Where communities thrive


  • Join over 1.5M+ people
  • Join over 100K+ communities
  • Free without limits
  • Create your own community
People
Repo info
Activity
    Tarek
    @tee2015
    image.png
    Now its registered and installed via Psexec, looks like not much changed I can see some python errors thought, "Traceback (most recent call last): File "/usr/share/grr-server/local/lib/python2.7/site-packages/grr_response_server/flow.py", line 259, in StartFlow flow_obj.Start() File "/usr/share/grr-server/local/lib/python2.7/site-packages/grr_response_server/flows/general/collectors.py", line 106, in Start self.state.knowledge_base = _ReadClientKnowledgeBase(self.client_id) File "/usr/share/grr-server/local/lib/python2.7/site-packages/grr_response_server/flows/general/collectors.py", line 51, in _ReadClientKnowledgeBase client, allow_uninitialized=allow_uninitialized) File "/usr/share/grr-server/local/lib/python2.7/site-packages/grr_response_server/artifact.py", line 45, in GetKnowledgeBase (rdf_client_obj.client_id, kb)) KnowledgeBaseAttributesMissingError: KnowledgeBase missing OS for C.d746109cc0e10bdc. Knowledgebase content: message KnowledgeBase { }" .
    Tarek
    @tee2015
    🥺🥺
    Tarek
    @tee2015
    Thank you @mbushkov all sorted out 🙏🏻👍🏻
    burakatabay
    @burakatabay
    hey!
    Is anyone here
    Tarek
    @tee2015
    👀
    burakatabay
    @burakatabay
    ı try to install grr on centos 7-1810 but ı can't solve the problem can you help me ? @tee2015
    I use this doc https://grr-doc.readthedocs.io/en/latest/installing-grr-server/from-source.html
    mbushkov
    @mbushkov
    @burakatabay - are you trying to install GRR server on CentOS? we only support Ubuntu for the server at the moment. it should definitely be possible to install it on CentOS, but unfortunately we don't have cycles for supporting that
    burakatabay
    @burakatabay

    Running setup.py develop for grr-response-server
    ERROR: Command errored out with exit status 1:
    command: /root/INSTALL/bin/python -c 'import sys, setuptools, tokenize; sys.argv[0] = '"'"'/root/grr/grr/server/setup.py'"'"'; file='"'"'/root/grr/grr/server/setup.py'"'"';f=getattr(tokenize, '"'"'open'"'"', open)(file);code=f.read().replace('"'"'\r\n'"'"', '"'"'\n'"'"');f.close();exec(compile(code, file, '"'"'exec'"'"'))' develop --no-deps
    cwd: /root/grr/grr/server/
    Complete output (45 lines):
    /root/INSTALL/lib/python2.7/site-packages/setuptools/dist.py:475: UserWarning: Normalizing '3.3.0post8' to '3.3.0.post8'
    normalized_version,
    running develop

    > core-js@3.2.1 postinstall /root/grr/grr/server/grr_response_server/gui/static/node_modules/core-js
> node scripts/postinstall || echo "ignore"

sh: node: command not found
ignore

> grpc@1.23.3 install /root/grr/grr/server/grr_response_server/gui/static/node_modules/grpc
> node-pre-gyp install --fallback-to-build --library=static_library

sh: node-pre-gyp: command not found
npm ERR! code ELIFECYCLE
npm ERR! syscall spawn
npm ERR! file sh
npm ERR! errno ENOENT
npm ERR! grpc@1.23.3 install: `node-pre-gyp install --fallback-to-build --library=static_library`
npm ERR! spawn ENOENT
npm ERR!
npm ERR! Failed at the grpc@1.23.3 install script.
npm ERR! This is probably not a problem with npm. There is likely additional logging output above.

npm ERR! A complete log of this run can be found in:
npm ERR!     /root/.npm/_logs/2019-11-05T21_05_16_115Z-debug.log
Traceback (most recent call last):
  File "<string>", line 1, in <module>
  File "/root/grr/grr/server/setup.py", line 225, in <module>
    setup(**setup_args)
  File "/root/INSTALL/lib/python2.7/site-packages/setuptools/__init__.py", line 145, in setup
    return distutils.core.setup(**attrs)
  File "/root/python2.7.16/lib/python2.7/distutils/core.py", line 151, in setup
    dist.run_commands()
  File "/root/python2.7.16/lib/python2.7/distutils/dist.py", line 953, in run_commands
    self.run_command(cmd)
  File "/root/python2.7.16/lib/python2.7/distutils/dist.py", line 972, in run_command
    cmd_obj.run()
  File "/root/grr/grr/server/setup.py", line 103, in run
    make_ui_files()
  File "/root/grr/grr/server/setup.py", line 53, in make_ui_files
    "npm ci", shell=True, cwd="grr_response_server/gui/static")
  File "/root/python2.7.16/lib/python2.7/subprocess.py", line 190, in check_call
    raise CalledProcessError(retcode, cmd)
subprocess.CalledProcessError: Command 'npm ci' returned non-zero exit status 1
----------------------------------------

    ERROR: Command errored out with exit status 1: /root/INSTALL/bin/python -c 'import sys, setuptools, tokenize; sys.argv[0] = '"'"'/root/grr/grr/server/setup.py'"'"'; file='"'"'/root/grr/grr/server/setup.py'"'"';f=getattr(tokenize, '"'"'open'"'"', open)(file);code=f.read().replace('"'"'\r\n'"'"', '"'"'\n'"'"');f.close();exec(compile(code, file, '"'"'exec'"'"'))' develop --no-deps Check the logs for full command output.
    [root@localhost grr]#

    up I didn't understand anything from the mistake.
    Ozan Karaduman
    @ozankaraduman4_twitter
    Hi,
    ı tried to be install on same method via rhel but get same error
    /usr/lib/python2.7/site-packages/setuptools/dist.py:475: UserWarning: Normalizing '3.3.0post8' to '3.3.0.post8'
    Zubair Ashraf
    @zashraf1337
    Hello, anyone using an integrated GRR and SIEM solution?
    NewoJr25
    @NewoJr25
    Is GRR training available online and in-person classroom?
    nd patel
    @nd50095800_gitlab
    hi
    i install grr-server
    but i did not get the grr client
    in my dashboard
    Screenshot from 2020-02-26 03-31-19.png
    Tarek
    @tee2015
    @nd50095800_gitlab do u still facing same issue ?
    kjeom
    @kjeom
    hi Im wondering what is a benefit of integrating grr and osquery
    Tarek
    @tee2015
    U can run OSQuery directly from grr console and create hunt tasks without the need to be on the machine itself so U do it remotely
    Sankar
    @knsankar
    @burakatabay Hi, did you manage to install grr in centOS? I am also facing issues building from source on CentOS
    Sankar
    @knsankar
    Never mind it worked 🙂
    Sankar
    @knsankar
    Is there a option to apply dynamic label on hosts based on OS or name prefix?
    mbushkov
    @mbushkov
    @knsankar - GRR doesn't support dynamic labels. But note that, when creating hunts, you can limit the scope of a hunt to a particular OS or hostname prefix, using "OS" or "Regex" hunt rules.
    Sankar
    @knsankar
    @mbushkov Yeah, the regex option is really useful
    Sankar
    @knsankar
    How can I add a new output plugin
    i dont have CSV output plugin
    Sankar
    @knsankar
    Never mind. I found out that the CSV plugin is deprecated google/grr#537
    mbushkov
    @mbushkov
    @knsankar you can download results in a CSV format (or SQLite or YAML) for any flow or hunt if you click on "Download as" button in the Results tab.
    Sankar
    @knsankar
    Yeah. Thanks
    sudoAche
    @sudoAche
    Hello Guys , I have a problem is there any one here can assist

    After Successful installation of new release of grr 3.4.0.1 AT Ubuntu 18 using Virtual Box with a bridged network adapter. After the successful installation i am able to open the admin Ui interface successfully but at any time I restart the VM , I am no able to connect any more to my grr server.

    Note: My Ip doesn't change during Restart . I also ensured the configuration for admin ui port as 8000 and forntend port as 8080 but they are still in-accessible after restarting.

    Sankar
    @knsankar

    I am trying to intergrate GRR with Timesketch.

    Found few guides that suggests grr_fuse to mount grr files and run dftimewolf on them.

    The problem is I couldn’t find grr_fuse. I think, its deprecated.

    Is there anyother better way to integrate with Timesketch?

    5 replies
    Sankar
    @knsankar

    I was facing some stability issue with mysql community server, so I tried to use MariaDB with grr.
    I am facing following error

    ‘''MySQLdb._exceptions.ProgrammingError: (1064, "You have an error in your SQL syntax; check the manual that corresponds to your MariaDB server version for the right syntax to use near '6)\n )' at line 3”)’''

    Is mariaDB not supported by grr?

    16 replies
    Sankar
    @knsankar
    In GRR, once the machine is approved, how long the access remains?
    Is there a way to revoke the access?
    9 replies
    Sankar
    @knsankar
    Hi,
    what is the canary mode in GRR UI?
    tclasen
    @tclasen
    Hello all. I just installed the server, but I can't seem to get the UI working. Did I do something wrong?
    Literally only installed the deb file and started the services.
    tclasen
    @tclasen
    It actually looks like the server is failing to start due to a python error:
    I0919 17:02:24.834474 139862652036928 server_logging.py:186] Writing log file to /usr/share/grr-server/lib/python3.6/site-packages/grr_response_core/var/log//GRRlog.txt
    Traceback (most recent call last):
    File "/usr/share/grr-server/bin/grr_console", line 8, in <module>
    sys.exit(Console())
    File "/usr/share/grr-server/lib/python3.6/site-packages/grr_response_server/distro_entry.py", line 15, in Console
    app.run(console.main)
    File "/usr/share/grr-server/lib/python3.6/site-packages/absl/app.py", line 299, in run
    _run_main(main, args)
    File "/usr/share/grr-server/lib/python3.6/site-packages/absl/app.py", line 250, in _run_main
    sys.exit(main(argv))
    File "/usr/share/grr-server/lib/python3.6/site-packages/grr_response_server/bin/console.py", line 72, in main
    server_startup.Init()
    File "/usr/share/grr-server/lib/python3.6/site-packages/grr_response_core/lib/utils.py", line 1329, in _OneTimeFunction
    _OneTimeFunction.result = fn(args, kwargs)
    File "/usr/share/grr-server/lib/python3.6/site-packages/grr_response_server/server_startup.py", line 88, in Init
    data_store.InitializeDataStore()
    File "/usr/share/grr-server/lib/python3.6/site-packages/grr_response_server/data_store.py", line 100, in InitializeDataStore
    REL_DB = db.DatabaseValidationWrapper(cls())
    File "/usr/share/grr-server/lib/python3.6/site-packages/grr_response_server/databases/mysql.py", line 502, in init
    _SetupDatabase(    self._connect_args)
    File "/usr/share/grr-server/lib/python3.6/site-packages/grr_response_server/databases/mysql.py", line 305, in _SetupDatabase
    ca_cert_path=ca_cert_path)) as conn:
    File "/usr/share/grr-server/lib/python3.6/site-packages/grr_response_server/databases/mysql.py", line 400, in _Connect
    _SetSqlMode(cursor)
    File "/usr/share/grr-server/lib/python3.6/site-packages/grr_response_server/databases/mysql.py", line 154, in _SetSqlMode
    cursor.execute("SET SESSION sql_mode = %s", [",".join(filtered_components)])
    File "/usr/lib/python3/dist-packages/MySQLdb/cursors.py", line 253, in execute
    self._warning_check()
    File "/usr/lib/python3/dist-packages/MySQLdb/cursors.py", line 155, in _warning_check
    warn(self.Warning(    w[1:3]), stacklevel=3)
    1 reply
    ⭕Alexander Rymdeko-Harvey
    @killswitch-GUI
    Hey guys I'm trying to look for a specific file extensions through out the environment.
    1 reply
    ANy tips on how to use the file finder I keep getting issues
    viszsec
    @viszsec
    hi
    anyone know how can we fix the fleetspeak installation error with exit status 1? tokenize . import sys setup tool with pip2?
    Maciej Duda
    @MadDud
    hello guys,
    I don't understand what "interrogation" button does in the interface. is it something like IoC aquisition in fireeye HX?
    2 replies
    Sankar
    @knsankar
    Do we have any documentation around capacity planning of GRR?
    1 reply