Comments (34)
@andr6 so I JUST created a vagrant machine using the included Vagrantfile, which installs malice on a fresh install of Ubuntu 14.04, and it worked for me with no weird crashes.
Can you confirm your env is set up the same way? Also maybe run a:
$ malice plugin update --all
Maybe you somehow have broken plugins?
from malice.
@andr6 can you please run with the debug -D
flag. malice -D scan MALICE
thanks again. I most likely won't be able to get to this until later today, but again I really appreciate your help and these bug reports.
from malice.
The output might be quite large can you create a gist and link it here please?
from malice.
@blacktop I believe this might related with some dependencies not installed. Yara, TRID etc...
Should this be manually installed ? Needs to be on the install i suppose
from malice.
https://gist.github.com/andr6/118e348e790370991a2da811387f5ae6
from malice.
So this doesn't look like a problem with the malice-engine, it looks like you have a special sample that is crashing some of my plugins. I am going to download that sample and test on my side, but I believe I will just need to have those containers handle the edge case that that sample is creating.
from malice.
wait.... you are using the same sample I am in my example!?! now I'm confused again 😕
from malice.
@andr6 with respects to your comment on dependancies that is the beauty of malice the plugins are all docker containers that are bundled with all their dependancies.
from malice.
@blacktop Already made 2 fresh installs. Exactly the same issue.
I am using a fresh install of Ubuntu 14.04.5 server.
from malice.
I am following the install readme for Ubuntu. Is there any other option to install ?
Updated the plugins and still the same.
from malice.
So in the Vagrantfile I run these commands to install malice:
echo "Installing Docker================================"
sudo apt-get install apt-transport-https ca-certificates
sudo apt-key adv --keyserver hkp://p80.pool.sks-keyservers.net:80 --recv-keys 58118E89F3A912897C070ADBF76221572C52609D
echo "deb https://apt.dockerproject.org/repo ubuntu-trusty main" | sudo tee -a /etc/apt/sources.list.d/docker.list
sudo apt-get update -q
sudo apt-get install -y linux-image-extra-$(uname -r)
sudo apt-get install -y docker-engine
sudo usermod -aG docker vagrant
echo "Installing docker-compose ======================="
curl -L https://github.com/docker/compose/releases/download/1.8.0/docker-compose-`uname -s`-`uname -m` > /usr/local/bin/docker-compose
chmod +x /usr/local/bin/docker-compose
echo "Installing docker-clean ========================="
curl -s https://raw.githubusercontent.com/ZZROTDesign/docker-clean/v2.0.4/docker-clean | sudo tee /usr/local/bin/docker-clean > /dev/null
sudo chmod +x /usr/local/bin/docker-clean
echo "Installing Golang ==============================="
export GO_VERSION=1.7.1
export ARCH="$(dpkg --print-architecture)"
wget https://storage.googleapis.com/golang/go$GO_VERSION.linux-$ARCH.tar.gz -O /tmp/go.tar.gz
tar -C /usr/local -xzf /tmp/go.tar.gz
export PATH=$PATH:/usr/local/go/bin
export GOPATH=/home/vagrant/go
echo 'export PATH=$PATH:/usr/local/go/bin' >> /home/vagrant/.bashrc
echo 'export GOPATH=/home/vagrant/go' >> /home/vagrant/.bashrc
echo 'export PATH=$PATH:/home/vagrant/go/bin' >> /home/vagrant/.bashrc
echo "Installing Malice ==============================="
sudo apt-get install -y libmagic-dev build-essential
sudo -H -u vagrant bash -c 'GOPATH=/home/vagrant/go /usr/local/go/bin/go get -v github.com/maliceio/malice'
Are you running on bare metal or VM? The only other things I can think of is the remove the malice volume and network and try again?
That is done with these commands:
$ docker volume rm malice
$ docker network rm malice
NOTE: removing the malice volume also blows away the elasticsearch data
from malice.
If you have virtualbox + vagrant installed you can also use the vagrantfile to stand up a VM with malice running in it.
Another thing you could try is just running malice in docker without a go binary. That is done with this command:
docker run --rm -v /var/run/docker.sock:/var/run/docker.sock \
-v `pwd`:/malice/samples \
-e MALICE_VT_API=$MALICE_VT_API \
malice/engine scan befb88b89c2eb401900a68e9f5b78764203f2b48264fcc3f7121bf04a57fd408
That is ran in the same directory as the malware sample befb88b89c2eb401900a68e9f5b78764203f2b48264fcc3f7121bf04a57fd408
.
from malice.
@blacktop Using Workstation. Exposure to vagrant and docker is minimal so it's not helping :(
Removing the malice volume fails.
Error response from daemon: Unable to remove volume, volume still in use: remove malice: volume is in use - [f41992f5a9f5551f8c6c03cfe9116252e9ec18a523720c15175b2e71b5327f43]
Running the standalone command does not work too.
"2016/10/06 22:04:45 Get http://172.17.0.2:9200/: dial tcp 172.17.0.2:9200: getsockopt: connection refused"
from malice.
It sounds like you might have some plugins stuck in error states?
You can run these commands to clear them out:
$ docker kill $(docker ps -q); docker rm `docker ps -a -q -f status=exited`
$ docker kill $(docker ps -q); docker rm `docker ps -a -q -f status=created`
from malice.
No luck. Still same error. Even running standalone .
DEBU[0016] framesize: 12
DEBU[0016] framesize: 64
panic: runtime error: index out of range [recovered]
panic: runtime error: index out of range
goroutine 1 [running]:
panic(0x819620, 0xc420016080)
/usr/lib/go-1.7/src/runtime/panic.go:500 +0x1a1
github.com/urfave/cli.HandleAction.func1(0xc420049be8)
/go/src/github.com/urfave/cli/app.go:478 +0x247
panic(0x819620, 0xc420016080)
/usr/lib/go-1.7/src/runtime/panic.go:458 +0x243
main.ParseSsdeepOutput(0x0, 0x0, 0xc420049608, 0x1)
/go/src/github.com/maliceio/malice-fileinfo/scan.go:74 +0xd7
main.main.func1(0xc42007e780, 0x0, 0x0)
/go/src/github.com/maliceio/malice-fileinfo/scan.go:192 +0x161
reflect.Value.call(0x7fe0a0, 0x8d7be0, 0x13, 0x8980fd, 0x4, 0xc420049ba8, 0x1, 0x1, 0x4ca688, 0x884ba0, ...)
/usr/lib/go-1.7/src/reflect/value.go:434 +0x5c8
reflect.Value.Call(0x7fe0a0, 0x8d7be0, 0x13, 0xc420049ba8, 0x1, 0x1, 0x8d7b28, 0x0, 0x0)
/usr/lib/go-1.7/src/reflect/value.go:302 +0xa4
github.com/urfave/cli.HandleAction(0x7fe0a0, 0x8d7be0, 0xc42007e780, 0x0, 0x0)
/go/src/github.com/urfave/cli/app.go:487 +0x1e0
github.com/urfave/cli.(*App).Run(0xc4200d2000, 0xc42000c3c0, 0x3, 0x3, 0x0, 0x0)
/go/src/github.com/urfave/cli/app.go:245 +0x59b
main.main()
/go/src/github.com/maliceio/malice-fileinfo/scan.go:227 +0x56c
DEBU[0016] Corrupted prefix: []
DEBU[0017] framesize: 12
from malice.
How did you get that sample? Is there a way for you to upload it somewhere?
from malice.
So what is happening is the fileinfo plugin is failing to ssdeep it. Can you try this for me:
$ docker run -it --rm -v `pwd`:/malware --entrypoint=bash malice/fileinfo
root@1e365614ba9a:/malware# ssdeep befb88b89c2eb401900a68e9f5b78764203f2b48264fcc3f7121bf04a57fd408
ssdeep,1.1--blocksize:hash:hash,filename
768:15jQ4nVHQaeO379u4XckKVCsknBN9A4hUnDxDiNZ957ZpK0IUUiM95Zdz:15jQ4nVHQaeO9uwckKuBN9A4UnDxcbFi,"/malware/befb88b89c2eb401900a68e9f5b78764203f2b48264fcc3f7121bf04a57fd408"
^ That is what I see when I run it, but I need to know what happens when you run it.
Thank you.
from malice.
The sample is available in VT.
root@malice:~# docker run -it --rm -v `pwd`:/malware --entrypoint=bash malice/fileinfo
root@4893a7144547:/malware# ssdeep befb88b89c2eb401900a68e9f5b78764203f2b48264fcc3f7121bf04a57fd408
ssdeep,1.1--blocksize:hash:hash,filename
768:15jQ4nVHQaeO379u4XckKVCsknBN9A4hUnDxDiNZ957ZpK0IUUiM95Zdz:15jQ4nVHQaeO9uwckKuBN9A4UnDxcbFi,"/malware/befb88b89c2eb401900a68e9f5b78764203f2b48264fcc3f7121bf04a57fd408"
from malice.
Haha this makes no sense now because the plugin should be working as you got the exact same thing as me.
Can you try this please:
$ docker run --rm -v `pwd`:/malware malice/fileinfo -t befb88b89c2eb401900a68e9f5b78764203f2b48264fcc3f7121bf04a57fd408
from malice.
BANG!!!
docker run --rm -v `pwd`:/malware malice/fileinfo -t befb88b89c2eb401900a68e9f5b78764203f2b48264fcc3f7121bf04a57fd408
panic: runtime error: index out of range [recovered]
panic: runtime error: index out of range
goroutine 1 [running]:
panic(0x819620, 0xc420014080)
/usr/lib/go-1.7/src/runtime/panic.go:500 +0x1a1
github.com/urfave/cli.HandleAction.func1(0xc420049be8)
/go/src/github.com/urfave/cli/app.go:478 +0x247
panic(0x819620, 0xc420014080)
/usr/lib/go-1.7/src/runtime/panic.go:458 +0x243
main.ParseSsdeepOutput(0x0, 0x0, 0xc420049608, 0x1)
/go/src/github.com/maliceio/malice-fileinfo/scan.go:74 +0xd7
main.main.func1(0xc42008c780, 0x0, 0x0)
/go/src/github.com/maliceio/malice-fileinfo/scan.go:192 +0x161
reflect.Value.call(0x7fe0a0, 0x8d7be0, 0x13, 0x8980fd, 0x4, 0xc420049ba8, 0x1, 0x1, 0x4ca688, 0x884ba0, ...)
/usr/lib/go-1.7/src/reflect/value.go:434 +0x5c8
reflect.Value.Call(0x7fe0a0, 0x8d7be0, 0x13, 0xc420049ba8, 0x1, 0x1, 0x8d7b28, 0x0, 0x0)
/usr/lib/go-1.7/src/reflect/value.go:302 +0xa4
github.com/urfave/cli.HandleAction(0x7fe0a0, 0x8d7be0, 0xc42008c780, 0x0, 0x0)
/go/src/github.com/urfave/cli/app.go:487 +0x1e0
github.com/urfave/cli.(*App).Run(0xc4200e0000, 0xc42000c210, 0x3, 0x3, 0x0, 0x0)
/go/src/github.com/urfave/cli/app.go:245 +0x59b
main.main()
/go/src/github.com/maliceio/malice-fileinfo/scan.go:227 +0x56c
from malice.
So I hardened the malice/fileinfo plugin against weird errors so it should work now. Can you do a:
malice plugin update fileinfo
For the issue that won't die !!!!! ☠️
from malice.
root@malice:~# docker run --rm -v `pwd`:/malware malice/fileinfo -t befb88b89c2eb401900a68e9f5b78764203f2b48264fcc3f7121bf04a57fd408
panic: runtime error: slice bounds out of range [recovered]
panic: runtime error: slice bounds out of range
goroutine 1 [running]:
panic(0x819720, 0xc420014090)
/usr/lib/go-1.7/src/runtime/panic.go:500 +0x1a1
github.com/urfave/cli.HandleAction.func1(0xc420051be8)
/go/src/github.com/urfave/cli/app.go:478 +0x247
panic(0x819720, 0xc420014090)
/usr/lib/go-1.7/src/runtime/panic.go:458 +0x243
main.ParseTRiDOutput(0xc42010c070, 0x64, 0xc4200515f8, 0x1, 0x1)
/go/src/github.com/maliceio/malice-fileinfo/scan.go:94 +0x290
main.main.func1(0xc42007e780, 0x0, 0x0)
/go/src/github.com/maliceio/malice-fileinfo/scan.go:209 +0x200
reflect.Value.call(0x7fe0e0, 0x8d7c40, 0x13, 0x89825d, 0x4, 0xc420051ba8, 0x1, 0x1, 0x4ca738, 0x884d20, ...)
/usr/lib/go-1.7/src/reflect/value.go:434 +0x5c8
reflect.Value.Call(0x7fe0e0, 0x8d7c40, 0x13, 0xc420051ba8, 0x1, 0x1, 0x8d7b88, 0x0, 0x0)
/usr/lib/go-1.7/src/reflect/value.go:302 +0xa4
github.com/urfave/cli.HandleAction(0x7fe0e0, 0x8d7c40, 0xc42007e780, 0x0, 0x0)
/go/src/github.com/urfave/cli/app.go:487 +0x1e0
github.com/urfave/cli.(*App).Run(0xc4200d2000, 0xc42000c210, 0x3, 0x3, 0x0, 0x0)
/go/src/github.com/urfave/cli/app.go:245 +0x59b
main.main()
/go/src/github.com/maliceio/malice-fileinfo/scan.go:243 +0x56c
from malice.
😧 this ... this can't be... it's... it's not possible !?
Can you run this:
docker run -it --rm -v `pwd`:/malware --entrypoint=bash malice/fileinfo -c "ls -lah"
Also,
I have also added some debug logging:
Can you do a malice plugin update fileinfo
again and try again with the verbose flag set:
docker run --rm -v `pwd`:/malware malice/fileinfo -V -t befb88b89c2eb401900a68e9f5b78764203f2b48264fcc3f7121bf04a57fd408
from malice.
root@malice:~# docker run -it --rm -v pwd
:/malware --entrypoint=bash malice/fileinfo -c "ls -lah"
total 104K
drwx------ 4 root root 4.0K Oct 8 22:31 .
drwxr-xr-x 42 root root 4.0K Oct 8 22:41 ..
-rw------- 1 root root 8.2K Oct 8 22:20 .bash_history
-rw-r--r-- 1 root root 3.3K Oct 5 18:40 .bashrc
drwxr-xr-x 3 root root 4.0K Oct 8 22:31 .malice
-rw-r--r-- 1 root root 140 Feb 20 2014 .profile
-rw------- 1 root root 4.9K Oct 8 22:31 .viminfo
-rwxrwxrwx 1 root root 40K Oct 5 18:18 befb88b89c2eb401900a68e9f5b78764203f2b48264fcc3f7121bf04a57fd408
-rw-r--r-- 1 root root 19K Oct 6 22:31 befb88b89c2eb401900a68e9f5b78764203f2b48264fcc3f7121bf04a57fd408.gz
drwxr-xr-x 5 root root 4.0K Oct 5 17:00 go
ShadowServer
- Not found
2016/10/08 22:44:06 open befb88b89c2eb401900a68e9f5b78764203f2b48264fcc3f7121bf04a57fd408: permission denied
2016/10/08 22:44:06 exit status 1
2016/10/08 22:44:07 could not open fileF-PROT
The file is under root with full permissions.
Changed the location of file to a different path /home/xxx
root@malice:/home/xxx# docker run -it --rm -v pwd
:/malware --entrypoint=bash malice/fileinfo -c "ls -lah"
total 68K
drwxr-xr-x 3 1000 1000 4.0K Oct 8 22:39 .
drwxr-xr-x 42 root root 4.0K Oct 8 22:46 ..
-rw------- 1 1000 1000 50 Oct 8 22:03 .bash_history
-rw-r--r-- 1 1000 1000 220 Oct 5 16:40 .bash_logout
-rw-r--r-- 1 1000 1000 3.6K Oct 5 16:40 .bashrc
drwx------ 2 1000 1000 4.0K Oct 5 16:41 .cache
-rw-r--r-- 1 1000 1000 675 Oct 5 16:40 .profile
-rwxrwxrwx 1 1000 1000 40K Oct 8 22:39 befb88b89c2eb401900a68e9f5b78764203f2b48264fcc3f7121bf04a57fd408
root@malice:/home/xxx# malice scan befb88b89c2eb401900a68e9f5b78764203f2b48264fcc3f7121bf04a57fd408
...snip...
ShadowServer
- Not found
2016/10/08 22:47:11 exit status 1
2016/10/08 22:47:11 open befb88b89c2eb401900a68e9f5b78764203f2b48264fcc3f7121bf04a57fd408: permission denied
...snip...
from malice.
I think you might have a docker container holding on to the file.
What is the output of this:
docker ps -a
from malice.
Killed the existing running docker containers
root@malice:~# docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
root@malice:~#
Can't find the file ?
root@malice:~# docker run --rm -v `pwd`:/malware malice/fileinfo -V -t befb88b89c2eb401900a68e9f5b78764203f2b48264fcc3f7121bf04a57fd408
time="2016-10-08T22:57:45Z" level=debug msg="ssdeep lines: []"
time="2016-10-08T22:57:45Z" level=debug msg="TRiD lines: [ TrID/32 - File Identifier v2.24 - (C) 2003-16 By M.Pontello * Error: found no file(s) to analyze! ]"
panic: runtime error: slice bounds out of range [recovered]
panic: runtime error: slice bounds out of range
goroutine 1 [running]:
panic(0x819720, 0xc420016090)
/usr/lib/go-1.7/src/runtime/panic.go:500 +0x1a1
github.com/urfave/cli.HandleAction.func1(0xc4200fbbd8)
/go/src/github.com/urfave/cli/app.go:478 +0x247
panic(0x819720, 0xc420016090)
/usr/lib/go-1.7/src/runtime/panic.go:458 +0x243
main.ParseTRiDOutput(0xc42010e000, 0x64, 0xc4200fb5e8, 0x1, 0x1)
/go/src/github.com/maliceio/malice-fileinfo/scan.go:97 +0x3c0
main.main.func1(0xc42008c780, 0x0, 0x0)
/go/src/github.com/maliceio/malice-fileinfo/scan.go:212 +0x200
reflect.Value.call(0x7fe0e0, 0x8d7ca0, 0x13, 0x89825d, 0x4, 0xc4200fbb98, 0x1, 0x1, 0x4cab08, 0x884d20, ...)
/usr/lib/go-1.7/src/reflect/value.go:434 +0x5c8
reflect.Value.Call(0x7fe0e0, 0x8d7ca0, 0x13, 0xc4200fbb98, 0x1, 0x1, 0x8d7be8, 0x0, 0x0)
/usr/lib/go-1.7/src/reflect/value.go:302 +0xa4
github.com/urfave/cli.HandleAction(0x7fe0e0, 0x8d7ca0, 0xc42008c780, 0x0, 0x0)
/go/src/github.com/urfave/cli/app.go:487 +0x1e0
github.com/urfave/cli.(*App).Run(0xc4200e0000, 0xc42000c1c0, 0x4, 0x4, 0x0, 0x0)
/go/src/github.com/urfave/cli/app.go:245 +0x59b
main.main()
/go/src/github.com/maliceio/malice-fileinfo/scan.go:246 +0x56c
root@malice:~# docker run -it --rm -v `pwd`:/malware --entrypoint=bash malice/fileinfo -c "ls -lah"
total 104K
drwx------ 4 root root 4.0K Oct 8 22:31 .
drwxr-xr-x 42 root root 4.0K Oct 8 22:58 ..
-rw------- 1 root root 8.2K Oct 8 22:20 .bash_history
-rw-r--r-- 1 root root 3.3K Oct 5 18:40 .bashrc
drwxr-xr-x 3 root root 4.0K Oct 8 22:31 .malice
-rw-r--r-- 1 root root 140 Feb 20 2014 .profile
-rw------- 1 root root 4.9K Oct 8 22:31 .viminfo
-rwxrwxrwx 1 root root 40K Oct 5 18:18 befb88b89c2eb401900a68e9f5b78764203f2b48264fcc3f7121bf04a57fd408
-rw-r--r-- 1 root root 19K Oct 6 22:31 befb88b89c2eb401900a68e9f5b78764203f2b48264fcc3f7121bf04a57fd408.gz
drwxr-xr-x 5 root root 4.0K Oct 5 17:00 go
root@malice:~# pwd
/root
root@malice:~# file befb88b89c2eb401900a68e9f5b78764203f2b48264fcc3f7121bf04a57fd408
befb88b89c2eb401900a68e9f5b78764203f2b48264fcc3f7121bf04a57fd408: PE32 executable (GUI) Intel 80386, for MS Windows
from malice.
I am pretty sure this is because you are running as root
and the plugins try to step down as the user malice
before running which doesn't have perms to access the file, which is owned by root
on your host.
Try this:
$ docker run -it --rm -v `pwd`:/malware --entrypoint=bash malice/fileinfo
root@4893a7144547:/malware# /bin/info -V -t befb88b89c2eb401900a68e9f5b78764203f2b48264fcc3f7121bf04a57fd408
from malice.
So that works and produces the expected details of the file.
What would be recommended to avoid this ? Setting up a different user ? Running the file from a different folder ?
from malice.
Well running as root
is pretty damn scary especially when dealing with real malware. I am assuming you are in a VM so don't care.
What I am going to do to handle this is check at run time that the files are owned by malice by running: chown -R malice:malice /malware
right before the plugin runs.
Would that break anything else for you?
I am building a new version of the plugin now so you should do another update
and try again and see it that fixes things for you. It is so weird that it doesn't fail for the other plugins, but maybe the alpine
docker images behave differently than the debian:wheezy
ones do. Regardless, this is good to know and thank you for your help.
Hopefully we can close this bastard of an issue now.
from malice.
Agree .It's "dangerous " that is running as root but as you said it's a VM's on a controlled environment with the traffic being monitored.
No it won't break anything for me so i will put the same kind of setup/directory .
No , thank you for the hard work and patience on this. Glad that we got to the bottom on the issue. Feel free to close this fecker. Let me know once update is done .
from malice.
update is done, please try once again full malice plugin update fileinfo
and malice scan
from malice.
Oh man.....
- Not found
2016/10/08 23:53:45 exit status 1
chown: changing ownership of/malware/befb88b89c2eb401900a68e9f5b78764203f2b48264fcc3f7121bf04a57fd408': Read-only file system chown: changing ownership of
/malware/docker-elk/nodes/0/indices/.kibana/_state/state-11.st': Read-only file system
chown: changing ownership of/malware/docker-elk/nodes/0/indices/.kibana/_state': Read-only file system chown: changing ownership of
/malware/docker-elk/nodes/0/indices/.kibana/0/translog/translog-12.tlog': Read-only file system
chown: changing ownership of/malware/docker-elk/nodes/0/indices/.kibana/0/translog/translog-11.tlog': Read-only file system chown: changing ownership of
/malware/docker-elk/nodes/0/indices/.kibana/0/translog/translog-12.ckp': Read-only file system
chown: changing ownership of/malware/docker-elk/nodes/0/indices/.kibana/0/translog/translog.ckp': Read-only file system chown: changing ownership of
/malware/docker-elk/nodes/0/indices/.kibana/0/translog/translog-11.ckp': Read-only file system
chown: changing ownership of/malware/docker-elk/nodes/0/indices/.kibana/0/translog/translog-13.tlog': Read-only file system chown: changing ownership of
/malware/docker-elk/nodes/0/indices/.kibana/0/translog': Read-only file system
chown: changing ownership of/malware/docker-elk/nodes/0/indices/.kibana/0/_state/state-11.st': Read-only file system chown: changing ownership of
/malware/docker-elk/nodes/0/indices/.kibana/0/_state': Read-only file system
chown: changing ownership of/malware/docker-elk/nodes/0/indices/.kibana/0/index/_0.cfs': Read-only file system chown: changing ownership of
/malware/docker-elk/nodes/0/indices/.kibana/0/index/segments_5': Read-only file system
chown: changing ownership of/malware/docker-elk/nodes/0/indices/.kibana/0/index/_0.cfe': Read-only file system chown: changing ownership of
/malware/docker-elk/nodes/0/indices/.kibana/0/index/_0.si': Read-only file system
chown: changing ownership of/malware/docker-elk/nodes/0/indices/.kibana/0/index/write.lock': Read-only file system chown: changing ownership of
/malware/docker-elk/nodes/0/indices/.kibana/0/index': Read-only file system
chown: changing ownership of/malware/docker-elk/nodes/0/indices/.kibana/0': Read-only file system chown: changing ownership of
/malware/docker-elk/nodes/0/indices/.kibana': Read-only file system
chown: changing ownership of/malware/docker-elk/nodes/0/indices/malice/_state/state-19.st': Read-only file system chown: changing ownership of
/malware/docker-elk/nodes/0/indices/malice/_state': Read-only file system
chown: changing ownership of/malware/docker-elk/nodes/0/indices/malice/0/translog/translog-23.tlog': Read-only file system chown: changing ownership of
/malware/docker-elk/nodes/0/indices/malice/0/translog/translog-24.tlog': Read-only file system
chown: changing ownership of/malware/docker-elk/nodes/0/indices/malice/0/translog/translog-23.ckp': Read-only file system chown: changing ownership of
/malware/docker-elk/nodes/0/indices/malice/0/translog/translog.ckp': Read-only file system
chown: changing ownership of/malware/docker-elk/nodes/0/indices/malice/0/translog': Read-only file system chown: changing ownership of
/malware/docker-elk/nodes/0/indices/malice/0/_state/state-11.st': Read-only file system
chown: changing ownership of/malware/docker-elk/nodes/0/indices/malice/0/_state': Read-only file system chown: changing ownership of
/malware/docker-elk/nodes/0/indices/malice/0/index/_5p.cfs': Read-only file system
chown: changing ownership of/malware/docker-elk/nodes/0/indices/malice/0/index/_4w.fdx': Read-only file system chown: changing ownership of
/malware/docker-elk/nodes/0/indices/malice/0/index/_5y.si': Read-only file system
chown: changing ownership of/malware/docker-elk/nodes/0/indices/malice/0/index/_5p.si': Read-only file system chown: changing ownership of
/malware/docker-elk/nodes/0/indices/malice/0/index/_56_1.liv': Read-only file system
chown: changing ownership of/malware/docker-elk/nodes/0/indices/malice/0/index/_4w.nvm': Read-only file system chown: changing ownership of
/malware/docker-elk/nodes/0/indices/malice/0/index/_60.si': Read-only file system
chown: changing ownership of/malware/docker-elk/nodes/0/indices/malice/0/index/_4w.fdt': Read-only file system chown: changing ownership of
/malware/docker-elk/nodes/0/indices/malice/0/index/_60.cfs': Read-only file system
chown: changing ownership of/malware/docker-elk/nodes/0/indices/malice/0/index/_4w_Lucene50_0.tip': Read-only file system chown: changing ownership of
/malware/docker-elk/nodes/0/indices/malice/0/index/_56.si': Read-only file system
chown: changing ownership of/malware/docker-elk/nodes/0/indices/malice/0/index/_4w_Lucene50_0.doc': Read-only file system chown: changing ownership of
/malware/docker-elk/nodes/0/indices/malice/0/index/_5y.cfe': Read-only file system
chown: changing ownership of/malware/docker-elk/nodes/0/indices/malice/0/index/_5y.cfs': Read-only file system chown: changing ownership of
/malware/docker-elk/nodes/0/indices/malice/0/index/_4w_Lucene54_0.dvm': Read-only file system
chown: changing ownership of/malware/docker-elk/nodes/0/indices/malice/0/index/_60_1.liv': Read-only file system chown: changing ownership of
/malware/docker-elk/nodes/0/indices/malice/0/index/_4w_Lucene50_0.pos': Read-only file system
chown: changing ownership of/malware/docker-elk/nodes/0/indices/malice/0/index/_5p.cfe': Read-only file system chown: changing ownership of
/malware/docker-elk/nodes/0/indices/malice/0/index/_4w_Lucene50_0.tim': Read-only file system
chown: changing ownership of/malware/docker-elk/nodes/0/indices/malice/0/index/_5f.si': Read-only file system chown: changing ownership of
/malware/docker-elk/nodes/0/indices/malice/0/index/write.lock': Read-only file system
chown: changing ownership of/malware/docker-elk/nodes/0/indices/malice/0/index/_4w.fnm': Read-only file system chown: changing ownership of
/malware/docker-elk/nodes/0/indices/malice/0/index/_56.cfe': Read-only file system
chown: changing ownership of/malware/docker-elk/nodes/0/indices/malice/0/index/_4w.nvd': Read-only file system chown: changing ownership of
/malware/docker-elk/nodes/0/indices/malice/0/index/_4w.si': Read-only file system
chown: changing ownership of/malware/docker-elk/nodes/0/indices/malice/0/index/_5f.cfs': Read-only file system chown: changing ownership of
/malware/docker-elk/nodes/0/indices/malice/0/index/_56.cfs': Read-only file system
chown: changing ownership of/malware/docker-elk/nodes/0/indices/malice/0/index/_60.cfe': Read-only file system chown: changing ownership of
/malware/docker-elk/nodes/0/indices/malice/0/index/_5f.cfe': Read-only file system
chown: changing ownership of/malware/docker-elk/nodes/0/indices/malice/0/index/segments_g': Read-only file system chown: changing ownership of
/malware/docker-elk/nodes/0/indices/malice/0/index/_4w_Lucene54_0.dvd': Read-only file system
chown: changing ownership of/malware/docker-elk/nodes/0/indices/malice/0/index': Read-only file system chown: changing ownership of
/malware/docker-elk/nodes/0/indices/malice/0': Read-only file system
chown: changing ownership of/malware/docker-elk/nodes/0/indices/malice': Read-only file system chown: changing ownership of
/malware/docker-elk/nodes/0/indices': Read-only file system
chown: changing ownership of/malware/docker-elk/nodes/0/node.lock': Read-only file system chown: changing ownership of
/malware/docker-elk/nodes/0/_state/global-11.st': Read-only file system
chown: changing ownership of/malware/docker-elk/nodes/0/_state': Read-only file system chown: changing ownership of
/malware/docker-elk/nodes/0': Read-only file system
chown: changing ownership of/malware/docker-elk/nodes': Read-only file system chown: changing ownership of
/malware/docker-elk': Read-only file system
chown: changing ownership of `/malware': Read-only file system
2016/10/08 23:53:47 could not open file
from malice.
from malice.
Mate closing this fecker... Will do a correct install of malice tomorrow.
from malice.
Related Issues (20)
- Status of the project HOT 2
- Docker-compose is not working
- Docker-compose issues - logstash, kibana login
- kibana index malice not found
- Where is the output log??
- Needs more hipster <EOM>
- Can you create an API document?
- Expired certificate on demo.malice.io HOT 6
- extension of malice
- Kibana Exiting
- Segmentation Violation when updating pescan (similar to issue #59) HOT 1
- Whether the container will be destroyed HOT 4
- Automatic Virus Definition Update | According to "Issue 65"
- cmd lookup failed to store hash: Database.Plugins is empty (you must set this field to use this function)
- scan cmd failed to store file info: failed to connect to database
- Some deprecated package import HOT 1
- clarification of license and allowed usage of all plugins HOT 1
- Updating virus definitions through a file. HOT 1
- Can you elaborate on the architecture a bit? HOT 1
- WEB UI HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from malice.