Where communities thrive


  • Join over 1.5M+ people
  • Join over 100K+ communities
  • Free without limits
  • Create your own community
People
Repo info
Activity
    Arvind
    @a4vnd_gitlab
    Hi All,
    If anyone of you have GRR configuration installation video, kindly share it?
    Thanks in advance.
    Arvind
    @a4vnd_gitlab
    Hi all, i am facing an issue while configuring grr.
    error is ERROR:2019-04-02 04:11:14,021 2376 MainProcess 140316268869376 MainThread mysql_advanced_data_store:592] OperationalError: (2006, 'MySQL server has gone away'). This may be due to an incorrect MySQL 'max_allowed_packet' setting (try increasing it). Retrying
    mbushkov
    @mbushkov
    @a4vnd_gitlab , do you see this issue right away or just when clients are repacked? Can you post a more detailed log?
    Arvind
    @a4vnd_gitlab
    @mbushkov when clients are repacked
    mbushkov
    @mbushkov
    Have you tried increasing max_allowed_packet setting in MySQL?
    Arvind
    @a4vnd_gitlab
    yes
    but still the error continues to appear
    mbushkov
    @mbushkov
    When you do
    show variables like 'max_allowed_packet'
    in the MySQL console. Does it show an updated value? What's your current setting?
    Arvind
    @a4vnd_gitlab
    Hi @mbushkov
    I'm facing an issue an mysql error
    Arvind
    @a4vnd_gitlab
    image.png
    Matthew Clairmont
    @clairmont32
    Hi all, I just came across a PDF doc dated in 2017 mentioning the exploration of a Go rewrite. Is this still on the table?
    mbushkov
    @mbushkov
    @clairmont32 - Fleetspeak project (https://github.com/google/fleetspeak), fully developed in Go, will eventually replace GRR frontend component (HTTP frontend that GRR clients talk to). As for the rest of GRR, as of now, we have no intention to rewrite it in Go.
    crysis30300
    @crysis30300
    Hello,
    I am trying to delete client via Grr_console as documented , but i get an error everytime i try to do that
    crysis30300
    @crysis30300
    Hello , whenever i try to push binary to any client the client crashes with many errors like ( Terminated by user GRRFrontEnd. Reason: Client crashed.) - (Client killed during transaction) - (Nanny Message
    Crash message : No heartbeat received) , the binary is already registered with {grr_config_updater upload_exe } and i can show it in binaries panel in the web UI , am i doing anything wrong or is there any instructions for doing so!!! , Thanks for your help , we really appreciate that
    crysis30300
    @crysis30300
    Update for Launchbinary Problem : i can see the .exe file in GRR/Temp folder in windows , and i can also see it in the Taskmanager in windows 10 , but it does not launch at all , and return with an error in GRR UI !! , any soluion for that
    prats84
    @prats84_twitter
    Sorry for the noob question, but can any one confirm if the communication client to server is encrypted tls/ssl, in default install i.e using .deb
    I did pcap capture and did not see it encrypted
    Tarek
    @tee2015
    Hello all , have aquestion how can I get the binary of the grr client Windows version should I build it ? myself
    Tarek
    @tee2015
    All good please disregard my silly question :P
    Tarek
    @tee2015
    Hello ALL its me again :) looks like both and the server are rnning no issues but wheneve rI strat a hunt job its giving (Can't start flow :
    Unknown error)
    Tarek
    @tee2015
    one of the examples (Traceback (most recent call last): File "/usr/share/grr-server/local/lib/python2.7/site-packages/grr_response_server/flow.py", line 259, in StartFlow flow_obj.Start() File "/usr/share/grr-server/local/lib/python2.7/site-packages/grr_response_server/flows/general/webhistory.py", line 68, in Start raise flow_base.FlowError("Could not find valid History paths.") FlowError: Could not find valid History paths.)
    mbushkov
    @mbushkov
    @tee2015 , which flow do you start the hunt with? Does the machine where the flow is failing have registered users?
    Tarek
    @tee2015
    I started with chrome history , about registered users not sure tbh but I have the client is connected successfully to the grr server and showing status green and reproting back about how long it's been up and show the CPU usage and some info
    Tarek
    @tee2015
    @mbushkov I will check about registered users on the documentation
    Arvind
    @a4vnd_gitlab
    Hi @mbushkov
    is there any option to search an specific suspected " file's hash value" or "file by name" in GRR?
    Tarek
    @tee2015
    I saw U can retrieve a file
    Tarek
    @tee2015
    If Ur agent work properly ;)
    Tarek
    @tee2015
    @mbushkov I reinstalled the agent again and checked all the services it's creating , it's adding a record on the registry, starting the win monitor service properly , on the config file I just change the IP to connect back to the grr server , but it's not sending all the required details to the sever like the username + PC name and the CPU details and architecture ... Should I add the username manually in the config ? Looks like yes the issue with the registerd users can U just point me to a troubleshooting document or pointing what I am missing thank you very much in advance :)
    Tarek
    @tee2015
    Okay I think I found what I am missing , I must add psexec and register the user πŸ•ΊπŸΌπŸ’ƒ
    Tarek
    @tee2015
    image.png
    Now its registered and installed via Psexec, looks like not much changed I can see some python errors thought, "Traceback (most recent call last): File "/usr/share/grr-server/local/lib/python2.7/site-packages/grr_response_server/flow.py", line 259, in StartFlow flow_obj.Start() File "/usr/share/grr-server/local/lib/python2.7/site-packages/grr_response_server/flows/general/collectors.py", line 106, in Start self.state.knowledge_base = _ReadClientKnowledgeBase(self.client_id) File "/usr/share/grr-server/local/lib/python2.7/site-packages/grr_response_server/flows/general/collectors.py", line 51, in _ReadClientKnowledgeBase client, allow_uninitialized=allow_uninitialized) File "/usr/share/grr-server/local/lib/python2.7/site-packages/grr_response_server/artifact.py", line 45, in GetKnowledgeBase (rdf_client_obj.client_id, kb)) KnowledgeBaseAttributesMissingError: KnowledgeBase missing OS for C.d746109cc0e10bdc. Knowledgebase content: message KnowledgeBase { }" .
    Tarek
    @tee2015
    πŸ₯ΊπŸ₯Ί
    Tarek
    @tee2015
    Thank you @mbushkov all sorted out πŸ™πŸ»πŸ‘πŸ»
    burakatabay
    @burakatabay
    hey!
    Is anyone here
    Tarek
    @tee2015
    πŸ‘€
    burakatabay
    @burakatabay
    Δ± try to install grr on centos 7-1810 but Δ± can't solve the problem can you help me ? @tee2015
    mbushkov
    @mbushkov
    @burakatabay - are you trying to install GRR server on CentOS? we only support Ubuntu for the server at the moment. it should definitely be possible to install it on CentOS, but unfortunately we don't have cycles for supporting that
    burakatabay
    @burakatabay

    Running setup.py develop for grr-response-server
    ERROR: Command errored out with exit status 1:
    command: /root/INSTALL/bin/python -c 'import sys, setuptools, tokenize; sys.argv[0] = '"'"'/root/grr/grr/server/setup.py'"'"'; file='"'"'/root/grr/grr/server/setup.py'"'"';f=getattr(tokenize, '"'"'open'"'"', open)(file);code=f.read().replace('"'"'\r\n'"'"', '"'"'\n'"'"');f.close();exec(compile(code, file, '"'"'exec'"'"'))' develop --no-deps
    cwd: /root/grr/grr/server/
    Complete output (45 lines):
    /root/INSTALL/lib/python2.7/site-packages/setuptools/dist.py:475: UserWarning: Normalizing '3.3.0post8' to '3.3.0.post8'
    normalized_version,
    running develop

    > core-js@3.2.1 postinstall /root/grr/grr/server/grr_response_server/gui/static/node_modules/core-js
    > node scripts/postinstall || echo "ignore"
    
    sh: node: command not found
    ignore
    
    > grpc@1.23.3 install /root/grr/grr/server/grr_response_server/gui/static/node_modules/grpc
    > node-pre-gyp install --fallback-to-build --library=static_library
    
    sh: node-pre-gyp: command not found
    npm ERR! code ELIFECYCLE
    npm ERR! syscall spawn
    npm ERR! file sh
    npm ERR! errno ENOENT
    npm ERR! grpc@1.23.3 install: `node-pre-gyp install --fallback-to-build --library=static_library`
    npm ERR! spawn ENOENT
    npm ERR!
    npm ERR! Failed at the grpc@1.23.3 install script.
    npm ERR! This is probably not a problem with npm. There is likely additional logging output above.
    
    npm ERR! A complete log of this run can be found in:
    npm ERR!     /root/.npm/_logs/2019-11-05T21_05_16_115Z-debug.log
    Traceback (most recent call last):
      File "<string>", line 1, in <module>
      File "/root/grr/grr/server/setup.py", line 225, in <module>
        setup(**setup_args)
      File "/root/INSTALL/lib/python2.7/site-packages/setuptools/__init__.py", line 145, in setup
        return distutils.core.setup(**attrs)
      File "/root/python2.7.16/lib/python2.7/distutils/core.py", line 151, in setup
        dist.run_commands()
      File "/root/python2.7.16/lib/python2.7/distutils/dist.py", line 953, in run_commands
        self.run_command(cmd)
      File "/root/python2.7.16/lib/python2.7/distutils/dist.py", line 972, in run_command
        cmd_obj.run()
      File "/root/grr/grr/server/setup.py", line 103, in run
        make_ui_files()
      File "/root/grr/grr/server/setup.py", line 53, in make_ui_files
        "npm ci", shell=True, cwd="grr_response_server/gui/static")
      File "/root/python2.7.16/lib/python2.7/subprocess.py", line 190, in check_call
        raise CalledProcessError(retcode, cmd)
    subprocess.CalledProcessError: Command 'npm ci' returned non-zero exit status 1
    ----------------------------------------

    ERROR: Command errored out with exit status 1: /root/INSTALL/bin/python -c 'import sys, setuptools, tokenize; sys.argv[0] = '"'"'/root/grr/grr/server/setup.py'"'"'; file='"'"'/root/grr/grr/server/setup.py'"'"';f=getattr(tokenize, '"'"'open'"'"', open)(file);code=f.read().replace('"'"'\r\n'"'"', '"'"'\n'"'"');f.close();exec(compile(code, file, '"'"'exec'"'"'))' develop --no-deps Check the logs for full command output.
    [root@localhost grr]#

    up I didn't understand anything from the mistake.
    Ozan Karaduman
    @ozankaraduman4_twitter
    Hi,
    Δ± tried to be install on same method via rhel but get same error
    /usr/lib/python2.7/site-packages/setuptools/dist.py:475: UserWarning: Normalizing '3.3.0post8' to '3.3.0.post8'
    Zubair Ashraf
    @zashraf1337
    Hello, anyone using an integrated GRR and SIEM solution?