Quick Enroll on a Ubuntu 18.04 node does not result in enroll.sh download and install. about osctrl HOT 13 CLOSED

Hi Javier,
Can you please confirm this is still an issue?.

from osctrl.

Hi Avinash,

Thanks for reporting this issue. I have reproduced the problem and I am working on a fix. As soon as it is ready, I will let you know!

from osctrl.

Can you provide also the logs from osqueryd? Just to discard that there is also a certificate verification problem. Thanks!

from osctrl.

I have merged the fix for this problem, can you please confirm it has been resolved? Thanks!

from osctrl.

HI Javier,
Thank you. I just pulled the latest changes and tried the quick enroll after generating certificates in osctrl. I still don't get the enroll script downloaded and running on my client. (I have not installed osqueryd on client). I have provided the curl verbose and osctl logs. I am running the client in a vagrant ubuntu 18.04 VM for testing. Please check.
logs.txt

from osctrl.

Those logs indicate that the service osctrl-tls has not been deployed correctly since it is missing some files:

osctrl-tls          | handlers.go:537: error getting script open scripts/quick-add.sh: no such file or directory

from osctrl.

Hi Javier,
Could you please tell me how I could fix the above issue. Please look at the logs, I find the tls containers created successfully.

osctrl-full-log.txt

I find this in the beginning of the logs, is it related ?
Can't load /home/avinash_kurup/.rnd into RNG
generator:RAND_load_file:Cannot open file:../crypto/rand/randfile.c:88:Filename=/home/avinash_kurup/.rnd

Thanks,
Avinash.

from osctrl.

This seems to be an issue with your system and openssl, and the certificate (as the logs show further down) is not generated so osquery can not talk to osctrl. Check out this issue, it may help you solve this problem: openssl/openssl#7754

from osctrl.

Thanks Javier,
I fixed the above issue, using this. openssl/openssl#7754 (comment)

Now i dont see the error in the logs.
[+] Preparing certificates for osctrl-nginx
[+] Generating deploy/docker/certs/osctrl.key and deploy/docker/certs/osctrl.crt
Generating a RSA private key
........................................+++++
..........................................................+++++
writing new private key to 'deploy/docker/certs/osctrl.key'

Unfortunately, i still see the errors
osctrl-tls | handlers.go:537: error getting script open scripts/quick-add.sh: no such file or directory

and the enroll.sh script does not download and install. I am now testing the client (osquery) on a physical machine. Osquery is installed and running on the machine.
osctrl-full-log.txt

from osctrl.

Just merged a small change to fix the osctrl-tls issue where the template for the quick-enroll script was missing in that container. Please check if that fixed the issue. Thanks!

from osctrl.

Hey Thanks Javier : )
The download and install of quick-enroll agent worked on my vagrant test machine! Will test on the physical system as well.

vagrant@vagrant:~$ curl -sk https://192.168.xx.xxx/osquery-ubuntu-bionic/1c6IA8BJjXefBe88VWsWUR0PE6p/enroll.sh | sh
[+] OS=linux
[+] _SECRET_FILE=/etc/osquery/osctrl-osquery-ubuntu-bionic.secret
[+] _FLAGS=/etc/osquery/osquery.flags
[+] _CERT=/etc/osquery/certs/osctrl-osquery-ubuntu-bionic.crt
[+] IMPORTANT! If osquery is not installed, it will be installed.
[+] [+] osctrl-osquery-ubuntu-bionic needs osquery
[+] Installing osquery for linux
[+] Installing osquery in Linux
[+] DEB based system detected
######################################################################## 100.0%
Selecting previously unselected package osquery.
(Reading database ... 42512 files and directories currently installed.)
Preparing to unpack .../osquery_4.2.0_1.linux.amd64.deb ...
Unpacking osquery (4.2.0-1.linux) ...
Setting up osquery (4.2.0-1.linux) ...
1351
Processing triggers for systemd (237-3ubuntu10.25) ...
Processing triggers for ureadahead (0.100.0-21) ...
[+] Stopping osqueryd
[+] Preparing osquery secret
5zHH-0WuQHNw8gjcSQxYaZ40G7LeqAEWy9c48FzF-ofo82flZhga2AoUjphG5mpKR8JvYnqWx18V2lrfczazPA==
[+] Preparing osquery flags
[+] Preparing osquery certificate
[+] Starting osqueryd
Synchronizing state of osqueryd.service with SysV service script with /lib/systemd/systemd-sysv-install.
Executing: /lib/systemd/systemd-sysv-install enable osqueryd
Created symlink /etc/systemd/system/multi-user.target.wants/osqueryd.service → /usr/lib/systemd/system/osqueryd.service.
[+] Congratulations! The node has been enrolled in osctrl-osquery-ubuntu-bionic
[+] REMINDER! osqueryd has been started and enabled.

Thanks,
Avinash.

from osctrl.

Hi Javier, A related matter to complete the above test. I have created a new environment and have created new certificates for it. The agent is downloaded and installed successfully, however the enrolled node is not shown up in the admin interface. Is there anything I'm missing? The dev environment is showing the nodes created in the ubuntu-vm container created by the make docker_all.

from osctrl.

I would look at the osqueryd logs and see what is happening. It sounds like the certificate could be invalid but better look at the logs to find out what is the problem.

from osctrl.