search

tylabs / dovehawk

Dovehawk is a Zeek module that automatically imports MISP indicators and reports Sightings
MIT License
122 stars 24 forks source link

Error while downloading from misp #4

Closed eshaafs closed 3 years ago

eshaafs commented 4 years ago

Hello, i got an error while downloading resources from misp, here is the full log:

`[root@bro eshaafs]# zeek -i ens192 -C dovehawk/ listening on ens192

Downloading Signatures 2020/08/12 11:17:37 [1.02.001] NETSTATS: pkts_dropped=0 pkts_recvd=1 pkts_link=1 bytes_recvd=134 Local Directory: /home/eshaafs/./dovehawk/./scripts/. MISP Server: https://192.168.105.234/ Downloading Indicators... Downloading Signatures... 1597205858.245483 error: curl --header "Authorization: "DkqPVMDGEo9HrrT8BJDytiwWBpVHuZ3zqZFm79pj"" -s -g -o ""/tmp/zeek-activehttp-ekmpsMUTCl6_body"" -D ""/tmp/zeek-activehttp-ekmpsMUTCl6_headers"" -X ""GET"" -m 60 ""https://192.168.105.234/attributes/bro/download/all"" && touch "/tmp/zeek-activehttp-ekmpsMUTCl6_body" |/Input::READER_RAW: Child process exited with non-zero return code 60 1597205858.245483 error: curl --header "Authorization: "DkqPVMDGEo9HrrT8BJDytiwWBpVHuZ3zqZFm79pj"" -s -g -o ""/tmp/zeek-activehttp-qdsHIduAQDl_body"" -D ""/tmp/zeek-activehttp-qdsHIduAQDl_headers"" -X ""GET"" -m 60 ""https://192.168.105.234/attributes/text/download/zeek"" && touch "/tmp/zeek-activehttp-qdsHIduAQDl_body" |/Input::READER_RAW: Child process exited with non-zero return code 60 1597205858.246415 error: /tmp/zeek-activehttp-qdsHIduAQDl_body/Input::READER_RAW: Init: cannot open /tmp/zeek-activehttp-qdsHIduAQDl_body 1597205858.246415 error: /tmp/zeek-activehttp-qdsHIduAQDl_body/Input::READER_RAW: Init failed 1597205858.246415 error: /tmp/zeek-activehttp-qdsHIduAQDl_body/Input::READER_RAW: terminating thread 1597205858.246415 error: /tmp/zeek-activehttp-ekmpsMUTCl6_body/Input::READER_RAW: Init: cannot open /tmp/zeek-activehttp-ekmpsMUTCl6_body 1597205858.246415 error: /tmp/zeek-activehttp-ekmpsMUTCl6_body/Input::READER_RAW: Init failed 1597205858.246415 error: /tmp/zeek-activehttp-ekmpsMUTCl6_body/Input::READER_RAW: terminating thread `

BorkTrain commented 3 years ago

edit dovehawk/scripts/dovehawk.zeek, go to line 46 and add -k inside the quotes

that will allow insecure connection to your MISP

blitzcrg commented 3 years ago

edit dovehawk/scripts/dovehawk.zeek, go to line 46 and add -k inside the quotes

that will allow insecure connection to your MISP

This should probably be added as a configurable option in config.zeek, no? I'll see if I can make that work and submit a pr (if the project is still being maintained)

tylabs commented 3 years ago

New config option added: global CURL_INSECURE: bool = T; #set to T to ignore curl certificate errors