Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

FileInfo 5.0 Dockerized .exe analysis #369

Closed
Idriel opened this issue Nov 5, 2018 · 4 comments
Closed

FileInfo 5.0 Dockerized .exe analysis #369

Idriel opened this issue Nov 5, 2018 · 4 comments

Comments

@Idriel
Copy link

Idriel commented Nov 5, 2018

Hi,

Anyone else have issues with FileInfo 5.0

It's analyzing documents well but when I try .exe (tht will go to manalyze - i pull dokcerised version not localy)

TheHive output

"errorMessage": "Invalid output\nTraceback (most recent call last):\n  File \"FileInfo/fileinfo_analyzer.py\", line 76, in <module>\n    FileInfoAnalyzer().run()\n  File \"FileInfo/fileinfo_analyzer.py\", line 64, in run\n    module_results = module.analyze_file(self.filepath)\n  File \"/opt/cortex/analyzers/FileInfo/submodules/submodule_manalyze.py\", line 137, in analyze_file\n    results = self.run_docker_manalyze(path)\n  File \"/opt/cortex/analyzers/FileInfo/submodules/submodule_manalyze.py\", line 60, in run_docker_manalyze\n    ], stdout=subprocess.PIPE)\n  File \"/usr/lib/python3.6/subprocess.py\", line 403, in run\n    with Popen(*popenargs, **kwargs) as process:\n  File \"/usr/lib/python3.6/subprocess.py\", line 709, in __init__\n    restore_signals, start_new_session)\n  File \"/usr/lib/python3.6/subprocess.py\", line 1344, in _execute_child\n    raise child_exception_type(errno_num, err_msg, err_filename)\nFileNotFoundError: [Errno 2] No such file or directory: 'docker': 'docker'\n",
  "input": null,
  "success": false,
  "artifacts": []
}

Cortex job error

Invalid output
Traceback (most recent call last):
  File "FileInfo/fileinfo_analyzer.py", line 76, in <module>
    FileInfoAnalyzer().run()
  File "FileInfo/fileinfo_analyzer.py", line 64, in run
    module_results = module.analyze_file(self.filepath)
  File "/opt/cortex/analyzers/FileInfo/submodules/submodule_manalyze.py", line 137, in analyze_file
    results = self.run_docker_manalyze(path)
  File "/opt/cortex/analyzers/FileInfo/submodules/submodule_manalyze.py", line 60, in run_docker_manalyze
    ], stdout=subprocess.PIPE)
  File "/usr/lib/python3.6/subprocess.py", line 403, in run
    with Popen(*popenargs, **kwargs) as process:
  File "/usr/lib/python3.6/subprocess.py", line 709, in __init__
    restore_signals, start_new_session)
  File "/usr/lib/python3.6/subprocess.py", line 1344, in _execute_child
    raise child_exception_type(errno_num, err_msg, err_filename)
FileNotFoundError: [Errno 2] No such file or directory: 'docker': 'docker'
@Idriel
Copy link
Author

Idriel commented Nov 5, 2018

I'll close this as it'll not work.
It'll not work as Cortex is already in docker so "docker run" cannot work. I'll install manalyze inside docker container through Dockerfile.

@Idriel Idriel closed this as completed Nov 5, 2018
@3c7
Copy link
Contributor

3c7 commented Nov 5, 2018

I'm not familar with securing docker containers, but you're able to run docker inside of docker, if you forward the docker socket to the container.

@3c7
Copy link
Contributor

3c7 commented Nov 5, 2018

See: https://jpetazzo.github.io/2015/09/03/do-not-use-docker-in-docker-for-ci/ the paragraph "The Solution"

@Idriel
Copy link
Author

Idriel commented Nov 5, 2018

I'll try it for learning purposes. Thanks.
FYI: I already compile it inside Docker container and it's working fine. :)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@3c7 @Idriel