我尝试安装Prewikka基于 Bionic Web 界面的安全信息和事件管理系统软件包。
我按照终端上的说明进行操作,当我开始安装Prewikka包时,会出现确认信息:
我从来没有提供配置数据库的密码Prewikka,我尝试在网站上找到文档但我找不到我的问题到底是什么。
我如何知道我的密码Prewikka?dbconfig-common因为我dbconfig-common按照之前的说明将数据库选择为默认数据库,请参阅下文!
编辑#1
Prewikka 的开发商表示对于Prelude,我们选择使用dbconfig-common,给出管理员密码并输入DB密码。在此文档为了与 Prelude Manager 集成,我选择了dbconfig-common前面的说明。当我阅读 Prelude Developer 的所有文档时,我忘记为我的 Prewikka 创建数据库了!哦,那是我的错。此时,我收到一些我不明白的错误!但是我仍然对确认密码有点困惑,我必须在 Prewikka 的 MySQL 数据库或 Prelude 的 DBConfig-Common 之间输入密码?
编辑#2
此刻,我收到了一些我无法理解的错误,这些错误对我来说真的很复杂!当我打开 Prewikka 的默认端口时,出现了以下错误:
我的终端上出现:
$ sudo prewikka-httpd
Traceback (most recent call last):
File "/usr/lib/python3/dist-packages/prewikka/database.py", line 59, in inner
ret = func(self, *args, **kwargs)
File "/usr/lib/python3/dist-packages/prewikka/database.py", line 489, in __init__
dh.apply()
File "/usr/lib/python3/dist-packages/prewikka/database.py", line 74, in inner
ret = func(self, *args, **kwargs)
File "/usr/lib/python3/dist-packages/prewikka/database.py", line 424, in apply
self._apply()
File "/usr/lib/python3/dist-packages/prewikka/database.py", line 91, in inner
ret = func(self, *args, **kwargs)
File "/usr/lib/python3/dist-packages/prewikka/database.py", line 415, in _apply
[ update.apply() for update in self.list() ]
File "/usr/lib/python3/dist-packages/prewikka/database.py", line 415, in <listcomp>
[ update.apply() for update in self.list() ]
File "/usr/lib/python3/dist-packages/prewikka/database.py", line 87, in inner
return func(self, *args, **kwargs)
File "/usr/lib/python3/dist-packages/prewikka/database.py", line 221, in apply
self.run()
File "/usr/lib/python3/dist-packages/prewikka/sql/install.py", line 72, in run
""")
File "/usr/lib/python3/dist-packages/prewikka/database.py", line 211, in query
self.db.query(q)
File "/usr/lib/python3/dist-packages/prewikka/database.py", line 547, in query
return preludedb.SQL.query(self, sql)
RuntimeError: All parts of a PRIMARY KEY must be NOT NULL; if you need NULL in a key, use UNIQUE instead
During handling of the above exception, another exception occurred:
Traceback (most recent call last):
File "/usr/lib/python3/dist-packages/prewikka/main.py", line 277, in process
response = self._process_static(webreq) or self._process_dynamic(webreq)
File "/usr/lib/python3/dist-packages/prewikka/main.py", line 244, in _process_dynamic
self._prewikka_init_if_needed()
File "/usr/lib/python3/dist-packages/prewikka/main.py", line 134, in _prewikka_init_if_needed
raise self._prewikka_initialized
File "/usr/lib/python3/dist-packages/prewikka/main.py", line 122, in _prewikka_init_if_needed
env.db = database.Database(env.config.database)
File "/usr/lib/python3/dist-packages/prewikka/database.py", line 873, in __new__
return MySQLDatabase(config)
File "/usr/lib/python3/dist-packages/prewikka/database.py", line 61, in inner
raise DatabaseError(message=text_type(e))
prewikka.database.DatabaseError: All parts of a PRIMARY KEY must be NOT NULL; if you need NULL in a key, use UNIQUE instead
During handling of the above exception, another exception occurred:
Traceback (most recent call last):
File "/usr/lib/python3.6/wsgiref/handlers.py", line 137, in run
self.result = application(self.environ, self.start_response)
File "/bin/prewikka-httpd", line 62, in application
return wsgi.application(environ, start_response)
File "/usr/lib/python3/dist-packages/prewikka/web/wsgi.py", line 161, in application
core.process(WSGIRequest(environ, start_response))
File "/usr/lib/python3/dist-packages/prewikka/main.py", line 280, in process
response = err.respond()
File "/usr/lib/python3/dist-packages/prewikka/error.py", line 106, in respond
return self._html_respond()
File "/usr/lib/python3/dist-packages/prewikka/error.py", line 90, in _html_respond
from prewikka import baseview
File "/usr/lib/python3/dist-packages/prewikka/baseview.py", line 27, in <module>
from prewikka import error, history, hookmanager, resource, response, template, utils, view
File "/usr/lib/python3/dist-packages/prewikka/history.py", line 102, in <module>
crontab.schedule("search_history", N_("Search history deletion"), "0 * * * *", _regfunc=history._history_cron, enabled=True)
File "/usr/lib/python3/dist-packages/prewikka/crontab.py", line 240, in schedule
self._init_system_job(ext_type, name, schedule, enabled, _regfunc)
File "/usr/lib/python3/dist-packages/prewikka/database.py", line 91, in inner
ret = func(self, *args, **kwargs)
File "/usr/lib/python3/dist-packages/prewikka/crontab.py", line 152, in _init_system_job
res = env.db.query("SELECT 1 FROM Prewikka_Crontab WHERE ext_type=%s AND userid IS NULL", ext_type)
File "/usr/lib/python3/dist-packages/prewikka/database.py", line 547, in query
return preludedb.SQL.query(self, sql)
RuntimeError: Table 'prewikka.Prewikka_Crontab' doesn't exist
Traceback (most recent call last):
File "/usr/lib/python3/dist-packages/prewikka/database.py", line 59, in inner
ret = func(self, *args, **kwargs)
File "/usr/lib/python3/dist-packages/prewikka/database.py", line 489, in __init__
dh.apply()
File "/usr/lib/python3/dist-packages/prewikka/database.py", line 74, in inner
ret = func(self, *args, **kwargs)
File "/usr/lib/python3/dist-packages/prewikka/database.py", line 424, in apply
self._apply()
File "/usr/lib/python3/dist-packages/prewikka/database.py", line 91, in inner
ret = func(self, *args, **kwargs)
File "/usr/lib/python3/dist-packages/prewikka/database.py", line 415, in _apply
[ update.apply() for update in self.list() ]
File "/usr/lib/python3/dist-packages/prewikka/database.py", line 415, in <listcomp>
[ update.apply() for update in self.list() ]
File "/usr/lib/python3/dist-packages/prewikka/database.py", line 87, in inner
return func(self, *args, **kwargs)
File "/usr/lib/python3/dist-packages/prewikka/database.py", line 221, in apply
self.run()
File "/usr/lib/python3/dist-packages/prewikka/sql/install.py", line 72, in run
""")
File "/usr/lib/python3/dist-packages/prewikka/database.py", line 211, in query
self.db.query(q)
File "/usr/lib/python3/dist-packages/prewikka/database.py", line 547, in query
return preludedb.SQL.query(self, sql)
RuntimeError: All parts of a PRIMARY KEY must be NOT NULL; if you need NULL in a key, use UNIQUE instead
During handling of the above exception, another exception occurred:
Traceback (most recent call last):
File "/usr/lib/python3/dist-packages/prewikka/main.py", line 277, in process
response = self._process_static(webreq) or self._process_dynamic(webreq)
File "/usr/lib/python3/dist-packages/prewikka/main.py", line 244, in _process_dynamic
self._prewikka_init_if_needed()
File "/usr/lib/python3/dist-packages/prewikka/main.py", line 134, in _prewikka_init_if_needed
raise self._prewikka_initialized
File "/usr/lib/python3/dist-packages/prewikka/main.py", line 122, in _prewikka_init_if_needed
env.db = database.Database(env.config.database)
File "/usr/lib/python3/dist-packages/prewikka/database.py", line 873, in __new__
return MySQLDatabase(config)
File "/usr/lib/python3/dist-packages/prewikka/database.py", line 61, in inner
raise DatabaseError(message=text_type(e))
prewikka.database.DatabaseError: All parts of a PRIMARY KEY must be NOT NULL; if you need NULL in a key, use UNIQUE instead
During handling of the above exception, another exception occurred:
Traceback (most recent call last):
File "/usr/lib/python3.6/wsgiref/handlers.py", line 137, in run
self.result = application(self.environ, self.start_response)
File "/bin/prewikka-httpd", line 62, in application
return wsgi.application(environ, start_response)
File "/usr/lib/python3/dist-packages/prewikka/web/wsgi.py", line 161, in application
core.process(WSGIRequest(environ, start_response))
File "/usr/lib/python3/dist-packages/prewikka/main.py", line 280, in process
response = err.respond()
File "/usr/lib/python3/dist-packages/prewikka/error.py", line 106, in respond
return self._html_respond()
File "/usr/lib/python3/dist-packages/prewikka/error.py", line 90, in _html_respond
from prewikka import baseview
File "/usr/lib/python3/dist-packages/prewikka/baseview.py", line 27, in <module>
from prewikka import error, history, hookmanager, resource, response, template, utils, view
File "/usr/lib/python3/dist-packages/prewikka/history.py", line 102, in <module>
crontab.schedule("search_history", N_("Search history deletion"), "0 * * * *", _regfunc=history._history_cron, enabled=True)
File "/usr/lib/python3/dist-packages/prewikka/crontab.py", line 240, in schedule
self._init_system_job(ext_type, name, schedule, enabled, _regfunc)
File "/usr/lib/python3/dist-packages/prewikka/database.py", line 91, in inner
ret = func(self, *args, **kwargs)
File "/usr/lib/python3/dist-packages/prewikka/crontab.py", line 152, in _init_system_job
res = env.db.query("SELECT 1 FROM Prewikka_Crontab WHERE ext_type=%s AND userid IS NULL", ext_type)
File "/usr/lib/python3/dist-packages/prewikka/database.py", line 547, in query
return preludedb.SQL.query(self, sql)
RuntimeError: Table 'prewikka.Prewikka_Crontab' doesn't exist
编辑#3
我试着从这个问题他的解决方案如下:
- 删除了 Prewikka 数据库
- 重建 Prewikka 数据库
- 重试运行 Prewikka
但它对我不起作用,我也按照上面提到的说明使用如何 :https://www.prelude-siem.org/projects/prelude/wiki/InstallingPackageUbuntu。那么我遗漏了什么吗?
希望有人能帮助我!提前谢谢。
答案1
首次安装 Prelude 和 Prewikka 包:
安装前,我们需要一个数据库来存储警报,我选择在 MySQL 中创建数据库
$ mysql -u root -p Enter password: Welcome to the MySQL monitor. Commands end with ; or \g. Your MySQL connection id is 8 Server version: 8.0.13 MySQL Community Server - GPL Copyright (c) 2000, 2018, Oracle and/or its affiliates. All rights reserved. Oracle is a registered trademark of Oracle Corporation and/or its affiliates. Other names may be trademarks of their respective owners. Type 'help;' or '\h' for help. Type '\c' to clear the current input statement. mysql>CREATE USER user1@localhost IDENTIFIED BY 'pass'; Query OK, 1 row affected (0,11 sec) mysql>CREATE DATABASE prelude; Query OK, 1 row affected (2,09 sec) mysql> GRANT ALL PRIVILEGES ON prelude.* TO user1@localhost; Query OK, 0 rows affected (0,93 sec) mysql>CREATE DATABASE prewikka; Query OK, 1 row affected (2,10 sec) mysql> GRANT ALL PRIVILEGES ON prelude.* TO user1@localhost; Query OK, 0 rows affected (0,94 sec) mysql>FLUSH PRIVILEGES; mysql>EXIT;需要安装 Prelude 和 Prewikka
$ sudo apt install prelude-utils prelude-manager prelude-lml libpreludedb* Reading package lists... Done Building dependency tree Reading state information... Done The following additional packages will be installed: dbconfig-common libmaxminddb0 prelude-lml-rules Suggested packages: dbconfig-mysql | dbconfig-pgsql | dbconfig-sqlite | dbconfig-sqlite3 | dbconfig-no-thanks mmdb-bin Recommended packages: default-mysql-client | postgresql-client The following NEW packages will be installed: dbconfig-common libmaxminddb0 libpreludedb0 libpreludedb7 libpreludedbcpp2 libpreludedb-dev libpreludedb-doc libpreludedb7-mysql libpreludedb7-pgsql libpreludedb7-sqlite prelude-lml prelude-lml-rules prelude-manager 0 upgraded, 13 newly installed, 0 to remove and 0 not upgraded. Need to get 968 kB of archives. After this operation, 3.881 kB of additional disk space will be used. Do you want to continue? [Y/n] ydpkg在配置时,我们将创建一个用户数据库、名称数据库和密码数据库,存储在 上dbconfig-common。如果我们像我的情况一样忘记了它们,我们可以在/etc/prewikka/prewikka.conf文件中检查它们。代理注册的配置。
管理器代理和 LML 客户端代理需要作为分析器登录 Prelude 管理员来运行命令包。
首先要添加管理代理,如下所示:
$ prelude-admin add prelude-manager --uid 0 --gid 0 #for user id and group id, you can check on `/etc/passwd` file. Generating 2048 bits RSA private key... This might take a very long time. [Increasing system activity will speed-up the process]. Generation in progress... Created profile 'prelude-manager' with analyzerID 'xxxxxxxxxxxxxxxx'.注册 LML 代理的第二件事如下:
$ prelude-admin register prelude-lml "idmef:w admin:r" 127.0.0.1 --uid 0 --gid 0 Generating 2048 bits RSA private key... This might take a very long time. [Increasing system activity will speed-up the process]. Generation in progress... You now need to start "prelude-admin" registration-server on 127.0.0.1: example: "prelude-admin registration-server prelude-manager" Enter the one-shot password provided on 127.0.0.1: Confirm the one-shot password provided on 127.0.0.1: Connecting to registration server (127.0.0.1:5553)... Authentication succeeded. Successful registration to 127.0.0.1:5553.
在 Manager Agent 上运行:
$ prelude-admin registration-server prelude-manager
The "password" password will be requested by "prelude-admin register"
in order to connect. Please remove the quotes before using it.
Generating 1024 bits Diffie-Hellman key for anonymous authentication...
Waiting for peers install request on 0.0.0.0:5553...
Waiting for peers install request on :::5553...
Connection from 127.0.0.1:45796...
Registration request for analyzerID="xxxxxxxxxxxxxxxx" permission="idmef:w admin:r".
Approve registration? [y/n]: y
127.0.0.1:45796 successfully registered.
证书验证后,不忘记配置服务器在/etc/prelude/default/client.conf文件、/etc/prelude/default/global.conf文件、/etc/prelude-manager/prelude-manager.conf文件和/etc/prelude-lml/prelude-lml.conf文件上的监听器。然后我们可以启动 Prelude 的服务:
$ sudo systemctl enable prelude-manager
$ sudo systemctl start prelude-manager
$ sudo systemctl enable prelude-lml
$ sudo systemctl start prelude-lml
最后执行/usr/bin/prewikkapython脚本后,我们将获得监听服务器,0.0.0.0:8000我们可以输入进行浏览localhost:8000,如果没有出现输出错误,那么它将如下所示:
