guide me on steps, maybe i have the same issue
@nitrogen17 can you elaborate on your fix? What file is mapData.paths? Is this from the GeoLite2.mmdb? Or a script in honeymap? Unfortunately images don't help as much as text file links.
If you can elaborate I would love to fix this.
Sure, I’ll iterate the problem from the start
sudo tcpdump -A -nnNN 'tcp port 3000' | grep -o '\{.*' --line-buffered
console.log(e)
to check the content of undefined from the getRegionName:function(e)
and it seems that the problem is when you have SG
data the return type of of the function will be undefined and it causing JS error.
if(e=='SG') return this.mapData.paths['PH'].name;
You can check the code here Filename Path: honeymap/client/extern/jquery-jvectormap-1.0.min.js Note: This is only temporary fix to bypass error for SG Link
So far the problem would be on the Database, im not sure if it's the GeoLite2.mmdb but the data would be like this
https://i.imgur.com/wpD7D4w.png
The SG must be included there in order to fix this issue
Also worth checking out #54 from a few years back if anybody is still bumping into this.
Can anyone reproduce fresh installation of MHN if the Honeymap is working in the latest master branch? I did MHN and Sensor Installation in Public IP two times already but the Honeymap didn't work. All working fine except the Honeymap. Issue #664 dont work either.
All supervisor are working normal both mhn and sensor
MHN supervisorctl
Snort Sensor
Thanks!