OWTF should check if postgres is running #311

Closed
DePierre opened this Issue Sep 1, 2014 · 2 comments

Comments

Projects
None yet
3 participants
@DePierre
Contributor

DePierre commented Sep 1, 2014

If the user doesn't have postgres daemon running, OWTF fails like below:

depierre% python owtf.py             

                  __       ___  
                 /\ \__  /'___\ 
  ___   __  __  _\ \ ,_\/\ \__/ 
 / __`\/\ \/\ \/\ \ \ \/\ \ ,__\ 
/\ \_\ \ \ \_/ \_/ \ \ \_\ \ \_/
\ \____/\ \___x___/'\ \__\\ \_\ 
 \/___/  \/__//__/   \/__/ \/_/ 


[-] Aborted by Framework: [DB] (OperationalError) could not connect to server: Connection refused
[-]     Is the server running on host "127.0.0.1" and accepting
[-]     TCP/IP connections on port 5432?
[-]  None None
[-] OWTF :P

OWTF should, at least, check if postegres daemon is running, and at most start it itself. The user should not have to run sudo /etc/init.d/postgresql start by her/himself IMHO.

Thought @tunnelshade?

@DePierre DePierre added the Enhancement label Sep 1, 2014

@7a

This comment has been minimized.

Show comment
Hide comment
@7a

7a Sep 1, 2014

Member

The service command might be a good way to check if:

  1. postgresql is installed
  2. postgressql is running
    These checks should ideally be performed when OWTF starts, I would like to suggest the following
    -perhaps done using python instead of shell scripts, up to you :)-

probably, owtf should be doing something like this on start:

if [ $(whereis postgresql|cut -f2 -d:|wc -c) -lt 3 ]; then # postgresql not installed
    echo "postgresql is not installed, please run the install script on path/to/install/script"
    exit
fi
if [ $(service postgresql status|cut -f2 -d:|wc -c) -lt 3 ]; then # DB down
    echo "DB was doing, starting it ..."
    service postgresql start # Start DB
fi

//service postgresql probably being a config setting?

An approach similar to this would be more user-friendly

afaik, metasploit starts postgresql automatically, so why shouldn't we?
at the very minimum, we should prompt the user to start postgresql for them ;)
i.e. "postgresql does not appear to be running. Press 1 so that we start it for you, or press 2 once you have started it manually" <-- something like this
we need to make the db setup easier, at the installation stage
we can prompt the user for desired password vs. randomly generated one, etc. but we need to make this absolutely as easy as possible
manual instructions are good but users should only have to press a few selections (i.e. choose 1, choose 2, choose 3, type the credentials you want to use or press 4 when you have done that manually) to do that, never navigate the file system, copy this file there, run this by hand, etc.

I want my grandmother to run owtf successfully when she is 100, ok? ;)
additionally some checks like:

  1. is postgresql installed?
  2. is postgresql running?
    Are checks that we should do + prompt the user for action instead of crashing.
    Crashing is not acceptable here (actually, not sure if crashing is ever acceptable ;)), because the average uneducated user will interpret this as "it does not work" + move on, which is something we really do not want ;)
Member

7a commented Sep 1, 2014

The service command might be a good way to check if:

  1. postgresql is installed
  2. postgressql is running
    These checks should ideally be performed when OWTF starts, I would like to suggest the following
    -perhaps done using python instead of shell scripts, up to you :)-

probably, owtf should be doing something like this on start:

if [ $(whereis postgresql|cut -f2 -d:|wc -c) -lt 3 ]; then # postgresql not installed
    echo "postgresql is not installed, please run the install script on path/to/install/script"
    exit
fi
if [ $(service postgresql status|cut -f2 -d:|wc -c) -lt 3 ]; then # DB down
    echo "DB was doing, starting it ..."
    service postgresql start # Start DB
fi

//service postgresql probably being a config setting?

An approach similar to this would be more user-friendly

afaik, metasploit starts postgresql automatically, so why shouldn't we?
at the very minimum, we should prompt the user to start postgresql for them ;)
i.e. "postgresql does not appear to be running. Press 1 so that we start it for you, or press 2 once you have started it manually" <-- something like this
we need to make the db setup easier, at the installation stage
we can prompt the user for desired password vs. randomly generated one, etc. but we need to make this absolutely as easy as possible
manual instructions are good but users should only have to press a few selections (i.e. choose 1, choose 2, choose 3, type the credentials you want to use or press 4 when you have done that manually) to do that, never navigate the file system, copy this file there, run this by hand, etc.

I want my grandmother to run owtf successfully when she is 100, ok? ;)
additionally some checks like:

  1. is postgresql installed?
  2. is postgresql running?
    Are checks that we should do + prompt the user for action instead of crashing.
    Crashing is not acceptable here (actually, not sure if crashing is ever acceptable ;)), because the average uneducated user will interpret this as "it does not work" + move on, which is something we really do not want ;)

@tunnelshade tunnelshade added this to the v1.0 Mega Release milestone Sep 2, 2014

@tunnelshade

This comment has been minimized.

Show comment
Hide comment
@tunnelshade

tunnelshade Oct 20, 2014

Member

Fixed in a414763

Member

tunnelshade commented Oct 20, 2014

Fixed in a414763

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment