[Bro] Bro Cluster Documentation Error

Davison, Charles Robert cdaviso1 at vols.utk.edu
Tue Sep 15 06:33:12 PDT 2015 

This fixed it after i applied it to the manager and all the nodes!

sudo chown -R ubuntu:ubuntu /usr/local/bro

Thanks for your help.


________________________________________
From: Daniel Thayer <dnthayer at illinois.edu>
Sent: Monday, September 14, 2015 3:56 PM
To: Davison, Charles Robert; bro at bro.org
Subject: Re: [Bro] Bro Cluster Documentation Error

The error message for the lock issue is "Permission denied",
so you will need to check whether your "ubuntu" user
has permission to write to the /usr/local/bro/spool/ directory.


On 09/14/2015 04:45 PM, Davison, Charles Robert wrote:
> I tried running bro from by ubuntu account and recieve this:
>
> Also for whatever reason I have to constantly export my paths to run broctl. Not a big issue but if you know a fix that would be great.
>
> ubuntu at ip-172-31-41-32:~$ export PATH=/usr/local/bro/bin:$PATH
> ubuntu at ip-172-31-41-32:~$ broctl
> Warning: broctl node config has changed (run the broctl "deploy" command)
> Warning: Bro node "bro" possibly still running on host "localhost" (PID 16564)
>
> Welcome to BroControl 1.4
>
> Type "help" for help.
>
> [BroControl] > install
> Error: cannot acquire lock: [Errno 13] Permission denied: '/usr/local/bro/spool/lock.27491'
> Error: Unable to get lock
> [BroControl] >
>
>
> ________________________________________
> From: Daniel Thayer <dnthayer at illinois.edu>
> Sent: Monday, September 14, 2015 3:40 PM
> To: Davison, Charles Robert; bro at bro.org
> Subject: Re: [Bro] Bro Cluster Documentation Error
>
> In screenshot in previous email, it appeared you were running broctl
> as the "root" user.  If that's the case, then you need to be able
> to ssh to your worker machine as the "root" user.  The home
> directory of the "root" user is probably "/root".
>
>
>
> On 09/14/2015 04:24 PM, Davison, Charles Robert wrote:
>> Please see the attached document on how configured the host entries.
>>
>> I can ssh into the computers as my ubuntu user fine, but I copied over my keys as follows:
>>
>> scp -v ~/.ssh/id_rsa.pub root at 172.31.41.31:/home/ubuntu/.ssh/authorized_keys2
>> scp -v ~/.ssh/id_rsa.pub root at 172.31.41.33:/home/ubuntu/.ssh/authorized_keys2
>>
>> Is this an issue? I tried using ubuntu as the user and it hangs:
>>
>> ubuntu at ip-172-31-41-32:~$ scp -v ~/.ssh/id_rsa.pub ubuntu at 172.31.41.33:/home/ubuntu/.ssh/authorized_keys2
>> Executing: program /usr/bin/ssh host 172.31.41.33, user ubuntu, command scp -v -t /home/ubuntu/.ssh/authorized_keys2
>> OpenSSH_6.6.1, OpenSSL 1.0.1f 6 Jan 2014
>> debug1: Reading configuration data /etc/ssh/ssh_config
>> debug1: /etc/ssh/ssh_config line 19: Applying options for *
>> debug1: Connecting to 172.31.41.33 [172.31.41.33] port 22.
>> debug1: Connection established.
>> debug1: identity file /home/ubuntu/.ssh/id_rsa type 1
>> debug1: identity file /home/ubuntu/.ssh/id_rsa-cert type -1
>> debug1: identity file /home/ubuntu/.ssh/id_dsa type -1
>> debug1: identity file /home/ubuntu/.ssh/id_dsa-cert type -1
>> debug1: identity file /home/ubuntu/.ssh/id_ecdsa type -1
>> debug1: identity file /home/ubuntu/.ssh/id_ecdsa-cert type -1
>> debug1: identity file /home/ubuntu/.ssh/id_ed25519 type -1
>> debug1: identity file /home/ubuntu/.ssh/id_ed25519-cert type -1
>> debug1: Enabling compatibility mode for protocol 2.0
>> debug1: Local version string SSH-2.0-OpenSSH_6.6.1p1 Ubuntu-2ubuntu2.3
>> debug1: Remote protocol version 2.0, remote software version OpenSSH_6.6.1p1 Ubuntu-2ubuntu2.3
>> debug1: match: OpenSSH_6.6.1p1 Ubuntu-2ubuntu2.3 pat OpenSSH_6.6.1* compat 0x04000000
>> debug1: SSH2_MSG_KEXINIT sent
>> debug1: SSH2_MSG_KEXINIT received
>> debug1: kex: server->client aes128-ctr hmac-md5-etm at openssh.com none
>> debug1: kex: client->server aes128-ctr hmac-md5-etm at openssh.com none
>> debug1: sending SSH2_MSG_KEX_ECDH_INIT
>> debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
>> debug1: Server host key: ECDSA d1:0a:e6:c3:bf:ee:23:5a:63:63:ce:c8:71:41:88:29
>> debug1: Host '172.31.41.33' is known and matches the ECDSA host key.
>> debug1: Found key in /home/ubuntu/.ssh/known_hosts:2
>> debug1: ssh_ecdsa_verify: signature correct
>> debug1: SSH2_MSG_NEWKEYS sent
>> debug1: expecting SSH2_MSG_NEWKEYS
>> debug1: SSH2_MSG_NEWKEYS received
>> debug1: Roaming not allowed by server
>> debug1: SSH2_MSG_SERVICE_REQUEST sent
>> debug1: SSH2_MSG_SERVICE_ACCEPT received
>> debug1: Authentications that can continue: publickey,password
>> debug1: Next authentication method: publickey
>> debug1: Offering RSA public key: /home/ubuntu/.ssh/id_rsa
>> debug1: Server accepts key: pkalg ssh-rsa blen 279
>> debug1: key_parse_private2: missing begin marker
>> debug1: read PEM private key done: type RSA
>> debug1: Authentication succeeded (publickey).
>> Authenticated to 172.31.41.33 ([172.31.41.33]:22).
>> debug1: channel 0: new [client-session]
>> debug1: Requesting no-more-sessions at openssh.com
>> debug1: Entering interactive session.
>> debug1: Sending environment.
>> debug1: Sending env LANG = en_US.UTF-8
>> debug1: Sending command: scp -v -t /home/ubuntu/.ssh/authorized_keys2
>> Sending file modes: C0644 404 id_rsa.pub
>> scp: /home/ubuntu/.ssh/authorized_keys2: Permission denied
>> ubuntu at ip-172-31-41-32:~$ Sink: C0644 404 id_rsa.pub
>> debug1: client_input_channel_req: channel 0 rtype exit-status reply 0
>> debug1: channel 0: free: client-session, nchannels 1
>> debug1: fd 0 clearing O_NONBLOCK
>> debug1: fd 1 clearing O_NONBLOCK
>> Transferred: sent 3472, received 2636 bytes, in 0.2 seconds
>> Bytes per second: sent 18676.3, received 14179.4
>> debug1: Exit status 1
>>
>> ________________________________________
>> From: Daniel Thayer <dnthayer at illinois.edu>
>> Sent: Monday, September 14, 2015 2:17 PM
>> To: Davison, Charles Robert; bro at bro.org
>> Subject: Re: [Bro] Bro Cluster Documentation Error
>>
>> When you check if you can ssh to the other machines in your cluster,
>> you need to make sure you're running ssh as the same user that
>> you're running broctl.
>>
>> Also, what did you specify for the "host=" entries in your node.cfg?
>>
>>
>>
>> On 09/14/2015 02:56 PM, Davison, Charles Robert wrote:
>>> I assume attachments don't work... here is the test output:
>>>
>>>
>>> root at ip-172-31-41-32:/home/ubuntu# export PATH=/usr/local/bro/bin:$PATH
>>>
>>> root at ip-172-31-41-32:/home/ubuntu# broctl
>>>
>>> Warning: broctl node config has changed (run the broctl "deploy" command)
>>>
>>> Warning: Bro node "bro" possibly still running on host "localhost" (PID
>>> 16564)
>>>
>>>
>>> Welcome to BroControl 1.4
>>>
>>>
>>> Type "help" for help.
>>>
>>>
>>> [BroControl] > install
>>>
>>> removing old policies in
>>> /usr/local/bro/spool/installed-scripts-do-not-touch/sit
>>>                                                                e ...
>>>
>>> removing old policies in
>>> /usr/local/bro/spool/installed-scripts-do-not-touch/aut
>>>                                                                o ...
>>>
>>> creating policy directories ...
>>>
>>> installing site policies ...
>>>
>>> generating cluster-layout.bro ...
>>>
>>> generating local-networks.bro ...
>>>
>>> generating broctl-config.bro ...
>>>
>>> generating broctl-config.sh ...
>>>
>>> updating nodes ...
>>>
>>> Host key verification failed.
>>>
>>> Host key verification failed.
>>>
>>> Error: cannot create (some of the) directories
>>> /usr/local/bro,/usr/local/bro/log
>>>
>>> s,/usr/local/bro/spool,/usr/local/bro/spool/tmp on node worker-1
>>>
>>> [BroControl] > Host key verification failed.
>>>
>>> Host key verification failed.
>>>
>>> Host key verification failed.
>>>
>>> Host key verification failed.
>>>
>>>
>>>
>>> Thank you,
>>>
>>> Charles
>>>
>>>
>>> ------------------------------------------------------------------------
>>> *From:* Davison, Charles Robert
>>> *Sent:* Monday, September 14, 2015 1:41 PM
>>> *To:* bro at bro.org
>>> *Subject:* Bro Cluster Documentation Error
>>>
>>>
>>> Good Afternoon,
>>>
>>>
>>> I am trying to make documentation for installing a bro cluster
>>> configuration, and receive the attached error when trying to install via
>>> broctl. I can log into both of my worker nodes from the bro manager via
>>> ssh fine, and without a password...
>>>
>>>
>>> Thank you,
>>>
>>> Charles
>>>
>>>
>>>
>>>
>>> _______________________________________________
>>> Bro mailing list
>>> bro at bro-ids.org
>>> http://mailman.ICSI.Berkeley.EDU/mailman/listinfo/bro
>>>

More information about the Bro mailing list