Coder Social home page Coder Social logo

Comments (34)

blacktop avatar blacktop commented on August 25, 2024 1

@andr6 so I JUST created a vagrant machine using the included Vagrantfile, which installs malice on a fresh install of Ubuntu 14.04, and it worked for me with no weird crashes.

Can you confirm your env is set up the same way? Also maybe run a:

$ malice plugin update --all

Maybe you somehow have broken plugins?

from malice.

blacktop avatar blacktop commented on August 25, 2024

@andr6 can you please run with the debug -D flag. malice -D scan MALICE thanks again. I most likely won't be able to get to this until later today, but again I really appreciate your help and these bug reports.

from malice.

blacktop avatar blacktop commented on August 25, 2024

The output might be quite large can you create a gist and link it here please?

from malice.

andr6 avatar andr6 commented on August 25, 2024

@blacktop I believe this might related with some dependencies not installed. Yara, TRID etc...

Should this be manually installed ? Needs to be on the install i suppose

from malice.

andr6 avatar andr6 commented on August 25, 2024

https://gist.github.com/andr6/118e348e790370991a2da811387f5ae6

from malice.

blacktop avatar blacktop commented on August 25, 2024

So this doesn't look like a problem with the malice-engine, it looks like you have a special sample that is crashing some of my plugins. I am going to download that sample and test on my side, but I believe I will just need to have those containers handle the edge case that that sample is creating.

from malice.

blacktop avatar blacktop commented on August 25, 2024

wait.... you are using the same sample I am in my example!?! now I'm confused again 😕

from malice.

blacktop avatar blacktop commented on August 25, 2024

@andr6 with respects to your comment on dependancies that is the beauty of malice the plugins are all docker containers that are bundled with all their dependancies.

from malice.

andr6 avatar andr6 commented on August 25, 2024

@blacktop Already made 2 fresh installs. Exactly the same issue.

I am using a fresh install of Ubuntu 14.04.5 server.

from malice.

andr6 avatar andr6 commented on August 25, 2024

I am following the install readme for Ubuntu. Is there any other option to install ?

Updated the plugins and still the same.

from malice.

blacktop avatar blacktop commented on August 25, 2024

So in the Vagrantfile I run these commands to install malice:

    echo "Installing Docker================================"
    sudo apt-get install apt-transport-https ca-certificates
    sudo apt-key adv --keyserver hkp://p80.pool.sks-keyservers.net:80 --recv-keys 58118E89F3A912897C070ADBF76221572C52609D
    echo "deb https://apt.dockerproject.org/repo ubuntu-trusty main" | sudo tee -a /etc/apt/sources.list.d/docker.list
    sudo apt-get update -q
    sudo apt-get install -y linux-image-extra-$(uname -r)
    sudo apt-get install -y docker-engine
    sudo usermod -aG docker vagrant
    echo "Installing docker-compose ======================="
    curl -L https://github.com/docker/compose/releases/download/1.8.0/docker-compose-`uname -s`-`uname -m` > /usr/local/bin/docker-compose
    chmod +x /usr/local/bin/docker-compose
    echo "Installing docker-clean ========================="
    curl -s https://raw.githubusercontent.com/ZZROTDesign/docker-clean/v2.0.4/docker-clean | sudo tee /usr/local/bin/docker-clean > /dev/null
    sudo chmod +x /usr/local/bin/docker-clean
    echo "Installing Golang ==============================="
    export GO_VERSION=1.7.1
    export ARCH="$(dpkg --print-architecture)"
    wget https://storage.googleapis.com/golang/go$GO_VERSION.linux-$ARCH.tar.gz -O /tmp/go.tar.gz
    tar -C /usr/local -xzf /tmp/go.tar.gz
    export PATH=$PATH:/usr/local/go/bin
    export GOPATH=/home/vagrant/go
    echo 'export PATH=$PATH:/usr/local/go/bin' >> /home/vagrant/.bashrc
    echo 'export GOPATH=/home/vagrant/go' >> /home/vagrant/.bashrc
    echo 'export PATH=$PATH:/home/vagrant/go/bin' >> /home/vagrant/.bashrc
    echo "Installing Malice ==============================="
    sudo apt-get install -y libmagic-dev build-essential
    sudo -H -u vagrant bash -c 'GOPATH=/home/vagrant/go /usr/local/go/bin/go get -v github.com/maliceio/malice'

Are you running on bare metal or VM? The only other things I can think of is the remove the malice volume and network and try again?

That is done with these commands:

$ docker volume rm malice
$ docker network rm malice

NOTE: removing the malice volume also blows away the elasticsearch data

from malice.

blacktop avatar blacktop commented on August 25, 2024

If you have virtualbox + vagrant installed you can also use the vagrantfile to stand up a VM with malice running in it.

Another thing you could try is just running malice in docker without a go binary. That is done with this command:

docker run --rm -v /var/run/docker.sock:/var/run/docker.sock \
                -v `pwd`:/malice/samples \
                -e MALICE_VT_API=$MALICE_VT_API \
                malice/engine scan befb88b89c2eb401900a68e9f5b78764203f2b48264fcc3f7121bf04a57fd408

That is ran in the same directory as the malware sample befb88b89c2eb401900a68e9f5b78764203f2b48264fcc3f7121bf04a57fd408.

from malice.

andr6 avatar andr6 commented on August 25, 2024

@blacktop Using Workstation. Exposure to vagrant and docker is minimal so it's not helping :(

Removing the malice volume fails.
Error response from daemon: Unable to remove volume, volume still in use: remove malice: volume is in use - [f41992f5a9f5551f8c6c03cfe9116252e9ec18a523720c15175b2e71b5327f43]

Running the standalone command does not work too.
"2016/10/06 22:04:45 Get http://172.17.0.2:9200/: dial tcp 172.17.0.2:9200: getsockopt: connection refused"

from malice.

blacktop avatar blacktop commented on August 25, 2024

It sounds like you might have some plugins stuck in error states?

You can run these commands to clear them out:

$ docker kill $(docker ps -q); docker rm `docker ps -a -q -f status=exited`
$ docker kill $(docker ps -q); docker rm `docker ps -a -q -f status=created`

from malice.

andr6 avatar andr6 commented on August 25, 2024

No luck. Still same error. Even running standalone .

DEBU[0016] framesize: 12
DEBU[0016] framesize: 64
panic: runtime error: index out of range [recovered]
panic: runtime error: index out of range

goroutine 1 [running]:
panic(0x819620, 0xc420016080)
/usr/lib/go-1.7/src/runtime/panic.go:500 +0x1a1
github.com/urfave/cli.HandleAction.func1(0xc420049be8)
/go/src/github.com/urfave/cli/app.go:478 +0x247
panic(0x819620, 0xc420016080)
/usr/lib/go-1.7/src/runtime/panic.go:458 +0x243
main.ParseSsdeepOutput(0x0, 0x0, 0xc420049608, 0x1)
/go/src/github.com/maliceio/malice-fileinfo/scan.go:74 +0xd7
main.main.func1(0xc42007e780, 0x0, 0x0)
/go/src/github.com/maliceio/malice-fileinfo/scan.go:192 +0x161
reflect.Value.call(0x7fe0a0, 0x8d7be0, 0x13, 0x8980fd, 0x4, 0xc420049ba8, 0x1, 0x1, 0x4ca688, 0x884ba0, ...)
/usr/lib/go-1.7/src/reflect/value.go:434 +0x5c8
reflect.Value.Call(0x7fe0a0, 0x8d7be0, 0x13, 0xc420049ba8, 0x1, 0x1, 0x8d7b28, 0x0, 0x0)
/usr/lib/go-1.7/src/reflect/value.go:302 +0xa4
github.com/urfave/cli.HandleAction(0x7fe0a0, 0x8d7be0, 0xc42007e780, 0x0, 0x0)
/go/src/github.com/urfave/cli/app.go:487 +0x1e0
github.com/urfave/cli.(*App).Run(0xc4200d2000, 0xc42000c3c0, 0x3, 0x3, 0x0, 0x0)
/go/src/github.com/urfave/cli/app.go:245 +0x59b
main.main()
/go/src/github.com/maliceio/malice-fileinfo/scan.go:227 +0x56c
DEBU[0016] Corrupted prefix: []
DEBU[0017] framesize: 12

from malice.

blacktop avatar blacktop commented on August 25, 2024

How did you get that sample? Is there a way for you to upload it somewhere?

from malice.

blacktop avatar blacktop commented on August 25, 2024

So what is happening is the fileinfo plugin is failing to ssdeep it. Can you try this for me:

$ docker run -it --rm -v `pwd`:/malware --entrypoint=bash malice/fileinfo
root@1e365614ba9a:/malware# ssdeep befb88b89c2eb401900a68e9f5b78764203f2b48264fcc3f7121bf04a57fd408
ssdeep,1.1--blocksize:hash:hash,filename
768:15jQ4nVHQaeO379u4XckKVCsknBN9A4hUnDxDiNZ957ZpK0IUUiM95Zdz:15jQ4nVHQaeO9uwckKuBN9A4UnDxcbFi,"/malware/befb88b89c2eb401900a68e9f5b78764203f2b48264fcc3f7121bf04a57fd408"

^ That is what I see when I run it, but I need to know what happens when you run it.

Thank you.

from malice.

andr6 avatar andr6 commented on August 25, 2024

@blacktop

The sample is available in VT.

root@malice:~# docker run -it --rm -v `pwd`:/malware --entrypoint=bash malice/fileinfo
root@4893a7144547:/malware# ssdeep befb88b89c2eb401900a68e9f5b78764203f2b48264fcc3f7121bf04a57fd408
ssdeep,1.1--blocksize:hash:hash,filename
768:15jQ4nVHQaeO379u4XckKVCsknBN9A4hUnDxDiNZ957ZpK0IUUiM95Zdz:15jQ4nVHQaeO9uwckKuBN9A4UnDxcbFi,"/malware/befb88b89c2eb401900a68e9f5b78764203f2b48264fcc3f7121bf04a57fd408"

from malice.

blacktop avatar blacktop commented on August 25, 2024

Haha this makes no sense now because the plugin should be working as you got the exact same thing as me.

Can you try this please:

$ docker run --rm -v `pwd`:/malware malice/fileinfo -t befb88b89c2eb401900a68e9f5b78764203f2b48264fcc3f7121bf04a57fd408

from malice.

andr6 avatar andr6 commented on August 25, 2024

BANG!!!

 docker run --rm -v `pwd`:/malware malice/fileinfo -t befb88b89c2eb401900a68e9f5b78764203f2b48264fcc3f7121bf04a57fd408
panic: runtime error: index out of range [recovered]
        panic: runtime error: index out of range

goroutine 1 [running]:
panic(0x819620, 0xc420014080)
        /usr/lib/go-1.7/src/runtime/panic.go:500 +0x1a1
github.com/urfave/cli.HandleAction.func1(0xc420049be8)
        /go/src/github.com/urfave/cli/app.go:478 +0x247
panic(0x819620, 0xc420014080)
        /usr/lib/go-1.7/src/runtime/panic.go:458 +0x243
main.ParseSsdeepOutput(0x0, 0x0, 0xc420049608, 0x1)
        /go/src/github.com/maliceio/malice-fileinfo/scan.go:74 +0xd7
main.main.func1(0xc42008c780, 0x0, 0x0)
        /go/src/github.com/maliceio/malice-fileinfo/scan.go:192 +0x161
reflect.Value.call(0x7fe0a0, 0x8d7be0, 0x13, 0x8980fd, 0x4, 0xc420049ba8, 0x1, 0x1, 0x4ca688, 0x884ba0, ...)
        /usr/lib/go-1.7/src/reflect/value.go:434 +0x5c8
reflect.Value.Call(0x7fe0a0, 0x8d7be0, 0x13, 0xc420049ba8, 0x1, 0x1, 0x8d7b28, 0x0, 0x0)
        /usr/lib/go-1.7/src/reflect/value.go:302 +0xa4
github.com/urfave/cli.HandleAction(0x7fe0a0, 0x8d7be0, 0xc42008c780, 0x0, 0x0)
        /go/src/github.com/urfave/cli/app.go:487 +0x1e0
github.com/urfave/cli.(*App).Run(0xc4200e0000, 0xc42000c210, 0x3, 0x3, 0x0, 0x0)
        /go/src/github.com/urfave/cli/app.go:245 +0x59b
main.main()
        /go/src/github.com/maliceio/malice-fileinfo/scan.go:227 +0x56c

from malice.

blacktop avatar blacktop commented on August 25, 2024

So I hardened the malice/fileinfo plugin against weird errors so it should work now. Can you do a:

malice plugin update fileinfo

For the issue that won't die !!!!! ☠️

from malice.

andr6 avatar andr6 commented on August 25, 2024 
root@malice:~# docker run --rm -v `pwd`:/malware malice/fileinfo -t befb88b89c2eb401900a68e9f5b78764203f2b48264fcc3f7121bf04a57fd408
panic: runtime error: slice bounds out of range [recovered]
        panic: runtime error: slice bounds out of range

goroutine 1 [running]:
panic(0x819720, 0xc420014090)
        /usr/lib/go-1.7/src/runtime/panic.go:500 +0x1a1
github.com/urfave/cli.HandleAction.func1(0xc420051be8)
        /go/src/github.com/urfave/cli/app.go:478 +0x247
panic(0x819720, 0xc420014090)
        /usr/lib/go-1.7/src/runtime/panic.go:458 +0x243
main.ParseTRiDOutput(0xc42010c070, 0x64, 0xc4200515f8, 0x1, 0x1)
        /go/src/github.com/maliceio/malice-fileinfo/scan.go:94 +0x290
main.main.func1(0xc42007e780, 0x0, 0x0)
        /go/src/github.com/maliceio/malice-fileinfo/scan.go:209 +0x200
reflect.Value.call(0x7fe0e0, 0x8d7c40, 0x13, 0x89825d, 0x4, 0xc420051ba8, 0x1, 0x1, 0x4ca738, 0x884d20, ...)
        /usr/lib/go-1.7/src/reflect/value.go:434 +0x5c8
reflect.Value.Call(0x7fe0e0, 0x8d7c40, 0x13, 0xc420051ba8, 0x1, 0x1, 0x8d7b88, 0x0, 0x0)
        /usr/lib/go-1.7/src/reflect/value.go:302 +0xa4
github.com/urfave/cli.HandleAction(0x7fe0e0, 0x8d7c40, 0xc42007e780, 0x0, 0x0)
        /go/src/github.com/urfave/cli/app.go:487 +0x1e0
github.com/urfave/cli.(*App).Run(0xc4200d2000, 0xc42000c210, 0x3, 0x3, 0x0, 0x0)
        /go/src/github.com/urfave/cli/app.go:245 +0x59b
main.main()
        /go/src/github.com/maliceio/malice-fileinfo/scan.go:243 +0x56c

from malice.

blacktop avatar blacktop commented on August 25, 2024

😧 this ... this can't be... it's... it's not possible !?

Can you run this:

docker run -it --rm -v `pwd`:/malware --entrypoint=bash malice/fileinfo -c "ls -lah"

Also,

I have also added some debug logging:

Can you do a malice plugin update fileinfo again and try again with the verbose flag set:

docker run --rm -v `pwd`:/malware malice/fileinfo -V -t befb88b89c2eb401900a68e9f5b78764203f2b48264fcc3f7121bf04a57fd408

from malice.

andr6 avatar andr6 commented on August 25, 2024

root@malice:~# docker run -it --rm -v pwd:/malware --entrypoint=bash malice/fileinfo -c "ls -lah"
total 104K
drwx------ 4 root root 4.0K Oct 8 22:31 .
drwxr-xr-x 42 root root 4.0K Oct 8 22:41 ..
-rw------- 1 root root 8.2K Oct 8 22:20 .bash_history
-rw-r--r-- 1 root root 3.3K Oct 5 18:40 .bashrc
drwxr-xr-x 3 root root 4.0K Oct 8 22:31 .malice
-rw-r--r-- 1 root root 140 Feb 20 2014 .profile
-rw------- 1 root root 4.9K Oct 8 22:31 .viminfo
-rwxrwxrwx 1 root root 40K Oct 5 18:18 befb88b89c2eb401900a68e9f5b78764203f2b48264fcc3f7121bf04a57fd408
-rw-r--r-- 1 root root 19K Oct 6 22:31 befb88b89c2eb401900a68e9f5b78764203f2b48264fcc3f7121bf04a57fd408.gz
drwxr-xr-x 5 root root 4.0K Oct 5 17:00 go

ShadowServer

  • Not found
    2016/10/08 22:44:06 open befb88b89c2eb401900a68e9f5b78764203f2b48264fcc3f7121bf04a57fd408: permission denied
    2016/10/08 22:44:06 exit status 1
    2016/10/08 22:44:07 could not open file

    F-PROT

The file is under root with full permissions.

Changed the location of file to a different path /home/xxx

root@malice:/home/xxx# docker run -it --rm -v pwd:/malware --entrypoint=bash malice/fileinfo -c "ls -lah"
total 68K
drwxr-xr-x 3 1000 1000 4.0K Oct 8 22:39 .
drwxr-xr-x 42 root root 4.0K Oct 8 22:46 ..
-rw------- 1 1000 1000 50 Oct 8 22:03 .bash_history
-rw-r--r-- 1 1000 1000 220 Oct 5 16:40 .bash_logout
-rw-r--r-- 1 1000 1000 3.6K Oct 5 16:40 .bashrc
drwx------ 2 1000 1000 4.0K Oct 5 16:41 .cache
-rw-r--r-- 1 1000 1000 675 Oct 5 16:40 .profile
-rwxrwxrwx 1 1000 1000 40K Oct 8 22:39 befb88b89c2eb401900a68e9f5b78764203f2b48264fcc3f7121bf04a57fd408

root@malice:/home/xxx# malice scan befb88b89c2eb401900a68e9f5b78764203f2b48264fcc3f7121bf04a57fd408
...snip...

ShadowServer

  • Not found
    2016/10/08 22:47:11 exit status 1
    2016/10/08 22:47:11 open befb88b89c2eb401900a68e9f5b78764203f2b48264fcc3f7121bf04a57fd408: permission denied
    ...snip...

from malice.

blacktop avatar blacktop commented on August 25, 2024

I think you might have a docker container holding on to the file.

What is the output of this:

docker ps -a

from malice.

andr6 avatar andr6 commented on August 25, 2024

Killed the existing running docker containers

root@malice:~# docker ps -a
CONTAINER ID        IMAGE               COMMAND             CREATED             STATUS              PORTS               NAMES
root@malice:~#

Can't find the file ?

root@malice:~# docker run --rm -v `pwd`:/malware malice/fileinfo -V -t befb88b89c2eb401900a68e9f5b78764203f2b48264fcc3f7121bf04a57fd408
time="2016-10-08T22:57:45Z" level=debug msg="ssdeep lines:  []"
time="2016-10-08T22:57:45Z" level=debug msg="TRiD lines:  [ TrID/32 - File Identifier v2.24 - (C) 2003-16 By M.Pontello  * Error: found no file(s) to analyze! ]"
panic: runtime error: slice bounds out of range [recovered]
        panic: runtime error: slice bounds out of range

goroutine 1 [running]:
panic(0x819720, 0xc420016090)
        /usr/lib/go-1.7/src/runtime/panic.go:500 +0x1a1
github.com/urfave/cli.HandleAction.func1(0xc4200fbbd8)
        /go/src/github.com/urfave/cli/app.go:478 +0x247
panic(0x819720, 0xc420016090)
        /usr/lib/go-1.7/src/runtime/panic.go:458 +0x243
main.ParseTRiDOutput(0xc42010e000, 0x64, 0xc4200fb5e8, 0x1, 0x1)
        /go/src/github.com/maliceio/malice-fileinfo/scan.go:97 +0x3c0
main.main.func1(0xc42008c780, 0x0, 0x0)
        /go/src/github.com/maliceio/malice-fileinfo/scan.go:212 +0x200
reflect.Value.call(0x7fe0e0, 0x8d7ca0, 0x13, 0x89825d, 0x4, 0xc4200fbb98, 0x1, 0x1, 0x4cab08, 0x884d20, ...)
        /usr/lib/go-1.7/src/reflect/value.go:434 +0x5c8
reflect.Value.Call(0x7fe0e0, 0x8d7ca0, 0x13, 0xc4200fbb98, 0x1, 0x1, 0x8d7be8, 0x0, 0x0)
        /usr/lib/go-1.7/src/reflect/value.go:302 +0xa4
github.com/urfave/cli.HandleAction(0x7fe0e0, 0x8d7ca0, 0xc42008c780, 0x0, 0x0)
        /go/src/github.com/urfave/cli/app.go:487 +0x1e0
github.com/urfave/cli.(*App).Run(0xc4200e0000, 0xc42000c1c0, 0x4, 0x4, 0x0, 0x0)
        /go/src/github.com/urfave/cli/app.go:245 +0x59b
main.main()
        /go/src/github.com/maliceio/malice-fileinfo/scan.go:246 +0x56c

root@malice:~# docker run -it --rm -v `pwd`:/malware --entrypoint=bash malice/fileinfo -c "ls -lah"
total 104K
drwx------  4 root root 4.0K Oct  8 22:31 .
drwxr-xr-x 42 root root 4.0K Oct  8 22:58 ..
-rw-------  1 root root 8.2K Oct  8 22:20 .bash_history
-rw-r--r--  1 root root 3.3K Oct  5 18:40 .bashrc
drwxr-xr-x  3 root root 4.0K Oct  8 22:31 .malice
-rw-r--r--  1 root root  140 Feb 20  2014 .profile
-rw-------  1 root root 4.9K Oct  8 22:31 .viminfo
-rwxrwxrwx  1 root root  40K Oct  5 18:18 befb88b89c2eb401900a68e9f5b78764203f2b48264fcc3f7121bf04a57fd408
-rw-r--r--  1 root root  19K Oct  6 22:31 befb88b89c2eb401900a68e9f5b78764203f2b48264fcc3f7121bf04a57fd408.gz
drwxr-xr-x  5 root root 4.0K Oct  5 17:00 go

root@malice:~# pwd
/root
root@malice:~# file befb88b89c2eb401900a68e9f5b78764203f2b48264fcc3f7121bf04a57fd408
befb88b89c2eb401900a68e9f5b78764203f2b48264fcc3f7121bf04a57fd408: PE32 executable (GUI) Intel 80386, for MS Windows

from malice.

blacktop avatar blacktop commented on August 25, 2024

I am pretty sure this is because you are running as root and the plugins try to step down as the user malice before running which doesn't have perms to access the file, which is owned by root on your host.

Try this:

$ docker run -it --rm -v `pwd`:/malware --entrypoint=bash malice/fileinfo

root@4893a7144547:/malware# /bin/info -V -t befb88b89c2eb401900a68e9f5b78764203f2b48264fcc3f7121bf04a57fd408

from malice.

andr6 avatar andr6 commented on August 25, 2024

So that works and produces the expected details of the file.

What would be recommended to avoid this ? Setting up a different user ? Running the file from a different folder ?

from malice.

blacktop avatar blacktop commented on August 25, 2024

Well running as root is pretty damn scary especially when dealing with real malware. I am assuming you are in a VM so don't care.

What I am going to do to handle this is check at run time that the files are owned by malice by running: chown -R malice:malice /malware right before the plugin runs.

Would that break anything else for you?

I am building a new version of the plugin now so you should do another update and try again and see it that fixes things for you. It is so weird that it doesn't fail for the other plugins, but maybe the alpine docker images behave differently than the debian:wheezy ones do. Regardless, this is good to know and thank you for your help.

Hopefully we can close this bastard of an issue now.

from malice.

andr6 avatar andr6 commented on August 25, 2024

Agree .It's "dangerous " that is running as root but as you said it's a VM's on a controlled environment with the traffic being monitored.

No it won't break anything for me so i will put the same kind of setup/directory .

No , thank you for the hard work and patience on this. Glad that we got to the bottom on the issue. Feel free to close this fecker. Let me know once update is done .

from malice.

blacktop avatar blacktop commented on August 25, 2024

update is done, please try once again full malice plugin update fileinfo and malice scan

from malice.

andr6 avatar andr6 commented on August 25, 2024

Oh man.....

  • Not found
    2016/10/08 23:53:45 exit status 1
    chown: changing ownership of /malware/befb88b89c2eb401900a68e9f5b78764203f2b48264fcc3f7121bf04a57fd408': Read-only file system chown: changing ownership of/malware/docker-elk/nodes/0/indices/.kibana/_state/state-11.st': Read-only file system
    chown: changing ownership of /malware/docker-elk/nodes/0/indices/.kibana/_state': Read-only file system chown: changing ownership of/malware/docker-elk/nodes/0/indices/.kibana/0/translog/translog-12.tlog': Read-only file system
    chown: changing ownership of /malware/docker-elk/nodes/0/indices/.kibana/0/translog/translog-11.tlog': Read-only file system chown: changing ownership of/malware/docker-elk/nodes/0/indices/.kibana/0/translog/translog-12.ckp': Read-only file system
    chown: changing ownership of /malware/docker-elk/nodes/0/indices/.kibana/0/translog/translog.ckp': Read-only file system chown: changing ownership of/malware/docker-elk/nodes/0/indices/.kibana/0/translog/translog-11.ckp': Read-only file system
    chown: changing ownership of /malware/docker-elk/nodes/0/indices/.kibana/0/translog/translog-13.tlog': Read-only file system chown: changing ownership of/malware/docker-elk/nodes/0/indices/.kibana/0/translog': Read-only file system
    chown: changing ownership of /malware/docker-elk/nodes/0/indices/.kibana/0/_state/state-11.st': Read-only file system chown: changing ownership of/malware/docker-elk/nodes/0/indices/.kibana/0/_state': Read-only file system
    chown: changing ownership of /malware/docker-elk/nodes/0/indices/.kibana/0/index/_0.cfs': Read-only file system chown: changing ownership of/malware/docker-elk/nodes/0/indices/.kibana/0/index/segments_5': Read-only file system
    chown: changing ownership of /malware/docker-elk/nodes/0/indices/.kibana/0/index/_0.cfe': Read-only file system chown: changing ownership of/malware/docker-elk/nodes/0/indices/.kibana/0/index/_0.si': Read-only file system
    chown: changing ownership of /malware/docker-elk/nodes/0/indices/.kibana/0/index/write.lock': Read-only file system chown: changing ownership of/malware/docker-elk/nodes/0/indices/.kibana/0/index': Read-only file system
    chown: changing ownership of /malware/docker-elk/nodes/0/indices/.kibana/0': Read-only file system chown: changing ownership of/malware/docker-elk/nodes/0/indices/.kibana': Read-only file system
    chown: changing ownership of /malware/docker-elk/nodes/0/indices/malice/_state/state-19.st': Read-only file system chown: changing ownership of/malware/docker-elk/nodes/0/indices/malice/_state': Read-only file system
    chown: changing ownership of /malware/docker-elk/nodes/0/indices/malice/0/translog/translog-23.tlog': Read-only file system chown: changing ownership of/malware/docker-elk/nodes/0/indices/malice/0/translog/translog-24.tlog': Read-only file system
    chown: changing ownership of /malware/docker-elk/nodes/0/indices/malice/0/translog/translog-23.ckp': Read-only file system chown: changing ownership of/malware/docker-elk/nodes/0/indices/malice/0/translog/translog.ckp': Read-only file system
    chown: changing ownership of /malware/docker-elk/nodes/0/indices/malice/0/translog': Read-only file system chown: changing ownership of/malware/docker-elk/nodes/0/indices/malice/0/_state/state-11.st': Read-only file system
    chown: changing ownership of /malware/docker-elk/nodes/0/indices/malice/0/_state': Read-only file system chown: changing ownership of/malware/docker-elk/nodes/0/indices/malice/0/index/_5p.cfs': Read-only file system
    chown: changing ownership of /malware/docker-elk/nodes/0/indices/malice/0/index/_4w.fdx': Read-only file system chown: changing ownership of/malware/docker-elk/nodes/0/indices/malice/0/index/_5y.si': Read-only file system
    chown: changing ownership of /malware/docker-elk/nodes/0/indices/malice/0/index/_5p.si': Read-only file system chown: changing ownership of/malware/docker-elk/nodes/0/indices/malice/0/index/_56_1.liv': Read-only file system
    chown: changing ownership of /malware/docker-elk/nodes/0/indices/malice/0/index/_4w.nvm': Read-only file system chown: changing ownership of/malware/docker-elk/nodes/0/indices/malice/0/index/_60.si': Read-only file system
    chown: changing ownership of /malware/docker-elk/nodes/0/indices/malice/0/index/_4w.fdt': Read-only file system chown: changing ownership of/malware/docker-elk/nodes/0/indices/malice/0/index/_60.cfs': Read-only file system
    chown: changing ownership of /malware/docker-elk/nodes/0/indices/malice/0/index/_4w_Lucene50_0.tip': Read-only file system chown: changing ownership of/malware/docker-elk/nodes/0/indices/malice/0/index/_56.si': Read-only file system
    chown: changing ownership of /malware/docker-elk/nodes/0/indices/malice/0/index/_4w_Lucene50_0.doc': Read-only file system chown: changing ownership of/malware/docker-elk/nodes/0/indices/malice/0/index/_5y.cfe': Read-only file system
    chown: changing ownership of /malware/docker-elk/nodes/0/indices/malice/0/index/_5y.cfs': Read-only file system chown: changing ownership of/malware/docker-elk/nodes/0/indices/malice/0/index/_4w_Lucene54_0.dvm': Read-only file system
    chown: changing ownership of /malware/docker-elk/nodes/0/indices/malice/0/index/_60_1.liv': Read-only file system chown: changing ownership of/malware/docker-elk/nodes/0/indices/malice/0/index/_4w_Lucene50_0.pos': Read-only file system
    chown: changing ownership of /malware/docker-elk/nodes/0/indices/malice/0/index/_5p.cfe': Read-only file system chown: changing ownership of/malware/docker-elk/nodes/0/indices/malice/0/index/_4w_Lucene50_0.tim': Read-only file system
    chown: changing ownership of /malware/docker-elk/nodes/0/indices/malice/0/index/_5f.si': Read-only file system chown: changing ownership of/malware/docker-elk/nodes/0/indices/malice/0/index/write.lock': Read-only file system
    chown: changing ownership of /malware/docker-elk/nodes/0/indices/malice/0/index/_4w.fnm': Read-only file system chown: changing ownership of/malware/docker-elk/nodes/0/indices/malice/0/index/_56.cfe': Read-only file system
    chown: changing ownership of /malware/docker-elk/nodes/0/indices/malice/0/index/_4w.nvd': Read-only file system chown: changing ownership of/malware/docker-elk/nodes/0/indices/malice/0/index/_4w.si': Read-only file system
    chown: changing ownership of /malware/docker-elk/nodes/0/indices/malice/0/index/_5f.cfs': Read-only file system chown: changing ownership of/malware/docker-elk/nodes/0/indices/malice/0/index/_56.cfs': Read-only file system
    chown: changing ownership of /malware/docker-elk/nodes/0/indices/malice/0/index/_60.cfe': Read-only file system chown: changing ownership of/malware/docker-elk/nodes/0/indices/malice/0/index/_5f.cfe': Read-only file system
    chown: changing ownership of /malware/docker-elk/nodes/0/indices/malice/0/index/segments_g': Read-only file system chown: changing ownership of/malware/docker-elk/nodes/0/indices/malice/0/index/_4w_Lucene54_0.dvd': Read-only file system
    chown: changing ownership of /malware/docker-elk/nodes/0/indices/malice/0/index': Read-only file system chown: changing ownership of/malware/docker-elk/nodes/0/indices/malice/0': Read-only file system
    chown: changing ownership of /malware/docker-elk/nodes/0/indices/malice': Read-only file system chown: changing ownership of/malware/docker-elk/nodes/0/indices': Read-only file system
    chown: changing ownership of /malware/docker-elk/nodes/0/node.lock': Read-only file system chown: changing ownership of/malware/docker-elk/nodes/0/_state/global-11.st': Read-only file system
    chown: changing ownership of /malware/docker-elk/nodes/0/_state': Read-only file system chown: changing ownership of/malware/docker-elk/nodes/0': Read-only file system
    chown: changing ownership of /malware/docker-elk/nodes': Read-only file system chown: changing ownership of/malware/docker-elk': Read-only file system
    chown: changing ownership of `/malware': Read-only file system
    2016/10/08 23:53:47 could not open file

from malice.

blacktop avatar blacktop commented on August 25, 2024

:rage3:

from malice.

andr6 avatar andr6 commented on August 25, 2024

Mate closing this fecker... Will do a correct install of malice tomorrow.

from malice.

Related Issues (20)

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.