FileSystemCollector skips Ubuntu directories about attacksurfaceanalyzer HOT 5 CLOSED

That is peculiar. I'll have to take a look at the logging behavior as it seems from your additional tests that the scanning is being done but the messages just aren't hitting the console.

The second behavior is I think, expected. If you provide a list of selected directories they are scanned one at a time so you'll with those arguments only get a message for /.

from attacksurfaceanalyzer.

I did a little testing and I think this is related to scanning /dev. I think that /dev falls into the same category as /proc and /sys that its not actually files and so the scanner can encounter errors when trying to access them. I will have a new version that skips /dev by default as well.

from attacksurfaceanalyzer.

I think I've fixed this, I did not end up excluding dev, but now handle errors during directory enumeration better.

from attacksurfaceanalyzer.

I did some comparison with 2.3.284 and 2.3.285 versions. It looks like that 2.3.285 succeeds in file collection because it lasts 9+ minutes and goes through all root directories where in 2.3.284 it lasted only 55 secs and stopped to an exception. So, 2.3.285 fixed the problem, thanks!

2.3.284 asa.log.txt
administrator@focal:/tmp/ASA_linux_2.3.284$ more asa.log.txt
2022-10-06 12:13:48.247 +03:00 [DBG] Didn't find any settings in the database.
2022-10-06 12:13:48.711 +03:00 [DBG] Default settings skip directories /proc and /sys because they tend to have non-files which stall the collector.
2022-10-06 12:13:48.712 +03:00 [DBG] Default settings skip directories /proc and /sys because they tend to have non-files which stall the collector.
2022-10-06 12:13:48.714 +03:00 [INF] Begin baseline.
2022-10-06 12:13:48.753 +03:00 [INF] Starting 11 Collectors.
2022-10-06 12:13:48.755 +03:00 [INF] Starting FileSystemCollector.
2022-10-06 12:13:48.763 +03:00 [INF] Scanning root /bin
2022-10-06 12:13:59.239 +03:00 [INF] Scanning root /snap
2022-10-06 12:14:44.500 +03:00 [DBG] Failed to run Microsoft.CST.AttackSurfaceAnalyzer.Collectors.FileSystemCollector (System.AggregateException:One or more errors occurred. (Access to the path '/snap/core18/current/var/run/user/1000/gvfs'
is denied.))
2022-10-06 12:14:44.506 +03:00 [INF] Completed FileSystemCollector in 00h:00m:55s:750ms.
2022-10-06 12:14:49.963 +03:00 [DBG] Completed flushing in 00h:00m:05s:439ms
2022-10-06 12:14:49.967 +03:00 [INF] Starting OpenPortCollector.
...

2.3.285 asa.log.txt
administrator@focal:/tmp/ASA_linux_2.3.285$ more asa.log.txt2
2022-10-06 11:36:38.319 +03:00 [DBG] Didn't find any settings in the database.
2022-10-06 11:36:38.503 +03:00 [DBG] Default settings skip directories /proc and /sys because they tend to have
non-files which stall the collector.
2022-10-06 11:36:38.504 +03:00 [DBG] Default settings skip directories /proc and /sys because they tend to have
non-files which stall the collector.
2022-10-06 11:36:38.508 +03:00 [INF] Begin baseline.
2022-10-06 11:36:38.546 +03:00 [INF] Starting 11 Collectors.
2022-10-06 11:36:38.549 +03:00 [INF] Starting FileSystemCollector.
2022-10-06 11:36:38.554 +03:00 [INF] Scanning root /bin
2022-10-06 11:37:02.486 +03:00 [INF] Cancelling collection. Rolling back transaction. Please wait to avoid corru
pting database.
2022-10-06 11:37:45.566 +03:00 [DBG] Default settings skip directories /proc and /sys because they tend to have
non-files which stall the collector.
2022-10-06 11:37:45.572 +03:00 [DBG] Default settings skip directories /proc and /sys because they tend to have
non-files which stall the collector.
2022-10-06 11:37:45.575 +03:00 [INF] Begin baseline2.
2022-10-06 11:37:45.636 +03:00 [INF] Starting 11 Collectors.
2022-10-06 11:37:45.642 +03:00 [INF] Starting FileSystemCollector.
2022-10-06 11:37:45.645 +03:00 [INF] Scanning root /bin
2022-10-06 11:37:56.331 +03:00 [INF] Scanning root /snap
2022-10-06 11:37:56.797 +03:00 [DBG] Failed to enumerate directories of /snap. (UnauthorizedAccessException:Acce
ss to the path '/snap/core18/current/var/run/user/1000/gvfs' is denied.)
2022-10-06 11:37:56.799 +03:00 [INF] Scanning root /mnt
2022-10-06 11:37:56.822 +03:00 [INF] Scanning root /root
2022-10-06 11:37:56.908 +03:00 [INF] Scanning root /lost+found
2022-10-06 11:37:56.909 +03:00 [INF] Scanning root /run
2022-10-06 11:37:56.910 +03:00 [DBG] Failed to enumerate directories of /run. (UnauthorizedAccessException:Acces
s to the path '/run/user/1000/gvfs' is denied.)
2022-10-06 11:37:56.914 +03:00 [INF] Scanning root /libx32
2022-10-06 11:37:56.926 +03:00 [INF] Scanning root /lib32
2022-10-06 11:37:56.932 +03:00 [INF] Scanning root /srv
2022-10-06 11:37:56.971 +03:00 [INF] Scanning root /etc
2022-10-06 11:38:00.010 +03:00 [INF] Scanning root /sbin
2022-10-06 11:38:01.725 +03:00 [INF] Scanning root /var
2022-10-06 11:38:02.274 +03:00 [DBG] Failed to enumerate directories of /var. (UnauthorizedAccessException:Acces
s to the path '/var/run/user/1000/gvfs' is denied.)
2022-10-06 11:38:02.275 +03:00 [INF] Scanning root /tmp
2022-10-06 11:38:06.704 +03:00 [INF] Scanning root /media
2022-10-06 11:38:06.724 +03:00 [INF] Scanning root /cdrom
2022-10-06 11:38:06.726 +03:00 [INF] Scanning root /lib
2022-10-06 11:42:21.822 +03:00 [INF] Scanning root /dev
2022-10-06 11:42:21.894 +03:00 [INF] Scanning root /opt
2022-10-06 11:42:21.895 +03:00 [INF] Scanning root /boot
2022-10-06 11:42:22.570 +03:00 [INF] Scanning root /home
2022-10-06 11:42:22.716 +03:00 [INF] Scanning root /lib64
2022-10-06 11:42:22.717 +03:00 [INF] Scanning root /usr
2022-10-06 11:47:06.632 +03:00 [INF] Completed FileSystemCollector in 00h:09m:20s:987ms.
2022-10-06 11:47:06.681 +03:00 [DBG] Completed flushing in 00h:00m:00s:003ms
2022-10-06 11:47:06.745 +03:00 [INF] Starting OpenPortCollector.
...

from attacksurfaceanalyzer.

Awesome. Glad that resolved it.

from attacksurfaceanalyzer.