Running Dagda in RHEL 7.2 and Fedora 22 not supported

[scumfrog]

Trying running Dagda on RHEL based distro's (RHEL and Fedora) and following all the requeriments:

# python3.6 -V
Python 3.6.0

Then cloning the project:

# git clone https://github.com/eliasgranderubio/dagda.git
Cloning into 'dagda'...
remote: Counting objects: 944, done.
remote: Total 944 (delta 0), reused 0 (delta 0), pack-reused 944
Receiving objects: 100% (944/944), 631.84 KiB | 519.00 KiB/s, done.
Resolving deltas: 100% (572/572), done.

and installing all python modules required:

# pip3.6 install -r requirements.txt
Requirement already satisfied: pymongo==3.3.1 in /usr/lib64/python3.6/site-packages (from -r requirements.txt (line 1))
Requirement already satisfied: requests==2.11.1 in /usr/lib/python3.6/site-packages (from -r requirements.txt (line 2))
Requirement already satisfied: python-dateutil==2.6.0 in /usr/lib/python3.6/site-packages (from -r requirements.txt (line 3))
Requirement already satisfied: joblib==0.10.3 in /usr/lib/python3.6/site-packages (from -r requirements.txt (line 4))
Requirement already satisfied: docker-py in /usr/lib/python3.6/site-packages (from -r requirements.txt (line 5))
Requirement already satisfied: Flask==0.11.1 in /usr/lib/python3.6/site-packages (from -r requirements.txt (line 6))
Requirement already satisfied: flask-cors==3.0.2 in /usr/lib64/python3.6/site-packages (from -r requirements.txt (line 7))
Requirement already satisfied: PyYAML==3.12 in /usr/lib64/python3.6/site-packages (from -r requirements.txt (line 8))
Requirement already satisfied: six>=1.5 in /usr/lib/python3.6/site-packages (from python-dateutil==2.6.0->-r requirements.txt (line 3))
Requirement already satisfied: docker-pycreds>=0.2.1 in /usr/lib/python3.6/site-packages (from docker-py->-r requirements.txt (line 5))
Requirement already satisfied: websocket-client>=0.32.0 in /usr/lib/python3.6/site-packages (from docker-py->-r requirements.txt (line 5))
Requirement already satisfied: click>=2.0 in /usr/lib/python3.6/site-packages (from Flask==0.11.1->-r requirements.txt (line 6))
Requirement already satisfied: Jinja2>=2.4 in /usr/lib/python3.6/site-packages (from Flask==0.11.1->-r requirements.txt (line 6))
Requirement already satisfied: itsdangerous>=0.21 in /usr/lib/python3.6/site-packages (from Flask==0.11.1->-r requirements.txt (line 6))
Requirement already satisfied: Werkzeug>=0.7 in /usr/lib/python3.6/site-packages (from Flask==0.11.1->-r requirements.txt (line 6))
Requirement already satisfied: MarkupSafe>=0.23 in /usr/lib/python3.6/site-packages (from Jinja2>=2.4->Flask==0.11.1->-r requirements.txt (line 6))

Then running the mongodb container:

# docker run -d -p 27017:27017 mongo
2458d9e7ded96f6200861e8f56d4f84a4dcca2521208f8323289d9e78aaede7e
# docker ps -a
CONTAINER ID        IMAGE               COMMAND                  CREATED             STATUS                     PORTS                      NAMES
2458d9e7ded9        mongo               "/entrypoint.sh mo..."   4 seconds ago       Up 2 seconds               0.0.0.0:27017->27017/tcp   eager_goldwasser

Then, i checked if i've the kernel headers intalled:

# yum -y install kernel-devel-$(uname -r)
Complementos cargados:product-id, search-disabled-repos, subscription-manager
Package kernel-devel-3.10.0-229.11.1.el7.x86_64 already installed and latest version

# /usr/lib/dkms/dkms_autoinstaller start
dkms: running auto installation service for kernel 3.10.0-229.11.1.el7.x86_64
 Done.

and then i running the server with two errors:

# python3.6 dagda.py start
<2017-03-21 11:17:25,200> <ERROR> <DagdaServer> <dagda_server> <Linux distribution not supported yet.>
<2017-03-21 11:17:25,200> <WARNING> <DagdaServer> <dagda_server> <Runtime behaviour monitor disabled.>

If i've the kernel-devel package and i run the dkms_autoinstaller, ¿why i've the runtime behaviour monitor disabled if i follow this https://github.com/eliasgranderubio/dagda/wiki/Troubleshooting#install-the-kernel-headers-in-the-host-os?

I've run dagda in Debian-based distros (like Ubuntu and pure-Debian) without this kind of problems.

[eliasgranderubio]

I set up a virtual machine with Fedora 22, the same kernel and Python 3.6.0, but I could not reproduce the issue :-(

Anyway, the issue looks like related with the platform.linux_distribution() method [1], which is deprecated since version 3.5 and will be removed in version 3.7. So, I have avoided the method usage.

On the other hand, I had tested Dagda since Python 3.3.X to 3.5.X, but anyway, I have added 3.6.X to Travis CI for testing purposes too.

I think this issue must not occurs again, but if it is happen, feel free for reopening this issue.

---

[1] platform.linux_distribution() method

[scumfrog]

Hi Elias,

Thanks in advance for your answer. I'll give more information to the issue thread to see if I can clarify the error a bit more. I tried in three distros:

• Ubuntu works like a charm, no problems, easy and effective.
• Fedora 22: Following the README steps, finally, when i try to start dagda server:

uname -a
Linux breaknoise.local 4.9.13-201.fc25.x86_64 #1 SMP Tue Mar 7 23:47:11 UTC 2017 x86_64 x86_64 x86_64 GNU/Linux

cat /proc/version 
Linux version 4.9.13-201.fc25.x86_64 (mockbuild@bkernel02.phx2.fedoraproject.org) (gcc version 6.3.1 20161221 (Red Hat 6.3.1-1) (GCC) ) #1 SMP Tue Mar 7 23:47:11 UTC 2017

# python3 dagda.py start

<2017-03-22 09:40:51,818> <ERROR> <DagdaServer> <dagda_server> <Runtime error opening device /host/dev/sysdig0.>
<2017-03-22 09:40:51,818> <WARNING> <DagdaServer> <dagda_server> <Runtime behaviour monitor disabled.>

Checking if i've mongo docker image running:

# docker ps
CONTAINER ID        IMAGE               COMMAND                  CREATED             STATUS              PORTS                      NAMES
ac174add60c6        mongo               "/entrypoint.sh mongo"   33 minutes ago      Up 33 minutes       0.0.0.0:27017->27017/tcp   cranky_cori

Requirements also, are installed:

# pip3 install -r requirements.txt 
Requirement already satisfied: pymongo==3.3.1 in /usr/lib64/python3.5/site-packages (from -r requirements.txt (line 1))
Requirement already satisfied: requests==2.11.1 in /usr/lib/python3.5/site-packages (from -r requirements.txt (line 2))
Requirement already satisfied: python-dateutil==2.6.0 in /usr/lib/python3.5/site-packages (from -r requirements.txt (line 3))
Requirement already satisfied: joblib==0.10.3 in /usr/lib/python3.5/site-packages (from -r requirements.txt (line 4))
Requirement already satisfied: docker-py in /usr/lib/python3.5/site-packages (from -r requirements.txt (line 5))
Requirement already satisfied: Flask==0.11.1 in /usr/lib/python3.5/site-packages (from -r requirements.txt (line 6))
Requirement already satisfied: flask-cors==3.0.2 in /usr/lib64/python3.5/site-packages (from -r requirements.txt (line 7))
Requirement already satisfied: PyYAML==3.12 in /usr/lib64/python3.5/site-packages (from -r requirements.txt (line 8))
Requirement already satisfied: six>=1.5 in /usr/lib/python3.5/site-packages (from python-dateutil==2.6.0->-r requirements.txt (line 3))
Requirement already satisfied: websocket-client>=0.32.0 in /usr/lib/python3.5/site-packages (from docker-py->-r requirements.txt (line 5))
Requirement already satisfied: docker-pycreds>=0.2.1 in /usr/lib/python3.5/site-packages (from docker-py->-r requirements.txt (line 5))
Requirement already satisfied: itsdangerous>=0.21 in /usr/lib/python3.5/site-packages (from Flask==0.11.1->-r requirements.txt (line 6))
Requirement already satisfied: Werkzeug>=0.7 in /usr/lib/python3.5/site-packages (from Flask==0.11.1->-r requirements.txt (line 6))
Requirement already satisfied: Jinja2>=2.4 in /usr/lib/python3.5/site-packages (from Flask==0.11.1->-r requirements.txt (line 6))
Requirement already satisfied: click>=2.0 in /usr/lib/python3.5/site-packages (from Flask==0.11.1->-r requirements.txt (line 6))
Requirement already satisfied: MarkupSafe>=0.23 in /usr/lib64/python3.5/site-packages (from Jinja2>=2.4->Flask==0.11.1->-r requirements.txt (line 6))

Anyway, and ignoring the errors, i try to launch the init command:

# python3 dagda.py vuln --init
{
    "msg": "Accepted the init db request"
}

appears than the database was populated:

# python3 dagda.py vuln --product openldap --product_version 2.2.20
[
    "CVE-2005-4442",
    "CVE-2006-2754",
    "CVE-2006-5779",
    "CVE-2006-6493",
    "CVE-2007-5707",
    "CVE-2007-5708",
    "CVE-2011-4079"
]

so i try to analyze a random image, but unlucky:

<2017-03-22 09:46:40,371> <ERROR> <DagdaServer> <analyzer> <Unexpected exception of type DagdaError occured: ()>

• Trying run dagga in RHEL 7:

# uname -a
Linux dadga-security.local 3.10.0-229.11.1.el7.x86_64 #1 SMP Wed Jul 22 12:06:11 EDT 2015 x86_64 x86_64 x86_64 GNU/Linux

cat /proc/version 
Linux version 3.10.0-229.11.1.el7.x86_64 (mockbuild@x86-025.build.eng.bos.redhat.com) (gcc version 4.8.3 20140911 (Red Hat 4.8.3-9) (GCC) ) #1 SMP Wed Jul 22 12:06:11 EDT 2015

Checking the requeriments:

# pip3.6 install -r requirements.txt
Requirement already satisfied: pymongo==3.3.1 in /usr/lib64/python3.6/site-packages (from -r requirements.txt (line 1))
Requirement already satisfied: requests==2.11.1 in /usr/lib/python3.6/site-packages (from -r requirements.txt (line 2))
Requirement already satisfied: python-dateutil==2.6.0 in /usr/lib/python3.6/site-packages (from -r requirements.txt (line 3))
Requirement already satisfied: joblib==0.10.3 in /usr/lib/python3.6/site-packages (from -r requirements.txt (line 4))
Requirement already satisfied: docker-py in /usr/lib/python3.6/site-packages (from -r requirements.txt (line 5))
Requirement already satisfied: Flask==0.11.1 in /usr/lib/python3.6/site-packages (from -r requirements.txt (line 6))
Requirement already satisfied: flask-cors==3.0.2 in /usr/lib64/python3.6/site-packages (from -r requirements.txt (line 7))
Requirement already satisfied: PyYAML==3.12 in /usr/lib64/python3.6/site-packages (from -r requirements.txt (line 8))
Requirement already satisfied: six>=1.5 in /usr/lib/python3.6/site-packages (from python-dateutil==2.6.0->-r requirements.txt (line 3))
Requirement already satisfied: docker-pycreds>=0.2.1 in /usr/lib/python3.6/site-packages (from docker-py->-r requirements.txt (line 5))
Requirement already satisfied: websocket-client>=0.32.0 in /usr/lib/python3.6/site-packages (from docker-py->-r requirements.txt (line 5))
Requirement already satisfied: Werkzeug>=0.7 in /usr/lib/python3.6/site-packages (from Flask==0.11.1->-r requirements.txt (line 6))
Requirement already satisfied: Jinja2>=2.4 in /usr/lib/python3.6/site-packages (from Flask==0.11.1->-r requirements.txt (line 6))
Requirement already satisfied: itsdangerous>=0.21 in /usr/lib/python3.6/site-packages (from Flask==0.11.1->-r requirements.txt (line 6))
Requirement already satisfied: click>=2.0 in /usr/lib/python3.6/site-packages (from Flask==0.11.1->-r requirements.txt (line 6))
Requirement already satisfied: MarkupSafe>=0.23 in /usr/lib/python3.6/site-packages (from Jinja2>=2.4->Flask==0.11.1->-r requirements.txt (line 6)

Checking if i've mongo docker running:

# docker ps -a
CONTAINER ID        IMAGE               COMMAND                  CREATED             STATUS              PORTS                      NAMES
2458d9e7ded9        mongo               "/entrypoint.sh mo..."   22 hours ago        Up 22 hours         0.0.0.0:27017->27017/tcp   eager_goldwasser

then i try to running dadga server:

# python3.6 dagda.py start
<2017-03-22 10:04:35,305> <ERROR> <DagdaServer> <dagda_server> <Linux distribution not supported yet.>
<2017-03-22 10:04:35,305> <WARNING> <DagdaServer> <dagda_server> <Runtime behaviour monitor disabled.>

in both cases (F22 and RHEL7) i run the dkms_autoinstaller command:

• RHEL:

# usr/lib/dkms/dkms_autoinstaller start
dkms: running auto installation service for kernel 3.10.0-229.11.1.el7.x86_64
 Done.

• Fedora:

$ sudo /usr/lib/dkms/dkms_autoinstaller start
dkms: running auto installation service for kernel 4.9.13-201.fc25.x86_64
 Done.

Of course, i cloned with the last changes the project. Thanks in advance Elias.

Regards.