Comments (5)
That is peculiar. I'll have to take a look at the logging behavior as it seems from your additional tests that the scanning is being done but the messages just aren't hitting the console.
The second behavior is I think, expected. If you provide a list of selected directories they are scanned one at a time so you'll with those arguments only get a message for /
.
from attacksurfaceanalyzer.
I did a little testing and I think this is related to scanning /dev
. I think that /dev
falls into the same category as /proc
and /sys
that its not actually files and so the scanner can encounter errors when trying to access them. I will have a new version that skips /dev
by default as well.
from attacksurfaceanalyzer.
I think I've fixed this, I did not end up excluding dev, but now handle errors during directory enumeration better.
from attacksurfaceanalyzer.
I did some comparison with 2.3.284 and 2.3.285 versions. It looks like that 2.3.285 succeeds in file collection because it lasts 9+ minutes and goes through all root directories where in 2.3.284 it lasted only 55 secs and stopped to an exception. So, 2.3.285 fixed the problem, thanks!
2.3.284 asa.log.txt
administrator@focal:/tmp/ASA_linux_2.3.284$ more asa.log.txt
2022-10-06 12:13:48.247 +03:00 [DBG] Didn't find any settings in the database.
2022-10-06 12:13:48.711 +03:00 [DBG] Default settings skip directories /proc and /sys because they tend to have non-files which stall the collector.
2022-10-06 12:13:48.712 +03:00 [DBG] Default settings skip directories /proc and /sys because they tend to have non-files which stall the collector.
2022-10-06 12:13:48.714 +03:00 [INF] Begin baseline.
2022-10-06 12:13:48.753 +03:00 [INF] Starting 11 Collectors.
2022-10-06 12:13:48.755 +03:00 [INF] Starting FileSystemCollector.
2022-10-06 12:13:48.763 +03:00 [INF] Scanning root /bin
2022-10-06 12:13:59.239 +03:00 [INF] Scanning root /snap
2022-10-06 12:14:44.500 +03:00 [DBG] Failed to run Microsoft.CST.AttackSurfaceAnalyzer.Collectors.FileSystemCollector (System.AggregateException:One or more errors occurred. (Access to the path '/snap/core18/current/var/run/user/1000/gvfs'
is denied.))
2022-10-06 12:14:44.506 +03:00 [INF] Completed FileSystemCollector in 00h:00m:55s:750ms.
2022-10-06 12:14:49.963 +03:00 [DBG] Completed flushing in 00h:00m:05s:439ms
2022-10-06 12:14:49.967 +03:00 [INF] Starting OpenPortCollector.
...
2.3.285 asa.log.txt
administrator@focal:/tmp/ASA_linux_2.3.285$ more asa.log.txt2
2022-10-06 11:36:38.319 +03:00 [DBG] Didn't find any settings in the database.
2022-10-06 11:36:38.503 +03:00 [DBG] Default settings skip directories /proc and /sys because they tend to have
non-files which stall the collector.
2022-10-06 11:36:38.504 +03:00 [DBG] Default settings skip directories /proc and /sys because they tend to have
non-files which stall the collector.
2022-10-06 11:36:38.508 +03:00 [INF] Begin baseline.
2022-10-06 11:36:38.546 +03:00 [INF] Starting 11 Collectors.
2022-10-06 11:36:38.549 +03:00 [INF] Starting FileSystemCollector.
2022-10-06 11:36:38.554 +03:00 [INF] Scanning root /bin
2022-10-06 11:37:02.486 +03:00 [INF] Cancelling collection. Rolling back transaction. Please wait to avoid corru
pting database.
2022-10-06 11:37:45.566 +03:00 [DBG] Default settings skip directories /proc and /sys because they tend to have
non-files which stall the collector.
2022-10-06 11:37:45.572 +03:00 [DBG] Default settings skip directories /proc and /sys because they tend to have
non-files which stall the collector.
2022-10-06 11:37:45.575 +03:00 [INF] Begin baseline2.
2022-10-06 11:37:45.636 +03:00 [INF] Starting 11 Collectors.
2022-10-06 11:37:45.642 +03:00 [INF] Starting FileSystemCollector.
2022-10-06 11:37:45.645 +03:00 [INF] Scanning root /bin
2022-10-06 11:37:56.331 +03:00 [INF] Scanning root /snap
2022-10-06 11:37:56.797 +03:00 [DBG] Failed to enumerate directories of /snap. (UnauthorizedAccessException:Acce
ss to the path '/snap/core18/current/var/run/user/1000/gvfs' is denied.)
2022-10-06 11:37:56.799 +03:00 [INF] Scanning root /mnt
2022-10-06 11:37:56.822 +03:00 [INF] Scanning root /root
2022-10-06 11:37:56.908 +03:00 [INF] Scanning root /lost+found
2022-10-06 11:37:56.909 +03:00 [INF] Scanning root /run
2022-10-06 11:37:56.910 +03:00 [DBG] Failed to enumerate directories of /run. (UnauthorizedAccessException:Acces
s to the path '/run/user/1000/gvfs' is denied.)
2022-10-06 11:37:56.914 +03:00 [INF] Scanning root /libx32
2022-10-06 11:37:56.926 +03:00 [INF] Scanning root /lib32
2022-10-06 11:37:56.932 +03:00 [INF] Scanning root /srv
2022-10-06 11:37:56.971 +03:00 [INF] Scanning root /etc
2022-10-06 11:38:00.010 +03:00 [INF] Scanning root /sbin
2022-10-06 11:38:01.725 +03:00 [INF] Scanning root /var
2022-10-06 11:38:02.274 +03:00 [DBG] Failed to enumerate directories of /var. (UnauthorizedAccessException:Acces
s to the path '/var/run/user/1000/gvfs' is denied.)
2022-10-06 11:38:02.275 +03:00 [INF] Scanning root /tmp
2022-10-06 11:38:06.704 +03:00 [INF] Scanning root /media
2022-10-06 11:38:06.724 +03:00 [INF] Scanning root /cdrom
2022-10-06 11:38:06.726 +03:00 [INF] Scanning root /lib
2022-10-06 11:42:21.822 +03:00 [INF] Scanning root /dev
2022-10-06 11:42:21.894 +03:00 [INF] Scanning root /opt
2022-10-06 11:42:21.895 +03:00 [INF] Scanning root /boot
2022-10-06 11:42:22.570 +03:00 [INF] Scanning root /home
2022-10-06 11:42:22.716 +03:00 [INF] Scanning root /lib64
2022-10-06 11:42:22.717 +03:00 [INF] Scanning root /usr
2022-10-06 11:47:06.632 +03:00 [INF] Completed FileSystemCollector in 00h:09m:20s:987ms.
2022-10-06 11:47:06.681 +03:00 [DBG] Completed flushing in 00h:00m:00s:003ms
2022-10-06 11:47:06.745 +03:00 [INF] Starting OpenPortCollector.
...
from attacksurfaceanalyzer.
Awesome. Glad that resolved it.
from attacksurfaceanalyzer.
Related Issues (20)
- Export Rules to JSON still does not work HOT 2
- Re-Validate Rules automatically on change
- Improve write speed by changing serialized data format
- Reduce size of analysis stored in db
- Flag Zip files that are also jpegs
- Binary files getting labeled as missing DEP/ASLR/SIGN related flags HOT 4
- Report collection errors in collected objects HOT 1
- Show console output in gui
- Analyze scan from 2 different machines. HOT 4
- Sarif Report Doesn't Load Properly in VS Code
- How to change the port used HOT 3
- What are the resultslevel options? HOT 8
- In Use files are getting labeled as missing DEP/ASLR/SIGN related flags HOT 5
- Add Export Sarif Button to GUI HOT 5
- Track Exceptions when Gathering Info
- Cannot detect registry created, deleted and modified by myself. HOT 10
- Win 7 HOT 2
- GUI does not show editable field for Editing Analyses or Sandbox
- After update to 2.3.305: Microsoft.Data.Sqlite.SqliteException (0x80004005): SQLite Error 13: 'database or disk is full' HOT 9
- GitHub Pages Doc Publication Is Failing
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from attacksurfaceanalyzer.