dropbox / securitybot Goto Github PK

I've followed the setup instructions in a fresh virtualenv and tried to run main.py
It connects to the Slack API successfully, creates securitybot, loads configuration, and starts the RTM session.
Then it issues a couple hundred warnings "Recovering from lost MySQL connection" and crashes. Here is a truncated traceback:

Traceback (most recent call last):
  File "main.py", line 45, in <module>
    main()
  File "main.py", line 41, in main
    sb = SecurityBot(chat, tasker, duo_builder, REPORTING_CHANNEL, 'config/bot.yaml')
  File "/securitybot/securitybot/bot.py", line 95, in __init__
    self.blacklist = SQLBlacklist()
  File "/securitybot/securitybot/blacklist/sql_blacklist.py", line 17, in __init__
    names = SQLEngine.execute('SELECT * FROM blacklist')
  File "/securitybot/securitybot/sql.py", line 79, in execute
    return SQLEngine.execute(query, params)

Those last two lines repeat a couple hundred times and then

  File "/securitybot/securitybot/sql.py", line 78, in execute
    SQLEngine._db)
  File "/securitybot/securitybot/sql.py", line 51, in _create_engine
    db=db)
  File "/usr/local/lib/python2.7/dist-packages/MySQLdb/__init__.py", line 81, in Connect
    return Connection(*args, **kwargs)
  File "/usr/local/lib/python2.7/dist-packages/MySQLdb/connections.py", line 193, in __init__
    super(Connection, self).__init__(*args, **kwargs2)
_mysql_exceptions.OperationalError: (1040, 'Too many connections')

While the user defined on line 93 of sql.py (why is this setting buried?) has full rights to the database, no tables are created.

Just started using the tool as a POC but getting crashes of main.py due to no duo keys (do not have this service)

How and Can I turn off this component for now?

Hello,

Thanks for putting this project out there!

I came across this project from this tech blog: https://blogs.dropbox.com/tech/2017/02/meet-securitybot-open-sourcing-automated-security-at-scale/

It looks like this project hasn't had any activity in over a year. Just wanted to check if this is still actively being maintained, and if it's still known to work without glitches if installed today?

Thanks!
Dave

Super great project, thanks so much for releasing it open source. I was going to spin up one of my own but it's clear this project is WAY better than mine would have ever been. So related to that, I'm happy to give you the pypi 'securitybot' project (https://pypi.python.org/pypi/securitybot). Just email me at [email protected] and we'll setup the 'switch'. :)

I would like to get some assistance with a small issue I am facing (not strong in python). I have tried using pip install SQLEngine and even went on to install SQLAlchemy but I can't seem to go past this stage when I run python main.py

Can you please help

└> python2.7 main.py Traceback (most recent call last): File "main.py", line 4, in <module> from securitybot.bot import SecurityBot File "/Users/pathXXXX/securitybot/securitybot/bot.py", line 9, in <module> from securitybot.user import User File "/Users/pathXXXX/securitybot/securitybot/user.py", line 11, in <module> import securitybot.ignored_alerts as ignored_alerts File "/Users/pathXXXX/securitybot/securitybot/ignored_alerts.py", line 6, in <module> from securitybot.sql import SQLEngine File "/Users/pathXXXX/securitybot/securitybot/sql.py", line 7, in <module> from typing import Any, Sequence ImportError: No module named typing

Thanks for open-sourcing this! It'd be nice if it was usable in Hipchat as well as Slack. :)

• Hipchat API docs

Hi, Have been able to crash the bot via "ignore last 1h1m" when no alert assigned for myself (user).

Traceback (most recent call last):
  File "main.py", line 45, in <module>
    main()
  File "main.py", line 42, in main
    sb.run()
  File "/home/ec2-user/securitybot/securitybot/bot.py", line 180, in run
    self.handle_messages()
  File "/home/ec2-user/securitybot/securitybot/bot.py", line 199, in handle_messages
    self.handle_command(user, text)
  File "/home/ec2-user/securitybot/securitybot/bot.py", line 211, in handle_command
    if cmd['fn'](self, user, args):
  File "/home/ec2-user/securitybot/securitybot/commands.py", line 69, in ignore
    if which == 'last' and user.old_tasks:
AttributeError: 'User' object has no attribute 'old_tasks'

Would be nice for those more Postgres-friendly shops (like where I work). Definitely a nice-to-have.

hello! i am a newbie. i was trying to implement security bot as my class assignment. I am getting the following error when i run main.py by following your guidelines

Traceback (most recent call last):
File "main.py", line 4, in
from securitybot.bot import SecurityBot
File "C:\securitybot-master\securitybot\bot.py", line 9, in
from securitybot.user import User
File "C:\securitybot-master\securitybot\user.py", line 9, in
import pytz
ModuleNotFoundError: No module named 'pytz'

can u please help me?

First of all thanks for publishing this, it looks useful and I'd like to give it a try soon.

Is there currently any way of external monitoring, e.g. using Prometheus? It'd be useful for making sure that securitybot runs fine from an ops perspective, but also potentially for further processing of alerts, and metrics derived from alerts.

Have alerts with actions assigned as email addresses currently, any way to do a lookup on the tool side to map email to slack users?

Could do a lookup in splunk but rather not have to maintain a CSV :)

Cheers,
AB

Hi,

I just noticed what appears to be a typo in the logging configuration.

https://github.com/dropbox/securitybot/blob/master/main.py#L24

I assume this is supposed to be urllib3.

Thank you!