Giters

google / grr

GRR Rapid Response: remote live forensics for incident response

Home Page:https://grr-doc.readthedocs.io/

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

couldn't Connect to GRR Server

liadekel opened this issue · comments

commented

Hello, after installing grr-server i'm seems like i can't connect to the server (specifically the front-end component). I noticed this when tried to connect client to the server, and the client didn't appeared in the AdminUI.

My setup is running ubuntu.

  1. The Admin page is working at port 8000 but I cannot connect to the frontend component at port 8080.
  2. The output of systemctl status is the following:
     Loaded: loaded (/lib/systemd/system/grr-server.service; enabled; vendor preset: enabled)
     Active: active (exited) since Wed 2021-07-14 00:07:32 IDT; 3min 59s ago
       Docs: https://github.com/google/grr
    Process: 4725 ExecStart=/bin/systemctl --no-block start grr-server@admin_ui.service grr-server@frontend.service grr-server@worker.service grr-server@worker2.service fleetspeak-server.service (code=exited, s>
   Main PID: 4725 (code=exited, status=0/SUCCESS)

Jul 14 00:07:32 eljefe systemd[1]: Starting GRR Service...
Jul 14 00:07:32 eljefe systemd[1]: Finished GRR Service.
  1. I do see many processes when calling ps aux | grep grr:
root        1203  0.0  0.0   2724   636 ?        S    00:03   0:00 /usr/lib/grr/grr_3.4.3.1_amd64/grrd --config=/usr/lib/grr/grr_3.4.3.1_amd64/grrd.yaml
root        1209  0.5  0.4 715144 66768 ?        Sl   00:03   0:02 /usr/lib/grr/grr_3.4.3.1_amd64/grrd --config=/usr/lib/grr/grr_3.4.3.1_amd64/grrd.yaml
root        4728  0.0  0.0   9580  3496 ?        Ss   00:07   0:00 /bin/bash /usr/bin/grr_server --component admin_ui -p StatsStore.process_id=admin_ui_660b0efe491642c3a8dc8a205fa013dc
root        4729  0.0  0.0   9580  3436 ?        Ss   00:07   0:00 /bin/bash /usr/bin/grr_server --component frontend -p StatsStore.process_id=frontend_660b0efe491642c3a8dc8a205fa013dc
root        4731  1.1  0.6 666044 102236 ?       Sl   00:07   0:03 /usr/share/grr-server/bin/python /usr/share/grr-server/bin/grr_server --context Global Install Context --component admin_ui -p StatsStore.process_id=admin_ui_660b0efe491642c3a8dc8a205fa013dc
root        4734  1.0  0.6 296764 99648 ?        Sl   00:07   0:02 /usr/share/grr-server/bin/python /usr/share/grr-server/bin/grr_server --context Global Install Context --component frontend -p StatsStore.process_id=frontend_660b0efe491642c3a8dc8a205fa013dc
root        4736  0.0  0.0   9580  3284 ?        Ss   00:07   0:00 /bin/bash /usr/bin/grr_server --component worker -p StatsStore.process_id=worker_660b0efe491642c3a8dc8a205fa013dc
root        4738  0.0  0.0   9580  3420 ?        Ss   00:07   0:00 /bin/bash /usr/bin/grr_server --component worker2 -p StatsStore.process_id=worker2_660b0efe491642c3a8dc8a205fa013dc
root        4739  1.2  0.6 887104 101076 ?       Sl   00:07   0:03 /usr/share/grr-server/bin/python /usr/share/grr-server/bin/grr_server --context Global Install Context --component worker -p StatsStore.process_id=worker_660b0efe491642c3a8dc8a205fa013dc
root        4742  1.2  0.6 887160 101072 ?       Sl   00:07   0:03 /usr/share/grr-server/bin/python /usr/share/grr-server/bin/grr_server --context Global Install Context --component worker2 -p StatsStore.process_id=worker2_660b0efe491642c3a8dc8a205fa013dc
  1. When calling lsof for port 8080 I get the following:
:~$ sudo lsof -i:8080
COMMAND    PID USER   FD   TYPE DEVICE SIZE/OFF NODE NAME
grr_serve 4734 root    5u  IPv6  75961      0t0  TCP *:http-alt (LISTEN)
  1. Also tried the suggested mysql config change, but it didn't help.
  2. When I'm trying to run client manually I'm getting the following error:
sudo /usr/lib/grr/grr_3.4.3.1_amd64/grrd --config=/usr/lib/grr/grr_3.4.3.1_amd64/grrd.yaml
I0714 17:58:22.403018 140198791939904 client_logging.py:116] Writing log file to /var/log/GRRlog.txt
INFO:2021-07-14 17:58:22,403 client_logging:116] Writing log file to /var/log/GRRlog.txt
Traceback (most recent call last):
  File "site-packages/grr_response_client/client.py", line 142, in <module>
  File "site-packages/absl/app.py", line 299, in run
  File "site-packages/absl/app.py", line 250, in _run_main
  File "site-packages/grr_response_client/client.py", line 115, in main
  File "site-packages/grr_response_client/fleetspeak_client.py", line 65, in __init__
  File "site-packages/fleetspeak/client_connector/connector.py", line 108, in __init__
  File "site-packages/fleetspeak/client_connector/connector.py", line 63, in _EnvOpen
ValueError: FLEETSPEAK_COMMS_CHANNEL_INFD is not set
[36213] Failed to execute script client

Unfortantley i wasn't able to find any helpful log file. Thanks!