Zentral is an Event Hub to gather, process, and monitor system events and link them to an inventory.
The Zentral docs are in the docs directory. They are published at https://docs.zentral.io.
You will find the latest release information on GitHub.
Zentral is a high-visibility platform for controlling Apple endpoints in enterprises. It brings great observability to IT and makes tracking & reporting compliance much less manual.
Home Page: https://www.zentral.com
License: Other
Zentral is an Event Hub to gather, process, and monitor system events and link them to an inventory.
The Zentral docs are in the docs directory. They are published at https://docs.zentral.io.
You will find the latest release information on GitHub.
These events can contain all the macOS applications of a machine. Retrieving them from the event stores (elasticearch, …) and displaying them can take a while and is not really helpful.
We probably need to remove the list of the applications from these events.
Running off master, my zentral_app
Docker container is crashing immediately after starting.
If I check the logs, all I see is:
/zentral/docker-entrypoint.py:73: UserWarning: Not enough arguments.
warnings.warn("Not enough arguments.")
/zentral/docker-entrypoint.py:73: UserWarning: Not enough arguments.
warnings.warn("Not enough arguments.")
/zentral/docker-entrypoint.py:73: UserWarning: Not enough arguments.
warnings.warn("Not enough arguments.")
/zentral/docker-entrypoint.py:73: UserWarning: Not enough arguments.
warnings.warn("Not enough arguments.")
/zentral/docker-entrypoint.py:73: UserWarning: Not enough arguments.
warnings.warn("Not enough arguments.")
/zentral/docker-entrypoint.py:73: UserWarning: Not enough arguments.
warnings.warn("Not enough arguments.")
/zentral/docker-entrypoint.py:73: UserWarning: Not enough arguments.
warnings.warn("Not enough arguments.")
Hi,
Is there a feature like login password expiration on zentral? So to do this I think django middleware needs to be added.
Please help if you have any clue..
Thanking you in advance
Seems like the latest update to zentral breaks it:
After running sudo /home/zentral/app/utils/deploy.py --update
, it sets all the requirements successfully but then gives the following errors.
After reloading the service, the UI no longer comes on.
Errors:
2019-03-21 02:42:40,048 PID21931 urls ERROR Could not load app munki api_urls
Traceback (most recent call last):
File "/home/zentral/app/releases/2019.03.21-02.42.36-master-8f21ee/server/server/urls.py", line 36, in <module>
include(url_module, namespace=namespace)))
File "/home/zentral/app/venv/lib/python3.5/site-packages/django/conf/urls/__init__.py", line 50, in include
urlconf_module = import_module(urlconf_module)
File "/usr/lib/python3.5/importlib/__init__.py", line 126, in import_module
return _bootstrap._gcd_import(name[level:], package, level)
File "<frozen importlib._bootstrap>", line 986, in _gcd_import
File "<frozen importlib._bootstrap>", line 969, in _find_and_load
File "<frozen importlib._bootstrap>", line 956, in _find_and_load_unlocked
ImportError: No module named 'zentral.contrib.munki.api_urls'
2019-03-21 02:42:40,075 PID21931 urls ERROR Could not load app osquery api_urls
Traceback (most recent call last):
File "/home/zentral/app/releases/2019.03.21-02.42.36-master-8f21ee/server/server/urls.py", line 36, in <module>
include(url_module, namespace=namespace)))
File "/home/zentral/app/venv/lib/python3.5/site-packages/django/conf/urls/__init__.py", line 50, in include
urlconf_module = import_module(urlconf_module)
File "/usr/lib/python3.5/importlib/__init__.py", line 126, in import_module
return _bootstrap._gcd_import(name[level:], package, level)
File "<frozen importlib._bootstrap>", line 986, in _gcd_import
File "<frozen importlib._bootstrap>", line 969, in _find_and_load
File "<frozen importlib._bootstrap>", line 956, in _find_and_load_unlocked
ImportError: No module named 'zentral.contrib.osquery.api_urls'
2019-03-21 02:42:40,083 PID21931 urls ERROR Could not load app jamf api_urls
Traceback (most recent call last):
File "/home/zentral/app/releases/2019.03.21-02.42.36-master-8f21ee/server/server/urls.py", line 36, in <module>
include(url_module, namespace=namespace)))
File "/home/zentral/app/venv/lib/python3.5/site-packages/django/conf/urls/__init__.py", line 50, in include
urlconf_module = import_module(urlconf_module)
File "/usr/lib/python3.5/importlib/__init__.py", line 126, in import_module
return _bootstrap._gcd_import(name[level:], package, level)
File "<frozen importlib._bootstrap>", line 986, in _gcd_import
File "<frozen importlib._bootstrap>", line 969, in _find_and_load
File "<frozen importlib._bootstrap>", line 956, in _find_and_load_unlocked
ImportError: No module named 'zentral.contrib.jamf.api_urls'
2019-03-21 02:42:40,168 PID21931 urls ERROR Could not load app santa api_urls
Traceback (most recent call last):
File "/home/zentral/app/releases/2019.03.21-02.42.36-master-8f21ee/server/server/urls.py", line 36, in <module>
include(url_module, namespace=namespace)))
File "/home/zentral/app/venv/lib/python3.5/site-packages/django/conf/urls/__init__.py", line 50, in include
urlconf_module = import_module(urlconf_module)
File "/usr/lib/python3.5/importlib/__init__.py", line 126, in import_module
return _bootstrap._gcd_import(name[level:], package, level)
File "<frozen importlib._bootstrap>", line 986, in _gcd_import
File "<frozen importlib._bootstrap>", line 969, in _find_and_load
File "<frozen importlib._bootstrap>", line 956, in _find_and_load_unlocked
ImportError: No module named 'zentral.contrib.santa.api_urls'
2019-03-21 02:42:40,171 PID21931 urls ERROR Could not load app nagios api_urls
Traceback (most recent call last):
File "/home/zentral/app/releases/2019.03.21-02.42.36-master-8f21ee/server/server/urls.py", line 36, in <module>
include(url_module, namespace=namespace)))
File "/home/zentral/app/venv/lib/python3.5/site-packages/django/conf/urls/__init__.py", line 50, in include
urlconf_module = import_module(urlconf_module)
File "/usr/lib/python3.5/importlib/__init__.py", line 126, in import_module
return _bootstrap._gcd_import(name[level:], package, level)
File "<frozen importlib._bootstrap>", line 986, in _gcd_import
File "<frozen importlib._bootstrap>", line 969, in _find_and_load
File "<frozen importlib._bootstrap>", line 956, in _find_and_load_unlocked
ImportError: No module named 'zentral.contrib.nagios.api_urls'
2019-03-21 02:42:40,172 PID21931 urls ERROR Could not load app probes api_urls
Traceback (most recent call last):
File "/home/zentral/app/releases/2019.03.21-02.42.36-master-8f21ee/server/server/urls.py", line 36, in <module>
include(url_module, namespace=namespace)))
File "/home/zentral/app/venv/lib/python3.5/site-packages/django/conf/urls/__init__.py", line 50, in include
urlconf_module = import_module(urlconf_module)
File "/usr/lib/python3.5/importlib/__init__.py", line 126, in import_module
return _bootstrap._gcd_import(name[level:], package, level)
File "<frozen importlib._bootstrap>", line 986, in _gcd_import
File "<frozen importlib._bootstrap>", line 969, in _find_and_load
File "<frozen importlib._bootstrap>", line 956, in _find_and_load_unlocked
ImportError: No module named 'zentral.core.probes.api_urls'
Operations to perform:
Apply all migrations: accounts, auth, authtoken, contenttypes, inventory, jamf, munki, nagios, osquery, probes, santa, sessions
Running migrations:
No migrations to apply.
2019-03-21 02:42:41,284 PID21938 urls ERROR Could not load app santa api_urls
Traceback (most recent call last):
File "/home/zentral/app/releases/2019.03.21-02.42.36-master-8f21ee/server/server/urls.py", line 36, in <module>
include(url_module, namespace=namespace)))
File "/home/zentral/app/venv/lib/python3.5/site-packages/django/conf/urls/__init__.py", line 50, in include
urlconf_module = import_module(urlconf_module)
File "/usr/lib/python3.5/importlib/__init__.py", line 126, in import_module
return _bootstrap._gcd_import(name[level:], package, level)
File "<frozen importlib._bootstrap>", line 986, in _gcd_import
File "<frozen importlib._bootstrap>", line 969, in _find_and_load
File "<frozen importlib._bootstrap>", line 956, in _find_and_load_unlocked
ImportError: No module named 'zentral.contrib.santa.api_urls'
2019-03-21 02:42:41,286 PID21938 urls ERROR Could not load app munki api_urls
Traceback (most recent call last):
File "/home/zentral/app/releases/2019.03.21-02.42.36-master-8f21ee/server/server/urls.py", line 36, in <module>
include(url_module, namespace=namespace)))
File "/home/zentral/app/venv/lib/python3.5/site-packages/django/conf/urls/__init__.py", line 50, in include
urlconf_module = import_module(urlconf_module)
File "/usr/lib/python3.5/importlib/__init__.py", line 126, in import_module
return _bootstrap._gcd_import(name[level:], package, level)
File "<frozen importlib._bootstrap>", line 986, in _gcd_import
File "<frozen importlib._bootstrap>", line 969, in _find_and_load
File "<frozen importlib._bootstrap>", line 956, in _find_and_load_unlocked
ImportError: No module named 'zentral.contrib.munki.api_urls'
2019-03-21 02:42:41,294 PID21938 urls ERROR Could not load app osquery api_urls
Traceback (most recent call last):
File "/home/zentral/app/releases/2019.03.21-02.42.36-master-8f21ee/server/server/urls.py", line 36, in <module>
include(url_module, namespace=namespace)))
File "/home/zentral/app/venv/lib/python3.5/site-packages/django/conf/urls/__init__.py", line 50, in include
urlconf_module = import_module(urlconf_module)
File "/usr/lib/python3.5/importlib/__init__.py", line 126, in import_module
return _bootstrap._gcd_import(name[level:], package, level)
File "<frozen importlib._bootstrap>", line 986, in _gcd_import
File "<frozen importlib._bootstrap>", line 969, in _find_and_load
File "<frozen importlib._bootstrap>", line 956, in _find_and_load_unlocked
ImportError: No module named 'zentral.contrib.osquery.api_urls'
2019-03-21 02:42:41,298 PID21938 urls ERROR Could not load app jamf api_urls
Traceback (most recent call last):
File "/home/zentral/app/releases/2019.03.21-02.42.36-master-8f21ee/server/server/urls.py", line 36, in <module>
include(url_module, namespace=namespace)))
File "/home/zentral/app/venv/lib/python3.5/site-packages/django/conf/urls/__init__.py", line 50, in include
urlconf_module = import_module(urlconf_module)
File "/usr/lib/python3.5/importlib/__init__.py", line 126, in import_module
return _bootstrap._gcd_import(name[level:], package, level)
File "<frozen importlib._bootstrap>", line 986, in _gcd_import
File "<frozen importlib._bootstrap>", line 969, in _find_and_load
File "<frozen importlib._bootstrap>", line 956, in _find_and_load_unlocked
ImportError: No module named 'zentral.contrib.jamf.api_urls'
2019-03-21 02:42:41,298 PID21938 urls ERROR Could not load app probes api_urls
Traceback (most recent call last):
File "/home/zentral/app/releases/2019.03.21-02.42.36-master-8f21ee/server/server/urls.py", line 36, in <module>
include(url_module, namespace=namespace)))
File "/home/zentral/app/venv/lib/python3.5/site-packages/django/conf/urls/__init__.py", line 50, in include
urlconf_module = import_module(urlconf_module)
File "/usr/lib/python3.5/importlib/__init__.py", line 126, in import_module
return _bootstrap._gcd_import(name[level:], package, level)
File "<frozen importlib._bootstrap>", line 986, in _gcd_import
File "<frozen importlib._bootstrap>", line 969, in _find_and_load
File "<frozen importlib._bootstrap>", line 956, in _find_and_load_unlocked
ImportError: No module named 'zentral.core.probes.api_urls'
2019-03-21 02:42:41,300 PID21938 urls ERROR Could not load app nagios api_urls
Traceback (most recent call last):
File "/home/zentral/app/releases/2019.03.21-02.42.36-master-8f21ee/server/server/urls.py", line 36, in <module>
include(url_module, namespace=namespace)))
File "/home/zentral/app/venv/lib/python3.5/site-packages/django/conf/urls/__init__.py", line 50, in include
urlconf_module = import_module(urlconf_module)
File "/usr/lib/python3.5/importlib/__init__.py", line 126, in import_module
return _bootstrap._gcd_import(name[level:], package, level)
File "<frozen importlib._bootstrap>", line 986, in _gcd_import
File "<frozen importlib._bootstrap>", line 969, in _find_and_load
File "<frozen importlib._bootstrap>", line 956, in _find_and_load_unlocked
ImportError: No module named 'zentral.contrib.nagios.api_urls'
Hi,
Any idea what may be causing this issue?
"ERROR: for nginx Cannot link to a non running container: /zentral_promsrv_1 AS /zentral_nginx_1/promsrv"
Thanks for any help!
# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
zentralroot_promsrv latest 30ba4b11a820 35 minutes ago 43.25 MB
zentralroot_app latest 2d41baab1c7a 35 minutes ago 771 MB
zentralroot_inventory_worker latest 2d41baab1c7a 35 minutes ago 771 MB
zentralroot_processor_worker latest 2d41baab1c7a 35 minutes ago 771 MB
zentralroot_store_worker latest 2d41baab1c7a 35 minutes ago 771 MB
zentralroot_web latest 2d41baab1c7a 35 minutes ago 771 MB
zentral_promsrv latest fe5176ed5a72 49 minutes ago 43.25 MB
zentral_app latest 06c07975e11a 49 minutes ago 771 MB
zentral_inventory_worker latest 06c07975e11a 49 minutes ago 771 MB
zentral_processor_worker latest 06c07975e11a 49 minutes ago 771 MB
zentral_store_worker latest 06c07975e11a 49 minutes ago 771 MB
zentral_web latest 06c07975e11a 49 minutes ago 771 MB
prom/prometheus latest 62b473b89d8d 3 days ago 43.25 MB
python 3.4 7671c31cf12f 6 days ago 690.5 MB
rabbitmq 3 07ad51c82a29 2 weeks ago 189.9 MB
elasticsearch 2 d0390797eb4f 2 weeks ago 346.6 MB
hello-world latest c54a2cc56cbb 3 weeks ago 1.848 kB
postgres 9.4 6af1d04a2f99 6 weeks ago 274.2 MB
prom/pushgateway latest 7d4d0c4c4713 6 weeks ago 15.35 MB
nginx latest 0d409d33b27e 7 weeks ago 182.8 MB
# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
ec250d15c4dd rabbitmq:3 "docker-entrypoint.sh" About a minute ago Up About a minute 4369/tcp, 5671-5672/tcp, 25672/tcp zentral_rabbitmq_1
d3bb1aaec689 elasticsearch:2 "/docker-entrypoint.s" About a minute ago Up About a minute 9200/tcp, 9300/tcp zentral_elastic_1
16894a0a44a6 postgres:9.4 "/docker-entrypoint.s" About a minute ago Up About a minute 5432/tcp zentral_db_1
be9bb211abea prom/pushgateway "/bin/pushgateway" About a minute ago Up About a minute 9091/tcp zentral_prompg_1
a2e127d06276 prom/pushgateway "/bin/pushgateway" 14 minutes ago Up 14 minutes 9091/tcp zentralroot_prompg_1
7c4e4474a16b elasticsearch:2 "/docker-entrypoint.s" 14 minutes ago Up 14 minutes 9200/tcp, 9300/tcp zentralroot_elastic_1
8905eddd1ea6 postgres:9.4 "/docker-entrypoint.s" 14 minutes ago Up 14 minutes 5432/tcp zentralroot_db_1
6a1dea3705ea rabbitmq:3 "docker-entrypoint.sh" 14 minutes ago Up 14 minutes 4369/tcp, 5671-5672/tcp, 25672/tcp zentralroot_rabbitmq_1
% /opt/bin/docker-compose up -d
zentral_elastic_1 is up-to-date
zentral_prompg_1 is up-to-date
zentral_db_1 is up-to-date
Starting zentral_app_1
zentral_rabbitmq_1 is up-to-date
Starting zentral_web_1
Starting zentral_inventory_worker_1
Starting zentral_processor_worker_1
Starting zentral_store_worker_1
Starting zentral_promsrv_1
Starting zentral_nginx_1
ERROR: for nginx Cannot link to a non running container: /zentral_promsrv_1 AS /zentral_nginx_1/promsrv
ERROR: Encountered errors while bringing up the project.
# docker --version
Docker version 1.11.2, build b9f10c9
# /opt/bin/docker-compose --version
docker-compose version 1.8.0-rc2, build c72c966
# uname -a
Linux outlier 3.16.0-4-amd64 #1 SMP Debian 3.16.7-ckt25-2+deb8u3 (2016-07-02) x86_64 GNU/Linux
# lsb_release -a
No LSB modules are available.
Distributor ID: Debian
Description: Debian GNU/Linux 8.5 (jessie)
Release: 8.5
Codename: jessie
I wanted to log each log-in tries(successful/unsuccessful) on zentral. How and where I should configure this settings in zentral?
Thanking you for help in advance.
Hi,
I tried building zentral today with separate docker containers for Zentral and Postgres, and ran into an issue with connection.
I believe this is because the connection string in postgres.py only accepts a username and password, so psycopg2 is defaulting to a unix socket connection, instead of TCP.
def __init__(self, config_d):
super(EventStore, self).__init__(config_d)
self._conn = psycopg2.connect("dbname=%(db_name)s user=%(user)s" % config_d)
self._test_table()
https://github.com/zentralopensource/zentral/blob/master/zentral/core/stores/backends/postgres.py
Please change the connection string to accept host, port and password parameters in addition to name and user.
Here's the full trace:
Environment:
Request Method: GET
Request URL: http://dev.groob.io:8000/
Django Version: 1.8.6
Python Version: 3.4.3
Installed Applications:
('django.contrib.contenttypes',
'django.contrib.sessions',
'django.contrib.messages',
'django.contrib.staticfiles',
'bootstrapform',
'configuration',
'zentral.contrib.inventory',
'zentral.contrib.osquery',
'zentral.contrib.santa')
Installed Middleware:
('django.contrib.sessions.middleware.SessionMiddleware',
'django.middleware.common.CommonMiddleware',
'django.middleware.csrf.CsrfViewMiddleware',
'django.contrib.messages.middleware.MessageMiddleware',
'django.middleware.clickjacking.XFrameOptionsMiddleware',
'django.middleware.security.SecurityMiddleware')
Traceback:
File "/usr/local/lib/python3.4/dist-packages/django/core/handlers/base.py" in get_response
119. resolver_match = resolver.resolve(request.path_info)
File "/usr/local/lib/python3.4/dist-packages/django/core/urlresolvers.py" in resolve
365. for pattern in self.url_patterns:
File "/usr/local/lib/python3.4/dist-packages/django/core/urlresolvers.py" in url_patterns
401. patterns = getattr(self.urlconf_module, "urlpatterns", self.urlconf_module)
File "/usr/local/lib/python3.4/dist-packages/django/core/urlresolvers.py" in urlconf_module
395. self._urlconf_module = import_module(self.urlconf_name)
File "/usr/lib/python3.4/importlib/__init__.py" in import_module
109. return _bootstrap._gcd_import(name[level:], package, level)
File "/home/zentral/server/server/urls.py" in <module>
5. url(r'^configuration/', include('configuration.urls', namespace='configuration')),
File "/usr/local/lib/python3.4/dist-packages/django/conf/urls/__init__.py" in include
33. urlconf_module = import_module(urlconf_module)
File "/usr/lib/python3.4/importlib/__init__.py" in import_module
109. return _bootstrap._gcd_import(name[level:], package, level)
File "/home/zentral/server/configuration/urls.py" in <module>
3. from . import views
File "/home/zentral/server/configuration/views.py" in <module>
4. from zentral.core.stores import stores
File "/home/zentral/zentral/core/stores/__init__.py" in <module>
42. stores = get_stores(settings)
File "/home/zentral/zentral/core/stores/__init__.py" in get_stores
22. stores.append(store_class(store_conf))
File "/home/zentral/zentral/core/stores/backends/postgres.py" in __init__
27. self._conn = psycopg2.connect("dbname=%(db_name)s user=%(user)s" % config_d)
File "/usr/local/lib/python3.4/dist-packages/psycopg2/__init__.py" in connect
164. conn = _connect(dsn, connection_factory=connection_factory, async=async)
Exception Type: OperationalError at /
Exception Value: could not connect to server: No such file or directory
Is the server running locally and accepting
connections on Unix domain socket "/var/run/postgresql/.s.PGSQL.5432"?
I can create probes and sync them to my clients but when I disable the probes (and resync) the machines still get Santa blocks when running the binaries or the files. Issue occurs with multiple versions of Santa (0.9.19,0.9.20,0.9.30). Currently running 0.9.30
Syncing says completed successfully (even with a no computer owner error).
Is there a way to get received logs (osquery, santa...) into a file on zentral server or into standard syslog?
Thanks
Hi,
Is anyone having problem with enrollment of Munki software on client computer with Zentral?
When i run "zentral_munki_enroll.pkg" installer on Mac OS X 10.12.5 it passes without any problem, more correctly it does not show any problem in GUI interface, but it does not install application on computer.
In log file i have found following, looks link that it's missing '/Library/Managed Installs/ApplicationInventory.plist' file.
Jun 12 12:07:17 Djordje-Test-Mac-mini installd[388]: PackageKit: Executing script "./postinstall" in /private/tmp/PKInstallSandbox.oaxLzJ/Scripts/io.zentral.munki_enroll.bu_5aa68de8.J5qcgC
Jun 12 12:07:22 Djordje-Test-Mac-mini installd[388]: ./postinstall: Traceback (most recent call last):
Jun 12 12:07:22 Djordje-Test-Mac-mini installd[388]: ./postinstall: File "/usr/local/zentral/munki/zentral_postflight", line 325, in
Jun 12 12:07:22 Djordje-Test-Mac-mini installd[388]: ./postinstall: ai = ApplicationInventory()
Jun 12 12:07:22 Djordje-Test-Mac-mini installd[388]: ./postinstall: File "/usr/local/zentral/munki/zentral_postflight", line 111, in init
Jun 12 12:07:22 Djordje-Test-Mac-mini installd[388]: ./postinstall: self.data = plistlib.readPlist(self.APPLICATION_INVENTORY)
Jun 12 12:07:22 Djordje-Test-Mac-mini installd[388]: ./postinstall: File "/System/Library/Frameworks/Python.framework/Versions/2.7/lib/python2.7/plistlib.py", line 75, in readPlist
Jun 12 12:07:22 Djordje-Test-Mac-mini installd[388]: ./postinstall: pathOrFile = open(pathOrFile)
Jun 12 12:07:22 Djordje-Test-Mac-mini installd[388]: ./postinstall: IOError: [Errno 2] No such file or directory: '/Library/Managed Installs/ApplicationInventory.plist'
Jun 12 12:07:22 Djordje-Test-Mac-mini installd[388]: PackageKit: Writing receipt for io.zentral.munki_enroll.bu_5aa68de8 to /
Jun 12 12:07:22 Djordje-Test-Mac-mini installd[388]: Installed "zentral_munki_enroll" ()
Including the santa installer with the santa enrollment ends up with errors:
[~] santactl sync
Missing Machine Owner.
HTTP Response: -1002 unsupported URL
Preflight failed, aborting run
The file /var/db/santa/config.plist
looks similar to:
~] sudo defaults read /var/db/santa/config.plist
Password:
{
ClientMode = 1;
FullSyncLastSuccess = "2017-09-06 12:45:29 +0000";
MachineID = "%MACHINE_ID%";
RuleSyncLastSuccess = "2017-09-06 12:45:29 +0000";
ServerAuthRootsFile = "/usr/local/zentral/tls_server_certs.crt";
SyncBaseURL = "https://zentral.website.com/santa/";
}
MachineID does not get filled in correctly.
Running the Santa enrollment without the Santa installer bundled works fine. MachineID gets filled in just fine.
It would be great if a new button could be added to remove a client from the inventory once it's been added/enrolled.
Not sure how you'd test for this.
But set up a new JSS instance, scratched my head as to why Zentral seemed happy but no data. Turns out the API was disabled.
Hello
Thanks a lot for your work.
I look at the repo, the other ones from same user and ansible galaxy but I didn't find the role(s) to setup zentral.
I'm interested in the tool but I would go more to other cloud like digitalocean or Azure.
Roles should make it easy but where?
Thanks a lot!
When I create the Santa enrollment package I am presented with the following error (running on Google all-in-one)
Traceback (most recent call last): File "/home/zentral/app/venv/lib/python3.5/site-packages/django/core/handlers/exception.py", line 41, in inner response = get_response(request) File "/home/zentral/app/venv/lib/python3.5/site-packages/django/core/handlers/base.py", line 187, in _get_response response = self.process_exception_by_middleware(e, request) File "/home/zentral/app/venv/lib/python3.5/site-packages/django/core/handlers/base.py", line 185, in _get_response response = wrapped_callback(request, *callback_args, **callback_kwargs) File "/usr/lib/python3.5/contextlib.py", line 30, in inner return func(*args, **kwds) File "/home/zentral/app/venv/lib/python3.5/site-packages/django/views/decorators/csrf.py", line 58, in wrapped_view return view_func(*args, **kwargs) File "/home/zentral/app/venv/lib/python3.5/site-packages/django/views/generic/base.py", line 68, in view return self.dispatch(request, *args, **kwargs) File "/home/zentral/app/venv/lib/python3.5/site-packages/django/views/generic/base.py", line 88, in dispatch return handler(request, *args, **kwargs) File "/home/zentral/app/releases/2018.12.09-01.54.47-master-fead3d/zentral/contrib/santa/views.py", line 165, in post cp_name, cp_content = build_configuration_profile(enrolled_machine) File "/home/zentral/app/releases/2018.12.09-01.54.47-master-fead3d/zentral/contrib/santa/utils.py", line 49, in build_configuration_profile content = sign_payload_openssl(plistlib.dumps(configuration_profile_data)) File "/home/zentral/app/releases/2018.12.09-01.54.47-master-fead3d/zentral/utils/payloads.py", line 23, in sign_payload_openssl "-inkey", api_settings["tls_server_key"], KeyError: 'tls_server_key'
I have updated to the latest version and installed all requirements. I verified the /var/db/santa/config.plist has been created and the ServerAuthRootsFile, MachineID, ClientMode and SyncBaseUrl have all been populated. The package installs without error but the post install sync never kicks off and if I run it manually I get the Missing SyncBaseURL error.
Fwiw am also using the Munki and osquery packages and those build and enroll clients without issue.
I'm looking for steps to setup Zentral all in one on Linux/CentOS.
Also If there are any steps already documented for installing Zentral seperately and it's dependent modules like Postgres, ElasticSearch on different nodes instead of Docker/AWS/GC/Vagrant/OVA will be helpful.
Would it be possible to allow a whitelist regex for santa monitor mode? This will allow me to alert on ALLOW_UNKNOWN santa events without lots of false positives of binaries that would be whitelisted by the regex once lockdown mode is eventually turned on
Hi
Do we have osquery enrollment script for CentOS/linux.
Watchman Monitoring's API has been upgraded, adding the ability to write Asset ID & Descriptions to Computer Records. It should be noted that Asset ID information written to the Computer Record via the API will become available on the disk of the monitored computer after its next hourly checkin.
Also of interest for maintaining Group sync, a Find or Create a Group endpoint has been added.
To access these features, the version in use by Zentral should be moved has been bumped to 2.5. The Change Log describes the differences in v2.5, and the adjustments which are needed to complete the transition.
follow change from osquery project osquery/osquery#3057
Hi,
We have split up zentral components using docker swarm version 17.06.
We have deployed Zentral Web, Workers, RabbittMQ, Nginx in 2 machines, Elastic search cluster created with 4 nodes, Kibana/Prometheus/Postgres db running in seperate instance.
Elastic search cluster and Postgres db data has been mapped to a shared drive in all machines.
Setup has been running fine where we have already enrolled 50 machines. We can see event logs received from existing enrolled machines.
But now when we tried enrolling new machines through osquery tls plugin "enroll" it gives 200 HTTP response but machine not added to Inventory machines list as checked from zentral web. No help from application logs as there are no errors logged.
osquery tls plugin can pull "configs" from zentral also "log" api returns 200 response. Even then there is no machine enrolled or logs in zentral web/elastic search.
We are not sure why zentral gives 200 HTTP response but data not getting saved.
Need help to identify which zentral component is failing. We are planning to scale for nearly 1500-2000 machines.
Hi,
Do we have osquery enrollment script for CentOS/linux.
We have an FIM requirement to enroll RHEL/CentOS machines to Zentral.
After speaking with @headmin on Slack, it would be great if there could be a "Read Only model" for JSS integration.
This would mean that the account that Zentral would use would have CRUD to web hooks only, & R to groups & device inventory.
Seems that this is possible now, but full CRUD needed for initial Zentral Setup.. Then can be dialled back later.
Munki enrolment package fails on postinstall
The error is in the postinstall, with a error 500 from the server urllib2.HTTPError: HTTP Error 500: Internal Server Error
Here is the full output
$ sudo ./postinstall.py
Traceback (most recent call last):
File "/Users/ladmin/Desktop/postinstall 2.py", line 95, in <module>
token = enroll()
File "/Users/ladmin/Desktop/postinstall 2.py", line 37, in enroll
resp = urllib2.urlopen(req, data=data, context=ctx)
File "/System/Library/Frameworks/Python.framework/Versions/2.7/lib/python2.7/urllib2.py", line 154, in urlopen
return opener.open(url, data, timeout)
File "/System/Library/Frameworks/Python.framework/Versions/2.7/lib/python2.7/urllib2.py", line 437, in open
response = meth(req, response)
File "/System/Library/Frameworks/Python.framework/Versions/2.7/lib/python2.7/urllib2.py", line 550, in http_response
'http', request, response, code, msg, hdrs)
File "/System/Library/Frameworks/Python.framework/Versions/2.7/lib/python2.7/urllib2.py", line 475, in error
return self._call_chain(*args)
File "/System/Library/Frameworks/Python.framework/Versions/2.7/lib/python2.7/urllib2.py", line 409, in _call_chain
result = func(*args)
File "/System/Library/Frameworks/Python.framework/Versions/2.7/lib/python2.7/urllib2.py", line 558, in http_error_default
raise HTTPError(req.get_full_url(), code, msg, hdrs, fp)
urllib2.HTTPError: HTTP Error 500: Internal Server Error
nginx/error.log
2018/07/08 14:22:35 [warn] 1718#1718: *5382 an upstream response is buffered to a temporary file /var/cache/nginx/proxy_temp/4/18/0000000184 while reading upstream, client: 210.XXX.17.XXX, server: zentral.domain.com, request: "POST /munki/enroll/ HTTP/1.1", upstream: "http://127.0.0.1:8000/munki/enroll/", host: "zentral.domain.com"
Hello,
I am trying to setup zentral; I am using the docker-compose setup with a "real" postgreSQL server for persistency.
I did setup successfully the Munki integration and my machines are able to enroll; But the thing is, if I try to enroll via the osquery package, it doesn't seem to work. I think it might be related to the fact that I don't have any "osquery" or "Munki" tab in my installation, compared to the video;
Otherwise, how can-I make distributed queries, for example?
Thanks!
When importing feeds, I see warnings about the "queries" key not being present.
The key is present, however, and this doesn't seem to present an issue -- all the feeds are imported as expected.
This can be replicated against one of the example feeds:
zentral@1ed956dcdc6a:/zentral$ python server/manage.py add_probe_feed https://raw.githubusercontent.com/zentralopensource/zentral-feeds/master/demo/osquery.json
2017-06-02 19:10:26,627 PID343 feeds WARNING Feed serializer <class 'zentral.contrib.osquery.feeds.PackSerializer'> errors
2017-06-02 19:10:26,628 PID343 feeds WARNING {'queries': ['This field is required.']}
2017-06-02 19:10:26,786 PID343 feeds WARNING Feed serializer <class 'zentral.contrib.osquery.feeds.PackSerializer'> errors
2017-06-02 19:10:26,786 PID343 feeds WARNING {'queries': ['This field is required.']}
Feed https://raw.githubusercontent.com/zentralopensource/zentral-feeds/master/demo/osquery.json synced.
Probes created: 6.
This morning, AWS run an unattended-update on my Zentral note, and after the updates, Elasticsearch worker is failing in prometheus with connection error:
Get http://localhost:8102/metrics: dial tcp 127.0.0.1:8102: getsockopt: connection refused
Google suggest to update/add network.host
to /etc/elasticsearch/elasticsearch.yml
with 0.0.0.0, but did not help.
cURL from the Zentral server
curl http://localhost:8102/metrics -v
* Trying 127.0.0.1...
* connect to 127.0.0.1 port 8102 failed: Connection refused
* Failed to connect to localhost port 8102: Connection refused
* Closing connection 0
curl: (7) Failed to connect to localhost port 8102: Connection refused
AWS update log
Packages that were upgraded:
libjpeg-turbo8 ntpdate
Package installation log:
Log started: 2018-07-10 06:09:13
Reading changelogs...
Confirmation failed, don't save seen state.
libjpeg-turbo (1.4.2-0ubuntu3.1) xenial-security; urgency=medium
* SECURITY UPDATE: division by zero via BMP image
- debian/patches/CVE-2018-1152.patch: add size check in rdbmp.c.
- CVE-2018-1152
-- Marc Deslauriers <[email protected]> Thu, 05 Jul 2018 15:30:37 -0400
ntp (1:4.2.8p4+dfsg-3ubuntu5.9) xenial-security; urgency=medium
* SECURITY UPDATE: code execution via buffer overflow in decodearr
- debian/patches/CVE-2018-7183.patch: prevent writing beyons limits in
ntpq/ntpq.c.
- CVE-2018-7183
* SECURITY UPDATE: DoS via certain packets with a zero-origin timestamp
- debian/patches/CVE-2018-7185.patch: add additional checks to
ntpd/ntp_proto.c.
- CVE-2018-7185
-- Marc Deslauriers <[email protected]> Fri, 06 Jul 2018 15:34:25 -0400
(Reading database ...
(Reading database ... 5%
(Reading database ... 10%
(Reading database ... 15%
(Reading database ... 20%
(Reading database ... 25%
(Reading database ... 30%
(Reading database ... 35%
(Reading database ... 40%
(Reading database ... 45%
(Reading database ... 50%
(Reading database ... 55%
(Reading database ... 60%
(Reading database ... 65%
(Reading database ... 70%
(Reading database ... 75%
(Reading database ... 80%
(Reading database ... 85%
(Reading database ... 90%
(Reading database ... 95%
(Reading database ... 100%
(Reading database ... 184867 files and directories currently installed.)
Preparing to unpack .../libjpeg-turbo8_1.4.2-0ubuntu3.1_amd64.deb ...
Unpacking libjpeg-turbo8:amd64 (1.4.2-0ubuntu3.1) over (1.4.2-0ubuntu3) ...
Preparing to unpack .../ntpdate_1%3a4.2.8p4+dfsg-3ubuntu5.9_amd64.deb ...
Unpacking ntpdate (1:4.2.8p4+dfsg-3ubuntu5.9) over (1:4.2.8p4+dfsg-3ubuntu5.8) ...
Processing triggers for libc-bin (2.23-0ubuntu10) ...
Processing triggers for man-db (2.7.5-1) ...
Setting up libjpeg-turbo8:amd64 (1.4.2-0ubuntu3.1) ...
Setting up ntpdate (1:4.2.8p4+dfsg-3ubuntu5.9) ...
Processing triggers for libc-bin (2.23-0ubuntu10) ...
Log ended: 2018-07-10 06:09:14
Unattended-upgrades log:
Initial blacklisted packages:
Initial whitelisted packages:
Starting unattended upgrades script
Allowed origins are: ['o=Ubuntu,a=xenial', 'o=Ubuntu,a=xenial-security', 'o=UbuntuESM,a=xenial']
Packages that will be upgraded: libjpeg-turbo8 ntpdate
Writing dpkg log to '/var/log/unattended-upgrades/unattended-upgrades-dpkg.log'
All upgrades installed
Zentral_workers.service output
-- Logs begin at Tue 2018-07-10 10:06:45 CEST. --
Jul 10 10:08:15 zentral.domain.com python[2323]: return func(*args, params=params, **kwargs)
Jul 10 10:08:15 zentral.domain.com python[2323]: File "/home/zentral/app/venv/lib/python3.5/site-packages/elasticsearch/client/indices.py", line 116, in get
Jul 10 10:08:15 zentral.domain.com python[2323]: feature), params=params)
Jul 10 10:08:15 zentral.domain.com python[2323]: File "/home/zentral/app/venv/lib/python3.5/site-packages/elasticsearch/transport.py", line 318, in perform_request
Jul 10 10:08:15 zentral.domain.com python[2323]: status, headers_response, data = connection.perform_request(method, url, params, body, headers=headers, ignore=ignore, timeout=timeout)
Jul 10 10:08:15 zentral.domain.com python[2323]: File "/home/zentral/app/venv/lib/python3.5/site-packages/elasticsearch/connection/http_urllib3.py", line 185, in perform_request
Jul 10 10:08:15 zentral.domain.com python[2323]: self._raise_error(response.status, raw_data)
Jul 10 10:08:15 zentral.domain.com python[2323]: File "/home/zentral/app/venv/lib/python3.5/site-packages/elasticsearch/connection/base.py", line 125, in _raise_error
Jul 10 10:08:15 zentral.domain.com python[2323]: raise HTTP_EXCEPTIONS.get(status_code, TransportError)(status_code, error_message, additional_info)
Jul 10 10:08:15 zentral.domain.com python[2323]: elasticsearch.exceptions.RequestError: TransportError(400, 'index_closed_exception', 'closed')
I am running into an issue with my Zentral deployment where it exhausts the available database connections on our Postgres server.
I have about 275 clients connected and we see the number of open database connections shoot up to about 1000, then the web server can't get any more connections and the Docker container crashes.
django.db.utils.OperationalError: FATAL: sorry, too many clients already
The current osquery enrollment package installs the "/Library/LaunchDaemons/com.facebook.osqueryd.plist" file with invalid permissions. This causes launchctl to fail to load "/Library/LaunchDaemons/com.facebook.osqueryd.plist" also causing the following error message in the system log: Caller specified a plist with bad ownership/permissions: path = /Library/LaunchDaemons/com.facebook.osqueryd.plist, caller = launchctl.89355.
I submitted #16 to fix the problem, but I was told it would be better to open an issue so that we can find the root of the cause.
Monolith Sub manifest should support product archive installer package type. A component package works fine.
Hi there!
This is not so much an issue as much of an inquiry or enhancement request. I have been using Zentral just briefly, but very much enjoying it thus far. One thing I noticed right off the bat was the blank "Home" page if you will, that just says "Zentral".
I was wondering if there had been consideration to add anything to that, for instance graphs? I think it would be really nice to add a quick overview of a few things right when you get there (great for management folks kind of stuff), such as:
Just something at a broad scale to 1) kind of pretty up the first thing you see, and 2) give some good easy insight into your Zentral system. I am not very django-savvy, but will definitely look at whipping something together should others consider this useful.
Thanks again for your work on this product, it's great!
-Jeremy
Hello,
Any way to import an existing pack configuration file either through gui or cli?
More generally, would want to import/export queries, pack or osqueryd standalone config.
Thanks
I'm using v0.4.0 of Zentral and am able to add CentOS 6 and 7 hosts, as well as run queries, etc. The problem is that when viewing CentOS 7 hosts, the section that is supposed to show system info (CPU, Memory, OS version, networking) is empty.
I think this may be the relevant error from the logs:
I0929 16:32:39.288528 17443 distributed.cpp:133] Executing distributed query: __zentral_distributed_inventory_query_os_version: select 'os_version' as table_name, name, major, minor, patch, build from os_version;
I0929 16:32:39.288874 17443 virtual_table.cpp:291] Error casting minor () to INTEGER
I0929 16:32:39.288892 17443 virtual_table.cpp:291] Error casting patch () to INTEGER
What deploymment method are you using ?
Docker
What operating system are you using?
CentOS
What did you do?
Attempted to load the Zentral home page by navigating to the URL. Restarted the CentOS server, then restarted the containers using docker-compose up -d
to no avail.
What did you expect to see?
Expected to see the Zentral login screen.
Hello
Do you include any client authentication mechanisms?
Or should go through nginx and web client certificates.
Thanks
Attempting to bundle an osquery release with an enrolment package fails if the bundled osquery version is pre-release.
The package builder gets all the available release versions from the github API which includes pre-release versions. It then assumes the corresponding S3 download URL, but this does not work for pre-release builds.
Instead the S3 AccessDenied XML response is downloaded and saved to osquery-2.4.3.pkg
which then causes the error below.
Exception Type: CalledProcessError
Exception Value: Command '['/usr/local/bin/xar', '-x', '-C', '/tmp/tmpt3by6q2hzentral.utils.osx_package', '-f', '/tmp/osquery/releases/osquery-2.4.3.pkg']' returned non-zero exit status 1
The filewave inventory client doesn't seem to be compatible with the new filewave releases. A lot of the previously available information is missing (system information, macOS apps, …)
We need to find the documentation and update the client.
osquery_zentral_setup.sh
The bash script picks up "rosa" for linux mint 17.3 and "serena" on 18.1 for $DISTRO resulting in a failed execution
lines 44-47
# add/replace osquery repository
sudo /bin/sed -i '/^deb.*osquery.*$/d' /etc/apt/sources.list
DISTRO=$(lsb_release -c|cut -d ':' -f2| tr -d "\t")
echo "deb [arch=amd64] https://osquery-packages.s3.amazonaws.com/$DISTRO $DISTRO main" | sudo /usr/bin/tee -a /etc/apt/sources.list
Hello!
I have following problem while running "docker-compose up -d" on my Ubuntu Server 16.04 Xenial Xerus:
coky@ubuntu:~/zentral$ docker-compose up -d
Building workers
Step 1/20 : FROM python:3.6
---> a5b7afcfdcc8
Step 2/20 : ENV PYTHONUNBUFFERED 1
---> Using cache
---> da68296e6eed
Step 3/20 : MAINTAINER Éric Falconnier <[email protected]>
---> Using cache
---> 2f7ee1ba8ede
Step 4/20 : RUN apt-get update && apt-get autoremove -y && apt-get install -y bsdcpio libbz2-dev
---> Using cache
---> 01aa832c7515
Step 5/20 : RUN curl -fsSL https://github.com/zentralopensource/bomutils/archive/master.tar.gz | tar xvz && cd bomutils-* && make && make install && cd .. && rm -rf bomutils-*
---> Using cache
---> a45c2dc7c985
Step 6/20 : RUN curl -fsSL https://github.com/mackyle/xar/archive/xar-1.6.1.tar.gz | tar xvz && cd xar-*/xar && ./autogen.sh && ./configure --with-bzip2 && make && make install && cd ../.. && rm -rf xar-*
---> Running in 5083aa443160
xar-xar-1.6.1/
xar-xar-1.6.1/XarCMPlugIn/
xar-xar-1.6.1/XarCMPlugIn/English.lproj/
xar-xar-1.6.1/XarCMPlugIn/English.lproj/InfoPlist.strings
xar-xar-1.6.1/XarCMPlugIn/Info.plist
xar-xar-1.6.1/XarCMPlugIn/README.txt
xar-xar-1.6.1/XarCMPlugIn/XarCMPlugIn.c
xar-xar-1.6.1/XarCMPlugIn/XarCMPlugin.xcodeproj/
xar-xar-1.6.1/XarCMPlugIn/XarCMPlugin.xcodeproj/project.pbxproj
xar-xar-1.6.1/XarCMPlugIn/build/
xar-xar-1.6.1/XarCMPlugIn/build/XarCMPlugIn.plugin/
xar-xar-1.6.1/XarCMPlugIn/build/XarCMPlugIn.plugin/.turd
xar-xar-1.6.1/XarKit/
xar-xar-1.6.1/XarKit/Info.plist
xar-xar-1.6.1/XarKit/XarArchive.h
xar-xar-1.6.1/XarKit/XarArchive.m
xar-xar-1.6.1/XarKit/XarEnumerator.h
xar-xar-1.6.1/XarKit/XarEnumerator.m
xar-xar-1.6.1/XarKit/XarFile.h
xar-xar-1.6.1/XarKit/XarFile.m
xar-xar-1.6.1/XarKit/XarKit.h
xar-xar-1.6.1/XarKit/XarKit.xcodeproj/
xar-xar-1.6.1/XarKit/XarKit.xcodeproj/project.pbxproj
xar-xar-1.6.1/python/
xar-xar-1.6.1/python/README.txt
xar-xar-1.6.1/python/setup.py
xar-xar-1.6.1/python/test_xarfile.py
xar-xar-1.6.1/python/xarfile.pyx
xar-xar-1.6.1/tools/
xar-xar-1.6.1/tools/Makefile
xar-xar-1.6.1/tools/strextract.c
xar-xar-1.6.1/tools/toc_extract.c
xar-xar-1.6.1/tools/vitoc.1
xar-xar-1.6.1/tools/vitoc.c
xar-xar-1.6.1/tools/xardiff.1
xar-xar-1.6.1/tools/xardiff.c
xar-xar-1.6.1/xar/
xar-xar-1.6.1/xar/ChangeLog
xar-xar-1.6.1/xar/INSTALL
xar-xar-1.6.1/xar/LICENSE
xar-xar-1.6.1/xar/Makefile.in
xar-xar-1.6.1/xar/NEWS
xar-xar-1.6.1/xar/autogen.sh
xar-xar-1.6.1/xar/cfghdrs.stamp.in
xar-xar-1.6.1/xar/cfgoutputs.stamp.in
xar-xar-1.6.1/xar/config.guess
xar-xar-1.6.1/xar/config.sub
xar-xar-1.6.1/xar/configure.ac
xar-xar-1.6.1/xar/include/
xar-xar-1.6.1/xar/include/config.h.in
xar-xar-1.6.1/xar/include/xar.h.in
xar-xar-1.6.1/xar/install-sh
xar-xar-1.6.1/xar/lib/
xar-xar-1.6.1/xar/lib/Makefile.inc.in
xar-xar-1.6.1/xar/lib/appledouble.h
xar-xar-1.6.1/xar/lib/archive.c
xar-xar-1.6.1/xar/lib/archive.h
xar-xar-1.6.1/xar/lib/arcmod.c
xar-xar-1.6.1/xar/lib/arcmod.h
xar-xar-1.6.1/xar/lib/asprintf.h
xar-xar-1.6.1/xar/lib/b64.c
xar-xar-1.6.1/xar/lib/b64.h
xar-xar-1.6.1/xar/lib/bzxar.c
xar-xar-1.6.1/xar/lib/bzxar.h
xar-xar-1.6.1/xar/lib/darwinattr.c
xar-xar-1.6.1/xar/lib/darwinattr.h
xar-xar-1.6.1/xar/lib/data.c
xar-xar-1.6.1/xar/lib/data.h
xar-xar-1.6.1/xar/lib/ea.c
xar-xar-1.6.1/xar/lib/ea.h
xar-xar-1.6.1/xar/lib/err.c
xar-xar-1.6.1/xar/lib/ext2.c
xar-xar-1.6.1/xar/lib/ext2.h
xar-xar-1.6.1/xar/lib/fbsdattr.c
xar-xar-1.6.1/xar/lib/fbsdattr.h
xar-xar-1.6.1/xar/lib/filetree.c
xar-xar-1.6.1/xar/lib/filetree.h
xar-xar-1.6.1/xar/lib/hash.c
xar-xar-1.6.1/xar/lib/hash.h
xar-xar-1.6.1/xar/lib/io.c
xar-xar-1.6.1/xar/lib/io.h
xar-xar-1.6.1/xar/lib/libxar.la.in.in
xar-xar-1.6.1/xar/lib/linuxattr.c
xar-xar-1.6.1/xar/lib/linuxattr.h
xar-xar-1.6.1/xar/lib/lzmaxar.c
xar-xar-1.6.1/xar/lib/lzmaxar.h
xar-xar-1.6.1/xar/lib/macho.c
xar-xar-1.6.1/xar/lib/macho.h
xar-xar-1.6.1/xar/lib/script.c
xar-xar-1.6.1/xar/lib/script.h
xar-xar-1.6.1/xar/lib/signature.c
xar-xar-1.6.1/xar/lib/signature.h
xar-xar-1.6.1/xar/lib/stat.c
xar-xar-1.6.1/xar/lib/stat.h
xar-xar-1.6.1/xar/lib/strmode.h
xar-xar-1.6.1/xar/lib/subdoc.c
xar-xar-1.6.1/xar/lib/subdoc.h
xar-xar-1.6.1/xar/lib/util.c
xar-xar-1.6.1/xar/lib/util.h
xar-xar-1.6.1/xar/lib/zxar.c
xar-xar-1.6.1/xar/lib/zxar.h
xar-xar-1.6.1/xar/src/
xar-xar-1.6.1/xar/src/Makefile.inc.in
xar-xar-1.6.1/xar/src/xar.1
xar-xar-1.6.1/xar/src/xar.c
xar-xar-1.6.1/xar/test/
xar-xar-1.6.1/xar/test/attr
xar-xar-1.6.1/xar/test/buffer.c
xar-xar-1.6.1/xar/test/checksums
xar-xar-1.6.1/xar/test/compression
xar-xar-1.6.1/xar/test/data
xar-xar-1.6.1/xar/test/data.xsl
xar-xar-1.6.1/xar/test/functions
xar-xar-1.6.1/xar/test/hardlink
xar-xar-1.6.1/xar/test/heap
xar-xar-1.6.1/xar/test/heap1.xsl
xar-xar-1.6.1/xar/test/validate.c
xar-xar-1.6.1/xar/xar.spec.in
xar-xar-1.6.1/xar/xar_README.txt
xar-xar-1.6.1/xarmdimport/
xar-xar-1.6.1/xarmdimport/English.lproj/
xar-xar-1.6.1/xarmdimport/English.lproj/InfoPlist.strings
xar-xar-1.6.1/xarmdimport/English.lproj/schema.strings
xar-xar-1.6.1/xarmdimport/GetMetadataForFile.c
xar-xar-1.6.1/xarmdimport/Info.plist
xar-xar-1.6.1/xarmdimport/main.c
xar-xar-1.6.1/xarmdimport/schema.xml
xar-xar-1.6.1/xarmdimport/xar.xcodeproj/
xar-xar-1.6.1/xarmdimport/xar.xcodeproj/project.pbxproj
xar-xar-1.6.1/xarql/
xar-xar-1.6.1/xarql/English.lproj/
xar-xar-1.6.1/xarql/English.lproj/InfoPlist.strings
xar-xar-1.6.1/xarql/GeneratePreviewForURL.c
xar-xar-1.6.1/xarql/GenerateThumbnailForURL.c
xar-xar-1.6.1/xarql/Info.plist
xar-xar-1.6.1/xarql/main.c
xar-xar-1.6.1/xarql/xar.xcodeproj/
xar-xar-1.6.1/xarql/xar.xcodeproj/project.pbxproj
autoconf
./configure --enable-autogen
checking for gcc... gcc
checking whether the C compiler works... yes
checking for C compiler default output file name... a.out
checking for suffix of executables...
checking whether we are cross compiling... no
checking for suffix of object files... o
checking whether we are using the GNU C compiler... yes
checking whether gcc accepts -g... yes
checking for gcc option to accept ISO C89... none needed
checking for special C compiler options needed for large files... no
checking for _FILE_OFFSET_BITS value needed for large files... no
checking how to run the C preprocessor... gcc -E
checking for a BSD-compatible install... /usr/bin/install -c
checking for ld... /usr/bin/ld
checking for ar... /usr/bin/ar
checking for ranlib... /usr/bin/ranlib
checking for autoconf... /usr/bin/autoconf
checking whether to build shared libraries... yes
checking whether to build static libraries... yes
checking build system type... x86_64-unknown-linux-gnu
checking host system type... x86_64-unknown-linux-gnu
checking for grep that handles long lines and -e... /bin/grep
checking for egrep... /bin/grep -E
checking for ANSI C header files... yes
checking for sys/types.h... yes
checking for sys/stat.h... yes
checking for stdlib.h... yes
checking for string.h... yes
checking for memory.h... yes
checking for strings.h... yes
checking for inttypes.h... yes
checking for stdint.h... yes
checking for unistd.h... yes
checking for stdint.h... (cached) yes
checking ext2fs/ext2_fs.h usability... no
checking ext2fs/ext2_fs.h presence... no
checking for ext2fs/ext2_fs.h... no
checking sys/statfs.h usability... yes
checking sys/statfs.h presence... yes
checking for sys/statfs.h... yes
checking sys/xattr.h usability... yes
checking sys/xattr.h presence... yes
checking for sys/xattr.h... yes
checking sys/param.h usability... yes
checking sys/param.h presence... yes
checking for sys/param.h... yes
checking sys/extattr.h usability... no
checking sys/extattr.h presence... no
checking for sys/extattr.h... no
checking libutil.h usability... no
checking libutil.h presence... no
checking for libutil.h... no
checking for lgetxattr... yes
checking for lsetxattr... yes
checking for getxattr... yes
checking for setxattr... yes
checking for getattrlist... no
checking for setattrlist... no
checking for lchmod... no
checking for lchown... yes
checking for chflags... no
checking for statvfs... yes
checking for statfs... yes
checking for strmode... no
checking for struct statfs.f_fstypename... no
checking for struct statvfs.f_fstypename... no
checking for struct stat.st_flags... no
checking size of uid_t... 4
checking size of gid_t... 4
checking size of ino_t... 8
checking size of dev_t... 8
checking for acl_get_file in -lacl... no
checking for asprintf... yes
checking for xml2-config... /usr/bin/xml2-config
checking for libxml >= 2.6.11... 2.9.4
checking libxml/xmlwriter.h usability... yes
checking libxml/xmlwriter.h presence... yes
checking for libxml/xmlwriter.h... yes
checking openssl/evp.h usability... yes
checking openssl/evp.h presence... yes
checking for openssl/evp.h... yes
checking for OpenSSL_add_all_ciphers in -lcrypto... no
configure: error: Cannot build without libcrypto (OpenSSL)
Error 0 in ./configure
ERROR: Service 'workers' failed to build: The command '/bin/sh -c curl -fsSL https://github.com/mackyle/xar/archive/xar-1.6.1.tar.gz | tar xvz && cd xar-*/xar && ./autogen.sh && ./configure --with-bzip2 && make && make install && cd ../.. && rm -rf xar-*' returned a non-zero code: 1
This problem might be similar to a one described here: EmpireProject/Empire#521
Thx for help!
Currently it doesn't seem like you can create snapshot queries with Zentral:
Snapshot queries would be a useful configuration option (OSQuery docs):
Snapshot queries, those with snapshot: true will not store differentials and will not emulate an event stream. Snapshots always return the entire results from the query on the given interval. See the next section on logging for examples of each log output.
Today in Zentral I can only configure the options config_refresh, distributed_interval, and a few others from /osquery/configurations//
When trying to use extensions like https://github.com/polylogyx/osq-ext-bin this is a problem because the extension has an extensive list of custom configuration options that it understands and may require to be present.
Since the config is valid JSON, would adding a field to the configuration in Zentral that accepts (and validates) a JSON string of additional options be possible?
I'm having trouble with part 3 of the installation tutorial https://github.com/zentralopensource/docs/blob/master/zentral-docker-tutorial_3.md.
I've followed the zentral-docker-tutorial instructions exactly up to this point, but when i run "docker run -t -i -v /opt/my-zentral-conf:/home/zentral/conf zentral/zentral check" as instructed I always get the following errors:
Traceback (most recent call last):
File "/zentral/docker-entrypoint.py", line 83, in
os.execvp(filename, args)
File "/usr/local/lib/python3.4/os.py", line 525, in execvp
_execvpe(file, args)
File "/usr/local/lib/python3.4/os.py", line 570, in _execvpe
raise last_exc.with_traceback(tb)
File "/usr/local/lib/python3.4/os.py", line 560, in _execvpe
exec_func(fullname, *argrest)
FileNotFoundError: [Errno 2] No such file or directory
https://github.com/zentralopensource/zentral/wiki#architecture
This should fix...
![](wiki/images/overview1.png)
![](wiki/images/overview2.png)
If I use the Santa installer with enrollment and Santa installation combined, there seems to be a problem where the /var/db/santa/config.plist
file does not have the MachineID
set correctly.
This issue does not happen if I use the enrollment-only pkg.
The plist file winds up containing the following:
...
<key>MachineID</key>
<string>%MACHINE_ID%</string>
...
I repackaged the installer and set #!/usr/bin/sh -x
in the shebang for the postinstall
script and verified that it is running the sed
replacement. Also, the postinstall
script's sync
works fine, but when I try to sync after installation it obviously fails because of the bad MachineID
.
Hi,
Probably not an issue, but something I'm struggling with. I have used Docker Compose to bring this up on a Mac, the Mac is already running 2 other web based services so I have changed the config to bring up ngnix using port 8083 rather than 443, this is essentially my only diversion from a standard build.
I bring up the service without issue, but when I go to the admin password reset page I see Zentral, then as I press the button to reset my password I receive the a 403 Forbidden error.
Forbidden (403)
CSRF verification failed. Request aborted.
Reason given for failure:
Referer checking failed - https://zentral:8083/accounts/login/?next=/ does not match any trusted origins.
I've looked at the web logs;
web_1 | 2018-08-15 17:41:00,904 PID35 basehttp INFO "GET /inventory/prometheus_metrics/ HTTP/1.1" 200 735 web_1 | 2018-08-15 17:41:05,034 PID35 csrf WARNING Forbidden (Referer checking failed - https://zentral:8083/reset/MQ/4yr-3982fdf7c83d300def27/ does not match any trusted origins.): /reset/MQ/4yr-3982fdf7c83d300def27/ web_1 | 2018-08-15 17:41:05,051 PID35 basehttp WARNING "POST /reset/MQ/4yr-3982fdf7c83d300def27/ HTTP/1.0" 403 2587
Any pointers on where I can focus my troubleshooting with regard to this?
We recently enrolled a Linux VM with Zentral and confirmed that it appears in the count of total machines in the inventory. However, when we try to search for this machine using the Platform dropdown, we receive the following error.
We've also been able to locate and view the information successfully using Kibana, just not using the Zentral UI.
Any ideas?
I just installed a new instant af Zentral AWS following the Wiki
After upgrading to the latest with sudo /home/zentral/app/utils/deploy.py
all macOS packages has corrupt postinstall scripts (testet muni, ossuary and santa) and is unable to install
I want to log all the zentral login and logout events to a syslog server. I see login and logout events create logs but when I try to syslog, all the events( login, logout as well as heartbeats) are logged through syslog. How can I filter between heartbeats and login/logout events through syslog?
Hi and thanks for the resource.
Is there a docker image for Zentral?
I modified the json as instructed in https://github.com/zentralopensource/docs/blob/master/zentral-docker-tutorial_2.md
, and instead of copying it into the running container I mounted it:
docker run -d --name="zentral" -p 443:443 -v /Users/abanks/Downloads/zentral-conf-master:/opt/my-zentral-conf --restart="always" zentral/zentral:latest
but when I then exec bash into the container to run the check, I get:
# python /home/zentral/zentral/bin/check_configuration.py
Traceback (most recent call last):
File "/home/zentral/zentral/bin/check_configuration.py", line 6, in <module>
zentral.setup()
File "/home/zentral/zentral/__init__.py", line 9, in setup
from zentral.conf import settings
File "/home/zentral/zentral/conf/__init__.py", line 60
raise ImproperlyConfigured("{} error in file {}".format(filetype, filepath)) from None
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google ❤️ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.