Where communities thrive


  • Join over 1.5M+ people
  • Join over 100K+ communities
  • Free without limits
  • Create your own community
People
Repo info
Activity
    Erwan
    @Erwan14536010_twitter
    ivre runscansagentdb --add-agent /ivre-agents/* <3
    Erwan
    @Erwan14536010_twitter
    ivre runscansagentdb --daemon
    Pierre Lalet
    @p-l-
    You can run commands only from the "master" node I think
    Erwan
    @Erwan14536010_twitter
    and the /var/lib/ivre/master contains all the "master" config files
    to communicate with agents via rsync
    Erwan
    @Erwan14536010_twitter
    • ivre runscansagentdb --init

    Traceback (most recent call last):

    File "/usr/local/bin/ivre", line 84, in <module>

    main()

    File "/usr/local/bin/ivre", line 56, in main

    tools.get_command(next(iter(possible_commands)))()

    File "/usr/local/lib/python2.7/dist-packages/ivre/tools/runscansagentdb.py", line 177, in main

    ivre.utils.cleandir(args.master_path)

    File "/usr/local/lib/python2.7/dist-packages/ivre/utils.py", line 567, in cleandir

    shutil.rmtree(dirname)

    File "/usr/lib/python2.7/shutil.py", line 279, in rmtree

    onerror(os.rmdir, path, sys.exc_info())

    File "/usr/lib/python2.7/shutil.py", line 277, in rmtree

    os.rmdir(path)

    OSError: [Errno 16] Device or resource busy: '/var/lib/ivre/master'

    nfs issue i guess.....
    Erwan
    @Erwan14536010_twitter
    but the agent registration works fine so ¯_(ツ)_/¯
    Erwan
    @Erwan14536010_twitter
    damn, i forgot to pull geoip data :(
    Erwan
    @Erwan14536010_twitter
    heard of natlas.io ? https://github.com/natlas/natlas
    Pierre Lalet
    @p-l-
    Yep, but never used it. Did you?
    Erwan
    @Erwan14536010_twitter
    i'm building it in //
    feels less red-team compliant than ivre
    Pierre Lalet
    @p-l-
    One objective of IVRE is that it can be used by blue and red teams at the same time
    Erwan
    @Erwan14536010_twitter
    it relies on elasticsearch for the server
    i don't remember if ivre splits the scans ranges for zmap automatically
    (rtfm-ing again)
    Pierre Lalet
    @p-l-
    I'm not sure if you can use Zmap presscan with an agent...
    Erwan
    @Erwan14536010_twitter
    my scans commands doesn't go to the agents so far :D
    Pierre Lalet
    @p-l-
    I suppose the prescan is not done by the agent, but by the master node.
    Erwan
    @Erwan14536010_twitter
    any command to remove a queued scan ?
    Pierre Lalet
    @p-l-
    Hum... nope
    that sucks
    Erwan
    @Erwan14536010_twitter
    i'm queuing scans, but it looks like the master in --daemon doesn't sync them to the agents
    i'm puzzled
    maybe its time for some debug flag
    "Debug messages are turned off by default, since IVRE has no bugs." :D
    Pierre Lalet
    @p-l-
    :)
    Erwan
    @Erwan14536010_twitter
    i'm gonna put that in a shared volume: GEOIP_PATH = None # /usr/share/ivre/geoip
    so i won't have to unpack at startup :'D
    Pierre Lalet
    @p-l-
    Yep that's a good idea. At my work I have jenkins jobs that build packages every weeks to deploy them
    Erwan
    @Erwan14536010_twitter
    cool thing
    only the ivre scanning tool need these data, not the web gui ?
    Pierre Lalet
    @p-l-
    The agent does not need this data, nor does the Web UI. It is needed by the master node I guess in your configuration
    Erwan
    @Erwan14536010_twitter
    the natlas agent is HEAVY as hell :(
    • docker packaging - SUPER HEAVY agent
    (compared to IVRE)
    Erwan
    @Erwan14536010_twitter
    oh and totally not packaged for air-gap
    Pierre Lalet
    @p-l-
    I have been thinking a lot about your air-gap issue with docker containers... I need to see if/how I can build a "data-only container"
    Erwan
    @Erwan14536010_twitter
    better pull the data on build before deployment
    since the container can be changed regardless of what is stored in the DB
    the configuration is on a volume
    in the container world: update = redeploy container
    Pierre Lalet
    @p-l-
    I don't get it (but that's because I don't really understand docker)
    I agree it is better to pull the data before deployment
    but then, how will it work for air-gap situations?
    Erwan
    @Erwan14536010_twitter
    you build your docker online, export the docker image, and execute it on the air-gap system
    since your docker image have no external dependencies, it just provide the service you need
    Pierre Lalet
    @p-l-
    yep so are you suggesting I add a docker-client with GeoIP data?
    Erwan
    @Erwan14536010_twitter
    you could do that indeed