[Bro] Bro Cluster Documentation Error

Davison, Charles Robert cdaviso1 at vols.utk.edu
Mon Sep 14 14:45:12 PDT 2015 

I tried running bro from by ubuntu account and recieve this:

Also for whatever reason I have to constantly export my paths to run broctl. Not a big issue but if you know a fix that would be great. 

ubuntu at ip-172-31-41-32:~$ export PATH=/usr/local/bro/bin:$PATH
ubuntu at ip-172-31-41-32:~$ broctl
Warning: broctl node config has changed (run the broctl "deploy" command)
Warning: Bro node "bro" possibly still running on host "localhost" (PID 16564)

Welcome to BroControl 1.4

Type "help" for help.

[BroControl] > install
Error: cannot acquire lock: [Errno 13] Permission denied: '/usr/local/bro/spool/lock.27491'
Error: Unable to get lock
[BroControl] >


________________________________________
From: Daniel Thayer <dnthayer at illinois.edu>
Sent: Monday, September 14, 2015 3:40 PM
To: Davison, Charles Robert; bro at bro.org
Subject: Re: [Bro] Bro Cluster Documentation Error

In screenshot in previous email, it appeared you were running broctl
as the "root" user.  If that's the case, then you need to be able
to ssh to your worker machine as the "root" user.  The home
directory of the "root" user is probably "/root".



On 09/14/2015 04:24 PM, Davison, Charles Robert wrote:
> Please see the attached document on how configured the host entries.
>
> I can ssh into the computers as my ubuntu user fine, but I copied over my keys as follows:
>
> scp -v ~/.ssh/id_rsa.pub root at 172.31.41.31:/home/ubuntu/.ssh/authorized_keys2
> scp -v ~/.ssh/id_rsa.pub root at 172.31.41.33:/home/ubuntu/.ssh/authorized_keys2
>
> Is this an issue? I tried using ubuntu as the user and it hangs:
>
> ubuntu at ip-172-31-41-32:~$ scp -v ~/.ssh/id_rsa.pub ubuntu at 172.31.41.33:/home/ubuntu/.ssh/authorized_keys2
> Executing: program /usr/bin/ssh host 172.31.41.33, user ubuntu, command scp -v -t /home/ubuntu/.ssh/authorized_keys2
> OpenSSH_6.6.1, OpenSSL 1.0.1f 6 Jan 2014
> debug1: Reading configuration data /etc/ssh/ssh_config
> debug1: /etc/ssh/ssh_config line 19: Applying options for *
> debug1: Connecting to 172.31.41.33 [172.31.41.33] port 22.
> debug1: Connection established.
> debug1: identity file /home/ubuntu/.ssh/id_rsa type 1
> debug1: identity file /home/ubuntu/.ssh/id_rsa-cert type -1
> debug1: identity file /home/ubuntu/.ssh/id_dsa type -1
> debug1: identity file /home/ubuntu/.ssh/id_dsa-cert type -1
> debug1: identity file /home/ubuntu/.ssh/id_ecdsa type -1
> debug1: identity file /home/ubuntu/.ssh/id_ecdsa-cert type -1
> debug1: identity file /home/ubuntu/.ssh/id_ed25519 type -1
> debug1: identity file /home/ubuntu/.ssh/id_ed25519-cert type -1
> debug1: Enabling compatibility mode for protocol 2.0
> debug1: Local version string SSH-2.0-OpenSSH_6.6.1p1 Ubuntu-2ubuntu2.3
> debug1: Remote protocol version 2.0, remote software version OpenSSH_6.6.1p1 Ubuntu-2ubuntu2.3
> debug1: match: OpenSSH_6.6.1p1 Ubuntu-2ubuntu2.3 pat OpenSSH_6.6.1* compat 0x04000000
> debug1: SSH2_MSG_KEXINIT sent
> debug1: SSH2_MSG_KEXINIT received
> debug1: kex: server->client aes128-ctr hmac-md5-etm at openssh.com none
> debug1: kex: client->server aes128-ctr hmac-md5-etm at openssh.com none
> debug1: sending SSH2_MSG_KEX_ECDH_INIT
> debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
> debug1: Server host key: ECDSA d1:0a:e6:c3:bf:ee:23:5a:63:63:ce:c8:71:41:88:29
> debug1: Host '172.31.41.33' is known and matches the ECDSA host key.
> debug1: Found key in /home/ubuntu/.ssh/known_hosts:2
> debug1: ssh_ecdsa_verify: signature correct
> debug1: SSH2_MSG_NEWKEYS sent
> debug1: expecting SSH2_MSG_NEWKEYS
> debug1: SSH2_MSG_NEWKEYS received
> debug1: Roaming not allowed by server
> debug1: SSH2_MSG_SERVICE_REQUEST sent
> debug1: SSH2_MSG_SERVICE_ACCEPT received
> debug1: Authentications that can continue: publickey,password
> debug1: Next authentication method: publickey
> debug1: Offering RSA public key: /home/ubuntu/.ssh/id_rsa
> debug1: Server accepts key: pkalg ssh-rsa blen 279
> debug1: key_parse_private2: missing begin marker
> debug1: read PEM private key done: type RSA
> debug1: Authentication succeeded (publickey).
> Authenticated to 172.31.41.33 ([172.31.41.33]:22).
> debug1: channel 0: new [client-session]
> debug1: Requesting no-more-sessions at openssh.com
> debug1: Entering interactive session.
> debug1: Sending environment.
> debug1: Sending env LANG = en_US.UTF-8
> debug1: Sending command: scp -v -t /home/ubuntu/.ssh/authorized_keys2
> Sending file modes: C0644 404 id_rsa.pub
> scp: /home/ubuntu/.ssh/authorized_keys2: Permission denied
> ubuntu at ip-172-31-41-32:~$ Sink: C0644 404 id_rsa.pub
> debug1: client_input_channel_req: channel 0 rtype exit-status reply 0
> debug1: channel 0: free: client-session, nchannels 1
> debug1: fd 0 clearing O_NONBLOCK
> debug1: fd 1 clearing O_NONBLOCK
> Transferred: sent 3472, received 2636 bytes, in 0.2 seconds
> Bytes per second: sent 18676.3, received 14179.4
> debug1: Exit status 1
>
> ________________________________________
> From: Daniel Thayer <dnthayer at illinois.edu>
> Sent: Monday, September 14, 2015 2:17 PM
> To: Davison, Charles Robert; bro at bro.org
> Subject: Re: [Bro] Bro Cluster Documentation Error
>
> When you check if you can ssh to the other machines in your cluster,
> you need to make sure you're running ssh as the same user that
> you're running broctl.
>
> Also, what did you specify for the "host=" entries in your node.cfg?
>
>
>
> On 09/14/2015 02:56 PM, Davison, Charles Robert wrote:
>> I assume attachments don't work... here is the test output:
>>
>>
>> root at ip-172-31-41-32:/home/ubuntu# export PATH=/usr/local/bro/bin:$PATH
>>
>> root at ip-172-31-41-32:/home/ubuntu# broctl
>>
>> Warning: broctl node config has changed (run the broctl "deploy" command)
>>
>> Warning: Bro node "bro" possibly still running on host "localhost" (PID
>> 16564)
>>
>>
>> Welcome to BroControl 1.4
>>
>>
>> Type "help" for help.
>>
>>
>> [BroControl] > install
>>
>> removing old policies in
>> /usr/local/bro/spool/installed-scripts-do-not-touch/sit
>>                                                               e ...
>>
>> removing old policies in
>> /usr/local/bro/spool/installed-scripts-do-not-touch/aut
>>                                                               o ...
>>
>> creating policy directories ...
>>
>> installing site policies ...
>>
>> generating cluster-layout.bro ...
>>
>> generating local-networks.bro ...
>>
>> generating broctl-config.bro ...
>>
>> generating broctl-config.sh ...
>>
>> updating nodes ...
>>
>> Host key verification failed.
>>
>> Host key verification failed.
>>
>> Error: cannot create (some of the) directories
>> /usr/local/bro,/usr/local/bro/log
>>
>> s,/usr/local/bro/spool,/usr/local/bro/spool/tmp on node worker-1
>>
>> [BroControl] > Host key verification failed.
>>
>> Host key verification failed.
>>
>> Host key verification failed.
>>
>> Host key verification failed.
>>
>>
>>
>> Thank you,
>>
>> Charles
>>
>>
>> ------------------------------------------------------------------------
>> *From:* Davison, Charles Robert
>> *Sent:* Monday, September 14, 2015 1:41 PM
>> *To:* bro at bro.org
>> *Subject:* Bro Cluster Documentation Error
>>
>>
>> Good Afternoon,
>>
>>
>> I am trying to make documentation for installing a bro cluster
>> configuration, and receive the attached error when trying to install via
>> broctl. I can log into both of my worker nodes from the bro manager via
>> ssh fine, and without a password...
>>
>>
>> Thank you,
>>
>> Charles
>>
>>
>>
>>
>> _______________________________________________
>> Bro mailing list
>> bro at bro-ids.org
>> http://mailman.ICSI.Berkeley.EDU/mailman/listinfo/bro
>>

More information about the Bro mailing list