DetectionLab icon indicating copy to clipboard operation
DetectionLab copied to clipboard
verified publisher icon clong

Logger failing to install Zeek

Open SecurityNguyen opened this issue 3 years ago • 6 comments

  • Operating System Version: Window 11
  • Deploying via (VirtualBox/VMWare/AWS/Azure/ESXi): VMware
  • Vagrant Version (if applicable): v.2.3.3

Please verify that you are building from an updated Master branch before filing an issue.

Description of the issue:

While building the logger host, I'm running into the following error message that stop zeek from installing and not sure if the build is complete:

Error message goes here:
logger: [18:33:50]: Installing Zeek...

    logger: https://download.opensuse.org/repositories/security:zeek/xUbuntu_20.04/Release.key:

    logger: 2022-11-27 18:33:50 ERROR 404: Not Found.

    logger: W: GPG error: http://download.opensuse.org/repositories/security:/zeek/xUbuntu_20.04  InRelease: The following signatures couldn't be verified because the public key is not available: NO_PUBKEY 69D1B2AAEE3D166A

    logger: E: The repository 'http://download.opensuse.org/repositories/security:/zeek/xUbuntu_20.04  InRelease' is not signed.

    logger: E: Package 'zeek' has no installation candidate

    logger: Collecting zkg==2.1.1

    logger:   Downloading [zkg-2.1.1-py2.py](https://zkg-2.1.1-py2.py/)3-none-any.whl (46 kB)

    logger: Collecting semantic-version

    logger:   Downloading [semantic_version-2.10.0-py2.py](https://semantic_version-2.10.0-py2.py/)3-none-any.whl (15 kB)

    logger: Collecting gitpython

    logger:   Downloading GitPython-3.1.29-py3-none-any.whl (182 kB)

    logger: Collecting configparser

    logger:   Downloading configparser-5.3.0-py3-none-any.whl (19 kB)

    logger: Collecting btest

    logger:   Downloading btest-0.71.tar.gz (94 kB)

    logger: Collecting gitdb<5,>=4.0.1

    logger:   Downloading gitdb-4.0.10-py3-none-any.whl (62 kB)

    logger: Collecting smmap<6,>=3.0.1

    logger:   Downloading smmap-5.0.0-py3-none-any.whl (24 kB)

    logger: Building wheels for collected packages: btest

    logger:   Building wheel for btest (setup.py): started

    logger:   Building wheel for btest (setup.py): finished with status 'done'

    logger:   Created wheel for btest: filename=btest-0.71-py3-none-any.whl size=37307 sha256=6405ede78cd519cee07260bd5687aeabf7d842531902aeb899f2dc25d9038510

    logger:   Stored in directory: /root/.cache/pip/wheels/2d/12/a2/6097f90a94da0fe63659b7ff2f62b69fab9b3a108923ae39a0

    logger: Successfully built btest

    logger: Installing collected packages: semantic-version, smmap, gitdb, gitpython, configparser, btest, zkg

    logger: Successfully installed btest-0.71 configparser-5.3.0 gitdb-4.0.10 gitpython-3.1.29 semantic-version-2.10.0 smmap-5.0.0 zkg-2.1.1

    logger: Refresh package source: zeek

    logger:     No changes

    logger: Refresh installed packages

    logger:     No new outdated packages

    logger: error: no "zeek-config" or "bro-config" not found in PATH

    logger: /usr/local/bin/zkg:576: DeprecationWarning: isAlive() is deprecated, use is_alive() instead

    logger:   while worker.isAlive():

    logger: /usr/local/bin/zkg:576: DeprecationWarning: isAlive() is deprecated, use is_alive() instead

    logger:   while worker.isAlive():

    logger: /usr/local/bin/zkg:576: DeprecationWarning: isAlive() is deprecated, use is_alive() instead

    logger:   while worker.isAlive():

    logger: /usr/local/bin/zkg:576: DeprecationWarning: isAlive() is deprecated, use is_alive() instead

    logger:   while worker.isAlive():

    logger: /usr/local/bin/zkg:576: DeprecationWarning: isAlive() is deprecated, use is_alive() instead

    logger:   while worker.isAlive():

    logger: /usr/local/bin/zkg:576: DeprecationWarning: isAlive() is deprecated, use is_alive() instead

    logger:   while worker.isAlive():

    logger: /usr/local/bin/zkg:576: DeprecationWarning: isAlive() is deprecated, use is_alive() instead

    logger:   while worker.isAlive():

    logger: /usr/local/bin/zkg:576: DeprecationWarning: isAlive() is deprecated, use is_alive() instead

    logger:   while worker.isAlive():

    logger: Installing "zeek/salesforce/ja3"

    logger: Installed "zeek/salesforce/ja3" (master)

    logger: Loaded "zeek/salesforce/ja3"

    logger: /tmp/vagrant-shell: line 413: /opt/zeek/share/zeek/site/local.zeek: No such file or directory

    logger: [Errno 2] No such file or directory: '/opt/zeek/etc/node.cfg'

    logger: [Errno 2] No such file or directory: '/opt/zeek/etc/node.cfg'

    logger: [Errno 2] No such file or directory: '/opt/zeek/etc/node.cfg'

    logger: [Errno 2] No such file or directory: '/opt/zeek/etc/node.cfg'

    logger: [Errno 2] No such file or directory: '/opt/zeek/etc/node.cfg'

    logger: [Errno 2] No such file or directory: '/opt/zeek/etc/node.cfg'

    logger: [Errno 2] No such file or directory: '/opt/zeek/etc/node.cfg'

    logger: [Errno 2] No such file or directory: '/opt/zeek/etc/node.cfg'

    logger: [Errno 2] No such file or directory: '/opt/zeek/etc/node.cfg'

    logger: [Errno 2] No such file or directory: '/opt/zeek/etc/node.cfg'

    logger: [Errno 2] No such file or directory: '/opt/zeek/etc/node.cfg'

    logger: [Errno 2] No such file or directory: '/opt/zeek/etc/node.cfg'

    logger: [Errno 2] No such file or directory: '/opt/zeek/etc/node.cfg'

    logger: [Errno 2] No such file or directory: '/opt/zeek/etc/node.cfg'

    logger: Created symlink /etc/systemd/system/multi-user.target.wants/zeek.service → /lib/systemd/system/zeek.service.

    logger: Job for zeek.service failed because the control process exited with error code.

    logger: See "systemctl status zeek.service" and "journalctl -xe" for details.

    logger: Zeek attempted to start but is not running. Exiting

The SSH command responded with a non-zero exit status. Vagrant

assumes that this means the command failed. The output for this command

should be in the log above. Please read the output to determine what

went wrong.

Link to Gist Containing Build Logs:

SecurityNguyen avatar Nov 27 '22 19:11 SecurityNguyen

Tried redownloading again and again but not sure why it not working

SecurityNguyen avatar Nov 27 '22 19:11 SecurityNguyen

Also, the domain controller velociraptor service won't work and I can't get wef to domain join

SecurityNguyen avatar Nov 27 '22 21:11 SecurityNguyen

Hello, I am encountering the same problem on virtualbox.

Were you able to find a solution?

lefran6 avatar Dec 11 '22 00:12 lefran6

Hello, I am encountering the same problem on virtualbox.

Were you able to find a solution?

Nope

SecurityNguyen avatar Dec 11 '22 13:12 SecurityNguyen

Same error. Zeek fails to start.

I tried to start Zeek manually. image

jonod8698 avatar Mar 10 '23 16:03 jonod8698

Zeek's syntax was updated while Ja3.zeek has not been updated since 2021. https://github.com/salesforce/ja3/issues/87

Either change zeek to zeek-lts by changing the version in vagrant/logger_bootstrap.sh apt-get -qq -ym install zeek-lts crudini OR fix the script with the changes in the linked ja3 issue.

jonod8698 avatar Mar 10 '23 16:03 jonod8698