Issue installing GRR on Security onion 16.04 and ubuntu 20.04

Question

Issue installing GRR on Security onion 16.04 and ubuntu 20.04

uskwarrior opened this issue 3 years ago · comments

Hello Folks,

I have been trying to install GRR Server on Security onion 16.04 and have been experiencing issues. Firstly I tried installing the docker image using the instructions here, but when logging to the server using hostname I get a proxy error. I tried installing the GRR as a service using instructions here, but each time when trying the first step of logging into SQL with the localhost password to create a grr database, I get an error "ERROR 1045 (28000): Access denied for user 'root'@'localhost' (using password: YES)". I have tried blank password and even resetting the password but found that mysql service doesn't let me. I tried installing GRR on ubuntu 20.04 using the steps here but got an error "Sub-process /usr/bin/dpkg returned an error code" when installing.

I have been scratching my head all day and haven't been able to resolve the issue. I would really appreciate any help or feedback on this.

Max Vogler · Answer 1 · Thu Feb 04 2021 18:11:15 GMT+0800 (China Standard Time)

I can't help with the Security Onion installation script, but raised this issue with the maintainer in weslambert/securityonion-grr#3.

Regarding Access denied for user 'root'@'localhost': This is an issue outside of GRR, you can find plenty of tutorials on setting up MySQL/MariaDB and resetting the password.

Regarding Sub-process /usr/bin/dpkg returned an error code: We build these debs for Ubuntu 18.04 - please try it on this version or paste more detailed error logs in order for me to debug this.

uskwarrior · Answer 2 · Fri Feb 05 2021 11:59:41 GMT+0800 (China Standard Time)

Thank you for your response Max. Firstly, I tried this on ubuntu 18.04 using steps in this article <https://kifarunix.com/install-grr-incident-response-framework-on-ubuntu-18-04/> which worked. However, it's not an option for me as I am supposed to use either Ubuntu 20.04 or Security onion 16.04 (which runs on Ubuntu 16.04 platform). I was able to find the password for mysql database on Security onion. I tried the same steps on Security onion, but got the error "Errors were encountered while processing: grr-server E: Sub-process /usr/bin/dpkg returned an error code (1)" (Please see screenshot). I have tried this on ubuntu 20.04 and got the same error. ![image](https://user-images.githubusercontent.com/78109598/106988069-d0942300-673c-11eb-8dc9-dad514e45552.png) I tried installing the grr docker image using the steps specified in this article <https://github.com/weslambert/securityonion-grr> which works but when trying to login to the console, I get error 502 (please see screenshot). I guess there are some changes needed on the docker file but there are no instructions for that. ![image](https://user-images.githubusercontent.com/78109598/106991224-c9bcde80-6743-11eb-94b3-f1eb82bdcd42.png) I would really appreciate if you could guide me. [image: image.png]

…

On Thu, Feb 4, 2021 at 5:11 AM Max Vogler ***@***.***> wrote: I can't help with the Security Onion installation script, but raised this issue with the maintainer in weslambert/securityonion-grr#3 <weslambert/securityonion-grr#3>. Regarding Access denied for user 'root'@'localhost': This is an issue outside of GRR, you can find plenty of tutorials on setting up MySQL/MariaDB and resetting the password. Regarding Sub-process /usr/bin/dpkg returned an error code: We build these debs for Ubuntu 18.04 - please try it on this version or paste more detailed error logs in order for me to debug this. — You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub <#914 (comment)>, or unsubscribe <https://github.com/notifications/unsubscribe-auth/AST5XHW354EZL4S6POM33PDS5JXFJANCNFSM4XCLZT4A> .

uskwarrior · Answer 3 · Fri Feb 05 2021 12:25:15 GMT+0800 (China Standard Time)

Here are the logs

grr verbose log.txt