-
Notifications
You must be signed in to change notification settings - Fork 170
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Issues with the Scan Servers task #357
Labels
bug
Something isn't working
Comments
Instead of giving the container full root permissions it might be possible to set the capabilities from this link https://secwiki.org/w/Running_nmap_as_an_unprivileged_user When I get a chance I'll also have a look at this |
Open
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Describe the bug
The Scan Servers task seems to run however the function crashes when trying to initiate the
nmap.PortScanner()
object.Also it is not clear on the wiki how to grant the root permissions to the django q cluster. It suggests starting the cluster as root but does not make it clear the cluster is started from within the django container so I'm thinking it may need to guide people in the direction of editing the Dockerfile or maybe an addition could be made to the ghostwriter-cli config?
To Reproduce
Steps to reproduce the behavior:
ghostwriter.shepherd.tasks.scan_servers
Expected Behavior
The task runs and triggers a slack alert if there is open ports
Screenshots
Server Specs:
Additional context
I'm not sure if alpine linux supports it but if it does looks like the nmap binary needs to be added into the local and production Dockerfile's for django
Edits should be made to the wiki to instruct the user to change the Dockerfile to run the django application as root at their own risk in order to scan SYN TCP ports using the Scan Servers task
or
Edits should be made to the ghostwriter-cli to enable this as a config setting
The text was updated successfully, but these errors were encountered: