New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Worker can't be run with process (doesn't have command) #434
Comments
Thanks for reporting.
|
I ended up getting it working by installing cortex on a separate docker container. I followed this guide https://docs.thehive-project.org/cortex/installation-and-configuration/ and used the following command on a Ubuntu 20.04 machine.
Its not ideal running a separate container as they could all be together in one container but hey it works. |
Hi @gru3zi, thanks for your reply. I finally found the root cause of the problem - after hours of search ;-) The problem is "how" the Cortex container is designed as it relies isself on the Docker process of its host when it comes to start the needed "analyzer containers" (now called "neurons" in the docs). Therefore you have to exactly share the host paths where the Cortex container may write its jobs temp data, results etc. and where it finds the hosts Docker process' socket. Thats a bit tricky to findout as it was not that clear in the docs to me at the first sight - but others struggled herein as well in related cases like #360 :-) As we probably used the same tutorial (suppose: https://ls111.me/how-to-integrate-cortex-misp-with-thehive-in-your-soc/) as a base for our docker-compose.yml - here's what I've fixed to get it up and running:
The originally used Docker data volume "cortexdata" can be removed as it's no longer neccesary in this usecase. Hope that helps. Cheers, Michl |
@nadouani this issue could probably be closed as it's not a bug more a config issue. Probably you could clearify things in the docs? Maybe with one more of the well done setup illustrations? Cheers, Michl |
You are an absolute star Michl! Thank you for taking the time to troubleshoot and get this working. I can confirm your changes fixed it for me too. Have a nice evening :) |
I have the same problem but I don't have docker. I have Ubuntu 22.04 (64 Bit) and Cortex 3.1.8-1. Default installation according to the guide: https://docs.strangebee.com/cortex/installation-and-configuration/analyzers-responders/ Can you help me? |
Request Type
Bug
Work Environment
Problem Description
I tried to troubleshoot the issue by searching for a similar error but was not able to find someone who also encountered the error "worker 1c6e204a18bdf14698dcf3d4975b72c8 can't be run with process (doesn't have command)"
I also searched the logs for permission denied issues but did not find anything in /var/log/cortex/application.log
Steps to Reproduce
Complementary information
log sample output
2022-11-05 18:42:23,886 [INFO] from org.thp.cortex.services.AuditActor in application-akka.actor.default-dispatcher-46 - Job gpgZSYQBhvjiDf8Q3XkG has be updated (JsDefined("InProgress"))
2022-11-05 18:42:23,887 [WARN] from org.thp.cortex.services.JobRunnerSrv in application-analyzer-48 - worker 1c6e204a18bdf14698dcf3d4975b72c8 can't be run with process (doesn't have command)
2022-11-05 18:42:24,895 [INFO] from org.thp.cortex.services.AuditActor in application-akka.actor.default-dispatcher-47 - Job gpgZSYQBhvjiDf8Q3XkG has be updated (JsDefined("Failure"))
2022-11-05 18:42:24,896 [INFO] from org.thp.cortex.services.JobSrv in application-akka.actor.default-dispatcher-46 - Job gpgZSYQBhvjiDf8Q3XkG has finished with status Failure
2022-11-05 18:42:28,741 [INFO] from org.thp.cortex.services.AccessLogFilter in application-akka.actor.default-dispatcher-30 - 192.168.80.194 GET /api/alert took 7ms and returned 200 2 bytes
2022-11-05 18:42:32,949 [INFO] from org.thp.cortex.services.AccessLogFilter in application-akka.actor.default-dispatcher-30 - 192.168.80.194 POST /api/job/_search?range=0-50&sort=-createdAt took 9ms and returned 200
Another error im seeing in the logs
2022-11-06 10:04:11,177 [INFO] from org.thp.cortex.services.AccessLogFilter in application-akka.actor.default-dispatcher-4465 - 192.168.80.194 GET /api/status took 0ms and returned 200 278 bytes
2022-11-06 10:04:11,179 [ERROR] from org.elastic4play.controllers.Authenticated in application-akka.actor.default-dispatcher-4473 - Authentication failure:
session: AuthenticationError User session has expired
pki: AuthenticationError Certificate authentication is not configured
key: AuthenticationError Authentication header not found
init: AuthenticationError Use of initial user is forbidden because users exist in database
screenshots
configuration dumps
Link to docker-compose file and application.conf files
https://github.com/gru3zi/cortexerror/tree/main
The text was updated successfully, but these errors were encountered: