Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Issues with the Scan Servers task #357

Open
domwhewell-sage opened this issue Nov 3, 2023 · 1 comment
Open

Issues with the Scan Servers task #357

domwhewell-sage opened this issue Nov 3, 2023 · 1 comment
Assignees
@chrismaddalena
Labels
bug Something isn't working

Comments

@domwhewell-sage
Copy link

Describe the bug
The Scan Servers task seems to run however the function crashes when trying to initiate the nmap.PortScanner() object.

Also it is not clear on the wiki how to grant the root permissions to the django q cluster. It suggests starting the cluster as root but does not make it clear the cluster is started from within the django container so I'm thinking it may need to guide people in the direction of editing the Dockerfile or maybe an addition could be made to the ghostwriter-cli config?

To Reproduce
Steps to reproduce the behavior:

  1. Add a scheduled task for ghostwriter.shepherd.tasks.scan_servers
  2. Allow it to run
  3. See the error
'nmap program was not found in path. PATH is : /usr/local/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin' : Traceback (most recent call last):
File "/usr/local/lib/python3.10/site-packages/django_q/cluster.py", line 432, in worker
res = f(*task["args"], **task["kwargs"])
File "/app/ghostwriter/shepherd/tasks.py", line 593, in scan_servers
scanner = nmap.PortScanner()
File "/usr/local/lib/python3.10/site-packages/nmap/nmap.py", line 136, in __init__
raise PortScannerError(
nmap.nmap.PortScannerError: 'nmap program was not found in path. PATH is : /usr/local/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin'

Expected Behavior
The task runs and triggers a slack alert if there is open ports

Screenshots

  1. Here is a screenshot of my Scheduled task only the "Name" and "Func" has been edited
    image
  2. A screenshot of the error message from the "Failed Tasks" view
    image

Server Specs:

  • OS: Ubuntu 22.04
  • Docker: Docker version 24.0.7, build afdd53b,
  • Ghostwriter: v4.0.1

Additional context
I'm not sure if alpine linux supports it but if it does looks like the nmap binary needs to be added into the local and production Dockerfile's for django

Edits should be made to the wiki to instruct the user to change the Dockerfile to run the django application as root at their own risk in order to scan SYN TCP ports using the Scan Servers task
or
Edits should be made to the ghostwriter-cli to enable this as a config setting
@domwhewell-sage domwhewell-sage added the bug Something isn't working label Nov 3, 2023
@domwhewell
Copy link

Instead of giving the container full root permissions it might be possible to set the capabilities from this link

https://secwiki.org/w/Running_nmap_as_an_unprivileged_user

When I get a chance I'll also have a look at this

@domwhewell domwhewell mentioned this issue Nov 9, 2023
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@chrismaddalena chrismaddalena

Labels
bug Something isn't working
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@chrismaddalena @domwhewell @domwhewell-sage