zentralopensource / zentral Goto Github PK

Zentral is a high-visibility platform for controlling Apple endpoints in enterprises. It brings great observability to IT and makes tracking & reporting compliance much less manual.

Home Page: https://www.zentral.com

License: Other

Shell 0.09% Python 89.68% HTML 9.90% Dockerfile 0.10% PowerShell 0.01% JavaScript 0.06% SCSS 0.15%

macos inventory elasticsearch endpoint-management endpoint-security events gitops jamf mdm munki

zentral's Introduction

Zentral

Zentral is an Event Hub to gather, process, and monitor system events and link them to an inventory.

Docs

The Zentral docs are in the docs directory. They are published at https://docs.zentral.io.

Releases

You will find the latest release information on GitHub.

zentral's People

Contributors

Stargazers

Watchers

Forkers

luisgiraldo grahamgilbert henrydobson mbatey88 zbuc lancemango stachdude amarcovich poeblu hjuutilainen coreservice pombredanne vinay166 awesome-security erdarun mikemcdonald jnoll21 rbramwell cipher133 poptar7 nishitm pcj103654831 samueljon secdragon ccavxx desirefreer sechmann adparvum kbst9 pengufrost bikram990 n0thing2speak johnmikee bnotions triplekill databill86 benhe119 davidsanchezgracia devopsotrator yohan460 brandwatchltd fbion zoocoup dekoder chefaustin neocode12 ww-digital nielshojen gwhitehawk gavinelder amarjitghuman arubdesu synthetic-intelligence syllogy laozhudetui ankurvaishley xentools canburaks sierra-hotel gduxj ekmixon hecg119 dkmansion darksidesfear idiomaticrefactoring janheise jonhil12 headmin spbkaizo marczak johsonluo zhumo klische-hw stnert xarbit bandar-a outs1d3r-net iq-scm da7oud kkpan11 tech1media foursquare macadmininfo

zentral's Issues

inventory_machine_added events can be huge

These events can contain all the macOS applications of a machine. Retrieving them from the event stores (elasticearch, …) and displaying them can take a while and is not really helpful.

We probably need to remove the list of the applications from these events.

zentral_app Docker container crashing

Running off master, my zentral_app Docker container is crashing immediately after starting.

If I check the logs, all I see is:

/zentral/docker-entrypoint.py:73: UserWarning: Not enough arguments.
  warnings.warn("Not enough arguments.")
/zentral/docker-entrypoint.py:73: UserWarning: Not enough arguments.
  warnings.warn("Not enough arguments.")
/zentral/docker-entrypoint.py:73: UserWarning: Not enough arguments.
  warnings.warn("Not enough arguments.")
/zentral/docker-entrypoint.py:73: UserWarning: Not enough arguments.
  warnings.warn("Not enough arguments.")
/zentral/docker-entrypoint.py:73: UserWarning: Not enough arguments.
  warnings.warn("Not enough arguments.")
/zentral/docker-entrypoint.py:73: UserWarning: Not enough arguments.
  warnings.warn("Not enough arguments.")
/zentral/docker-entrypoint.py:73: UserWarning: Not enough arguments.
  warnings.warn("Not enough arguments.")

Password Expiration Feature in Zentral

Hi,
Is there a feature like login password expiration on zentral? So to do this I think django middleware needs to be added.

Please help if you have any clue..
Thanking you in advance

Issue with api_urls after updating

Seems like the latest update to zentral breaks it:

After running sudo /home/zentral/app/utils/deploy.py --update, it sets all the requirements successfully but then gives the following errors.

After reloading the service, the UI no longer comes on.

Errors:

2019-03-21 02:42:40,048 PID21931 urls ERROR Could not load app munki api_urls
Traceback (most recent call last):
  File "/home/zentral/app/releases/2019.03.21-02.42.36-master-8f21ee/server/server/urls.py", line 36, in <module>
    include(url_module, namespace=namespace)))
  File "/home/zentral/app/venv/lib/python3.5/site-packages/django/conf/urls/__init__.py", line 50, in include
    urlconf_module = import_module(urlconf_module)
  File "/usr/lib/python3.5/importlib/__init__.py", line 126, in import_module
    return _bootstrap._gcd_import(name[level:], package, level)
  File "<frozen importlib._bootstrap>", line 986, in _gcd_import
  File "<frozen importlib._bootstrap>", line 969, in _find_and_load
  File "<frozen importlib._bootstrap>", line 956, in _find_and_load_unlocked
ImportError: No module named 'zentral.contrib.munki.api_urls'
2019-03-21 02:42:40,075 PID21931 urls ERROR Could not load app osquery api_urls
Traceback (most recent call last):
  File "/home/zentral/app/releases/2019.03.21-02.42.36-master-8f21ee/server/server/urls.py", line 36, in <module>
    include(url_module, namespace=namespace)))
  File "/home/zentral/app/venv/lib/python3.5/site-packages/django/conf/urls/__init__.py", line 50, in include
    urlconf_module = import_module(urlconf_module)
  File "/usr/lib/python3.5/importlib/__init__.py", line 126, in import_module
    return _bootstrap._gcd_import(name[level:], package, level)
  File "<frozen importlib._bootstrap>", line 986, in _gcd_import
  File "<frozen importlib._bootstrap>", line 969, in _find_and_load
  File "<frozen importlib._bootstrap>", line 956, in _find_and_load_unlocked
ImportError: No module named 'zentral.contrib.osquery.api_urls'
2019-03-21 02:42:40,083 PID21931 urls ERROR Could not load app jamf api_urls
Traceback (most recent call last):
  File "/home/zentral/app/releases/2019.03.21-02.42.36-master-8f21ee/server/server/urls.py", line 36, in <module>
    include(url_module, namespace=namespace)))
  File "/home/zentral/app/venv/lib/python3.5/site-packages/django/conf/urls/__init__.py", line 50, in include
    urlconf_module = import_module(urlconf_module)
  File "/usr/lib/python3.5/importlib/__init__.py", line 126, in import_module
    return _bootstrap._gcd_import(name[level:], package, level)
  File "<frozen importlib._bootstrap>", line 986, in _gcd_import
  File "<frozen importlib._bootstrap>", line 969, in _find_and_load
  File "<frozen importlib._bootstrap>", line 956, in _find_and_load_unlocked
ImportError: No module named 'zentral.contrib.jamf.api_urls'
2019-03-21 02:42:40,168 PID21931 urls ERROR Could not load app santa api_urls
Traceback (most recent call last):
  File "/home/zentral/app/releases/2019.03.21-02.42.36-master-8f21ee/server/server/urls.py", line 36, in <module>
    include(url_module, namespace=namespace)))
  File "/home/zentral/app/venv/lib/python3.5/site-packages/django/conf/urls/__init__.py", line 50, in include
    urlconf_module = import_module(urlconf_module)
  File "/usr/lib/python3.5/importlib/__init__.py", line 126, in import_module
    return _bootstrap._gcd_import(name[level:], package, level)
  File "<frozen importlib._bootstrap>", line 986, in _gcd_import
  File "<frozen importlib._bootstrap>", line 969, in _find_and_load
  File "<frozen importlib._bootstrap>", line 956, in _find_and_load_unlocked
ImportError: No module named 'zentral.contrib.santa.api_urls'
2019-03-21 02:42:40,171 PID21931 urls ERROR Could not load app nagios api_urls
Traceback (most recent call last):
  File "/home/zentral/app/releases/2019.03.21-02.42.36-master-8f21ee/server/server/urls.py", line 36, in <module>
    include(url_module, namespace=namespace)))
  File "/home/zentral/app/venv/lib/python3.5/site-packages/django/conf/urls/__init__.py", line 50, in include
    urlconf_module = import_module(urlconf_module)
  File "/usr/lib/python3.5/importlib/__init__.py", line 126, in import_module
    return _bootstrap._gcd_import(name[level:], package, level)
  File "<frozen importlib._bootstrap>", line 986, in _gcd_import
  File "<frozen importlib._bootstrap>", line 969, in _find_and_load
  File "<frozen importlib._bootstrap>", line 956, in _find_and_load_unlocked
ImportError: No module named 'zentral.contrib.nagios.api_urls'
2019-03-21 02:42:40,172 PID21931 urls ERROR Could not load app probes api_urls
Traceback (most recent call last):
  File "/home/zentral/app/releases/2019.03.21-02.42.36-master-8f21ee/server/server/urls.py", line 36, in <module>
    include(url_module, namespace=namespace)))
  File "/home/zentral/app/venv/lib/python3.5/site-packages/django/conf/urls/__init__.py", line 50, in include
    urlconf_module = import_module(urlconf_module)
  File "/usr/lib/python3.5/importlib/__init__.py", line 126, in import_module
    return _bootstrap._gcd_import(name[level:], package, level)
  File "<frozen importlib._bootstrap>", line 986, in _gcd_import
  File "<frozen importlib._bootstrap>", line 969, in _find_and_load
  File "<frozen importlib._bootstrap>", line 956, in _find_and_load_unlocked
ImportError: No module named 'zentral.core.probes.api_urls'
Operations to perform:
  Apply all migrations: accounts, auth, authtoken, contenttypes, inventory, jamf, munki, nagios, osquery, probes, santa, sessions
Running migrations:
  No migrations to apply.
2019-03-21 02:42:41,284 PID21938 urls ERROR Could not load app santa api_urls
Traceback (most recent call last):
  File "/home/zentral/app/releases/2019.03.21-02.42.36-master-8f21ee/server/server/urls.py", line 36, in <module>
    include(url_module, namespace=namespace)))
  File "/home/zentral/app/venv/lib/python3.5/site-packages/django/conf/urls/__init__.py", line 50, in include
    urlconf_module = import_module(urlconf_module)
  File "/usr/lib/python3.5/importlib/__init__.py", line 126, in import_module
    return _bootstrap._gcd_import(name[level:], package, level)
  File "<frozen importlib._bootstrap>", line 986, in _gcd_import
  File "<frozen importlib._bootstrap>", line 969, in _find_and_load
  File "<frozen importlib._bootstrap>", line 956, in _find_and_load_unlocked
ImportError: No module named 'zentral.contrib.santa.api_urls'
2019-03-21 02:42:41,286 PID21938 urls ERROR Could not load app munki api_urls
Traceback (most recent call last):
  File "/home/zentral/app/releases/2019.03.21-02.42.36-master-8f21ee/server/server/urls.py", line 36, in <module>
    include(url_module, namespace=namespace)))
  File "/home/zentral/app/venv/lib/python3.5/site-packages/django/conf/urls/__init__.py", line 50, in include
    urlconf_module = import_module(urlconf_module)
  File "/usr/lib/python3.5/importlib/__init__.py", line 126, in import_module
    return _bootstrap._gcd_import(name[level:], package, level)
  File "<frozen importlib._bootstrap>", line 986, in _gcd_import
  File "<frozen importlib._bootstrap>", line 969, in _find_and_load
  File "<frozen importlib._bootstrap>", line 956, in _find_and_load_unlocked
ImportError: No module named 'zentral.contrib.munki.api_urls'
2019-03-21 02:42:41,294 PID21938 urls ERROR Could not load app osquery api_urls
Traceback (most recent call last):
  File "/home/zentral/app/releases/2019.03.21-02.42.36-master-8f21ee/server/server/urls.py", line 36, in <module>
    include(url_module, namespace=namespace)))
  File "/home/zentral/app/venv/lib/python3.5/site-packages/django/conf/urls/__init__.py", line 50, in include
    urlconf_module = import_module(urlconf_module)
  File "/usr/lib/python3.5/importlib/__init__.py", line 126, in import_module
    return _bootstrap._gcd_import(name[level:], package, level)
  File "<frozen importlib._bootstrap>", line 986, in _gcd_import
  File "<frozen importlib._bootstrap>", line 969, in _find_and_load
  File "<frozen importlib._bootstrap>", line 956, in _find_and_load_unlocked
ImportError: No module named 'zentral.contrib.osquery.api_urls'
2019-03-21 02:42:41,298 PID21938 urls ERROR Could not load app jamf api_urls
Traceback (most recent call last):
  File "/home/zentral/app/releases/2019.03.21-02.42.36-master-8f21ee/server/server/urls.py", line 36, in <module>
    include(url_module, namespace=namespace)))
  File "/home/zentral/app/venv/lib/python3.5/site-packages/django/conf/urls/__init__.py", line 50, in include
    urlconf_module = import_module(urlconf_module)
  File "/usr/lib/python3.5/importlib/__init__.py", line 126, in import_module
    return _bootstrap._gcd_import(name[level:], package, level)
  File "<frozen importlib._bootstrap>", line 986, in _gcd_import
  File "<frozen importlib._bootstrap>", line 969, in _find_and_load
  File "<frozen importlib._bootstrap>", line 956, in _find_and_load_unlocked
ImportError: No module named 'zentral.contrib.jamf.api_urls'
2019-03-21 02:42:41,298 PID21938 urls ERROR Could not load app probes api_urls
Traceback (most recent call last):
  File "/home/zentral/app/releases/2019.03.21-02.42.36-master-8f21ee/server/server/urls.py", line 36, in <module>
    include(url_module, namespace=namespace)))
  File "/home/zentral/app/venv/lib/python3.5/site-packages/django/conf/urls/__init__.py", line 50, in include
    urlconf_module = import_module(urlconf_module)
  File "/usr/lib/python3.5/importlib/__init__.py", line 126, in import_module
    return _bootstrap._gcd_import(name[level:], package, level)
  File "<frozen importlib._bootstrap>", line 986, in _gcd_import
  File "<frozen importlib._bootstrap>", line 969, in _find_and_load
  File "<frozen importlib._bootstrap>", line 956, in _find_and_load_unlocked
ImportError: No module named 'zentral.core.probes.api_urls'
2019-03-21 02:42:41,300 PID21938 urls ERROR Could not load app nagios api_urls
Traceback (most recent call last):
  File "/home/zentral/app/releases/2019.03.21-02.42.36-master-8f21ee/server/server/urls.py", line 36, in <module>
    include(url_module, namespace=namespace)))
  File "/home/zentral/app/venv/lib/python3.5/site-packages/django/conf/urls/__init__.py", line 50, in include
    urlconf_module = import_module(urlconf_module)
  File "/usr/lib/python3.5/importlib/__init__.py", line 126, in import_module
    return _bootstrap._gcd_import(name[level:], package, level)
  File "<frozen importlib._bootstrap>", line 986, in _gcd_import
  File "<frozen importlib._bootstrap>", line 969, in _find_and_load
  File "<frozen importlib._bootstrap>", line 956, in _find_and_load_unlocked
ImportError: No module named 'zentral.contrib.nagios.api_urls'

nginx issue?

Hi,

Any idea what may be causing this issue?

"ERROR: for nginx Cannot link to a non running container: /zentral_promsrv_1 AS /zentral_nginx_1/promsrv"

Thanks for any help!

# docker images
REPOSITORY                     TAG                 IMAGE ID            CREATED             SIZE
zentralroot_promsrv            latest              30ba4b11a820        35 minutes ago      43.25 MB
zentralroot_app                latest              2d41baab1c7a        35 minutes ago      771 MB
zentralroot_inventory_worker   latest              2d41baab1c7a        35 minutes ago      771 MB
zentralroot_processor_worker   latest              2d41baab1c7a        35 minutes ago      771 MB
zentralroot_store_worker       latest              2d41baab1c7a        35 minutes ago      771 MB
zentralroot_web                latest              2d41baab1c7a        35 minutes ago      771 MB
zentral_promsrv                latest              fe5176ed5a72        49 minutes ago      43.25 MB
zentral_app                    latest              06c07975e11a        49 minutes ago      771 MB
zentral_inventory_worker       latest              06c07975e11a        49 minutes ago      771 MB
zentral_processor_worker       latest              06c07975e11a        49 minutes ago      771 MB
zentral_store_worker           latest              06c07975e11a        49 minutes ago      771 MB
zentral_web                    latest              06c07975e11a        49 minutes ago      771 MB
prom/prometheus                latest              62b473b89d8d        3 days ago          43.25 MB
python                         3.4                 7671c31cf12f        6 days ago          690.5 MB
rabbitmq                       3                   07ad51c82a29        2 weeks ago         189.9 MB
elasticsearch                  2                   d0390797eb4f        2 weeks ago         346.6 MB
hello-world                    latest              c54a2cc56cbb        3 weeks ago         1.848 kB
postgres                       9.4                 6af1d04a2f99        6 weeks ago         274.2 MB
prom/pushgateway               latest              7d4d0c4c4713        6 weeks ago         15.35 MB
nginx                          latest              0d409d33b27e        7 weeks ago         182.8 MB
# docker ps
CONTAINER ID        IMAGE               COMMAND                  CREATED              STATUS              PORTS                                NAMES
ec250d15c4dd        rabbitmq:3          "docker-entrypoint.sh"   About a minute ago   Up About a minute   4369/tcp, 5671-5672/tcp, 25672/tcp   zentral_rabbitmq_1
d3bb1aaec689        elasticsearch:2     "/docker-entrypoint.s"   About a minute ago   Up About a minute   9200/tcp, 9300/tcp                   zentral_elastic_1
16894a0a44a6        postgres:9.4        "/docker-entrypoint.s"   About a minute ago   Up About a minute   5432/tcp                             zentral_db_1
be9bb211abea        prom/pushgateway    "/bin/pushgateway"       About a minute ago   Up About a minute   9091/tcp                             zentral_prompg_1
a2e127d06276        prom/pushgateway    "/bin/pushgateway"       14 minutes ago       Up 14 minutes       9091/tcp                             zentralroot_prompg_1
7c4e4474a16b        elasticsearch:2     "/docker-entrypoint.s"   14 minutes ago       Up 14 minutes       9200/tcp, 9300/tcp                   zentralroot_elastic_1
8905eddd1ea6        postgres:9.4        "/docker-entrypoint.s"   14 minutes ago       Up 14 minutes       5432/tcp                             zentralroot_db_1
6a1dea3705ea        rabbitmq:3          "docker-entrypoint.sh"   14 minutes ago       Up 14 minutes       4369/tcp, 5671-5672/tcp, 25672/tcp   zentralroot_rabbitmq_1
% /opt/bin/docker-compose up -d
zentral_elastic_1 is up-to-date
zentral_prompg_1 is up-to-date
zentral_db_1 is up-to-date
Starting zentral_app_1
zentral_rabbitmq_1 is up-to-date
Starting zentral_web_1
Starting zentral_inventory_worker_1
Starting zentral_processor_worker_1
Starting zentral_store_worker_1
Starting zentral_promsrv_1
Starting zentral_nginx_1

ERROR: for nginx  Cannot link to a non running container: /zentral_promsrv_1 AS /zentral_nginx_1/promsrv
ERROR: Encountered errors while bringing up the project.
# docker --version
Docker version 1.11.2, build b9f10c9
# /opt/bin/docker-compose --version
docker-compose version 1.8.0-rc2, build c72c966
# uname -a
Linux outlier 3.16.0-4-amd64 #1 SMP Debian 3.16.7-ckt25-2+deb8u3 (2016-07-02) x86_64 GNU/Linux
# lsb_release -a
No LSB modules are available.
Distributor ID: Debian
Description:    Debian GNU/Linux 8.5 (jessie)
Release:    8.5
Codename:   jessie

Logging of Zentral login events

I wanted to log each log-in tries(successful/unsuccessful) on zentral. How and where I should configure this settings in zentral?

Thanking you for help in advance.

Database fails if not on the same server

Hi,

I tried building zentral today with separate docker containers for Zentral and Postgres, and ran into an issue with connection.
I believe this is because the connection string in postgres.py only accepts a username and password, so psycopg2 is defaulting to a unix socket connection, instead of TCP.

    def __init__(self, config_d):
        super(EventStore, self).__init__(config_d)
        self._conn = psycopg2.connect("dbname=%(db_name)s user=%(user)s" % config_d)
        self._test_table()

https://github.com/zentralopensource/zentral/blob/master/zentral/core/stores/backends/postgres.py

Please change the connection string to accept host, port and password parameters in addition to name and user.

Here's the full trace:

Environment:


Request Method: GET
Request URL: http://dev.groob.io:8000/

Django Version: 1.8.6
Python Version: 3.4.3
Installed Applications:
('django.contrib.contenttypes',
 'django.contrib.sessions',
 'django.contrib.messages',
 'django.contrib.staticfiles',
 'bootstrapform',
 'configuration',
 'zentral.contrib.inventory',
 'zentral.contrib.osquery',
 'zentral.contrib.santa')
Installed Middleware:
('django.contrib.sessions.middleware.SessionMiddleware',
 'django.middleware.common.CommonMiddleware',
 'django.middleware.csrf.CsrfViewMiddleware',
 'django.contrib.messages.middleware.MessageMiddleware',
 'django.middleware.clickjacking.XFrameOptionsMiddleware',
 'django.middleware.security.SecurityMiddleware')


Traceback:
File "/usr/local/lib/python3.4/dist-packages/django/core/handlers/base.py" in get_response
  119.                 resolver_match = resolver.resolve(request.path_info)
File "/usr/local/lib/python3.4/dist-packages/django/core/urlresolvers.py" in resolve
  365.             for pattern in self.url_patterns:
File "/usr/local/lib/python3.4/dist-packages/django/core/urlresolvers.py" in url_patterns
  401.         patterns = getattr(self.urlconf_module, "urlpatterns", self.urlconf_module)
File "/usr/local/lib/python3.4/dist-packages/django/core/urlresolvers.py" in urlconf_module
  395.             self._urlconf_module = import_module(self.urlconf_name)
File "/usr/lib/python3.4/importlib/__init__.py" in import_module
  109.     return _bootstrap._gcd_import(name[level:], package, level)
File "/home/zentral/server/server/urls.py" in <module>
  5.     url(r'^configuration/', include('configuration.urls', namespace='configuration')),
File "/usr/local/lib/python3.4/dist-packages/django/conf/urls/__init__.py" in include
  33.         urlconf_module = import_module(urlconf_module)
File "/usr/lib/python3.4/importlib/__init__.py" in import_module
  109.     return _bootstrap._gcd_import(name[level:], package, level)
File "/home/zentral/server/configuration/urls.py" in <module>
  3. from . import views
File "/home/zentral/server/configuration/views.py" in <module>
  4. from zentral.core.stores import stores
File "/home/zentral/zentral/core/stores/__init__.py" in <module>
  42. stores = get_stores(settings)
File "/home/zentral/zentral/core/stores/__init__.py" in get_stores
  22.         stores.append(store_class(store_conf))
File "/home/zentral/zentral/core/stores/backends/postgres.py" in __init__
  27.         self._conn = psycopg2.connect("dbname=%(db_name)s user=%(user)s" % config_d)
File "/usr/local/lib/python3.4/dist-packages/psycopg2/__init__.py" in connect
  164.     conn = _connect(dsn, connection_factory=connection_factory, async=async)

Exception Type: OperationalError at /
Exception Value: could not connect to server: No such file or directory
    Is the server running locally and accepting
    connections on Unix domain socket "/var/run/postgresql/.s.PGSQL.5432"?

[Question]Zentral remove/disable santa probes not syncing

I can create probes and sync them to my clients but when I disable the probes (and resync) the machines still get Santa blocks when running the binaries or the files. Issue occurs with multiple versions of Santa (0.9.19,0.9.20,0.9.30). Currently running 0.9.30
Syncing says completed successfully (even with a no computer owner error).

zentral logging: file, syslog?

Is there a way to get received logs (osquery, santa...) into a file on zentral server or into standard syslog?

Thanks

Munki enrollment - problem

Hi,

Is anyone having problem with enrollment of Munki software on client computer with Zentral?

When i run "zentral_munki_enroll.pkg" installer on Mac OS X 10.12.5 it passes without any problem, more correctly it does not show any problem in GUI interface, but it does not install application on computer.

In log file i have found following, looks link that it's missing '/Library/Managed Installs/ApplicationInventory.plist' file.

Jun 12 12:07:17 Djordje-Test-Mac-mini installd[388]: PackageKit: Executing script "./postinstall" in /private/tmp/PKInstallSandbox.oaxLzJ/Scripts/io.zentral.munki_enroll.bu_5aa68de8.J5qcgC
Jun 12 12:07:22 Djordje-Test-Mac-mini installd[388]: ./postinstall: Traceback (most recent call last):
Jun 12 12:07:22 Djordje-Test-Mac-mini installd[388]: ./postinstall: File "/usr/local/zentral/munki/zentral_postflight", line 325, in
Jun 12 12:07:22 Djordje-Test-Mac-mini installd[388]: ./postinstall: ai = ApplicationInventory()
Jun 12 12:07:22 Djordje-Test-Mac-mini installd[388]: ./postinstall: File "/usr/local/zentral/munki/zentral_postflight", line 111, in init
Jun 12 12:07:22 Djordje-Test-Mac-mini installd[388]: ./postinstall: self.data = plistlib.readPlist(self.APPLICATION_INVENTORY)
Jun 12 12:07:22 Djordje-Test-Mac-mini installd[388]: ./postinstall: File "/System/Library/Frameworks/Python.framework/Versions/2.7/lib/python2.7/plistlib.py", line 75, in readPlist
Jun 12 12:07:22 Djordje-Test-Mac-mini installd[388]: ./postinstall: pathOrFile = open(pathOrFile)
Jun 12 12:07:22 Djordje-Test-Mac-mini installd[388]: ./postinstall: IOError: [Errno 2] No such file or directory: '/Library/Managed Installs/ApplicationInventory.plist'
Jun 12 12:07:22 Djordje-Test-Mac-mini installd[388]: PackageKit: Writing receipt for io.zentral.munki_enroll.bu_5aa68de8 to /
Jun 12 12:07:22 Djordje-Test-Mac-mini installd[388]: Installed "zentral_munki_enroll" ()

Issues when including Santa installer with Santa Enrollment

Including the santa installer with the santa enrollment ends up with errors:

[~] santactl sync
Missing Machine Owner.
HTTP Response: -1002 unsupported URL
Preflight failed, aborting run

The file /var/db/santa/config.plist looks similar to:

~] sudo defaults read /var/db/santa/config.plist
Password:
{
    ClientMode = 1;
    FullSyncLastSuccess = "2017-09-06 12:45:29 +0000";
    MachineID = "%MACHINE_ID%";
    RuleSyncLastSuccess = "2017-09-06 12:45:29 +0000";
    ServerAuthRootsFile = "/usr/local/zentral/tls_server_certs.crt";
    SyncBaseURL = "https://zentral.website.com/santa/";
}

MachineID does not get filled in correctly.

Running the Santa enrollment without the Santa installer bundled works fine. MachineID gets filled in just fine.

Add "Delete Machine" option for machines in inventory

It would be great if a new button could be added to remove a client from the inventory once it's been added/enrolled.

Check if JSS API is disabled

Not sure how you'd test for this.

But set up a new JSS instance, scratched my head as to why Zentral seemed happy but no data. Turns out the API was disabled.

Zentral ansible role?

Hello

Thanks a lot for your work.
I look at the repo, the other ones from same user and ansible galaxy but I didn't find the role(s) to setup zentral.
I'm interested in the tool but I would go more to other cloud like digitalocean or Azure.
Roles should make it easy but where?

Thanks a lot!

Issues with Santa Enrollment Package. With or without installer.

When I create the Santa enrollment package I am presented with the following error (running on Google all-in-one)

Traceback (most recent call last): File "/home/zentral/app/venv/lib/python3.5/site-packages/django/core/handlers/exception.py", line 41, in inner response = get_response(request) File "/home/zentral/app/venv/lib/python3.5/site-packages/django/core/handlers/base.py", line 187, in _get_response response = self.process_exception_by_middleware(e, request) File "/home/zentral/app/venv/lib/python3.5/site-packages/django/core/handlers/base.py", line 185, in _get_response response = wrapped_callback(request, *callback_args, **callback_kwargs) File "/usr/lib/python3.5/contextlib.py", line 30, in inner return func(*args, **kwds) File "/home/zentral/app/venv/lib/python3.5/site-packages/django/views/decorators/csrf.py", line 58, in wrapped_view return view_func(*args, **kwargs) File "/home/zentral/app/venv/lib/python3.5/site-packages/django/views/generic/base.py", line 68, in view return self.dispatch(request, *args, **kwargs) File "/home/zentral/app/venv/lib/python3.5/site-packages/django/views/generic/base.py", line 88, in dispatch return handler(request, *args, **kwargs) File "/home/zentral/app/releases/2018.12.09-01.54.47-master-fead3d/zentral/contrib/santa/views.py", line 165, in post cp_name, cp_content = build_configuration_profile(enrolled_machine) File "/home/zentral/app/releases/2018.12.09-01.54.47-master-fead3d/zentral/contrib/santa/utils.py", line 49, in build_configuration_profile content = sign_payload_openssl(plistlib.dumps(configuration_profile_data)) File "/home/zentral/app/releases/2018.12.09-01.54.47-master-fead3d/zentral/utils/payloads.py", line 23, in sign_payload_openssl "-inkey", api_settings["tls_server_key"], KeyError: 'tls_server_key'

I have updated to the latest version and installed all requirements. I verified the /var/db/santa/config.plist has been created and the ServerAuthRootsFile, MachineID, ClientMode and SyncBaseUrl have all been populated. The package installs without error but the post install sync never kicks off and if I run it manually I get the Missing SyncBaseURL error.

Fwiw am also using the Munki and osquery packages and those build and enroll clients without issue.

Zentral packer installation for Linux/CentOS

I'm looking for steps to setup Zentral all in one on Linux/CentOS.

Also If there are any steps already documented for installing Zentral seperately and it's dependent modules like Postgres, ElasticSearch on different nodes instead of Docker/AWS/GC/Vagrant/OVA will be helpful.

Allow whitelist regex for santa monitor mode

Would it be possible to allow a whitelist regex for santa monitor mode? This will allow me to alert on ALLOW_UNKNOWN santa events without lots of false positives of binaries that would be whitelisted by the regex once lockdown mode is eventually turned on

Client Enrollment script for Linux/CentOS

Hi
Do we have osquery enrollment script for CentOS/linux.

Add support for Watchman Monitoring API v 2.5

Watchman Monitoring's API has been upgraded, adding the ability to write Asset ID & Descriptions to Computer Records. It should be noted that Asset ID information written to the Computer Record via the API will become available on the disk of the monitored computer after its next hourly checkin.

Also of interest for maintaining Group sync, a Find or Create a Group endpoint has been added.

To access these features, the version in use by Zentral should be moved has been bumped to 2.5. The Change Log describes the differences in v2.5, and the adjustments which are needed to complete the transition.

Rename Osquery distributed query probe to Osquery adhoc query probe

follow change from osquery project osquery/osquery#3057

Docker swarm cluster - Postgres DB duplicate key value violates unique constraint "inventory_machinesnapshotcommit_serial_number_f9fee8fa_uniq"

Hi,

We have split up zentral components using docker swarm version 17.06.

We have deployed Zentral Web, Workers, RabbittMQ, Nginx in 2 machines, Elastic search cluster created with 4 nodes, Kibana/Prometheus/Postgres db running in seperate instance.

Elastic search cluster and Postgres db data has been mapped to a shared drive in all machines.

Setup has been running fine where we have already enrolled 50 machines. We can see event logs received from existing enrolled machines.

But now when we tried enrolling new machines through osquery tls plugin "enroll" it gives 200 HTTP response but machine not added to Inventory machines list as checked from zentral web. No help from application logs as there are no errors logged.

osquery tls plugin can pull "configs" from zentral also "log" api returns 200 response. Even then there is no machine enrolled or logs in zentral web/elastic search.

We are not sure why zentral gives 200 HTTP response but data not getting saved.

Need help to identify which zentral component is failing. We are planning to scale for nearly 1500-2000 machines.

Enrollment script for Linux/CentOS

Hi,

Do we have osquery enrollment script for CentOS/linux.

We have an FIM requirement to enroll RHEL/CentOS machines to Zentral.

Read Only model?

After speaking with @headmin on Slack, it would be great if there could be a "Read Only model" for JSS integration.

This would mean that the account that Zentral would use would have CRUD to web hooks only, & R to groups & device inventory.

Seems that this is possible now, but full CRUD needed for initial Zentral Setup.. Then can be dialled back later.

Munki Enroll Error

Munki enrolment package fails on postinstall

The error is in the postinstall, with a error 500 from the server urllib2.HTTPError: HTTP Error 500: Internal Server Error

Here is the full output

$ sudo ./postinstall.py 
Traceback (most recent call last):
  File "/Users/ladmin/Desktop/postinstall 2.py", line 95, in <module>
    token = enroll()
  File "/Users/ladmin/Desktop/postinstall 2.py", line 37, in enroll
    resp = urllib2.urlopen(req, data=data, context=ctx)
  File "/System/Library/Frameworks/Python.framework/Versions/2.7/lib/python2.7/urllib2.py", line 154, in urlopen
    return opener.open(url, data, timeout)
  File "/System/Library/Frameworks/Python.framework/Versions/2.7/lib/python2.7/urllib2.py", line 437, in open
    response = meth(req, response)
  File "/System/Library/Frameworks/Python.framework/Versions/2.7/lib/python2.7/urllib2.py", line 550, in http_response
    'http', request, response, code, msg, hdrs)
  File "/System/Library/Frameworks/Python.framework/Versions/2.7/lib/python2.7/urllib2.py", line 475, in error
    return self._call_chain(*args)
  File "/System/Library/Frameworks/Python.framework/Versions/2.7/lib/python2.7/urllib2.py", line 409, in _call_chain
    result = func(*args)
  File "/System/Library/Frameworks/Python.framework/Versions/2.7/lib/python2.7/urllib2.py", line 558, in http_error_default
    raise HTTPError(req.get_full_url(), code, msg, hdrs, fp)
urllib2.HTTPError: HTTP Error 500: Internal Server Error

nginx/error.log

2018/07/08 14:22:35 [warn] 1718#1718: *5382 an upstream response is buffered to a temporary file /var/cache/nginx/proxy_temp/4/18/0000000184 while reading upstream, client: 210.XXX.17.XXX, server: zentral.domain.com, request: "POST /munki/enroll/ HTTP/1.1", upstream: "http://127.0.0.1:8000/munki/enroll/", host: "zentral.domain.com"

[Question] Why don't I have the Munki and osquery tabs?

Hello,

I am trying to setup zentral; I am using the docker-compose setup with a "real" postgreSQL server for persistency.

I did setup successfully the Munki integration and my machines are able to enroll; But the thing is, if I try to enroll via the osquery package, it doesn't seem to work. I think it might be related to the fact that I don't have any "osquery" or "Munki" tab in my installation, compared to the video;

Here is a screenshot

Otherwise, how can-I make distributed queries, for example?

Thanks!

add_probe_feed warnings about missing "queries" key

When importing feeds, I see warnings about the "queries" key not being present.

The key is present, however, and this doesn't seem to present an issue -- all the feeds are imported as expected.

This can be replicated against one of the example feeds:

zentral@1ed956dcdc6a:/zentral$ python server/manage.py add_probe_feed https://raw.githubusercontent.com/zentralopensource/zentral-feeds/master/demo/osquery.json
2017-06-02 19:10:26,627 PID343 feeds WARNING Feed serializer <class 'zentral.contrib.osquery.feeds.PackSerializer'> errors
2017-06-02 19:10:26,628 PID343 feeds WARNING {'queries': ['This field is required.']}
2017-06-02 19:10:26,786 PID343 feeds WARNING Feed serializer <class 'zentral.contrib.osquery.feeds.PackSerializer'> errors
2017-06-02 19:10:26,786 PID343 feeds WARNING {'queries': ['This field is required.']}
Feed https://raw.githubusercontent.com/zentralopensource/zentral-feeds/master/demo/osquery.json synced.
Probes created: 6.

Elasticsearch worker fail with Connection refused after update

This morning, AWS run an unattended-update on my Zentral note, and after the updates, Elasticsearch worker is failing in prometheus with connection error:
Get http://localhost:8102/metrics: dial tcp 127.0.0.1:8102: getsockopt: connection refused

Google suggest to update/add network.host to /etc/elasticsearch/elasticsearch.yml with 0.0.0.0, but did not help.

cURL from the Zentral server

curl http://localhost:8102/metrics -v
*   Trying 127.0.0.1...
* connect to 127.0.0.1 port 8102 failed: Connection refused
* Failed to connect to localhost port 8102: Connection refused
* Closing connection 0
curl: (7) Failed to connect to localhost port 8102: Connection refused

AWS update log

Packages that were upgraded:
libjpeg-turbo8 ntpdate

Package installation log:
Log started: 2018-07-10  06:09:13
Reading changelogs...
Confirmation failed, don't save seen state.
libjpeg-turbo (1.4.2-0ubuntu3.1) xenial-security; urgency=medium

  * SECURITY UPDATE: division by zero via BMP image
    - debian/patches/CVE-2018-1152.patch: add size check in rdbmp.c.
    - CVE-2018-1152

-- Marc Deslauriers <[email protected]>  Thu, 05 Jul 2018 15:30:37 -0400

ntp (1:4.2.8p4+dfsg-3ubuntu5.9) xenial-security; urgency=medium

  * SECURITY UPDATE: code execution via buffer overflow in decodearr
    - debian/patches/CVE-2018-7183.patch: prevent writing beyons limits in
      ntpq/ntpq.c.
    - CVE-2018-7183
  * SECURITY UPDATE: DoS via certain packets with a zero-origin timestamp
    - debian/patches/CVE-2018-7185.patch: add additional checks to
      ntpd/ntp_proto.c.
    - CVE-2018-7185

-- Marc Deslauriers <[email protected]>  Fri, 06 Jul 2018 15:34:25 -0400

(Reading database ...
(Reading database ... 5%
(Reading database ... 10%
(Reading database ... 15%
(Reading database ... 20%
(Reading database ... 25%
(Reading database ... 30%
(Reading database ... 35%
(Reading database ... 40%
(Reading database ... 45%
(Reading database ... 50%
(Reading database ... 55%
(Reading database ... 60%
(Reading database ... 65%
(Reading database ... 70%
(Reading database ... 75%
(Reading database ... 80%
(Reading database ... 85%
(Reading database ... 90%
(Reading database ... 95%
(Reading database ... 100%
(Reading database ... 184867 files and directories currently installed.)
Preparing to unpack .../libjpeg-turbo8_1.4.2-0ubuntu3.1_amd64.deb ...
Unpacking libjpeg-turbo8:amd64 (1.4.2-0ubuntu3.1) over (1.4.2-0ubuntu3) ...
Preparing to unpack .../ntpdate_1%3a4.2.8p4+dfsg-3ubuntu5.9_amd64.deb ...
Unpacking ntpdate (1:4.2.8p4+dfsg-3ubuntu5.9) over (1:4.2.8p4+dfsg-3ubuntu5.8) ...
Processing triggers for libc-bin (2.23-0ubuntu10) ...
Processing triggers for man-db (2.7.5-1) ...
Setting up libjpeg-turbo8:amd64 (1.4.2-0ubuntu3.1) ...
Setting up ntpdate (1:4.2.8p4+dfsg-3ubuntu5.9) ...
Processing triggers for libc-bin (2.23-0ubuntu10) ...
Log ended: 2018-07-10  06:09:14

Unattended-upgrades log:
Initial blacklisted packages:
Initial whitelisted packages:
Starting unattended upgrades script
Allowed origins are: ['o=Ubuntu,a=xenial', 'o=Ubuntu,a=xenial-security', 'o=UbuntuESM,a=xenial']
Packages that will be upgraded: libjpeg-turbo8 ntpdate
Writing dpkg log to '/var/log/unattended-upgrades/unattended-upgrades-dpkg.log'
All upgrades installed

Zentral_workers.service output

-- Logs begin at Tue 2018-07-10 10:06:45 CEST. --
Jul 10 10:08:15 zentral.domain.com python[2323]:     return func(*args, params=params, **kwargs)
Jul 10 10:08:15 zentral.domain.com python[2323]:   File "/home/zentral/app/venv/lib/python3.5/site-packages/elasticsearch/client/indices.py", line 116, in get
Jul 10 10:08:15 zentral.domain.com python[2323]:     feature), params=params)
Jul 10 10:08:15 zentral.domain.com python[2323]:   File "/home/zentral/app/venv/lib/python3.5/site-packages/elasticsearch/transport.py", line 318, in perform_request
Jul 10 10:08:15 zentral.domain.com python[2323]:     status, headers_response, data = connection.perform_request(method, url, params, body, headers=headers, ignore=ignore, timeout=timeout)
Jul 10 10:08:15 zentral.domain.com python[2323]:   File "/home/zentral/app/venv/lib/python3.5/site-packages/elasticsearch/connection/http_urllib3.py", line 185, in perform_request
Jul 10 10:08:15 zentral.domain.com python[2323]:     self._raise_error(response.status, raw_data)
Jul 10 10:08:15 zentral.domain.com python[2323]:   File "/home/zentral/app/venv/lib/python3.5/site-packages/elasticsearch/connection/base.py", line 125, in _raise_error
Jul 10 10:08:15 zentral.domain.com python[2323]:     raise HTTP_EXCEPTIONS.get(status_code, TransportError)(status_code, error_message, additional_info)
Jul 10 10:08:15 zentral.domain.com python[2323]: elasticsearch.exceptions.RequestError: TransportError(400, 'index_closed_exception', 'closed')

Large number of database handles used

I am running into an issue with my Zentral deployment where it exhausts the available database connections on our Postgres server.

I have about 275 clients connected and we see the number of open database connections shoot up to about 1000, then the web server can't get any more connections and the Docker container crashes.

django.db.utils.OperationalError: FATAL: sorry, too many clients already

osquery enrollment package installs "/Library/LaunchDaemons/com.facebook.osqueryd.plist" with invalid permissions.

The current osquery enrollment package installs the "/Library/LaunchDaemons/com.facebook.osqueryd.plist" file with invalid permissions. This causes launchctl to fail to load "/Library/LaunchDaemons/com.facebook.osqueryd.plist" also causing the following error message in the system log: Caller specified a plist with bad ownership/permissions: path = /Library/LaunchDaemons/com.facebook.osqueryd.plist, caller = launchctl.89355.

I submitted #16 to fix the problem, but I was told it would be better to open an issue so that we can find the root of the cause.

Monolith - add support product archive installer package type

Monolith Sub manifest should support product archive installer package type. A component package works fine.

Home page enhancements

Hi there!

This is not so much an issue as much of an inquiry or enhancement request. I have been using Zentral just briefly, but very much enjoying it thus far. One thing I noticed right off the bat was the blank "Home" page if you will, that just says "Zentral".

I was wondering if there had been consideration to add anything to that, for instance graphs? I think it would be really nice to add a quick overview of a few things right when you get there (great for management folks kind of stuff), such as:

How many computers enrolled in osquery/santa
How many machines that meet an alert from osquery (or santa, etc.)
How many business units, and how many machines in each business unit

Just something at a broad scale to 1) kind of pretty up the first thing you see, and 2) give some good easy insight into your Zentral system. I am not very django-savvy, but will definitely look at whipping something together should others consider this useful.

Thanks again for your work on this product, it's great!
-Jeremy

Import/Export pack configuration?

Hello,

Any way to import an existing pack configuration file either through gui or cli?
More generally, would want to import/export queries, pack or osqueryd standalone config.

Thanks

Unable to gather system info et al on CentOS 7 clients

I'm using v0.4.0 of Zentral and am able to add CentOS 6 and 7 hosts, as well as run queries, etc. The problem is that when viewing CentOS 7 hosts, the section that is supposed to show system info (CPU, Memory, OS version, networking) is empty.

I think this may be the relevant error from the logs:

I0929 16:32:39.288528 17443 distributed.cpp:133] Executing distributed query: __zentral_distributed_inventory_query_os_version: select 'os_version' as table_name, name, major, minor, patch, build from os_version;
I0929 16:32:39.288874 17443 virtual_table.cpp:291] Error casting minor () to INTEGER
I0929 16:32:39.288892 17443 virtual_table.cpp:291] Error casting patch () to INTEGER

'FATAL: sorry, too many clients already' trying to load the Zentral homepage

What deploymment method are you using ?
Docker

What operating system are you using?
CentOS

What did you do?
Attempted to load the Zentral home page by navigating to the URL. Restarted the CentOS server, then restarted the containers using docker-compose up -d to no avail.

What did you expect to see?
Expected to see the Zentral login screen.

Client Certificate authentication?

Hello

Do you include any client authentication mechanisms?
Or should go through nginx and web client certificates.

Thanks

osquery enrollment package download fails when including a pre-release build of osquery

Attempting to bundle an osquery release with an enrolment package fails if the bundled osquery version is pre-release.

The package builder gets all the available release versions from the github API which includes pre-release versions. It then assumes the corresponding S3 download URL, but this does not work for pre-release builds.

Instead the S3 AccessDenied XML response is downloaded and saved to osquery-2.4.3.pkg which then causes the error below.

Exception Type: CalledProcessError
Exception Value: Command '['/usr/local/bin/xar', '-x', '-C', '/tmp/tmpt3by6q2hzentral.utils.osx_package', '-f', '/tmp/osquery/releases/osquery-2.4.3.pkg']' returned non-zero exit status 1

Compatibility with the new filewave releases

The filewave inventory client doesn't seem to be compatible with the new filewave releases. A lot of the previously available information is missing (system information, macOS apps, …)

We need to find the documentation and update the client.

Enrollment script for Ubuntu fails for Linux Mint

osquery_zentral_setup.sh

The bash script picks up "rosa" for linux mint 17.3 and "serena" on 18.1 for $DISTRO resulting in a failed execution

lines 44-47

# add/replace osquery repository
sudo /bin/sed -i '/^deb.*osquery.*$/d' /etc/apt/sources.list
DISTRO=$(lsb_release -c|cut -d ':' -f2| tr  -d "\t")
echo "deb [arch=amd64] https://osquery-packages.s3.amazonaws.com/$DISTRO $DISTRO main" | sudo /usr/bin/tee -a /etc/apt/sources.list

Cannot build without libcrypto (OpenSSL)

Hello!

I have following problem while running "docker-compose up -d" on my Ubuntu Server 16.04 Xenial Xerus:

coky@ubuntu:~/zentral$ docker-compose up -d
Building workers
Step 1/20 : FROM python:3.6
 ---> a5b7afcfdcc8
Step 2/20 : ENV PYTHONUNBUFFERED 1
 ---> Using cache
 ---> da68296e6eed
Step 3/20 : MAINTAINER Éric Falconnier <[email protected]>
 ---> Using cache
 ---> 2f7ee1ba8ede
Step 4/20 : RUN apt-get update && apt-get autoremove -y && apt-get install -y bsdcpio libbz2-dev
 ---> Using cache
 ---> 01aa832c7515
Step 5/20 : RUN curl -fsSL https://github.com/zentralopensource/bomutils/archive/master.tar.gz | tar xvz &&     cd bomutils-* &&     make && make install &&     cd .. && rm -rf bomutils-*
 ---> Using cache
 ---> a45c2dc7c985
Step 6/20 : RUN curl -fsSL https://github.com/mackyle/xar/archive/xar-1.6.1.tar.gz | tar xvz &&     cd xar-*/xar &&     ./autogen.sh && ./configure --with-bzip2 &&     make && make install &&     cd ../.. && rm -rf xar-*
 ---> Running in 5083aa443160
xar-xar-1.6.1/
xar-xar-1.6.1/XarCMPlugIn/
xar-xar-1.6.1/XarCMPlugIn/English.lproj/
xar-xar-1.6.1/XarCMPlugIn/English.lproj/InfoPlist.strings
xar-xar-1.6.1/XarCMPlugIn/Info.plist
xar-xar-1.6.1/XarCMPlugIn/README.txt
xar-xar-1.6.1/XarCMPlugIn/XarCMPlugIn.c
xar-xar-1.6.1/XarCMPlugIn/XarCMPlugin.xcodeproj/
xar-xar-1.6.1/XarCMPlugIn/XarCMPlugin.xcodeproj/project.pbxproj
xar-xar-1.6.1/XarCMPlugIn/build/
xar-xar-1.6.1/XarCMPlugIn/build/XarCMPlugIn.plugin/
xar-xar-1.6.1/XarCMPlugIn/build/XarCMPlugIn.plugin/.turd
xar-xar-1.6.1/XarKit/
xar-xar-1.6.1/XarKit/Info.plist
xar-xar-1.6.1/XarKit/XarArchive.h
xar-xar-1.6.1/XarKit/XarArchive.m
xar-xar-1.6.1/XarKit/XarEnumerator.h
xar-xar-1.6.1/XarKit/XarEnumerator.m
xar-xar-1.6.1/XarKit/XarFile.h
xar-xar-1.6.1/XarKit/XarFile.m
xar-xar-1.6.1/XarKit/XarKit.h
xar-xar-1.6.1/XarKit/XarKit.xcodeproj/
xar-xar-1.6.1/XarKit/XarKit.xcodeproj/project.pbxproj
xar-xar-1.6.1/python/
xar-xar-1.6.1/python/README.txt
xar-xar-1.6.1/python/setup.py
xar-xar-1.6.1/python/test_xarfile.py
xar-xar-1.6.1/python/xarfile.pyx
xar-xar-1.6.1/tools/
xar-xar-1.6.1/tools/Makefile
xar-xar-1.6.1/tools/strextract.c
xar-xar-1.6.1/tools/toc_extract.c
xar-xar-1.6.1/tools/vitoc.1
xar-xar-1.6.1/tools/vitoc.c
xar-xar-1.6.1/tools/xardiff.1
xar-xar-1.6.1/tools/xardiff.c
xar-xar-1.6.1/xar/
xar-xar-1.6.1/xar/ChangeLog
xar-xar-1.6.1/xar/INSTALL
xar-xar-1.6.1/xar/LICENSE
xar-xar-1.6.1/xar/Makefile.in
xar-xar-1.6.1/xar/NEWS
xar-xar-1.6.1/xar/autogen.sh
xar-xar-1.6.1/xar/cfghdrs.stamp.in
xar-xar-1.6.1/xar/cfgoutputs.stamp.in
xar-xar-1.6.1/xar/config.guess
xar-xar-1.6.1/xar/config.sub
xar-xar-1.6.1/xar/configure.ac
xar-xar-1.6.1/xar/include/
xar-xar-1.6.1/xar/include/config.h.in
xar-xar-1.6.1/xar/include/xar.h.in
xar-xar-1.6.1/xar/install-sh
xar-xar-1.6.1/xar/lib/
xar-xar-1.6.1/xar/lib/Makefile.inc.in
xar-xar-1.6.1/xar/lib/appledouble.h
xar-xar-1.6.1/xar/lib/archive.c
xar-xar-1.6.1/xar/lib/archive.h
xar-xar-1.6.1/xar/lib/arcmod.c
xar-xar-1.6.1/xar/lib/arcmod.h
xar-xar-1.6.1/xar/lib/asprintf.h
xar-xar-1.6.1/xar/lib/b64.c
xar-xar-1.6.1/xar/lib/b64.h
xar-xar-1.6.1/xar/lib/bzxar.c
xar-xar-1.6.1/xar/lib/bzxar.h
xar-xar-1.6.1/xar/lib/darwinattr.c
xar-xar-1.6.1/xar/lib/darwinattr.h
xar-xar-1.6.1/xar/lib/data.c
xar-xar-1.6.1/xar/lib/data.h
xar-xar-1.6.1/xar/lib/ea.c
xar-xar-1.6.1/xar/lib/ea.h
xar-xar-1.6.1/xar/lib/err.c
xar-xar-1.6.1/xar/lib/ext2.c
xar-xar-1.6.1/xar/lib/ext2.h
xar-xar-1.6.1/xar/lib/fbsdattr.c
xar-xar-1.6.1/xar/lib/fbsdattr.h
xar-xar-1.6.1/xar/lib/filetree.c
xar-xar-1.6.1/xar/lib/filetree.h
xar-xar-1.6.1/xar/lib/hash.c
xar-xar-1.6.1/xar/lib/hash.h
xar-xar-1.6.1/xar/lib/io.c
xar-xar-1.6.1/xar/lib/io.h
xar-xar-1.6.1/xar/lib/libxar.la.in.in
xar-xar-1.6.1/xar/lib/linuxattr.c
xar-xar-1.6.1/xar/lib/linuxattr.h
xar-xar-1.6.1/xar/lib/lzmaxar.c
xar-xar-1.6.1/xar/lib/lzmaxar.h
xar-xar-1.6.1/xar/lib/macho.c
xar-xar-1.6.1/xar/lib/macho.h
xar-xar-1.6.1/xar/lib/script.c
xar-xar-1.6.1/xar/lib/script.h
xar-xar-1.6.1/xar/lib/signature.c
xar-xar-1.6.1/xar/lib/signature.h
xar-xar-1.6.1/xar/lib/stat.c
xar-xar-1.6.1/xar/lib/stat.h
xar-xar-1.6.1/xar/lib/strmode.h
xar-xar-1.6.1/xar/lib/subdoc.c
xar-xar-1.6.1/xar/lib/subdoc.h
xar-xar-1.6.1/xar/lib/util.c
xar-xar-1.6.1/xar/lib/util.h
xar-xar-1.6.1/xar/lib/zxar.c
xar-xar-1.6.1/xar/lib/zxar.h
xar-xar-1.6.1/xar/src/
xar-xar-1.6.1/xar/src/Makefile.inc.in
xar-xar-1.6.1/xar/src/xar.1
xar-xar-1.6.1/xar/src/xar.c
xar-xar-1.6.1/xar/test/
xar-xar-1.6.1/xar/test/attr
xar-xar-1.6.1/xar/test/buffer.c
xar-xar-1.6.1/xar/test/checksums
xar-xar-1.6.1/xar/test/compression
xar-xar-1.6.1/xar/test/data
xar-xar-1.6.1/xar/test/data.xsl
xar-xar-1.6.1/xar/test/functions
xar-xar-1.6.1/xar/test/hardlink
xar-xar-1.6.1/xar/test/heap
xar-xar-1.6.1/xar/test/heap1.xsl
xar-xar-1.6.1/xar/test/validate.c
xar-xar-1.6.1/xar/xar.spec.in
xar-xar-1.6.1/xar/xar_README.txt
xar-xar-1.6.1/xarmdimport/
xar-xar-1.6.1/xarmdimport/English.lproj/
xar-xar-1.6.1/xarmdimport/English.lproj/InfoPlist.strings
xar-xar-1.6.1/xarmdimport/English.lproj/schema.strings
xar-xar-1.6.1/xarmdimport/GetMetadataForFile.c
xar-xar-1.6.1/xarmdimport/Info.plist
xar-xar-1.6.1/xarmdimport/main.c
xar-xar-1.6.1/xarmdimport/schema.xml
xar-xar-1.6.1/xarmdimport/xar.xcodeproj/
xar-xar-1.6.1/xarmdimport/xar.xcodeproj/project.pbxproj
xar-xar-1.6.1/xarql/
xar-xar-1.6.1/xarql/English.lproj/
xar-xar-1.6.1/xarql/English.lproj/InfoPlist.strings
xar-xar-1.6.1/xarql/GeneratePreviewForURL.c
xar-xar-1.6.1/xarql/GenerateThumbnailForURL.c
xar-xar-1.6.1/xarql/Info.plist
xar-xar-1.6.1/xarql/main.c
xar-xar-1.6.1/xarql/xar.xcodeproj/
xar-xar-1.6.1/xarql/xar.xcodeproj/project.pbxproj
autoconf
./configure --enable-autogen
checking for gcc... gcc
checking whether the C compiler works... yes
checking for C compiler default output file name... a.out
checking for suffix of executables...
checking whether we are cross compiling... no
checking for suffix of object files... o
checking whether we are using the GNU C compiler... yes
checking whether gcc accepts -g... yes
checking for gcc option to accept ISO C89... none needed
checking for special C compiler options needed for large files... no
checking for _FILE_OFFSET_BITS value needed for large files... no
checking how to run the C preprocessor... gcc -E
checking for a BSD-compatible install... /usr/bin/install -c
checking for ld... /usr/bin/ld
checking for ar... /usr/bin/ar
checking for ranlib... /usr/bin/ranlib
checking for autoconf... /usr/bin/autoconf
checking whether to build shared libraries... yes
checking whether to build static libraries... yes
checking build system type... x86_64-unknown-linux-gnu
checking host system type... x86_64-unknown-linux-gnu
checking for grep that handles long lines and -e... /bin/grep
checking for egrep... /bin/grep -E
checking for ANSI C header files... yes
checking for sys/types.h... yes
checking for sys/stat.h... yes
checking for stdlib.h... yes
checking for string.h... yes
checking for memory.h... yes
checking for strings.h... yes
checking for inttypes.h... yes
checking for stdint.h... yes
checking for unistd.h... yes
checking for stdint.h... (cached) yes
checking ext2fs/ext2_fs.h usability... no
checking ext2fs/ext2_fs.h presence... no
checking for ext2fs/ext2_fs.h... no
checking sys/statfs.h usability... yes
checking sys/statfs.h presence... yes
checking for sys/statfs.h... yes
checking sys/xattr.h usability... yes
checking sys/xattr.h presence... yes
checking for sys/xattr.h... yes
checking sys/param.h usability... yes
checking sys/param.h presence... yes
checking for sys/param.h... yes
checking sys/extattr.h usability... no
checking sys/extattr.h presence... no
checking for sys/extattr.h... no
checking libutil.h usability... no
checking libutil.h presence... no
checking for libutil.h... no
checking for lgetxattr... yes
checking for lsetxattr... yes
checking for getxattr... yes
checking for setxattr... yes
checking for getattrlist... no
checking for setattrlist... no
checking for lchmod... no
checking for lchown... yes
checking for chflags... no
checking for statvfs... yes
checking for statfs... yes
checking for strmode... no
checking for struct statfs.f_fstypename... no
checking for struct statvfs.f_fstypename... no
checking for struct stat.st_flags... no
checking size of uid_t... 4
checking size of gid_t... 4
checking size of ino_t... 8
checking size of dev_t... 8
checking for acl_get_file in -lacl... no
checking for asprintf... yes
checking for xml2-config... /usr/bin/xml2-config
checking for libxml >= 2.6.11... 2.9.4
checking libxml/xmlwriter.h usability... yes
checking libxml/xmlwriter.h presence... yes
checking for libxml/xmlwriter.h... yes
checking openssl/evp.h usability... yes
checking openssl/evp.h presence... yes
checking for openssl/evp.h... yes
checking for OpenSSL_add_all_ciphers in -lcrypto... no
configure: error: Cannot build without libcrypto (OpenSSL)
Error 0 in ./configure
ERROR: Service 'workers' failed to build: The command '/bin/sh -c curl -fsSL https://github.com/mackyle/xar/archive/xar-1.6.1.tar.gz | tar xvz &&     cd xar-*/xar &&     ./autogen.sh && ./configure --with-bzip2 &&     make && make install &&     cd ../.. && rm -rf xar-*' returned a non-zero code: 1

This problem might be similar to a one described here: EmpireProject/Empire#521

Thx for help!

Can't create OSQuery "snapshot" queries

Currently it doesn't seem like you can create snapshot queries with Zentral:

zentral/zentral/contrib/osquery/probes/base.py

Line 108 in 20b293c

class OsqueryQuerySerializer(serializers.Serializer):

Snapshot queries would be a useful configuration option (OSQuery docs):

Snapshot queries, those with snapshot: true will not store differentials and will not emulate an event stream. Snapshots always return the entire results from the query on the given interval. See the next section on logging for examples of each log output.

Allow adding arbitrary options to Osquery configuration

Today in Zentral I can only configure the options config_refresh, distributed_interval, and a few others from /osquery/configurations//

When trying to use extensions like https://github.com/polylogyx/osq-ext-bin this is a problem because the extension has an extensive list of custom configuration options that it understands and may require to be present.

Since the config is valid JSON, would adding a field to the configuration in Zentral that accepts (and validates) a JSON string of additional options be possible?

Errors running "docker run -t -i -v /opt/my-zentral-conf:/home/zentral/conf zentral/zentral check"

I'm having trouble with part 3 of the installation tutorial https://github.com/zentralopensource/docs/blob/master/zentral-docker-tutorial_3.md.

I've followed the zentral-docker-tutorial instructions exactly up to this point, but when i run "docker run -t -i -v /opt/my-zentral-conf:/home/zentral/conf zentral/zentral check" as instructed I always get the following errors:

Traceback (most recent call last):
File "/zentral/docker-entrypoint.py", line 83, in
os.execvp(filename, args)
File "/usr/local/lib/python3.4/os.py", line 525, in execvp
_execvpe(file, args)
File "/usr/local/lib/python3.4/os.py", line 570, in _execvpe
raise last_exc.with_traceback(tb)
File "/usr/local/lib/python3.4/os.py", line 560, in _execvpe
exec_func(fullname, *argrest)
FileNotFoundError: [Errno 2] No such file or directory

Architecture Images broken link in wiki

https://github.com/zentralopensource/zentral/wiki#architecture

https://github.com/zentralopensource/zentral/wiki/Home/_compare/d55c1c805763e34d4d2820a17f52f6ba2eeb7963...5616c02e8c45ecb4a5f4361549463e81b091dc51#diff-b4d7124d2993cd13aabeec1fc19baf51L92

This should fix...

![](wiki/images/overview1.png)
![](wiki/images/overview2.png)

Issue with Santa combined enrollment and installer

If I use the Santa installer with enrollment and Santa installation combined, there seems to be a problem where the /var/db/santa/config.plist file does not have the MachineID set correctly.

This issue does not happen if I use the enrollment-only pkg.

The plist file winds up containing the following:

...
	<key>MachineID</key>
	<string>%MACHINE_ID%</string>
...

I repackaged the installer and set #!/usr/bin/sh -x in the shebang for the postinstall script and verified that it is running the sed replacement. Also, the postinstall script's sync works fine, but when I try to sync after installation it obviously fails because of the bad MachineID.

403 forbidden

Hi,

Probably not an issue, but something I'm struggling with. I have used Docker Compose to bring this up on a Mac, the Mac is already running 2 other web based services so I have changed the config to bring up ngnix using port 8083 rather than 443, this is essentially my only diversion from a standard build.

I bring up the service without issue, but when I go to the admin password reset page I see Zentral, then as I press the button to reset my password I receive the a 403 Forbidden error.

Forbidden (403)
CSRF verification failed. Request aborted.

Reason given for failure:

Referer checking failed - https://zentral:8083/accounts/login/?next=/ does not match any trusted origins.

I've looked at the web logs;

web_1 | 2018-08-15 17:41:00,904 PID35 basehttp INFO "GET /inventory/prometheus_metrics/ HTTP/1.1" 200 735 web_1 | 2018-08-15 17:41:05,034 PID35 csrf WARNING Forbidden (Referer checking failed - https://zentral:8083/reset/MQ/4yr-3982fdf7c83d300def27/ does not match any trusted origins.): /reset/MQ/4yr-3982fdf7c83d300def27/ web_1 | 2018-08-15 17:41:05,051 PID35 basehttp WARNING "POST /reset/MQ/4yr-3982fdf7c83d300def27/ HTTP/1.0" 403 2587

Any pointers on where I can focus my troubleshooting with regard to this?

NoReverseMatch at /inventory/ when looking for Linux in inventory

We recently enrolled a Linux VM with Zentral and confirmed that it appears in the count of total machines in the inventory. However, when we try to search for this machine using the Platform dropdown, we receive the following error.

We've also been able to locate and view the information successfully using Kibana, just not using the Zentral UI.

Any ideas?

Enroll packages is corrupt after AWS upgrade

I just installed a new instant af Zentral AWS following the Wiki

After upgrading to the latest with sudo /home/zentral/app/utils/deploy.py all macOS packages has corrupt postinstall scripts (testet muni, ossuary and santa) and is unable to install

Zentral Syslogging

I want to log all the zentral login and logout events to a syslog server. I see login and logout events create logs but when I try to syslog, all the events( login, logout as well as heartbeats) are logged through syslog. How can I filter between heartbeats and login/logout events through syslog?

Docker image

Hi and thanks for the resource.

Is there a docker image for Zentral?

Setup issues

I modified the json as instructed in https://github.com/zentralopensource/docs/blob/master/zentral-docker-tutorial_2.md, and instead of copying it into the running container I mounted it:

docker run -d --name="zentral" -p 443:443 -v /Users/abanks/Downloads/zentral-conf-master:/opt/my-zentral-conf  --restart="always" zentral/zentral:latest

but when I then exec bash into the container to run the check, I get:

# python /home/zentral/zentral/bin/check_configuration.py
Traceback (most recent call last):
  File "/home/zentral/zentral/bin/check_configuration.py", line 6, in <module>
    zentral.setup()
  File "/home/zentral/zentral/__init__.py", line 9, in setup
    from zentral.conf import settings
  File "/home/zentral/zentral/conf/__init__.py", line 60
    raise ImproperlyConfigured("{} error in file {}".format(filetype, filepath)) from None

zentralopensource / zentral Goto Github PK

zentral's Introduction

Zentral

Docs

Releases

zentral's People

Contributors

Stargazers

Watchers

Forkers

zentral's Issues

Recommend Projects

Recommend Topics

Recommend Org