Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Thehive4 access denied error on default template #38

Open
priamai opened this issue Aug 5, 2021 · 2 comments
Open

Thehive4 access denied error on default template #38

priamai opened this issue Aug 5, 2021 · 2 comments

Comments

@priamai
Copy link

priamai commented Aug 5, 2021

I believe there is an issue within the hive image.
For example take the : thehive4-berkleydb-cortex31 template.
Change the docker compose like so:

version: '3.8'
services:
  elasticsearch_thp:
    image: 'elasticsearch:7.11.1'
    container_name: elasticsearch_thp
    restart: unless-stopped
    ports:
      - '0.0.0.0:9200:9200'
    environment:
      - http.host=0.0.0.0
      - discovery.type=single-node
      - cluster.name=hive
      - script.allowed_types= inline
      - thread_pool.search.queue_size=100000
      - thread_pool.write.queue_size=10000
      - gateway.recover_after_nodes=1
      - xpack.security.enabled=false
      - bootstrap.memory_lock=true
      - ES_JAVA_OPTS=-Xms256m -Xmx256m
    ulimits:
      nofile:
        soft: 65536
        hard: 65536
    volumes:
      - './vol/elasticsearch/data:/usr/share/elasticsearch/data'
      - './vol/elasticsearch/logs:/usr/share/elasticsearch/logs'
  cortex:
    image: 'thehiveproject/cortex:latest'
    container_name: cortex
    restart: unless-stopped
    command:
      --job-directory ${JOB_DIRECTORY}
    environment:
      - 'JOB_DIRECTORY=${JOB_DIRECTORY}'
    volumes:
      - './vol/cortex/application.conf:/etc/cortex/application.conf'
      - './vol/cortex/jobs:${JOB_DIRECTORY}'
      - '/var/run/docker.sock:/var/run/docker.sock'
    depends_on:
      - elasticsearch_thp
    ports:
      - '0.0.0.0:9001:9001'
  thehive:
    image: 'thehiveproject/thehive4:latest'
    container_name: thehive4
    restart: unless-stopped
    ports:
      - '0.0.0.0:9000:9000'
    volumes:
      - ./vol/thehive/application.conf:/etc/thehive/application.conf
      #- ./vol/thehive/db:/opt/thp/thehive/db
      #- ./vol/thehive/index:/opt/thp/thehive/index
      #- ./vol/thehive/data:/opt/thp/thehive/data
    command: '--no-config --no-config-secret'

Notice how I commented out thehive volumes so that it should not have any local permission.
When you launch the composer file thehive image keep restarting (this was happening originally with the local volumes mounted).
Checking the logs gives:
Error injecting constructor, java.nio.file.AccessDeniedException: /opt/thp
So I am wondering whether the folder is not correct or there is an issue within the application.
@nadouani for visibility.
@priamai
Copy link
Author

priamai commented Aug 5, 2021

Checking the code here: https://github.com/TheHive-`Project/TheHive/blob/4777b29894cb2b320729aab38c4e963a1a1e4b24/docker.sbt`
I do see a chown command:
Cmd("RUN", "mkdir", "/data", "/opt/thp", "&&", "chown", "thehive:thehive", "/data", "/opt/thp"),
Checking now whether that is the case.

@priamai
Copy link
Author

priamai commented Aug 5, 2021

@nadouani my hunch was correct see quick fix below.

version: '3.8'
services:
  elasticsearch_thp:
    image: 'elasticsearch:7.11.1'
    container_name: elasticsearch_thp
    restart: unless-stopped
    ports:
      - '0.0.0.0:9200:9200'
    environment:
      - http.host=0.0.0.0
      - discovery.type=single-node
      - cluster.name=hive
      - script.allowed_types= inline
      - thread_pool.search.queue_size=100000
      - thread_pool.write.queue_size=10000
      - gateway.recover_after_nodes=1
      - xpack.security.enabled=false
      - bootstrap.memory_lock=true
      - ES_JAVA_OPTS=-Xms256m -Xmx256m
    ulimits:
      nofile:
        soft: 65536
        hard: 65536
    volumes:
      - './vol/elasticsearch/data:/usr/share/elasticsearch/data'
      - './vol/elasticsearch/logs:/usr/share/elasticsearch/logs'
  cortex:
    image: 'thehiveproject/cortex:latest'
    container_name: cortex
    restart: unless-stopped
    command:
      --job-directory ${JOB_DIRECTORY}
    environment:
      - 'JOB_DIRECTORY=${JOB_DIRECTORY}'
    volumes:
      - './vol/cortex/application.conf:/etc/cortex/application.conf'
      - './vol/cortex/jobs:${JOB_DIRECTORY}'
      - '/var/run/docker.sock:/var/run/docker.sock'
    depends_on:
      - elasticsearch_thp
    ports:
      - '0.0.0.0:9001:9001'
  thehive:
    #image: 'thehiveproject/thehive4:latest'
    build:
        context: ./fix
    container_name: thehive4fix
    restart: unless-stopped
    ports:
      - '0.0.0.0:9000:9000'
    volumes:
      - ./vol/thehive/application.conf:/etc/thehive/application.conf
      #- ./vol/thehive/db:/opt/thp/thehive/db
      #- ./vol/thehive/index:/opt/thp/thehive/index
      #- ./vol/thehive/data:/opt/thp/thehive/data
    command: '--no-config --no-config-secret'

And the Dockerfile:

FROM thehiveproject/thehive4:latest
USER root
RUN mkdir /opt/thp
RUN chown thehive:thehive /data /opt/thp

USER thehive

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@priamai