by

Where communities thrive


  • Join over 1.5M+ people
  • Join over 100K+ communities
  • Free without limits
  • Create your own community
People
Repo info
Activity
    Tarek
    @tee2015
    Hello all , have aquestion how can I get the binary of the grr client Windows version should I build it ? myself
    Tarek
    @tee2015
    All good please disregard my silly question :P
    Tarek
    @tee2015
    Hello ALL its me again :) looks like both and the server are rnning no issues but wheneve rI strat a hunt job its giving (Can't start flow :
    Unknown error)
    Tarek
    @tee2015
    one of the examples (Traceback (most recent call last): File "/usr/share/grr-server/local/lib/python2.7/site-packages/grr_response_server/flow.py", line 259, in StartFlow flow_obj.Start() File "/usr/share/grr-server/local/lib/python2.7/site-packages/grr_response_server/flows/general/webhistory.py", line 68, in Start raise flow_base.FlowError("Could not find valid History paths.") FlowError: Could not find valid History paths.)
    mbushkov
    @mbushkov
    @tee2015 , which flow do you start the hunt with? Does the machine where the flow is failing have registered users?
    Tarek
    @tee2015
    I started with chrome history , about registered users not sure tbh but I have the client is connected successfully to the grr server and showing status green and reproting back about how long it's been up and show the CPU usage and some info
    Tarek
    @tee2015
    @mbushkov I will check about registered users on the documentation
    Arvind
    @a4vnd_gitlab
    Hi @mbushkov
    is there any option to search an specific suspected " file's hash value" or "file by name" in GRR?
    Tarek
    @tee2015
    I saw U can retrieve a file
    Tarek
    @tee2015
    If Ur agent work properly ;)
    Tarek
    @tee2015
    @mbushkov I reinstalled the agent again and checked all the services it's creating , it's adding a record on the registry, starting the win monitor service properly , on the config file I just change the IP to connect back to the grr server , but it's not sending all the required details to the sever like the username + PC name and the CPU details and architecture ... Should I add the username manually in the config ? Looks like yes the issue with the registerd users can U just point me to a troubleshooting document or pointing what I am missing thank you very much in advance :)
    Tarek
    @tee2015
    Okay I think I found what I am missing , I must add psexec and register the user πŸ•ΊπŸΌπŸ’ƒ
    Tarek
    @tee2015
    image.png
    Now its registered and installed via Psexec, looks like not much changed I can see some python errors thought, "Traceback (most recent call last): File "/usr/share/grr-server/local/lib/python2.7/site-packages/grr_response_server/flow.py", line 259, in StartFlow flow_obj.Start() File "/usr/share/grr-server/local/lib/python2.7/site-packages/grr_response_server/flows/general/collectors.py", line 106, in Start self.state.knowledge_base = _ReadClientKnowledgeBase(self.client_id) File "/usr/share/grr-server/local/lib/python2.7/site-packages/grr_response_server/flows/general/collectors.py", line 51, in _ReadClientKnowledgeBase client, allow_uninitialized=allow_uninitialized) File "/usr/share/grr-server/local/lib/python2.7/site-packages/grr_response_server/artifact.py", line 45, in GetKnowledgeBase (rdf_client_obj.client_id, kb)) KnowledgeBaseAttributesMissingError: KnowledgeBase missing OS for C.d746109cc0e10bdc. Knowledgebase content: message KnowledgeBase { }" .
    Tarek
    @tee2015
    πŸ₯ΊπŸ₯Ί
    Tarek
    @tee2015
    Thank you @mbushkov all sorted out πŸ™πŸ»πŸ‘πŸ»
    burakatabay
    @burakatabay
    hey!
    Is anyone here
    Tarek
    @tee2015
    πŸ‘€
    burakatabay
    @burakatabay
    Δ± try to install grr on centos 7-1810 but Δ± can't solve the problem can you help me ? @tee2015
    I use this doc https://grr-doc.readthedocs.io/en/latest/installing-grr-server/from-source.html
    mbushkov
    @mbushkov
    @burakatabay - are you trying to install GRR server on CentOS? we only support Ubuntu for the server at the moment. it should definitely be possible to install it on CentOS, but unfortunately we don't have cycles for supporting that
    burakatabay
    @burakatabay

    Running setup.py develop for grr-response-server
    ERROR: Command errored out with exit status 1:
    command: /root/INSTALL/bin/python -c 'import sys, setuptools, tokenize; sys.argv[0] = '"'"'/root/grr/grr/server/setup.py'"'"'; file='"'"'/root/grr/grr/server/setup.py'"'"';f=getattr(tokenize, '"'"'open'"'"', open)(file);code=f.read().replace('"'"'\r\n'"'"', '"'"'\n'"'"');f.close();exec(compile(code, file, '"'"'exec'"'"'))' develop --no-deps
    cwd: /root/grr/grr/server/
    Complete output (45 lines):
    /root/INSTALL/lib/python2.7/site-packages/setuptools/dist.py:475: UserWarning: Normalizing '3.3.0post8' to '3.3.0.post8'
    normalized_version,
    running develop

    > core-js@3.2.1 postinstall /root/grr/grr/server/grr_response_server/gui/static/node_modules/core-js
> node scripts/postinstall || echo "ignore"

sh: node: command not found
ignore

> grpc@1.23.3 install /root/grr/grr/server/grr_response_server/gui/static/node_modules/grpc
> node-pre-gyp install --fallback-to-build --library=static_library

sh: node-pre-gyp: command not found
npm ERR! code ELIFECYCLE
npm ERR! syscall spawn
npm ERR! file sh
npm ERR! errno ENOENT
npm ERR! grpc@1.23.3 install: `node-pre-gyp install --fallback-to-build --library=static_library`
npm ERR! spawn ENOENT
npm ERR!
npm ERR! Failed at the grpc@1.23.3 install script.
npm ERR! This is probably not a problem with npm. There is likely additional logging output above.

npm ERR! A complete log of this run can be found in:
npm ERR!     /root/.npm/_logs/2019-11-05T21_05_16_115Z-debug.log
Traceback (most recent call last):
  File "<string>", line 1, in <module>
  File "/root/grr/grr/server/setup.py", line 225, in <module>
    setup(**setup_args)
  File "/root/INSTALL/lib/python2.7/site-packages/setuptools/__init__.py", line 145, in setup
    return distutils.core.setup(**attrs)
  File "/root/python2.7.16/lib/python2.7/distutils/core.py", line 151, in setup
    dist.run_commands()
  File "/root/python2.7.16/lib/python2.7/distutils/dist.py", line 953, in run_commands
    self.run_command(cmd)
  File "/root/python2.7.16/lib/python2.7/distutils/dist.py", line 972, in run_command
    cmd_obj.run()
  File "/root/grr/grr/server/setup.py", line 103, in run
    make_ui_files()
  File "/root/grr/grr/server/setup.py", line 53, in make_ui_files
    "npm ci", shell=True, cwd="grr_response_server/gui/static")
  File "/root/python2.7.16/lib/python2.7/subprocess.py", line 190, in check_call
    raise CalledProcessError(retcode, cmd)
subprocess.CalledProcessError: Command 'npm ci' returned non-zero exit status 1
----------------------------------------

    ERROR: Command errored out with exit status 1: /root/INSTALL/bin/python -c 'import sys, setuptools, tokenize; sys.argv[0] = '"'"'/root/grr/grr/server/setup.py'"'"'; file='"'"'/root/grr/grr/server/setup.py'"'"';f=getattr(tokenize, '"'"'open'"'"', open)(file);code=f.read().replace('"'"'\r\n'"'"', '"'"'\n'"'"');f.close();exec(compile(code, file, '"'"'exec'"'"'))' develop --no-deps Check the logs for full command output.
    [root@localhost grr]#

    up I didn't understand anything from the mistake.
    Ozan Karaduman
    @ozankaraduman4_twitter
    Hi,
    Δ± tried to be install on same method via rhel but get same error
    /usr/lib/python2.7/site-packages/setuptools/dist.py:475: UserWarning: Normalizing '3.3.0post8' to '3.3.0.post8'
    Zubair Ashraf
    @zashraf1337
    Hello, anyone using an integrated GRR and SIEM solution?
    NewoJr25
    @NewoJr25
    Is GRR training available online and in-person classroom?
    nd patel
    @nd50095800_gitlab
    hi
    i install grr-server
    but i did not get the grr client
    in my dashboard
    Screenshot from 2020-02-26 03-31-19.png
    Tarek
    @tee2015
    @nd50095800_gitlab do u still facing same issue ?
    kjeom
    @kjeom
    hi Im wondering what is a benefit of integrating grr and osquery
    Tarek
    @tee2015
    U can run OSQuery directly from grr console and create hunt tasks without the need to be on the machine itself so U do it remotely
    Sankar
    @knsankar
    @burakatabay Hi, did you manage to install grr in centOS? I am also facing issues building from source on CentOS
    Sankar
    @knsankar
    Never mind it worked πŸ™‚
    Sankar
    @knsankar
    Is there a option to apply dynamic label on hosts based on OS or name prefix?
    mbushkov
    @mbushkov
    @knsankar - GRR doesn't support dynamic labels. But note that, when creating hunts, you can limit the scope of a hunt to a particular OS or hostname prefix, using "OS" or "Regex" hunt rules.
    Sankar
    @knsankar
    @mbushkov Yeah, the regex option is really useful
    Sankar
    @knsankar
    How can I add a new output plugin
    i dont have CSV output plugin
    Sankar
    @knsankar
    Never mind. I found out that the CSV plugin is deprecated google/grr#537
    mbushkov
    @mbushkov
    @knsankar you can download results in a CSV format (or SQLite or YAML) for any flow or hunt if you click on "Download as" button in the Results tab.
    Sankar
    @knsankar
    Yeah. Thanks
    sudoAche
    @sudoAche
    Hello Guys , I have a problem is there any one here can assist

    After Successful installation of new release of grr 3.4.0.1 AT Ubuntu 18 using Virtual Box with a bridged network adapter. After the successful installation i am able to open the admin Ui interface successfully but at any time I restart the VM , I am no able to connect any more to my grr server.

    Note: My Ip doesn't change during Restart . I also ensured the configuration for admin ui port as 8000 and forntend port as 8080 but they are still in-accessible after restarting.

    Sankar
    @knsankar

    I am trying to intergrate GRR with Timesketch.

    Found few guides that suggests grr_fuse to mount grr files and run dftimewolf on them.

    The problem is I couldn’t find grr_fuse. I think, its deprecated.

    Is there anyother better way to integrate with Timesketch?

    5 replies