search

splunk / attack_range

A tool that allows you to create vulnerable instrumented local or cloud environments to simulate attacks against and collect the data into Splunk
Apache License 2.0
2.15k stars 357 forks source link

Linux - UF installation #738

Closed cmoreno94 closed 1 year ago

cmoreno94 commented 1 year ago

Working on 992e107.

When I tried to install the Linux instance, I got the following problem: TASK [linux_universal_forwarder : setup to start at boot] **********************
│ fatal: [x.x.x.x]: FAILED! => {"changed": true, "cmd": ["/opt/splunkforwarder/bin/splunk", "enable", "boot-start"], "delta": "0:00:00.025995", "end": "2023-01-27 16:43:58.761699", "msg": "non-zero return code", "rc": 255, "start":"2023-01-27 16:43:58.735704", "stderr": "splunk is currently running, please stop it before running enable/disable boot-start", "stderr_lines": ["splunk is currently running, please stop it before running enable/disable boot-start"], "stdout": "", "stdout_lines": []}

My workaround: In /attack_range/packer/ansible/roles/linux_universal_forwarder/tasks/install_universal_forwarder.yml, I changed: - name: setup to start at boot
become: true
command: "/opt/splunkforwarder/bin/splunk enable boot-start -user splunk"

To:

- name: Stop splunk uf
become: true
command: "/opt/splunkforwarder/bin/splunk stop"

- name: setup to start at boot
become: true
command: "/opt/splunkforwarder/bin/splunk enable boot-start -user splunk"

- name: Start splunk uf
become: true
command: "/opt/splunkforwarder/bin/splunk start"

patel-bhavin commented 1 year ago

@cmoreno94 : thank you very much for proposing the fix, let me try it quick and get this merged!