travisfsmith / sweetsecurity Goto Github PK
View Code? Open in Web Editor NEWNetwork Security Monitoring on Raspberry Pi type devices
License: Apache License 2.0
Network Security Monitoring on Raspberry Pi type devices
License: Apache License 2.0
I executed the ph script an everything worked flawles until the point where installing logstash beginns:
HW: Pi-3 with 32 gig SDHC card
Enter password for Elasticsearch:
Confirm password for Elasticsearch:
Enter Server IP: localhost
Bro already installed...
Installing Logstash
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0curl: (7) Failed to connect to localhost port 9201: Connection refused
Error: Waiting for Elasticsearch to start...try 1 of 10
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0curl: (7) Failed to connect to localhost port 9201: Connection refused
Error: Waiting for Elasticsearch to start...try 2 of 10
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0curl: (7) Failed to connect to localhost port 9201: Connection refused
Error: Waiting for Elasticsearch to start...try 3 of 10
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0curl: (7) Failed to connect to localhost port 9201: Connection refused
Error: Waiting for Elasticsearch to start...try 4 of 10
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0curl: (7) Failed to connect to localhost port 9201: Connection refused
Error: Waiting for Elasticsearch to start...try 5 of 10
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0curl: (7) Failed to connect to localhost port 9201: Connection refused
Error: Waiting for Elasticsearch to start...try 6 of 10
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0curl: (7) Failed to connect to localhost port 9201: Connection refused
Error: Waiting for Elasticsearch to start...try 7 of 10
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0curl: (7) Failed to connect to localhost port 9201: Connection refused
Error: Waiting for Elasticsearch to start...try 8 of 10
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0curl: (7) Failed to connect to localhost port 9201: Connection refused
Error: Waiting for Elasticsearch to start...try 9 of 10
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0curl: (7) Failed to connect to localhost port 9201: Connection refused
Error: Waiting for Elasticsearch to start...try 10 of 10
Unable to connect to Elasticsearch
Is it not correct to put localhost into the servers IP ? I tried it with the pis staic Ip and with 127.0.0.1 which is local host and only getting "connection refused".
Im out of ideas.
Best regards Razzor
Unable to start the kibana service after running SweetSecurity script
sudo service kibana start
Job for kibana.service failed. See 'systemctl status kibana.service' and 'journalctl -xn' for details.
systemctl status kibana.service
kibana.service - LSB: start and stop kibana
Loaded: loaded (/etc/init.d/kibana)
Active: failed (Result: exit-code) since Fri 2016-04-08 05:49:46 UTC; 37s ago
Process: 26845 ExecStart=/etc/init.d/kibana start (code=exited, status=2)
Any idea why the node.cfg is not getting built?
Traceback (most recent call last):
File "setup.py", line 257, in
bro.install(chosenInterface, esServer)
File "/home/pi/Repos/SweetSecurity/install/bro.py", line 45, in install
shutil.move('/opt/nsm/bro/etc/node.cfg','/opt/nsm/bro/etc/node.orig')
File "/usr/lib/python2.7/shutil.py", line 302, in move
copy2(src, real_dst)
File "/usr/lib/python2.7/shutil.py", line 130, in copy2
copyfile(src, dst)
File "/usr/lib/python2.7/shutil.py", line 82, in copyfile
with open(src, 'rb') as fsrc:
IOError: [Errno 2] No such file or directory: '/opt/nsm/bro/etc/node.cfg'
In line #74 we do:
sudo cp SweetSecurity/logstash.conf /etc/logstash/conf.d
However, later in #105 we do:
sudo sed -i -- "s/SMTP_HOST/"$smtpHost"/g" /opt/logstash/logstash.conf
but the logstash.conf file was copied into the /etc/logstash/conf.d directory and not the /opt/logstash directory.
Starting Kibana
Importing Kibana Index Patterns
Importing /home/user/sweetsecurity/kibana/patterns/sweet_security_alerts.json
Traceback (most recent call last):
File "setup.py", line 220, in
kibana.install(chosenInterfaceIP)
File "/home/user/sweetsecurity/install/kibana.py", line 85, in install
importIndexMapping(os.path.join(patternPath, file))
File "/home/user/sweetsecurity/install/kibana.py", line 117, in importIndexMapping
from elasticsearch import Elasticsearch
File "/usr/local/lib/python2.7/dist-packages/elasticsearch/init.py", line 17, in
from .client import Elasticsearch
File "/usr/local/lib/python2.7/dist-packages/elasticsearch/client/init.py", line 4, in
from ..transport import Transport
File "/usr/local/lib/python2.7/dist-packages/elasticsearch/transport.py", line 4, in
from .connection import Urllib3HttpConnection
File "/usr/local/lib/python2.7/dist-packages/elasticsearch/connection/init.py", line 2, in
from .http_requests import RequestsHttpConnection
File "/usr/local/lib/python2.7/dist-packages/elasticsearch/connection/http_requests.py", line 4, in
import requests
File "/usr/lib/python2.7/dist-packages/requests/init.py", line 68, in
_attach_namespace(urllib3, 'requests.packages')
File "/usr/lib/python2.7/dist-packages/requests/init.py", line 63, in _attach_namespace
module = import(name)
File "/usr/lib/python2.7/dist-packages/urllib3/contrib/pyopenssl.py", line 55, in
import OpenSSL.SSL
File "/usr/local/lib/python2.7/dist-packages/OpenSSL/init.py", line 8, in
from OpenSSL import rand, crypto, SSL
File "/usr/local/lib/python2.7/dist-packages/OpenSSL/rand.py", line 10, in
from OpenSSL._util import (
File "/usr/local/lib/python2.7/dist-packages/OpenSSL/_util.py", line 18, in
no_zero_allocator = ffi.new_allocator(should_clear_after_alloc=False)
AttributeError: 'FFI' object has no attribute 'new_allocator'
Trying to add the baslines dashboards:
and I have received the following error:
Saved Objects: Importing Baselines - Top 20 Websites Visited (657f7df0-7161-11e7-8ed1-ebea83d7be07) failed: Could not locate that index-pattern (id: tardis)
Saved Objects: Importing logstash_deviceScanned (3efb7ac0-2153-11e7-9cc9-d548f0e513c4) failed: Could not locate that index-pattern (id: logstash-*)
and
Saved Objects: Importing Baselines - Top 20 IP Addresses (2ada85a0-7161-11e7-8ed1-ebea83d7be07) failed: Importing Baselines - Top 20 DNS Queries (5a7ce370-7161-11e7-8ed1-ebea83d7be07) failed: Importing Baselines - Top 20 Websites Visited …
just started on Sweet Security so please be kind if this is a noob error
I've been trying to get this to work over the last several days but the closest I get is having the apache server return a 500 error after I log in using the credentials I chose. Has anyone else gotten this issue before? I followed all the instructions I believe exactly. Is there something simple I am missing? Thanks
Hi sir,
then i install the server by "sudo python setup.py". it always blocking in "Waiting for Elasticsearch to start..." as below.
i do not know how to do the next? how to start Elasticsearch? it has been installed?
thanks
Elasticsearch already installed
Creating elasticsearch credentials
Kibana already installed
Importing Kibana Index Patterns
Importing /root/Documents/github/SweetSecurity/kibana/patterns/logstash.json
Importing /root/Documents/github/SweetSecurity/kibana/patterns/sweet_security_alerts.json
Importing /root/Documents/github/SweetSecurity/kibana/patterns/sweet_security.json
Importing /root/Documents/github/SweetSecurity/kibana/patterns/tardis.json
Importing Dashboards
Importing /root/Documents/github/SweetSecurity/kibana/dashboards/geoip.json
Importing /root/Documents/github/SweetSecurity/kibana/dashboards/SweetSecurityAlerts.json
Importing /root/Documents/github/SweetSecurity/kibana/dashboards/logstash.json
Importing /root/Documents/github/SweetSecurity/kibana/dashboards/sweet_security.json
Importing /root/Documents/github/SweetSecurity/kibana/dashboards/baselines.json
Waiting for Elasticsearch to start...
Waiting for Elasticsearch to start...
good day
I am having trouble with your sweetdecurity.sh script. below is the output. I have installed node 4.X myself and I have chmoded +x all files related and still rx the output below. I have run the script twice now and each time the script runs like 4 hours. please advise before my next attempt.
(Reading database ... 128540 files and directories currently installed.)
Preparing to unpack node_latest_armhf.deb ...
Unpacking node (4.2.1-1) ...
Setting up node (4.2.1-1) ...
Processing triggers for man-db (2.7.0.2-5) ...
cp: cannot stat ‘SweetSecurity/init.d/kibana’: No such file or directory
chmod: cannot access ‘/etc/init.d/kibana’: No such file or directory
update-rc.d: error: initscript does not exist: /etc/init.d/kibana
mkdir: cannot create directory ‘/opt/SweetSecurity’: File exists
cp: cannot stat ‘SweetSecurity/pullMaliciousIP.py’: No such file or directory
cp: cannot stat ‘SweetSecurity/pullTorIP.py’: No such file or directory
python: can't open file '/opt/SweetSecurity/pullTorIP.py': [Errno 2] No such file or directory
python: can't open file '/opt/SweetSecurity/pullMaliciousIP.py': [Errno 2] No such file or directory
cp: cannot stat ‘SweetSecurity/networkDiscovery.py’: No such file or directory
cp: cannot stat ‘SweetSecurity/SweetSecurityDB.py’: No such file or directory
sed: can't read /opt/SweetSecurity/networkDiscovery.py: No such file or directory
sed: can't read /opt/SweetSecurity/networkDiscovery.py: No such file or directory
sed: can't read /opt/SweetSecurity/networkDiscovery.py: No such file or directory
sed: can't read /opt/SweetSecurity/networkDiscovery.py: No such file or directory
root@raspberrypi:/home/pi/Downloads/SweetSecurity# cd SweetSecurity/in
init.d/ installOpenVas.sh
root@raspberrypi:/home/pi/Downloads/SweetSecurity# cd SweetSecurity/init.d/
root@raspberrypi:/home/pi/Downloads/SweetSecurity/SweetSecurity/init.d# ls
kibana logstash
root@raspberrypi:/home/pi/Downloads/SweetSecurity/SweetSecurity/init.d# chmod +x kibana
root@raspberrypi:/home/pi/Downloads/SweetSecurity/SweetSecurity/init.d# ./kibana
./kibana: 20: .: Can't open /etc/init.d/functions
root@raspberrypi:/home/pi/Downloads/SweetSecurity/SweetSecurity/init.d# ls -la
Now that have it all installed I can't figure out how to look at logs, or start ELK so I can see anything, not sure where to start. I looked in the install file to see if anything was in there but no luck.
Hi,
The installation was sucessful, but when i go to Kibana I have this warning :
Warning No default index pattern. You must select or create one to continue.
Is there any patten we have to put ?
Thanks
Is this site still a thing? I went ahead and clicked yes to connect to https://filechck.io and it never comes up. I feel like I'm doing something wrong.
Travis,
this is good stuff. I am trying to install all components on a tinker board but I'm getting an error. I am using the latest debian OS for the tinker (2.0.3) and it seems pretty standard. I have put a big sd card on this thing and wanted to see how it did in a home. It gave me an excuse to buy one :-) but not working. thoughts?
File "setup.py", line 257, in <module>
bro.install(chosenInterface, esServer)
File "/home/linaro/sweetsecurity/install/bro.py", line 45, in install
shutil.move('/opt/nsm/bro/etc/node.cfg','/opt/nsm/bro/etc/node.orig')
File "/usr/lib/python2.7/shutil.py", line 302, in move
copy2(src, real_dst)
File "/usr/lib/python2.7/shutil.py", line 130, in copy2
copyfile(src, dst)
File "/usr/lib/python2.7/shutil.py", line 82, in copyfile
with open(src, 'rb') as fsrc:
IOError: [Errno 2] No such file or directory: '/opt/nsm/bro/etc/node.cfg'
for the life of me i cant figure out how to get this resolved and unfortunately cant copy text from this environment.
Basically i'm running this up as a web-server only, on Deb Jessie.
Key error i receive now is a TIMEOUT connecting to localhost:9200 when importing the Patterns.
i've tried;
Anyone have any other ideas?
Hello
what a wonderfull idea SweetSecurity
however ...
i wish you the best :)
Not sure where the issue is. I tried some of the fixes recommended before but they dont seem to help me.
sudo /usr/share/logstash/bin/logstash -f /etc/logstash/conf.d/logstash.conf -t output provides
pi@raspberrypi:~ $ sudo /usr/share/logstash/bin/logstash -f /etc/logstash/conf.d/logstash.conf -t
io/console on JRuby shells out to stty for most operations
ERROR StatusLogger No log4j2 configuration file found. Using default configuration: logging only errors to the console.
WARNING: Could not find logstash.yml which is typically located in $LS_HOME/config or /etc/logstash. You can specify the path using --path.settings. Continuing using the defaults
Could not find log4j2 configuration at path //usr/share/logstash/config/log4j2.properties. Using default config which logs to console
17:00:01.029 [main] INFO logstash.setting.writabledirectory - Creating directory {:setting=>"path.queue", :path=>"/usr/share/logstash/data/queue"}
17:00:01.066 [main] INFO logstash.setting.writabledirectory - Creating directory {:setting=>"path.dead_letter_queue", :path=>"/usr/share/logstash/data/dead_letter_queue"}
LoadError: Could not load FFI Provider: (NotImplementedError) FFI not available: java.lang.UnsatisfiedLinkError: /tmp/jffi5719152108522271658.so: /tmp/jffi5719152108522271658.so: cannot open shared object file: No such file or directory
at java.lang.ClassLoader$NativeLibrary.load(Native Method)
at java.lang.ClassLoader.loadLibrary0(ClassLoader.java:1941)
at java.lang.ClassLoader.loadLibrary(ClassLoader.java:1824)
at java.lang.Runtime.load0(Runtime.java:809)
at java.lang.System.load(System.java:1086)
at com.kenai.jffi.internal.StubLoader.loadFromJar(StubLoader.java:367)
at com.kenai.jffi.internal.StubLoader.load(StubLoader.java:254)
at com.kenai.jffi.internal.StubLoader.<clinit>(StubLoader.java:440)
at java.lang.Class.forName0(Native Method)
at java.lang.Class.forName(Class.java:348)
at com.kenai.jffi.Init.load(Init.java:68)
at com.kenai.jffi.Foreign$InstanceHolder.getInstanceHolder(Foreign.java:49)
at com.kenai.jffi.Foreign$InstanceHolder.<clinit>(Foreign.java:45)
at com.kenai.jffi.Foreign.getInstance(Foreign.java:103)
at com.kenai.jffi.Platform.isSupported(Platform.java:370)
at org.jruby.ext.ffi.jffi.Factory.<init>(Factory.java:16)
at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
at sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:62)
at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:45)
at java.lang.reflect.Constructor.newInstance(Constructor.java:423)
at java.lang.Class.newInstance(Class.java:442)
at org.jruby.ext.ffi.Factory$SingletonHolder.getInstance(Factory.java:60)
at org.jruby.ext.ffi.Factory$SingletonHolder.<clinit>(Factory.java:45)
at org.jruby.ext.ffi.Factory.getInstance(Factory.java:88)
at org.jruby.ext.ffi.FFIService.load(FFIService.java:47)
at org.jruby.runtime.load.LoadService.reflectedLoad(LoadService.java:598)
at org.jruby.ext.LateLoadingLibrary.load(LateLoadingLibrary.java:48)
at org.jruby.runtime.load.LibrarySearcher$FoundLibrary.load(LibrarySearcher.java:51)
at org.jruby.runtime.load.LoadService.tryLoadingLibraryOrScript(LoadService.java:892)
at org.jruby.runtime.load.LoadService.requireCommon(LoadService.java:465)
at org.jruby.runtime.load.LoadService.require(LoadService.java:414)
at org.jruby.RubyKernel.requireCommon(RubyKernel.java:1047)
at org.jruby.RubyKernel.require19(RubyKernel.java:1040)
at org.jruby.RubyKernel$INVOKER$s$1$0$require19.call(RubyKernel$INVOKER$s$1$0$require19.gen)
at org.jruby.internal.runtime.methods.JavaMethod$JavaMethodOneOrNBlock.call(JavaMethod.java:350)
at org.jruby.runtime.callsite.CachingCallSite.cacheAndCall(CachingCallSite.java:326)
at org.jruby.runtime.callsite.CachingCallSite.call(CachingCallSite.java:170)
at org.jruby.ast.FCallOneArgNode.interpret(FCallOneArgNode.java:36)
at org.jruby.ast.NewlineNode.interpret(NewlineNode.java:105)
at org.jruby.ast.BlockNode.interpret(BlockNode.java:71)
at org.jruby.ast.RootNode.interpret(RootNode.java:129)
at org.jruby.evaluator.ASTInterpreter.INTERPRET_ROOT(ASTInterpreter.java:121)
at org.jruby.Ruby.runInterpreter(Ruby.java:884)
at org.jruby.Ruby.loadFile(Ruby.java:2837)
at org.jruby.runtime.load.LibrarySearcher$ResourceLibrary.loadScript(LibrarySearcher.java:264)
at org.jruby.runtime.load.LibrarySearcher$ResourceLibrary.load(LibrarySearcher.java:252)
at org.jruby.runtime.load.LibrarySearcher$FoundLibrary.load(LibrarySearcher.java:51)
at org.jruby.runtime.load.LoadService.tryLoadingLibraryOrScript(LoadService.java:892)
at org.jruby.runtime.load.LoadService.requireCommon(LoadService.java:465)
at org.jruby.runtime.load.LoadService.require(LoadService.java:414)
at org.jruby.RubyKernel.requireCommon(RubyKernel.java:1047)
at org.jruby.RubyKernel.require19(RubyKernel.java:1040)
at org.jruby.RubyKernel$INVOKER$s$1$0$require19.call(RubyKernel$INVOKER$s$1$0$require19.gen)
at org.jruby.internal.runtime.methods.JavaMethod$JavaMethodOneOrNBlock.call(JavaMethod.java:350)
at org.jruby.runtime.callsite.CachingCallSite.cacheAndCall(CachingCallSite.java:326)
at org.jruby.runtime.callsite.CachingCallSite.call(CachingCallSite.java:170)
at org.jruby.ast.FCallOneArgNode.interpret(FCallOneArgNode.java:36)
at org.jruby.ast.NewlineNode.interpret(NewlineNode.java:105)
at org.jruby.ast.RootNode.interpret(RootNode.java:129)
at org.jruby.evaluator.ASTInterpreter.INTERPRET_ROOT(ASTInterpreter.java:121)
at org.jruby.Ruby.runInterpreter(Ruby.java:884)
at org.jruby.Ruby.loadFile(Ruby.java:2837)
at org.jruby.runtime.load.LibrarySearcher$ResourceLibrary.loadScript(LibrarySearcher.java:264)
at org.jruby.runtime.load.LibrarySearcher$ResourceLibrary.load(LibrarySearcher.java:252)
at org.jruby.runtime.load.LibrarySearcher$FoundLibrary.load(LibrarySearcher.java:51)
at org.jruby.runtime.load.LoadService.tryLoadingLibraryOrScript(LoadService.java:892)
at org.jruby.runtime.load.LoadService.requireCommon(LoadService.java:465)
at org.jruby.runtime.load.LoadService.require(LoadService.java:414)
at org.jruby.RubyKernel.requireCommon(RubyKernel.java:1047)
at org.jruby.RubyKernel.require19(RubyKernel.java:1040)
at org.jruby.RubyKernel$INVOKER$s$1$0$require19.call(RubyKernel$INVOKER$s$1$0$require19.gen)
at org.jruby.internal.runtime.methods.JavaMethod$JavaMethodOneOrNBlock.call(JavaMethod.java:350)
at org.jruby.runtime.callsite.CachingCallSite.cacheAndCall(CachingCallSite.java:326)
at org.jruby.runtime.callsite.CachingCallSite.call(CachingCallSite.java:170)
at org.jruby.ast.FCallOneArgNode.interpret(FCallOneArgNode.java:36)
at org.jruby.ast.NewlineNode.interpret(NewlineNode.java:105)
at org.jruby.ast.BlockNode.interpret(BlockNode.java:71)
at org.jruby.ast.RootNode.interpret(RootNode.java:129)
at org.jruby.evaluator.ASTInterpreter.INTERPRET_ROOT(ASTInterpreter.java:121)
at org.jruby.Ruby.runInterpreter(Ruby.java:884)
at org.jruby.Ruby.loadFile(Ruby.java:2837)
at org.jruby.runtime.load.LibrarySearcher$ResourceLibrary.loadScript(LibrarySearcher.java:264)
at org.jruby.runtime.load.LibrarySearcher$ResourceLibrary.load(LibrarySearcher.java:252)
at org.jruby.runtime.load.LibrarySearcher$FoundLibrary.load(LibrarySearcher.java:51)
at org.jruby.runtime.load.LoadService.tryLoadingLibraryOrScript(LoadService.java:892)
at org.jruby.runtime.load.LoadService.requireCommon(LoadService.java:465)
at org.jruby.runtime.load.LoadService.require(LoadService.java:414)
at org.jruby.RubyKernel.requireCommon(RubyKernel.java:1047)
at org.jruby.RubyKernel.require19(RubyKernel.java:1040)
at org.jruby.RubyKernel$INVOKER$s$1$0$require19.call(RubyKernel$INVOKER$s$1$0$require19.gen)
at org.jruby.internal.runtime.methods.JavaMethod$JavaMethodOneOrNBlock.call(JavaMethod.java:350)
at org.jruby.runtime.callsite.CachingCallSite.cacheAndCall(CachingCallSite.java:326)
at org.jruby.runtime.callsite.CachingCallSite.call(CachingCallSite.java:170)
at org.jruby.ast.FCallOneArgNode.interpret(FCallOneArgNode.java:36)
at org.jruby.ast.NewlineNode.interpret(NewlineNode.java:105)
at org.jruby.ast.WhenOneArgNode.whenSlowTest(WhenOneArgNode.java:36)
at org.jruby.ast.WhenOneArgNode.when(WhenOneArgNode.java:46)
at org.jruby.ast.CaseNode.interpret(CaseNode.java:133)
at org.jruby.ast.NewlineNode.interpret(NewlineNode.java:105)
at org.jruby.ast.BlockNode.interpret(BlockNode.java:71)
at org.jruby.ast.RootNode.interpret(RootNode.java:129)
at org.jruby.evaluator.ASTInterpreter.INTERPRET_ROOT(ASTInterpreter.java:121)
at org.jruby.Ruby.runInterpreter(Ruby.java:884)
at org.jruby.Ruby.loadFile(Ruby.java:2837)
at org.jruby.runtime.load.LibrarySearcher$ResourceLibrary.loadScript(LibrarySearcher.java:264)
at org.jruby.runtime.load.LibrarySearcher$ResourceLibrary.load(LibrarySearcher.java:252)
at org.jruby.runtime.load.LibrarySearcher$FoundLibrary.load(LibrarySearcher.java:51)
at org.jruby.runtime.load.LoadService.tryLoadingLibraryOrScript(LoadService.java:892)
at org.jruby.runtime.load.LoadService.requireCommon(LoadService.java:465)
at org.jruby.runtime.load.LoadService.require(LoadService.java:414)
at org.jruby.RubyKernel.requireCommon(RubyKernel.java:1047)
at org.jruby.RubyKernel.require19(RubyKernel.java:1040)
at org.jruby.RubyKernel$INVOKER$s$1$0$require19.call(RubyKernel$INVOKER$s$1$0$require19.gen)
at org.jruby.internal.runtime.methods.JavaMethod$JavaMethodOneOrNBlock.call(JavaMethod.java:350)
at org.jruby.runtime.callsite.CachingCallSite.cacheAndCall(CachingCallSite.java:326)
at org.jruby.runtime.callsite.CachingCallSite.call(CachingCallSite.java:170)
at org.jruby.ast.FCallOneArgNode.interpret(FCallOneArgNode.java:36)
at org.jruby.ast.NewlineNode.interpret(NewlineNode.java:105)
at org.jruby.ast.BlockNode.interpret(BlockNode.java:71)
at org.jruby.ast.RescueNode.executeBody(RescueNode.java:221)
at org.jruby.ast.RescueNode.interpret(RescueNode.java:116)
at org.jruby.ast.BeginNode.interpret(BeginNode.java:83)
at org.jruby.ast.NewlineNode.interpret(NewlineNode.java:105)
at org.jruby.ast.IfNode.interpret(IfNode.java:116)
at org.jruby.ast.NewlineNode.interpret(NewlineNode.java:105)
at org.jruby.ast.BlockNode.interpret(BlockNode.java:71)
at org.jruby.ast.IfNode.interpret(IfNode.java:118)
at org.jruby.ast.NewlineNode.interpret(NewlineNode.java:105)
at org.jruby.ast.BlockNode.interpret(BlockNode.java:71)
at org.jruby.ast.RootNode.interpret(RootNode.java:129)
at org.jruby.evaluator.ASTInterpreter.INTERPRET_ROOT(ASTInterpreter.java:121)
at org.jruby.Ruby.runInterpreter(Ruby.java:884)
at org.jruby.Ruby.loadFile(Ruby.java:2837)
at org.jruby.runtime.load.LibrarySearcher$ResourceLibrary.loadScript(LibrarySearcher.java:264)
at org.jruby.runtime.load.LibrarySearcher$ResourceLibrary.load(LibrarySearcher.java:252)
at org.jruby.runtime.load.LibrarySearcher$FoundLibrary.load(LibrarySearcher.java:51)
at org.jruby.runtime.load.LoadService.tryLoadingLibraryOrScript(LoadService.java:892)
at org.jruby.runtime.load.LoadService.requireCommon(LoadService.java:465)
at org.jruby.runtime.load.LoadService.require(LoadService.java:414)
at org.jruby.RubyKernel.requireCommon(RubyKernel.java:1047)
at org.jruby.RubyKernel.require19(RubyKernel.java:1040)
at org.jruby.RubyKernel$INVOKER$s$1$0$require19.call(RubyKernel$INVOKER$s$1$0$require19.gen)
at org.jruby.internal.runtime.methods.JavaMethod$JavaMethodOneOrNBlock.call(JavaMethod.java:350)
at org.jruby.runtime.callsite.CachingCallSite.cacheAndCall(CachingCallSite.java:326)
at org.jruby.runtime.callsite.CachingCallSite.call(CachingCallSite.java:170)
at org.jruby.ast.FCallOneArgNode.interpret(FCallOneArgNode.java:36)
at org.jruby.ast.NewlineNode.interpret(NewlineNode.java:105)
at org.jruby.ast.RescueNode.executeBody(RescueNode.java:221)
at org.jruby.ast.RescueNode.interpret(RescueNode.java:116)
at org.jruby.ast.BeginNode.interpret(BeginNode.java:83)
at org.jruby.ast.NewlineNode.interpret(NewlineNode.java:105)
at org.jruby.ast.BlockNode.interpret(BlockNode.java:71)
at org.jruby.ast.RootNode.interpret(RootNode.java:129)
at org.jruby.evaluator.ASTInterpreter.INTERPRET_ROOT(ASTInterpreter.java:121)
at org.jruby.Ruby.runInterpreter(Ruby.java:884)
at org.jruby.Ruby.loadFile(Ruby.java:2837)
at org.jruby.runtime.load.LibrarySearcher$ResourceLibrary.loadScript(LibrarySearcher.java:264)
at org.jruby.runtime.load.LibrarySearcher$ResourceLibrary.load(LibrarySearcher.java:252)
at org.jruby.runtime.load.LibrarySearcher$FoundLibrary.load(LibrarySearcher.java:51)
at org.jruby.runtime.load.LoadService.tryLoadingLibraryOrScript(LoadService.java:892)
at org.jruby.runtime.load.LoadService.requireCommon(LoadService.java:465)
at org.jruby.runtime.load.LoadService.require(LoadService.java:414)
at org.jruby.RubyKernel.requireCommon(RubyKernel.java:1047)
at org.jruby.RubyKernel.require19(RubyKernel.java:1040)
at org.jruby.RubyKernel$INVOKER$s$1$0$require19.call(RubyKernel$INVOKER$s$1$0$require19.gen)
at org.jruby.internal.runtime.methods.JavaMethod$JavaMethodOneOrNBlock.call(JavaMethod.java:350)
at org.jruby.runtime.callsite.CachingCallSite.cacheAndCall(CachingCallSite.java:326)
at org.jruby.runtime.callsite.CachingCallSite.call(CachingCallSite.java:170)
at org.jruby.ast.FCallOneArgNode.interpret(FCallOneArgNode.java:36)
at org.jruby.ast.NewlineNode.interpret(NewlineNode.java:105)
at org.jruby.ast.BlockNode.interpret(BlockNode.java:71)
at org.jruby.ast.RootNode.interpret(RootNode.java:129)
at org.jruby.evaluator.ASTInterpreter.INTERPRET_ROOT(ASTInterpreter.java:121)
at org.jruby.Ruby.runInterpreter(Ruby.java:884)
at org.jruby.Ruby.loadFile(Ruby.java:2837)
at org.jruby.runtime.load.LibrarySearcher$ResourceLibrary.loadScript(LibrarySearcher.java:264)
at org.jruby.runtime.load.LibrarySearcher$ResourceLibrary.load(LibrarySearcher.java:252)
at org.jruby.runtime.load.LibrarySearcher$FoundLibrary.load(LibrarySearcher.java:51)
at org.jruby.runtime.load.LoadService.tryLoadingLibraryOrScript(LoadService.java:892)
at org.jruby.runtime.load.LoadService.requireCommon(LoadService.java:465)
at org.jruby.runtime.load.LoadService.require(LoadService.java:414)
at org.jruby.RubyKernel.requireCommon(RubyKernel.java:1047)
at org.jruby.RubyKernel.require19(RubyKernel.java:1040)
at org.jruby.RubyKernel$INVOKER$s$1$0$require19.call(RubyKernel$INVOKER$s$1$0$require19.gen)
at org.jruby.internal.runtime.methods.JavaMethod$JavaMethodOneOrNBlock.call(JavaMethod.java:350)
at org.jruby.runtime.callsite.CachingCallSite.cacheAndCall(CachingCallSite.java:326)
at org.jruby.runtime.callsite.CachingCallSite.call(CachingCallSite.java:170)
at org.jruby.ast.FCallOneArgNode.interpret(FCallOneArgNode.java:36)
at org.jruby.ast.NewlineNode.interpret(NewlineNode.java:105)
at org.jruby.ast.BlockNode.interpret(BlockNode.java:71)
at org.jruby.ast.RootNode.interpret(RootNode.java:129)
at org.jruby.evaluator.ASTInterpreter.INTERPRET_ROOT(ASTInterpreter.java:121)
at org.jruby.Ruby.runInterpreter(Ruby.java:884)
at org.jruby.Ruby.loadFile(Ruby.java:2837)
at org.jruby.runtime.load.LibrarySearcher$ResourceLibrary.loadScript(LibrarySearcher.java:264)
at org.jruby.runtime.load.LibrarySearcher$ResourceLibrary.load(LibrarySearcher.java:252)
at org.jruby.runtime.load.LibrarySearcher$FoundLibrary.load(LibrarySearcher.java:51)
at org.jruby.runtime.load.LoadService.tryLoadingLibraryOrScript(LoadService.java:892)
at org.jruby.runtime.load.LoadService.requireCommon(LoadService.java:465)
at org.jruby.runtime.load.LoadService.require(LoadService.java:414)
at org.jruby.RubyKernel.requireCommon(RubyKernel.java:1047)
at org.jruby.RubyKernel.require19(RubyKernel.java:1040)
at org.jruby.RubyKernel$INVOKER$s$1$0$require19.call(RubyKernel$INVOKER$s$1$0$require19.gen)
at org.jruby.internal.runtime.methods.JavaMethod$JavaMethodOneOrNBlock.call(JavaMethod.java:350)
at org.jruby.runtime.callsite.CachingCallSite.cacheAndCall(CachingCallSite.java:326)
at org.jruby.runtime.callsite.CachingCallSite.call(CachingCallSite.java:170)
at org.jruby.ast.FCallOneArgNode.interpret(FCallOneArgNode.java:36)
at org.jruby.ast.NewlineNode.interpret(NewlineNode.java:105)
at org.jruby.ast.RescueNode.executeBody(RescueNode.java:221)
at org.jruby.ast.RescueNode.interpret(RescueNode.java:116)
at org.jruby.ast.BeginNode.interpret(BeginNode.java:83)
at org.jruby.ast.NewlineNode.interpret(NewlineNode.java:105)
at org.jruby.ast.IfNode.interpret(IfNode.java:116)
at org.jruby.ast.NewlineNode.interpret(NewlineNode.java:105)
at org.jruby.ast.BlockNode.interpret(BlockNode.java:71)
at org.jruby.ast.IfNode.interpret(IfNode.java:118)
at org.jruby.ast.NewlineNode.interpret(NewlineNode.java:105)
at org.jruby.ast.BlockNode.interpret(BlockNode.java:71)
at org.jruby.ast.RootNode.interpret(RootNode.java:129)
at org.jruby.evaluator.ASTInterpreter.INTERPRET_ROOT(ASTInterpreter.java:121)
at org.jruby.Ruby.runInterpreter(Ruby.java:884)
at org.jruby.Ruby.loadFile(Ruby.java:2837)
at org.jruby.runtime.load.LibrarySearcher$ResourceLibrary.loadScript(LibrarySearcher.java:264)
at org.jruby.runtime.load.LibrarySearcher$ResourceLibrary.load(LibrarySearcher.java:252)
at org.jruby.runtime.load.LibrarySearcher$FoundLibrary.load(LibrarySearcher.java:51)
at org.jruby.runtime.load.LoadService.tryLoadingLibraryOrScript(LoadService.java:892)
at org.jruby.runtime.load.LoadService.requireCommon(LoadService.java:465)
at org.jruby.runtime.load.LoadService.require(LoadService.java:414)
at org.jruby.RubyKernel.requireCommon(RubyKernel.java:1047)
at org.jruby.RubyKernel.require19(RubyKernel.java:1040)
at org.jruby.RubyKernel$INVOKER$s$1$0$require19.call(RubyKernel$INVOKER$s$1$0$require19.gen)
at org.jruby.internal.runtime.methods.JavaMethod$JavaMethodOneOrNBlock.call(JavaMethod.java:350)
at org.jruby.runtime.callsite.CachingCallSite.cacheAndCall(CachingCallSite.java:326)
at org.jruby.runtime.callsite.CachingCallSite.call(CachingCallSite.java:170)
at org.jruby.ast.FCallOneArgNode.interpret(FCallOneArgNode.java:36)
at org.jruby.ast.NewlineNode.interpret(NewlineNode.java:105)
at org.jruby.ast.RescueNode.executeBody(RescueNode.java:221)
at org.jruby.ast.RescueNode.interpret(RescueNode.java:116)
at org.jruby.ast.BeginNode.interpret(BeginNode.java:83)
at org.jruby.ast.NewlineNode.interpret(NewlineNode.java:105)
at org.jruby.ast.RootNode.interpret(RootNode.java:129)
at org.jruby.evaluator.ASTInterpreter.INTERPRET_ROOT(ASTInterpreter.java:121)
at org.jruby.Ruby.runInterpreter(Ruby.java:884)
at org.jruby.Ruby.loadFile(Ruby.java:2837)
at org.jruby.runtime.load.ExternalScript.load(ExternalScript.java:66)
at org.jruby.runtime.load.LoadService.load(LoadService.java:358)
at org.jruby.RubyKernel.loadCommon(RubyKernel.java:1067)
at org.jruby.RubyKernel.load19(RubyKernel.java:1059)
at org.jruby.RubyKernel$INVOKER$s$0$1$load19.call(RubyKernel$INVOKER$s$0$1$load19.gen)
at org.jruby.internal.runtime.methods.DynamicMethod.call(DynamicMethod.java:210)
at org.jruby.internal.runtime.methods.DynamicMethod.call(DynamicMethod.java:206)
at org.jruby.runtime.callsite.CachingCallSite.cacheAndCall(CachingCallSite.java:326)
at org.jruby.runtime.callsite.CachingCallSite.call(CachingCallSite.java:170)
at org.jruby.ast.FCallOneArgNode.interpret(FCallOneArgNode.java:36)
at org.jruby.ast.IfNode.interpret(IfNode.java:118)
at org.jruby.ast.NewlineNode.interpret(NewlineNode.java:105)
at org.jruby.ast.BlockNode.interpret(BlockNode.java:71)
at org.jruby.ast.RootNode.interpret(RootNode.java:129)
at org.jruby.evaluator.ASTInterpreter.INTERPRET_ROOT(ASTInterpreter.java:121)
at org.jruby.Ruby.runInterpreter(Ruby.java:884)
at org.jruby.Ruby.loadFile(Ruby.java:2837)
at org.jruby.runtime.load.ExternalScript.load(ExternalScript.java:66)
at org.jruby.runtime.load.LoadService.loadFromClassLoader(LoadService.java:384)
at org.jruby.Ruby.initRubyKernel(Ruby.java:1790)
at org.jruby.Ruby.init(Ruby.java:1269)
at org.jruby.Ruby.newInstance(Ruby.java:334)
at org.jruby.Main.internalRun(Main.java:256)
at org.jruby.Main.run(Main.java:217)
at org.jruby.Main.main(Main.java:197)
java.lang.UnsatisfiedLinkError: /usr/share/logstash/vendor/jruby/lib/jni/arm-Linux/libjffi-1.2.so: /usr/share/logstash/vendor/jruby/lib/jni/arm-Linux/libjffi-1.2.so: cannot open shared object file: No such file or directory
at java.lang.ClassLoader$NativeLibrary.load(Native Method)
at java.lang.ClassLoader.loadLibrary0(ClassLoader.java:1941)
at java.lang.ClassLoader.loadLibrary(ClassLoader.java:1824)
at java.lang.Runtime.load0(Runtime.java:809)
at java.lang.System.load(System.java:1086)
at com.kenai.jffi.internal.StubLoader.loadFromBootPath(StubLoader.java:317)
at com.kenai.jffi.internal.StubLoader.load(StubLoader.java:244)
at com.kenai.jffi.internal.StubLoader.<clinit>(StubLoader.java:440)
at java.lang.Class.forName0(Native Method)
at java.lang.Class.forName(Class.java:348)
at com.kenai.jffi.Init.load(Init.java:68)
at com.kenai.jffi.Foreign$InstanceHolder.getInstanceHolder(Foreign.java:49)
at com.kenai.jffi.Foreign$InstanceHolder.<clinit>(Foreign.java:45)
at com.kenai.jffi.Foreign.getInstance(Foreign.java:103)
at com.kenai.jffi.Platform.isSupported(Platform.java:370)
at org.jruby.ext.ffi.jffi.Factory.<init>(Factory.java:16)
at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
at sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:62)
at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:45)
at java.lang.reflect.Constructor.newInstance(Constructor.java:423)
at java.lang.Class.newInstance(Class.java:442)
at org.jruby.ext.ffi.Factory$SingletonHolder.getInstance(Factory.java:60)
at org.jruby.ext.ffi.Factory$SingletonHolder.<clinit>(Factory.java:45)
at org.jruby.ext.ffi.Factory.getInstance(Factory.java:88)
at org.jruby.ext.ffi.FFIService.load(FFIService.java:47)
at org.jruby.runtime.load.LoadService.reflectedLoad(LoadService.java:598)
at org.jruby.ext.LateLoadingLibrary.load(LateLoadingLibrary.java:48)
at org.jruby.runtime.load.LibrarySearcher$FoundLibrary.load(LibrarySearcher.java:51)
at org.jruby.runtime.load.LoadService.tryLoadingLibraryOrScript(LoadService.java:892)
at org.jruby.runtime.load.LoadService.requireCommon(LoadService.java:465)
at org.jruby.runtime.load.LoadService.require(LoadService.java:414)
at org.jruby.RubyKernel.requireCommon(RubyKernel.java:1047)
at org.jruby.RubyKernel.require19(RubyKernel.java:1040)
at org.jruby.RubyKernel$INVOKER$s$1$0$require19.call(RubyKernel$INVOKER$s$1$0$require19.gen)
at org.jruby.internal.runtime.methods.JavaMethod$JavaMethodOneOrNBlock.call(JavaMethod.java:350)
at org.jruby.runtime.callsite.CachingCallSite.cacheAndCall(CachingCallSite.java:326)
at org.jruby.runtime.callsite.CachingCallSite.call(CachingCallSite.java:170)
at org.jruby.ast.FCallOneArgNode.interpret(FCallOneArgNode.java:36)
at org.jruby.ast.NewlineNode.interpret(NewlineNode.java:105)
at org.jruby.ast.BlockNode.interpret(BlockNode.java:71)
at org.jruby.ast.RootNode.interpret(RootNode.java:129)
at org.jruby.evaluator.ASTInterpreter.INTERPRET_ROOT(ASTInterpreter.java:121)
at org.jruby.Ruby.runInterpreter(Ruby.java:884)
at org.jruby.Ruby.loadFile(Ruby.java:2837)
at org.jruby.runtime.load.LibrarySearcher$ResourceLibrary.loadScript(LibrarySearcher.java:264)
at org.jruby.runtime.load.LibrarySearcher$ResourceLibrary.load(LibrarySearcher.java:252)
at org.jruby.runtime.load.LibrarySearcher$FoundLibrary.load(LibrarySearcher.java:51)
at org.jruby.runtime.load.LoadService.tryLoadingLibraryOrScript(LoadService.java:892)
at org.jruby.runtime.load.LoadService.requireCommon(LoadService.java:465)
at org.jruby.runtime.load.LoadService.require(LoadService.java:414)
at org.jruby.RubyKernel.requireCommon(RubyKernel.java:1047)
at org.jruby.RubyKernel.require19(RubyKernel.java:1040)
at org.jruby.RubyKernel$INVOKER$s$1$0$require19.call(RubyKernel$INVOKER$s$1$0$require19.gen)
at org.jruby.internal.runtime.methods.JavaMethod$JavaMethodOneOrNBlock.call(JavaMethod.java:350)
at org.jruby.runtime.callsite.CachingCallSite.cacheAndCall(CachingCallSite.java:326)
at org.jruby.runtime.callsite.CachingCallSite.call(CachingCallSite.java:170)
at org.jruby.ast.FCallOneArgNode.interpret(FCallOneArgNode.java:36)
at org.jruby.ast.NewlineNode.interpret(NewlineNode.java:105)
at org.jruby.ast.RootNode.interpret(RootNode.java:129)
at org.jruby.evaluator.ASTInterpreter.INTERPRET_ROOT(ASTInterpreter.java:121)
at org.jruby.Ruby.runInterpreter(Ruby.java:884)
at org.jruby.Ruby.loadFile(Ruby.java:2837)
at org.jruby.runtime.load.LibrarySearcher$ResourceLibrary.loadScript(LibrarySearcher.java:264)
at org.jruby.runtime.load.LibrarySearcher$ResourceLibrary.load(LibrarySearcher.java:252)
at org.jruby.runtime.load.LibrarySearcher$FoundLibrary.load(LibrarySearcher.java:51)
at org.jruby.runtime.load.LoadService.tryLoadingLibraryOrScript(LoadService.java:892)
at org.jruby.runtime.load.LoadService.requireCommon(LoadService.java:465)
at org.jruby.runtime.load.LoadService.require(LoadService.java:414)
at org.jruby.RubyKernel.requireCommon(RubyKernel.java:1047)
at org.jruby.RubyKernel.require19(RubyKernel.java:1040)
at org.jruby.RubyKernel$INVOKER$s$1$0$require19.call(RubyKernel$INVOKER$s$1$0$require19.gen)
at org.jruby.internal.runtime.methods.JavaMethod$JavaMethodOneOrNBlock.call(JavaMethod.java:350)
at org.jruby.runtime.callsite.CachingCallSite.cacheAndCall(CachingCallSite.java:326)
at org.jruby.runtime.callsite.CachingCallSite.call(CachingCallSite.java:170)
at org.jruby.ast.FCallOneArgNode.interpret(FCallOneArgNode.java:36)
at org.jruby.ast.NewlineNode.interpret(NewlineNode.java:105)
at org.jruby.ast.BlockNode.interpret(BlockNode.java:71)
at org.jruby.ast.RootNode.interpret(RootNode.java:129)
at org.jruby.evaluator.ASTInterpreter.INTERPRET_ROOT(ASTInterpreter.java:121)
at org.jruby.Ruby.runInterpreter(Ruby.java:884)
at org.jruby.Ruby.loadFile(Ruby.java:2837)
at org.jruby.runtime.load.LibrarySearcher$ResourceLibrary.loadScript(LibrarySearcher.java:264)
at org.jruby.runtime.load.LibrarySearcher$ResourceLibrary.load(LibrarySearcher.java:252)
at org.jruby.runtime.load.LibrarySearcher$FoundLibrary.load(LibrarySearcher.java:51)
at org.jruby.runtime.load.LoadService.tryLoadingLibraryOrScript(LoadService.java:892)
at org.jruby.runtime.load.LoadService.requireCommon(LoadService.java:465)
at org.jruby.runtime.load.LoadService.require(LoadService.java:414)
at org.jruby.RubyKernel.requireCommon(RubyKernel.java:1047)
at org.jruby.RubyKernel.require19(RubyKernel.java:1040)
at org.jruby.RubyKernel$INVOKER$s$1$0$require19.call(RubyKernel$INVOKER$s$1$0$require19.gen)
at org.jruby.internal.runtime.methods.JavaMethod$JavaMethodOneOrNBlock.call(JavaMethod.java:350)
at org.jruby.runtime.callsite.CachingCallSite.cacheAndCall(CachingCallSite.java:326)
at org.jruby.runtime.callsite.CachingCallSite.call(CachingCallSite.java:170)
at org.jruby.ast.FCallOneArgNode.interpret(FCallOneArgNode.java:36)
at org.jruby.ast.NewlineNode.interpret(NewlineNode.java:105)
at org.jruby.ast.WhenOneArgNode.whenSlowTest(WhenOneArgNode.java:36)
at org.jruby.ast.WhenOneArgNode.when(WhenOneArgNode.java:46)
at org.jruby.ast.CaseNode.interpret(CaseNode.java:133)
at org.jruby.ast.NewlineNode.interpret(NewlineNode.java:105)
at org.jruby.ast.BlockNode.interpret(BlockNode.java:71)
at org.jruby.ast.RootNode.interpret(RootNode.java:129)
at org.jruby.evaluator.ASTInterpreter.INTERPRET_ROOT(ASTInterpreter.java:121)
at org.jruby.Ruby.runInterpreter(Ruby.java:884)
at org.jruby.Ruby.loadFile(Ruby.java:2837)
at org.jruby.runtime.load.LibrarySearcher$ResourceLibrary.loadScript(LibrarySearcher.java:264)
at org.jruby.runtime.load.LibrarySearcher$ResourceLibrary.load(LibrarySearcher.java:252)
at org.jruby.runtime.load.LibrarySearcher$FoundLibrary.load(LibrarySearcher.java:51)
at org.jruby.runtime.load.LoadService.tryLoadingLibraryOrScript(LoadService.java:892)
at org.jruby.runtime.load.LoadService.requireCommon(LoadService.java:465)
at org.jruby.runtime.load.LoadService.require(LoadService.java:414)
at org.jruby.RubyKernel.requireCommon(RubyKernel.java:1047)
at org.jruby.RubyKernel.require19(RubyKernel.java:1040)
at org.jruby.RubyKernel$INVOKER$s$1$0$require19.call(RubyKernel$INVOKER$s$1$0$require19.gen)
at org.jruby.internal.runtime.methods.JavaMethod$JavaMethodOneOrNBlock.call(JavaMethod.java:350)
at org.jruby.runtime.callsite.CachingCallSite.cacheAndCall(CachingCallSite.java:326)
at org.jruby.runtime.callsite.CachingCallSite.call(CachingCallSite.java:170)
at org.jruby.ast.FCallOneArgNode.interpret(FCallOneArgNode.java:36)
at org.jruby.ast.NewlineNode.interpret(NewlineNode.java:105)
at org.jruby.ast.BlockNode.interpret(BlockNode.java:71)
at org.jruby.ast.RescueNode.executeBody(RescueNode.java:221)
at org.jruby.ast.RescueNode.interpret(RescueNode.java:116)
at org.jruby.ast.BeginNode.interpret(BeginNode.java:83)
at org.jruby.ast.NewlineNode.interpret(NewlineNode.java:105)
at org.jruby.ast.IfNode.interpret(IfNode.java:116)
at org.jruby.ast.NewlineNode.interpret(NewlineNode.java:105)
at org.jruby.ast.BlockNode.interpret(BlockNode.java:71)
at org.jruby.ast.IfNode.interpret(IfNode.java:118)
at org.jruby.ast.NewlineNode.interpret(NewlineNode.java:105)
at org.jruby.ast.BlockNode.interpret(BlockNode.java:71)
at org.jruby.ast.RootNode.interpret(RootNode.java:129)
at org.jruby.evaluator.ASTInterpreter.INTERPRET_ROOT(ASTInterpreter.java:121)
at org.jruby.Ruby.runInterpreter(Ruby.java:884)
at org.jruby.Ruby.loadFile(Ruby.java:2837)
at org.jruby.runtime.load.LibrarySearcher$ResourceLibrary.loadScript(LibrarySearcher.java:264)
at org.jruby.runtime.load.LibrarySearcher$ResourceLibrary.load(LibrarySearcher.java:252)
at org.jruby.runtime.load.LibrarySearcher$FoundLibrary.load(LibrarySearcher.java:51)
at org.jruby.runtime.load.LoadService.tryLoadingLibraryOrScript(LoadService.java:892)
at org.jruby.runtime.load.LoadService.requireCommon(LoadService.java:465)
at org.jruby.runtime.load.LoadService.require(LoadService.java:414)
at org.jruby.RubyKernel.requireCommon(RubyKernel.java:1047)
at org.jruby.RubyKernel.require19(RubyKernel.java:1040)
at org.jruby.RubyKernel$INVOKER$s$1$0$require19.call(RubyKernel$INVOKER$s$1$0$require19.gen)
at org.jruby.internal.runtime.methods.JavaMethod$JavaMethodOneOrNBlock.call(JavaMethod.java:350)
at org.jruby.runtime.callsite.CachingCallSite.cacheAndCall(CachingCallSite.java:326)
at org.jruby.runtime.callsite.CachingCallSite.call(CachingCallSite.java:170)
at org.jruby.ast.FCallOneArgNode.interpret(FCallOneArgNode.java:36)
at org.jruby.ast.NewlineNode.interpret(NewlineNode.java:105)
at org.jruby.ast.RescueNode.executeBody(RescueNode.java:221)
at org.jruby.ast.RescueNode.interpret(RescueNode.java:116)
at org.jruby.ast.BeginNode.interpret(BeginNode.java:83)
at org.jruby.ast.NewlineNode.interpret(NewlineNode.java:105)
at org.jruby.ast.BlockNode.interpret(BlockNode.java:71)
at org.jruby.ast.RootNode.interpret(RootNode.java:129)
at org.jruby.evaluator.ASTInterpreter.INTERPRET_ROOT(ASTInterpreter.java:121)
at org.jruby.Ruby.runInterpreter(Ruby.java:884)
at org.jruby.Ruby.loadFile(Ruby.java:2837)
at org.jruby.runtime.load.LibrarySearcher$ResourceLibrary.loadScript(LibrarySearcher.java:264)
at org.jruby.runtime.load.LibrarySearcher$ResourceLibrary.load(LibrarySearcher.java:252)
at org.jruby.runtime.load.LibrarySearcher$FoundLibrary.load(LibrarySearcher.java:51)
at org.jruby.runtime.load.LoadService.tryLoadingLibraryOrScript(LoadService.java:892)
at org.jruby.runtime.load.LoadService.requireCommon(LoadService.java:465)
at org.jruby.runtime.load.LoadService.require(LoadService.java:414)
at org.jruby.RubyKernel.requireCommon(RubyKernel.java:1047)
at org.jruby.RubyKernel.require19(RubyKernel.java:1040)
at org.jruby.RubyKernel$INVOKER$s$1$0$require19.call(RubyKernel$INVOKER$s$1$0$require19.gen)
at org.jruby.internal.runtime.methods.JavaMethod$JavaMethodOneOrNBlock.call(JavaMethod.java:350)
at org.jruby.runtime.callsite.CachingCallSite.cacheAndCall(CachingCallSite.java:326)
at org.jruby.runtime.callsite.CachingCallSite.call(CachingCallSite.java:170)
at org.jruby.ast.FCallOneArgNode.interpret(FCallOneArgNode.java:36)
at org.jruby.ast.NewlineNode.interpret(NewlineNode.java:105)
at org.jruby.ast.BlockNode.interpret(BlockNode.java:71)
at org.jruby.ast.RootNode.interpret(RootNode.java:129)
at org.jruby.evaluator.ASTInterpreter.INTERPRET_ROOT(ASTInterpreter.java:121)
at org.jruby.Ruby.runInterpreter(Ruby.java:884)
at org.jruby.Ruby.loadFile(Ruby.java:2837)
at org.jruby.runtime.load.LibrarySearcher$ResourceLibrary.loadScript(LibrarySearcher.java:264)
at org.jruby.runtime.load.LibrarySearcher$ResourceLibrary.load(LibrarySearcher.java:252)
at org.jruby.runtime.load.LibrarySearcher$FoundLibrary.load(LibrarySearcher.java:51)
at org.jruby.runtime.load.LoadService.tryLoadingLibraryOrScript(LoadService.java:892)
at org.jruby.runtime.load.LoadService.requireCommon(LoadService.java:465)
at org.jruby.runtime.load.LoadService.require(LoadService.java:414)
at org.jruby.RubyKernel.requireCommon(RubyKernel.java:1047)
at org.jruby.RubyKernel.require19(RubyKernel.java:1040)
at org.jruby.RubyKernel$INVOKER$s$1$0$require19.call(RubyKernel$INVOKER$s$1$0$require19.gen)
at org.jruby.internal.runtime.methods.JavaMethod$JavaMethodOneOrNBlock.call(JavaMethod.java:350)
at org.jruby.runtime.callsite.CachingCallSite.cacheAndCall(CachingCallSite.java:326)
at org.jruby.runtime.callsite.CachingCallSite.call(CachingCallSite.java:170)
at org.jruby.ast.FCallOneArgNode.interpret(FCallOneArgNode.java:36)
at org.jruby.ast.NewlineNode.interpret(NewlineNode.java:105)
at org.jruby.ast.BlockNode.interpret(BlockNode.java:71)
at org.jruby.ast.RootNode.interpret(RootNode.java:129)
at org.jruby.evaluator.ASTInterpreter.INTERPRET_ROOT(ASTInterpreter.java:121)
at org.jruby.Ruby.runInterpreter(Ruby.java:884)
at org.jruby.Ruby.loadFile(Ruby.java:2837)
at org.jruby.runtime.load.LibrarySearcher$ResourceLibrary.loadScript(LibrarySearcher.java:264)
at org.jruby.runtime.load.LibrarySearcher$ResourceLibrary.load(LibrarySearcher.java:252)
at org.jruby.runtime.load.LibrarySearcher$FoundLibrary.load(LibrarySearcher.java:51)
at org.jruby.runtime.load.LoadService.tryLoadingLibraryOrScript(LoadService.java:892)
at org.jruby.runtime.load.LoadService.requireCommon(LoadService.java:465)
at org.jruby.runtime.load.LoadService.require(LoadService.java:414)
at org.jruby.RubyKernel.requireCommon(RubyKernel.java:1047)
at org.jruby.RubyKernel.require19(RubyKernel.java:1040)
at org.jruby.RubyKernel$INVOKER$s$1$0$require19.call(RubyKernel$INVOKER$s$1$0$require19.gen)
at org.jruby.internal.runtime.methods.JavaMethod$JavaMethodOneOrNBlock.call(JavaMethod.java:350)
at org.jruby.runtime.callsite.CachingCallSite.cacheAndCall(CachingCallSite.java:326)
at org.jruby.runtime.callsite.CachingCallSite.call(CachingCallSite.java:170)
at org.jruby.ast.FCallOneArgNode.interpret(FCallOneArgNode.java:36)
at org.jruby.ast.NewlineNode.interpret(NewlineNode.java:105)
at org.jruby.ast.RescueNode.executeBody(RescueNode.java:221)
at org.jruby.ast.RescueNode.interpret(RescueNode.java:116)
at org.jruby.ast.BeginNode.interpret(BeginNode.java:83)
at org.jruby.ast.NewlineNode.interpret(NewlineNode.java:105)
at org.jruby.ast.IfNode.interpret(IfNode.java:116)
at org.jruby.ast.NewlineNode.interpret(NewlineNode.java:105)
at org.jruby.ast.BlockNode.interpret(BlockNode.java:71)
at org.jruby.ast.IfNode.interpret(IfNode.java:118)
at org.jruby.ast.NewlineNode.interpret(NewlineNode.java:105)
at org.jruby.ast.BlockNode.interpret(BlockNode.java:71)
at org.jruby.ast.RootNode.interpret(RootNode.java:129)
at org.jruby.evaluator.ASTInterpreter.INTERPRET_ROOT(ASTInterpreter.java:121)
at org.jruby.Ruby.runInterpreter(Ruby.java:884)
at org.jruby.Ruby.loadFile(Ruby.java:2837)
at org.jruby.runtime.load.LibrarySearcher$ResourceLibrary.loadScript(LibrarySearcher.java:264)
at org.jruby.runtime.load.LibrarySearcher$ResourceLibrary.load(LibrarySearcher.java:252)
at org.jruby.runtime.load.LibrarySearcher$FoundLibrary.load(LibrarySearcher.java:51)
at org.jruby.runtime.load.LoadService.tryLoadingLibraryOrScript(LoadService.java:892)
at org.jruby.runtime.load.LoadService.requireCommon(LoadService.java:465)
at org.jruby.runtime.load.LoadService.require(LoadService.java:414)
at org.jruby.RubyKernel.requireCommon(RubyKernel.java:1047)
at org.jruby.RubyKernel.require19(RubyKernel.java:1040)
at org.jruby.RubyKernel$INVOKER$s$1$0$require19.call(RubyKernel$INVOKER$s$1$0$require19.gen)
at org.jruby.internal.runtime.methods.JavaMethod$JavaMethodOneOrNBlock.call(JavaMethod.java:350)
at org.jruby.runtime.callsite.CachingCallSite.cacheAndCall(CachingCallSite.java:326)
at org.jruby.runtime.callsite.CachingCallSite.call(CachingCallSite.java:170)
at org.jruby.ast.FCallOneArgNode.interpret(FCallOneArgNode.java:36)
at org.jruby.ast.NewlineNode.interpret(NewlineNode.java:105)
at org.jruby.ast.RescueNode.executeBody(RescueNode.java:221)
at org.jruby.ast.RescueNode.interpret(RescueNode.java:116)
at org.jruby.ast.BeginNode.interpret(BeginNode.java:83)
at org.jruby.ast.NewlineNode.interpret(NewlineNode.java:105)
at org.jruby.ast.RootNode.interpret(RootNode.java:129)
at org.jruby.evaluator.ASTInterpreter.INTERPRET_ROOT(ASTInterpreter.java:121)
at org.jruby.Ruby.runInterpreter(Ruby.java:884)
at org.jruby.Ruby.loadFile(Ruby.java:2837)
at org.jruby.runtime.load.ExternalScript.load(ExternalScript.java:66)
at org.jruby.runtime.load.LoadService.load(LoadService.java:358)
at org.jruby.RubyKernel.loadCommon(RubyKernel.java:1067)
at org.jruby.RubyKernel.load19(RubyKernel.java:1059)
at org.jruby.RubyKernel$INVOKER$s$0$1$load19.call(RubyKernel$INVOKER$s$0$1$load19.gen)
at org.jruby.internal.runtime.methods.DynamicMethod.call(DynamicMethod.java:210)
at org.jruby.internal.runtime.methods.DynamicMethod.call(DynamicMethod.java:206)
at org.jruby.runtime.callsite.CachingCallSite.cacheAndCall(CachingCallSite.java:326)
at org.jruby.runtime.callsite.CachingCallSite.call(CachingCallSite.java:170)
at org.jruby.ast.FCallOneArgNode.interpret(FCallOneArgNode.java:36)
at org.jruby.ast.IfNode.interpret(IfNode.java:118)
at org.jruby.ast.NewlineNode.interpret(NewlineNode.java:105)
at org.jruby.ast.BlockNode.interpret(BlockNode.java:71)
at org.jruby.ast.RootNode.interpret(RootNode.java:129)
at org.jruby.evaluator.ASTInterpreter.INTERPRET_ROOT(ASTInterpreter.java:121)
at org.jruby.Ruby.runInterpreter(Ruby.java:884)
at org.jruby.Ruby.loadFile(Ruby.java:2837)
at org.jruby.runtime.load.ExternalScript.load(ExternalScript.java:66)
at org.jruby.runtime.load.LoadService.loadFromClassLoader(LoadService.java:384)
at org.jruby.Ruby.initRubyKernel(Ruby.java:1790)
at org.jruby.Ruby.init(Ruby.java:1269)
at org.jruby.Ruby.newInstance(Ruby.java:334)
at org.jruby.Main.internalRun(Main.java:256)
at org.jruby.Main.run(Main.java:217)
at org.jruby.Main.main(Main.java:197)
See http://jira.codehaus.org/browse/JRUBY-4583
require at org/jruby/RubyKernel.java:1040
require at /usr/share/logstash/vendor/bundle/jruby/1.9/gems/polyglot-0.3.5/lib/polyglot.rb:65
(root) at /usr/share/logstash/vendor/jruby/lib/ruby/shared/ffi/ffi.rb:69
require at org/jruby/RubyKernel.java:1040
require at /usr/share/logstash/vendor/bundle/jruby/1.9/gems/polyglot-0.3.5/lib/polyglot.rb:65
(root) at /usr/share/logstash/vendor/jruby/lib/ruby/shared/ffi.rb:1
require at org/jruby/RubyKernel.java:1040
require at /usr/share/logstash/vendor/bundle/jruby/1.9/gems/polyglot-0.3.5/lib/polyglot.rb:65
(root) at /usr/share/logstash/vendor/jruby/lib/ruby/shared/ffi.rb:1
(root) at /usr/share/logstash/logstash-core/lib/logstash/util/prctl.rb:1
require at org/jruby/RubyKernel.java:1040
require at /usr/share/logstash/vendor/bundle/jruby/1.9/gems/polyglot-0.3.5/lib/polyglot.rb:65
LibC at /usr/share/logstash/logstash-core/lib/logstash/util/prctl.rb:3
(root) at /usr/share/logstash/logstash-core/lib/logstash/util/prctl.rb:2
(root) at /usr/share/logstash/logstash-core/lib/logstash/util.rb:1
set_thread_name at /usr/share/logstash/logstash-core/lib/logstash/util.rb:20
execute at /usr/share/logstash/logstash-core/lib/logstash/runner.rb:246
(root) at /usr/share/logstash/lib/bootstrap/environment.rb:71
Dear Travis,
I'm trying to install the "sensor"-batch of programs of your sweet suite. However, even on a clean raspbian system, when running the setup.py script, I get the complaint that I have less than 1 GB of memory, and that I need more than that to continue.
Available space on the root partition is 24G. RAM's not something I can change. Curious to know how this should be installed.
Just in case anyone gets a python error on the kibana import on Ubuntu 16.04(.3) you have to wget the get-pip.py script from bootstrap and run that to get the latest working PIP. I dont know if its a good idea to put this as an issue here as its not, its just something people might run into so i wanted to share my fix.
nvm this was already solved
Aftr install and manual start of kibana "sudo sh /opt/kibana/bin/kibana "
Kibana is unable to find the logstash-* index.
Error:
unable to fetch mapping
Just read your IDS article on tripwire.com and decided to give it a shot since I had a spare raspberry pi 3 lying around. It looks like from the code that if you choose option 2 (sensor only) that it tries to connect to elasticsearch during the logstash installation process but elasticsearch doesn't install for option 2. It tries to connect 10 times and then exits. I'm not a programmer so forgive me if this is way off. Looks like you just updated the files so maybe you're still working out some bugs.
How do I get geoip working in logstash and kibana? Can you upload a config file with geoip?
I am trying to integrate SweetSecurity sensor install on a Raspberry Pi and the Wazuh ELK 6.2.4 stack. Unfortunately it appears that there was a major change going from ELK 5.x.x to ELK 6.x.x, which is detailed here: https://www.elastic.co/guide/en/elasticsearch/reference/current/removal-of-types.html
More detailed information is here: https://logz.io/blog/removal-elasticsearch-mapping-types/
Does anyone know how I can update the install files so that they would work with ELK 6.2.4?
Having trouble with the install when reaching the Bro install..... getting this error.... Any ideas on the cause and a solution?
Installing Bro IDS
Downloading Bro IDS 2.5.1
Unpacking Bro Code
Creating Bro Directory Structures
Configuring Bro Code
Making Bro Code
Installing Bro Code
Cleaning Up Bro Installation Files
Configuring Bro
Traceback (most recent call last):
File "setup.py", line 185, in
bro.install(chosenInterface, 'localhost')
File "/home/linaro/sweetsecurity/install/bro.py", line 45, in install
shutil.move('/opt/nsm/bro/etc/node.cfg','/opt/nsm/bro/etc/node.orig')
File "/usr/lib/python2.7/shutil.py", line 302, in move
copy2(src, real_dst)
File "/usr/lib/python2.7/shutil.py", line 130, in copy2
copyfile(src, dst)
File "/usr/lib/python2.7/shutil.py", line 82, in copyfile
with open(src, 'rb') as fsrc:
IOError: [Errno 2] No such file or directory: '/opt/nsm/bro/etc/node.cfg'
So i have one device that is creating a lot of baseline alerts. 3 questions about those:
Hello!
I appreciate you putting this together. I do have a quick question.
I ran the "sensor only" install on my raspberry pi 3 and the "webserver only" on my linux box. It seemed to install correctly but I am not seeing any alerts coming into Kibana. How can I ensure that they are talking to eachother? I apologize if this is a stupid question, I am new to this.
Thank you
Thanks 😁
So I've got a 2 box setup working where I have a sensor install on one machine and the web index on another and it appears to be working?
My only issue is at the moment SweetSecurity is absolutely flooding its log file and generating too much noise.
Tailing the SweetSecurity logfile and I see this
2018-06-29 09:00:17,815: Error spoofing device: 'NoneType' object has no attribute 'getitem'
2018-06-29 09:00:17,817: Error spoofing device: 'NoneType' object has no attribute 'getitem'
2018-06-29 09:00:17,819: Error spoofing device: 'NoneType' object has no attribute 'getitem'
2018-06-29 09:00:17,821: Error spoofing device: 'NoneType' object has no attribute 'getitem'
2018-06-29 09:00:17,824: Error spoofing device: 'NoneType' object has no attribute 'getitem'
2018-06-29 09:00:17,826: Error spoofing device: 'NoneType' object has no attribute 'getitem'
2018-06-29 09:00:17,828: Error spoofing device: 'NoneType' object has no attribute 'getitem'
2018-06-29 09:00:17,830: Error spoofing device: 'NoneType' object has no attribute 'getitem'
not really sure what is going on and my own attempts to find where the problem is haven't turned up anything yet.
Trying to deploy this to two different pis to test it out and I'm getting IO errors for the Web Server Only install option.
I've installed everything, but now when I turn on the Rpi it doesn't allow devices on my home network to connect to the internet. Is this a situation where the pi is overloaded, its started locking up when I turn it on and try to even move the mouse around.
results of sudo /usr/share/logstash/bin/logstash -f /etc/logstash/conf.d/logstash.conf -t
ERROR StatusLogger No log4j2 configuration file found. Using default configuration: logging only errors to the console.
WARNING: Could not find logstash.yml which is typically located in $LS_HOME/config or /etc/logstash. You can specify the path using --path.settings. Continuing using the defaults
Could not find log4j2 configuration at path //usr/share/logstash/config/log4j2.properties. Using default config which logs to console
19:21:02.931 [main] INFO logstash.setting.writabledirectory - Creating directory {:setting=>"path.queue", :path=>"/usr/share/logstash/data/queue"}
19:21:03.094 [main] INFO logstash.setting.writabledirectory - Creating directory {:setting=>"path.dead_letter_queue", :path=>"/usr/share/logstash/data/dead_letter_queue"}
19:22:11.140 [LogStash::Runner] ERROR logstash.plugins.registry - Problems loading a plugin with {:type=>"output", :name=>"email", :path=>"logstash/outputs/email", :error_message=>"NameError", :error_class=>NameError, :error_backtrace=>["/usr/share/logstash/logstash-core/lib/logstash/plugins/registry.rb:226:in namespace_lookup'", "/usr/share/logstash/logstash-core/lib/logstash/plugins/registry.rb:162:in
legacy_lookup'", "/usr/share/logstash/logstash-core/lib/logstash/plugins/registry.rb:138:in lookup'", "/usr/share/logstash/logstash-core/lib/logstash/plugins/registry.rb:180:in
lookup_pipeline_plugin'", "/usr/share/logstash/logstash-core/lib/logstash/plugin.rb:140:in lookup'", "/usr/share/logstash/logstash-core/lib/logstash/pipeline.rb:100:in
plugin'", "(eval):1722:in initialize'", "org/jruby/RubyKernel.java:1079:in
eval'", "/usr/share/logstash/logstash-core/lib/logstash/pipeline.rb:72:in initialize'", "/usr/share/logstash/logstash-core/lib/logstash/runner.rb:299:in
execute'", "/usr/share/logstash/vendor/bundle/jruby/1.9/gems/clamp-0.6.5/lib/clamp/command.rb:67:in run'", "/usr/share/logstash/logstash-core/lib/logstash/runner.rb:209:in
run'", "/usr/share/logstash/vendor/bundle/jruby/1.9/gems/clamp-0.6.5/lib/clamp/command.rb:132:in run'", "/usr/share/logstash/lib/bootstrap/environment.rb:71:in
(root)'"]}
19:22:11.209 [LogStash::Runner] FATAL logstash.runner - The given configuration is invalid. Reason: Couldn't find any output plugin named 'email'. Are you sure this is correct? Trying to load the email output plugin resulted in this error: Problems loading the requested plugin named email of type output. Error: NameError NameError
Hello, I've install without any error Sweetsecurity which i found very interresting
Before and after reboot kibana isn't running
When i start it manually in /opt.. , i get following message which continue unitil i kill it
Seems localhost port 9200 isn't open
Below processes list
(Running on a pi2 Under Jessy)
What did i miss and how to correct the Problem ?
Thanks for Your help
{"name":"Kibana","hostname":"raspi-tripwire","pid":805,"level":50,"err":"Request error, retrying -- connect ECONNREFUSED 127.0.0.1:9200","msg":"","time":"2016-04-03T11:54:41.394Z","v":0}
UID PID PPID C STIME TTY TIME CMD
root 1 0 0 11:49 ? 00:00:04 /sbin/init
root 2 0 0 11:49 ? 00:00:00 [kthreadd]
root 3 2 0 11:49 ? 00:00:00 [ksoftirqd/0]
root 5 2 0 11:49 ? 00:00:00 [kworker/0:0H]
root 6 2 0 11:49 ? 00:00:00 [kworker/u8:0]
root 7 2 0 11:49 ? 00:00:00 [rcu_sched]
root 8 2 0 11:49 ? 00:00:00 [rcu_bh]
root 9 2 0 11:49 ? 00:00:00 [migration/0]
root 10 2 0 11:49 ? 00:00:00 [migration/1]
root 11 2 0 11:49 ? 00:00:00 [ksoftirqd/1]
root 13 2 0 11:49 ? 00:00:00 [kworker/1:0H]
root 14 2 0 11:49 ? 00:00:00 [migration/2]
root 15 2 0 11:49 ? 00:00:00 [ksoftirqd/2]
root 17 2 0 11:49 ? 00:00:00 [kworker/2:0H]
root 18 2 0 11:49 ? 00:00:00 [migration/3]
root 19 2 0 11:49 ? 00:00:00 [ksoftirqd/3]
root 20 2 0 11:49 ? 00:00:00 [kworker/3:0]
root 21 2 0 11:49 ? 00:00:00 [kworker/3:0H]
root 22 2 0 11:49 ? 00:00:00 [khelper]
root 23 2 0 11:49 ? 00:00:00 [kdevtmpfs]
root 24 2 0 11:49 ? 00:00:00 [netns]
root 25 2 0 11:49 ? 00:00:00 [perf]
root 26 2 0 11:49 ? 00:00:00 [khungtaskd]
root 27 2 0 11:49 ? 00:00:00 [writeback]
root 28 2 0 11:49 ? 00:00:00 [crypto]
root 29 2 0 11:49 ? 00:00:00 [bioset]
root 30 2 0 11:49 ? 00:00:00 [kblockd]
root 31 2 0 11:49 ? 00:00:00 [kworker/1:1]
root 32 2 0 11:49 ? 00:00:00 [rpciod]
root 33 2 0 11:49 ? 00:00:00 [kswapd0]
root 34 2 0 11:49 ? 00:00:00 [fsnotify_mark]
root 35 2 0 11:49 ? 00:00:00 [nfsiod]
root 41 2 0 11:49 ? 00:00:00 [kthrotld]
root 43 2 0 11:49 ? 00:00:00 [VCHIQ-0]
root 44 2 0 11:49 ? 00:00:00 [VCHIQr-0]
root 45 2 0 11:49 ? 00:00:00 [VCHIQs-0]
root 46 2 0 11:49 ? 00:00:00 [iscsi_eh]
root 47 2 0 11:49 ? 00:00:00 [dwc_otg]
root 48 2 0 11:49 ? 00:00:00 [DWC Notificatio]
root 49 2 0 11:49 ? 00:00:00 [kworker/u8:1]
root 50 2 0 11:49 ? 00:00:00 [kworker/2:1]
root 51 2 0 11:49 ? 00:00:01 [mmcqd/0]
root 52 2 0 11:49 ? 00:00:00 [VCHIQka-0]
root 53 2 0 11:49 ? 00:00:00 [SMIO]
root 54 2 0 11:49 ? 00:00:00 [deferwq]
root 55 2 0 11:49 ? 00:00:00 [kworker/1:2]
root 56 2 0 11:49 ? 00:00:00 [jbd2/mmcblk0p2-]
root 57 2 0 11:49 ? 00:00:00 [ext4-rsv-conver]
root 59 2 0 11:49 ? 00:00:00 [ipv6_addrconf]
root 96 2 0 11:49 ? 00:00:00 [kworker/2:2]
root 104 1 0 11:49 ? 00:00:00 /lib/systemd/systemd-journald
root 107 1 0 11:49 ? 00:00:00 /lib/systemd/systemd-udevd
root 230 2 0 11:49 ? 00:00:00 [kworker/3:2]
root 346 1 0 11:49 ? 00:00:00 /usr/sbin/cron -f
root 349 1 0 11:49 ? 00:00:00 /lib/systemd/systemd-logind
avahi 353 1 0 11:49 ? 00:00:00 avahi-daemon: running [raspi-tripwire.local]
message+ 355 1 0 11:49 ? 00:00:00 /usr/bin/dbus-daemon --system --address=systemd: --n
nobody 371 1 0 11:49 ? 00:00:00 /usr/sbin/thd --daemon --triggers /etc/triggerhappy/
root 376 2 0 11:49 ? 00:00:00 [cfg80211]
root 380 1 0 11:49 ? 00:00:00 /sbin/dhcpcd -q -b
avahi 386 353 0 11:49 ? 00:00:00 avahi-daemon: chroot helper
logstash 402 1 17 11:49 ? 00:02:17 /usr/bin/java -XX:+UseParNewGC -XX:+UseConcMarkSweep
root 439 2 0 11:49 ? 00:00:00 [kworker/2:1H]
root 440 2 0 11:49 ? 00:00:00 [kworker/1:1H]
root 441 2 0 11:49 ? 00:00:00 [kworker/3:1H]
root 444 1 0 11:49 ? 00:00:00 /usr/sbin/rsyslogd -n
root 475 1 0 11:49 ? 00:00:00 /usr/sbin/sshd -D
root 513 2 0 11:49 ? 00:00:00 [kworker/0:2]
root 520 1 0 11:49 tty1 00:00:00 /bin/login -f
root 522 1 0 11:49 ? 00:00:00 /sbin/agetty --keep-baud 115200 38400 9600 ttyAMA0 v
ntp 525 1 0 11:49 ? 00:00:00 /usr/sbin/ntpd -p /var/run/ntpd.pid -g -u 106:111
pi 561 1 0 11:49 ? 00:00:00 /lib/systemd/systemd --user
pi 568 561 0 11:49 ? 00:00:00 (sd-pam)
pi 576 520 0 11:49 tty1 00:00:00 -bash
root 751 475 0 11:51 ? 00:00:00 sshd: pi [priv]
pi 761 751 0 11:51 ? 00:00:00 sshd: pi@pts/0
pi 764 761 0 11:51 pts/0 00:00:00 -bash
root 804 2 0 11:54 ? 00:00:00 [kworker/0:0]
root 826 2 0 11:58 ? 00:00:00 [kworker/3:1]
root 830 2 0 12:00 ? 00:00:00 [kworker/0:1]
pi 837 764 0 12:02 pts/0 00:00:00 ps -ef
Bro won't run in this configuration without sendmail, typically provided by postfix.
JFFI will not build without JDK, so just installing JRE on the sensor device is not enough.
sudo apt install openjdk-8-jdk postfix
Currently this gives you an error:
networkDiscovery.py (line 138)
c.execute("INSERT INTO hosts VALUES ('" + hostname + "'," + str(ip2long(ipaddress)) + ",'" + macaddress + "','" + macvendor + "','" + omp_id + "')")
Unless you ad a fifth text column for omp_id in your SweetSecurity.db.
I suggest the following
c.execute('''CREATE TABLE hosts(hostname text, ip4 integer, mac text, vendor text, ompid text)''')
to replace line 10 in SweetSecurityDB.py
c.execute('''CREATE TABLE hosts(hostname text, ip4 integer, mac text, vendor text)''')
I'm writing about this simple guide to help those who want to install SweetSecurity to one single Pi.
yes, surely we can save money. one Pi is enough.
well, I use Pi 3B+, 1GB RAM
CPU overload will be 30%-40% after all services been started.
I also have:
to install all components on a single Pi, you need to do this:
1. use a bigger swap partition. the default partition of Pi 3 B+ is about 100M. we need more!
modifying Pi's swap partition is different from other Debain Linux! do NOT use makeswap
command, because it's useless. instead, you need to modify /etc/dphys-swapfile
change CONF_SWAPSIZE from 100 to 2000000
restart the service:
sudo /etc/init.d/dphys-swapfile restart
now we have 2GB Swap partition
2.modify setup.py
comment line 82,83,85,86 in file SweetSecurity/setup.py
3.modify a pre-install lib
Pi uses Debain linux. to install Bro on Pi, you need to modify line 24,26,38,40,45,47 in file SweetSecurity/install/packages.py
change libssl-dev
to libssl1.0-dev
4. now run the setup.py
NOTICE:
critical-stack-intel in this project is still not working for me(2018-08-10). there's a server issue, you can see it here:
https://groups.google.com/forum/#!topic/security-onion/axOCfBgjva4
so even I do this manually:
sudo -u critical-stack /usr/bin/critical-stack-intel --debug pull
it fails to update critical stack ip databse
when I run this:
sudo -u critical-stack /usr/bin/critical-stack-intel list
I find there's no feed been downloaded forever. no way no how.
so currently I suggest you guys use Alien Vault instead.
happy hacking
Installing Bro IDS
Downloading Bro IDS 2.5.1
Unpacking Bro Code
Creating Bro Directory Structures
Configuring Bro Code
Making Bro Code
Installing Bro Code
Cleaning Up Bro Installation Files
Configuring Bro
Traceback (most recent call last):
File "setup.py", line 257, in <module>
bro.install(chosenInterface, esServer)
File "/home/pi/Desktop/SweetSecurity/install/bro.py", line 45, in install
shutil.move('/opt/nsm/bro/etc/node.cfg','/opt/nsm/bro/etc/node.orig')
File "/usr/lib/python2.7/shutil.py", line 325, in move
copy2(src, real_dst)
File "/usr/lib/python2.7/shutil.py", line 153, in copy2
copyfile(src, dst)
File "/usr/lib/python2.7/shutil.py", line 96, in copyfile
with open(src, 'rb') as fsrc:
IOError: [Errno 2] No such file or directory: '/opt/nsm/bro/etc/node.cfg'
pi@raspberrypi:~/Desktop/SweetSecurity $
Also has this project been abandoned?
Hello Travis,
i tried to install sweet on a clean ubuntu 16.04 system. when i run setup.py i recieve
Less than 1GB of memory. You need more than this to continue.
free -t -m
gesamt benutzt frei gemns. Puffer/Cache verfügbar
Speicher: 3933 70 3736 5 126 3664
Auslagerungsspeicher: 4095 0 4095
Gesamt: 8029 70 7832
df
Dateisystem 1K-Blöcke Benutzt Verfügbar Verw% Eingehängt auf
udev 1994564 0 1994564 0% /dev
tmpfs 402820 5872 396948 2% /run
/dev/mapper/wurstsalats--vg-root 77808608 2280796 71552236 4% /
tmpfs 2014096 4 2014092 1% /dev/shm
tmpfs 5120 0 5120 0% /run/lock
tmpfs 2014096 0 2014096 0% /sys/fs/cgroup
/dev/sda1 482922 57458 400530 13% /boot
tmpfs 402820 0 402820 0% /run/user/1000
/home/arschmin/.Private 77808608 2280796 71552236 4% /home/arschmin
so, i'm sure enough ram here. what can i do to successfull install?
best
frank
Hell Travis,
Awesome work on kick starting this initiative.
I had a couple questions. After reading your install and watching your B-Sides demo, you mentioned the limitations of the Raspberry Pi. One of the limitations is the 1GB of RAM.
Since the install requires 2 GB total and you recommended splitting the install into two separate pis (which you have nicely provided in your script). I am assuming you mean to install the "Sensor Only" server on one pi and the "Web Server Only" server on another. is there further configurations required to get the two of them to communicate to each other in order to feed the sensor data to the kibana web server to create the beautiful diagrams, etc?
what ciritcal stack feeds do you recommend to use in conjunction with our bro ids?
thank you for all you do.
sincerely,
unitelife
Red "!" for web only install's "Sweet Security Server" service.
Ubuntu server 16.04 clean install; vmware. 2GB ram, 2 cores allocated. Installed all prereqs listed on the page minus libssl1.0-dev which was not found.
Rebooting, clicking start/restart does not resolve the issue. The sweetsecurity.log file is not present in /var/log/secure.
Is this expected? I've yet to join a raspberri PI sweetsecurity client to it yet.
Default install on Ubuntu 16.04.3 Working great for baseliner but I am not getting any bro alerts or any alerts from critical stack when i am sending triggers to the know test sites.
Any suggestions?
Hi there, currently in the setup of Sweet Security.
The deb hosted by criticalstack for the ARM architecture is unavailable, that step during the setup fails.
http://intel.criticalstack.com/client/critical-stack-intel-arm.deb
I opened a ticket with them, but haven't heard anything yet. It's friday after all.
Maybe someone has a copy of the file and could provide me with a link until there is a better solution?
Thanks in advance
Oliver
New install
Apache error log shows this:
mod_wsgi (pid=2308): Target WSGI script '/var/www/webapp/webapp.wsgi' cannot be loaded as Python module.
[Tue Nov 21 20:51:39.182414 2017] [wsgi:error] [pid 2308:tid 140455865923328] [client 10.0.0.10:38378] mod_wsgi (pid=2308): Exception occurred processing WSGI script '/var/www/webapp/webapp.wsgi'.
[Tue Nov 21 20:51:39.182470 2017] [wsgi:error] [pid 2308:tid 140455865923328] [client 10.0.0.10:38378] Traceback (most recent call last):
[Tue Nov 21 20:51:39.184855 2017] [wsgi:error] [pid 2308:tid 140455865923328] [client 10.0.0.10:38378] File "/var/www/webapp/webapp.wsgi", line 7, in <module>
[Tue Nov 21 20:51:39.185055 2017] [wsgi:error] [pid 2308:tid 140455865923328] [client 10.0.0.10:38378] from webapp import create_app
[Tue Nov 21 20:51:39.185111 2017] [wsgi:error] [pid 2308:tid 140455865923328] [client 10.0.0.10:38378] File "/var/www/webapp/webapp/__init__.py", line 18, in <module>
[Tue Nov 21 20:51:39.185259 2017] [wsgi:error] [pid 2308:tid 140455865923328] [client 10.0.0.10:38378] class ConfigClass(object):
[Tue Nov 21 20:51:39.185314 2017] [wsgi:error] [pid 2308:tid 140455865923328] [client 10.0.0.10:38378] File "/var/www/webapp/webapp/__init__.py", line 24, in ConfigClass
[Tue Nov 21 20:51:39.185399 2017] [wsgi:error] [pid 2308:tid 140455865923328] [client 10.0.0.10:38378] MAIL_PORT = int(os.getenv('MAIL_PORT', ''))
[Tue Nov 21 20:51:39.185490 2017] [wsgi:error] [pid 2308:tid 140455865923328] [client 10.0.0.10:38378] ValueError: invalid literal for int() with base 10: ''
After installing it in Linux Mint 18 (VM) I access Kibana and it shows "No matching indices found: No indices match pattern "logstash-*"".
The default index in Advanced Settings is: logstash-*
Nothing is discovered.
Also I cannot access the Sweet Security WebApp .(As it's a testing machine I used the same pwd for webapp and elastic )
Do you know how I can fix it?
On the vm I can ping successfully the other network devices.
File "setup.py", line 185, in
bro.install(chosenInterface, 'localhost')
File "/home/cert/sweetsecurity/install/bro.py", line 45, in install
shutil.move('/opt/nsm/bro/etc/node.cfg','/opt/nsm/bro/etc/node.orig')
File "/usr/lib/python2.7/shutil.py", line 302, in move
copy2(src, real_dst)
File "/usr/lib/python2.7/shutil.py", line 130, in copy2
copyfile(src, dst)
File "/usr/lib/python2.7/shutil.py", line 82, in copyfile
with open(src, 'rb') as fsrc:
IOError: [Errno 2] No such file or directory: '/opt/nsm/bro/etc/node.cfg'
This issue only affects people who have a MAC Vendor on their network with a single quote in their name (example: Microtech Int'l Corp.)
I was struggling to get Sweet Security to work and I traced it down to an issue in nmap.py. It was generating an exception because the vendor name for one of my devices has a single qoute in the name. I was able to get it working by changing line 114 of nmap.py from macvendor to macvendor.replace("'", "") which strips out the single qoute from the vendor name. This isn't likely the best strategy, but it got things up and running for me.
Line 114 now looks like this:
query = "INSERT INTO hosts VALUES ('%s','%s','%s','%s','%s',0,1,'%s','%s')" % (hostname,hostname,str(ipaddress),macaddress,macvendor.replace("'", ""),datetime.now().strftime("%Y-%m-%d %H:%M:%S"),datetime.now().strftime("%Y-%m-%d %H:%M:%S"))
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google ❤️ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.