Agent Container libcurl missing

[topt]

Hi,

I used the docker container ghcr.io/openappsec/agent:latest (V 1.0.1)

when I run it, I see an error after the Fog address:

Attaching to open-appsec-agent

open-appsec-agent  | Check Point Nano Agent Version 1.0.1 Install Package
open-appsec-agent  | Verifying archive integrity... All good.
open-appsec-agent  | Uncompressing...
open-appsec-agent  | Fog address='https://inext-agents.cloud.ngen.checkpoint.com'
open-appsec-agent  |   100%    100%  install: cannot stat 'lib/libcurl.so': No such file or directory

and I have problems - I assume the install script was not able to correctly set the Fog address - as in the logfile /var/log/nano_agent/cp-nano-http-transaction-handler.dbg1 I see the following:

| ###] IP address was not found for the given host name. Host: i2-agents.cloud.ngen.checkpoint.com
| ###] Failed to establish connection to the Fog: Failed to establish new connection with: i2-agents.cloud.ngen.checkpoint.com:443
| ###] Failed to connect to the Fog, Address: https://i2-agents.cloud.ngen.checkpoint.com/

this address indeed does not resolve via DNS... ( i get NXDOMAIN)

I assume this is due to the error when trying to set the fog server, because of the missing lib/libcurl.so in the container...

thanks for any help.

[orianelou]

Hey,

Thanks for getting in touch! Could you share the Docker Run command you used? Just a quick reminder, If you've used a token, make sure to keep it masked for security.
Have you also got the attachment container deployed? If not, you can find the steps to set up open-appsec on Docker right here: Open-appsec Docker Deployment Guide.

Looking forward to hearing from you,

Oriane

[topt]

Hi,
thanks for coming back to this.
I use a docker-compose.yaml with the following contents:

---
version: '3.8'

services:
  open-appsec-agent:
    image: ghcr.io/openappsec/agent:latest
    container_name: open-appsec-agent
    ipc: host
    volumes:
      - ./conf:/etc/cp/conf
      - ./data:/etc/cp/data
      - ./logs:/var/log/nano_agent
    command: /cp-nano-agent --token <token from WebUI>
    restart: unless-stopped
    network_mode: host

I then run this e.g. in foreground to see the messages:
docker compose up

this then shows the output like seen above (full again here:)

Attaching to open-appsec-agent
open-appsec-agent  | Check Point Nano Agent Version 1.0.1 Install Package
open-appsec-agent  | Verifying archive integrity... All good.
open-appsec-agent  | Uncompressing...
open-appsec-agent  | Fog address='https://inext-agents.cloud.ngen.checkpoint.com'
open-appsec-agent  |   100%    100%  install: cannot stat 'lib/libcurl.so': No such file or directory
open-appsec-agent  | 
open-appsec-agent  | Starting upgrading of open-appsec Nano Agent [Wed Aug 30 05:48:05 UTC 2023]
open-appsec-agent  | Copying cp-nano-agent binary file to folder: /etc/cp/orchestration/cp-nano-orchestration
open-appsec-agent  | Upgrade completed successfully
open-appsec-agent  | Check Point Attachment Registration Manager Nano Service Version 1.0.1 Install Package
open-appsec-agent  | Verifying archive integrity... All good.
open-appsec-agent  | Uncompressing...
open-appsec-agent  | Starting installation of Check Point Attachment Registrator Nano service [Wed Aug 30 05:48:06 UTC 2023]
open-appsec-agent  | 
open-appsec-agent  | Installation completed successfully.
open-appsec-agent  | Check Point HTTP Transaction Handler Nano Service Version 1.0.1 Install Package
open-appsec-agent  | Verifying archive integrity... All good.
open-appsec-agent  | Uncompressing...
open-appsec-agent  | Starting installation of Check Point HTTP Transaction Handler service [Wed Aug 30 05:48:07 UTC 2023]
open-appsec-agent  | 
open-appsec-agent  | Installation completed successfully.

I use a local (non-docker) nginx and have the module deployed. Although, I did not find out, how the nginx module communicates with the agent... using TCP (what port?) using sockets, other stuff?

Thanks for your help.

[bilbogh]

Thanks for the information. We are looking into the issue and will come back to you.
To your question - communication between the attachment and agent happens via unixsockets and shared memory.

[orianelou]

Hi,

Regarding the libcurl missing warning, we've looked into this, and while this doesn't affect deployment we understand the inconvenience and it will be removed.

As to your installation, while this flow isn't officially supported yet, we have investigated your use case. To deploy open-appsec with an Embedded attachment on a Linux server, please follow these instructions available at: open-appsec Attachment Compilation Instructions.

To verify a successful installation, execute the following command:

cat /etc/nginx/nginx.conf

Inspect the first line of the configuration file for the presence of the following line:

load_module /usr/lib/nginx/modules/ngx_cp_attachment_module.so;

Once the attachment is compiled, you can proceed to map it to the agent container using the following Docker command:

docker run -d --name=agent-container --ipc=host -v /dev/shm/:/dev/shm/:rw -it ghcr.io/openappsec/agent:latest /cp-nano-agent --token <Token> 

Please ensure you replace <Token> with your actual token. And note that including the -v /dev/shm/:/dev/shm/:rw option in the Docker command is crucial as it enables communication between the agent and the Nginx attachment.

Should you encounter any issues or have further questions, please don't hesitate to reach out. We're here to help you with open-appsec.