qihoo360 / watchad2.0 Goto Github PK
View Code? Open in Web Editor NEWWatchAD2.0是一款针对域威胁的日志分析与监控系统
License: GNU General Public License v3.0
watchad2.0's People
Stargazers
Watchers
Forkers
shellsec y11en wangshifeng waterwei 5uper8ean driverxdw mentos33 chennqqi jumbo-wjb mikeoperfect zeoday sec-fork promisenodieforever x-tfrk jummyliu dogadmin jeromeyoung shigophilo awsl-zm 485653 starrysec classic130 git-stateless zhangkaibin0921 ir0nhea2t ethancck cgaii qqlover whiteodin crj0b luckyt0mat0 getcode2git changheluor007 a3vilc0de hipepper bigbrobro haiandaxia msss-14 nanaao futurefangyuan niummm wslxy shellb0y vinceyxl wangdy326163 patrickstarwow 0xo7 gysf666 crackercat u-raison fuckingawsomeblueteam yizhimanpadewoniu liiqii dmw11525708 mseaspring andyoulovexy zerone0x01watchad2.0's Issues
Web界面登录提示:“数据库中不存在该用户”
大佬们好,请帮忙分析下我这环境的问题原因。
由于需要导入模拟器中,所以对部分配置做了修改。
1、网络拓扑。
watchad:10.1.2.104
ad:10.1.1.101
watchad和域控网络可达,可以ping通,直接在域控上访问http://10.1.2.104
———————————————————————————————————————————————————————
2、.env 文件:
root@watchadmin:/opt/watchadmin/WatchAD2.0-master# cat .env
#KAFKA配置,需修改为当前服务器的IP
KAFKAHOST=10.1.2.104
KAFKAADV=PLAINTEXT://10.1.2.104:9092
BROKER=10.1.2.104:9092
#Mongo配置,默认账号密码
MONGOUSER=IATP
MONGOPWD=IATP-by-360
#域控配置,其中DCUSER为域内用户的DN
DCNAME="Cancer.com"
DCSERVER=10.1.1.101
DCUSER="CN=Administrator,CN=Users,DC=Cancer,DC=com"
#DCUSER="[email protected]"
DCPWD="Aa123..."
#WEB配置,可配置为域内任意用户,或DCUSER的CN
WEBUSER="Administrator"
3、DockerFile:
root@watchadmin:/opt/watchadmin/WatchAD2.0-master# cat Dockerfile
FROM golang:1.17.1-buster as builder
# 为我们的镜像设置必要的环境变量
ENV GO111MODULE=on
GOPROXY=https://goproxy.cn,direct
WORKDIR /go/src
COPY ./ /go/src/iatp_opensource
RUN cd /go/src/iatp_opensource && go mod vendor
RUN cd /go/src/iatp_opensource && go build -o /go/iatp main.go
# 修改 --disable-legacy-registry 参数为 true
RUN if [ "$DISABLE_LEGACY_REGISTRY" = "true" ]; then
echo "disable-legacy-registry=true" >> /etc/docker/daemon.json;
fi
FROM centos
WORKDIR /home
COPY ./.env ./.env
COPY ./entrypoint.sh ./entrypoint.sh
COPY ./iatp_wbm/static ./iatp_wbm/static
COPY ./iatp_wbm/templates ./iatp_wbm/templates
COPY --from=builder /go/iatp ./iatp
COPY --from=builder /go/iatp ./iatp
RUN chmod 755 ./iatp
RUN chmod 755 ./entrypoint.sh
# 执行运行
# ./iatp run --web_start1
CMD ["./entrypoint.sh"]
#CMD ["./iatp","run","--web_start"]
———————————————————————————————————————————————————————
4、logs:
root@watchadmin:/opt/watchadmin/WatchAD2.0-master# docker logs -f -n 300 watchad20-master-iatp-1
[+] CANCER 域注册失败: 未查询到域控制器.
创建日志缓存....
[-]认证域配置失败:数据库中未注册该域信息, mongo: no documents in result
panic: runtime error: invalid memory address or nil pointer dereference
[signal SIGSEGV: segmentation violation code=0x1 addr=0x0 pc=0xe25a43]
goroutine 1 [running]:
iatp/cmd.glob..func4(0x1a7f740, {0x1039ae7, 0x5, 0x5})
/go/src/iatp_opensource/cmd/web.go:55 +0x1a3
github.com/spf13/cobra.(*Command).execute(0x1a7f740, {0xc0002132c0, 0x5, 0x5})
/go/src/iatp_opensource/vendor/github.com/spf13/cobra/command.go:860 +0x5f8
github.com/spf13/cobra.(*Command).ExecuteC(0x1a7efc0)
/go/src/iatp_opensource/vendor/github.com/spf13/cobra/command.go:974 +0x3bc
github.com/spf13/cobra.(*Command).Execute(...)
/go/src/iatp_opensource/vendor/github.com/spf13/cobra/command.go:902
iatp/cmd.Execute()
/go/src/iatp_opensource/cmd/root.go:47 +0x25
main.main()
/go/src/iatp_opensource/main.go:21 +0x17
==> engine.log <==
==> web.log <==
==> engine.log <==
{"appName":"IATP Engine","file":"iatp.go","func":"iatp/iatp.registerBypassplugins","level":"info","msg":"加载实时日志检测插件","plugin_name":"Local Dump Ntds","time":"2023-09-20 15:03:29"}
{"appName":"IATP Engine","file":"iatp.go","func":"iatp/iatp.registerBypassplugins","level":"info","msg":"加载实时日志检测插件","plugin_name":"AS-REP Abnormal Response","time":"2023-09-20 15:03:29"}
{"appName":"IATP Engine","file":"iatp.go","func":"iatp/iatp.registerBypassplugins","level":"info","msg":"加载实时日志检测插件","plugin_name":"Resource Based Constraint Delegation","time":"2023-09-20 15:03:29"}
{"appName":"IATP Engine","file":"iatp.go","func":"iatp/iatp.registerBypassplugins","level":"info","msg":"加载实时日志检测插件","plugin_name":"GPO DELEGATION","time":"2023-09-20 15:03:29"}
{"appName":"IATP Engine","file":"iatp.go","func":"iatp/iatp.registerBypassplugins","level":"info","msg":"加载实时日志检测插件","plugin_name":"Shadow Credentials","time":"2023-09-20 15:03:29"}
{"appName":"IATP Engine","file":"iatp.go","func":"iatp/iatp.registerBypassplugins","level":"info","msg":"加载实时日志检测插件","plugin_name":"SID History","time":"2023-09-20 15:03:29"}
{"appName":"IATP Engine","file":"iatp.go","func":"iatp/iatp.registerBypassplugins","level":"info","msg":"加载实时日志检测插件","plugin_name":"NEW GPO","time":"2023-09-20 15:03:29"}
{"appName":"IATP Engine","file":"iatp.go","func":"iatp/iatp.registerBypassplugins","level":"info","msg":"加载实时日志检测插件","plugin_name":"DCShadow","time":"2023-09-20 15:03:29"}
{"appName":"IATP Engine","file":"iatp.go","func":"iatp/iatp.registerBypassplugins","level":"info","msg":"加载实时日志检测插件","plugin_name":"SPN Jacking","time":"2023-09-20 15:03:29"}
{"appName":"IATP Engine","file":"iatp.go","func":"iatp/iatp.registerBypassplugins","level":"info","msg":"加载实时日志检测插件","plugin_name":"ZeroLogon","time":"2023-09-20 15:03:29"}
{"appName":"IATP Engine","file":"iatp.go","func":"iatp/iatp.registerBypassplugins","level":"info","msg":"加载实时日志检测插件","plugin_name":"samAccountName Spoofing","time":"2023-09-20 15:03:29"}
{"appName":"IATP Engine","file":"iatp.go","func":"iatp/iatp.registerBypassplugins","level":"info","msg":"加载实时日志检测插件","plugin_name":"SpoolSample","time":"2023-09-20 15:03:29"}
{"appName":"IATP Engine","file":"iatp.go","func":"iatp/iatp.registerBypassplugins","level":"info","msg":"加载实时日志检测插件","plugin_name":"Remote Code Execute","time":"2023-09-20 15:03:29"}
{"appName":"IATP Engine","file":"iatp.go","func":"iatp/iatp.registerBypassplugins","level":"info","msg":"加载实时日志检测插件","plugin_name":"Similar Dc User","time":"2023-09-20 15:03:29"}
{"appName":"IATP Engine","file":"iatp.go","func":"iatp/iatp.registerBypassplugins","level":"info","msg":"加载实时日志检测插件","plugin_name":"ADCS-ESC","time":"2023-09-20 15:03:29"}
{"appName":"IATP Engine","file":"iatp.go","func":"iatp/iatp.registerBypassplugins","level":"info","msg":"加载实时日志检测插件","plugin_name":"MS17-010","time":"2023-09-20 15:03:29"}
{"appName":"IATP Engine","file":"iatp.go","func":"iatp/iatp.registerBypassplugins","level":"info","msg":"加载实时日志检测插件","plugin_name":"DCSync","time":"2023-09-20 15:03:29"}
{"appName":"IATP Engine","file":"iatp.go","func":"iatp/iatp.registerBypassplugins","level":"info","msg":"加载实时日志检测插件","plugin_name":"Explicit Credential","time":"2023-09-20 15:03:29"}
{"appName":"IATP Engine","file":"iatp.go","func":"iatp/iatp.registerBypassplugins","level":"info","msg":"加载实时日志检测插件","plugin_name":"DSRM Change","time":"2023-09-20 15:03:29"}
{"appName":"IATP Engine","file":"iatp.go","func":"iatp/iatp.registerBypassplugins","level":"info","msg":"加载实时日志检测插件","plugin_name":"Abnormal Permissions","time":"2023-09-20 15:03:29"}
{"appName":"IATP Engine","file":"iatp.go","func":"iatp/iatp.registerBypassplugins","level":"info","msg":"加载实时日志检测插件","plugin_name":"Create Machine User","time":"2023-09-20 15:03:29"}
{"appName":"IATP Engine","file":"iatp.go","func":"iatp/iatp.registerBypassplugins","level":"info","msg":"加载实时日志检测插件","plugin_name":"Kerberoasting","time":"2023-09-20 15:03:29"}
{"appName":"IATP Engine","file":"iatp.go","func":"iatp/iatp.registerBypassplugins","level":"info","msg":"加载实时日志检测插件","plugin_name":"Clear Log","time":"2023-09-20 15:03:29"}
{"appName":"IATP Engine","file":"iatp.go","func":"iatp/iatp.registerBypassplugins","level":"info","msg":"加载实时日志检测插件","plugin_name":"Reset Account Password","time":"2023-09-20 15:03:29"}
{"appName":"IATP Engine","file":"iatp.go","func":"iatp/iatp.registerBypassplugins","level":"info","msg":"加载实时日志检测插件","plugin_name":"Close Log Service","time":"2023-09-20 15:03:29"}
{"appName":"IATP Engine","file":"iatp.go","func":"iatp/iatp.registerBypassplugins","level":"info","msg":"加载实时日志检测插件","plugin_name":"JuicyPotato","time":"2023-09-20 15:03:29"}
{"appName":"IATP Engine","file":"iatp.go","func":"iatp/iatp.registerBypassplugins","level":"info","msg":"加载实时日志检测插件","plugin_name":"NTLM Relay","time":"2023-09-20 15:03:29"}
{"appName":"IATP Engine","file":"iatp.go","func":"iatp/iatp.registerBypassplugins","level":"info","msg":"加载实时日志检测插件","plugin_name":"Certificate Active","time":"2023-09-20 15:03:29"}
{"appName":"IATP Engine","file":"iatp.go","func":"iatp/iatp.registerBypassplugins","level":"info","msg":"加载实时日志检测插件","plugin_name":"TGT Activities","time":"2023-09-20 15:03:29"}
{"appName":"IATP Engine","file":"iatp.go","func":"iatp/iatp.registerBypassplugins","level":"info","msg":"加载实时日志检测插件","plugin_name":"Skeleton Key","time":"2023-09-20 15:03:29"}
{"appName":"IATP Engine","file":"iatp.go","func":"iatp/iatp.Start","level":"info","msg":"IATP 配置加载完成","time":"2023-09-20 15:03:29"}
{"appName":"IATP Engine","file":"iatp.go","func":"iatp/iatp.Start.func3","level":"info","msg":"计划任务服务启动完成","time":"2023-09-20 15:03:29"}
{"appName":"IATP Engine","file":"iatp.go","func":"iatp/iatp.registerSourceEvent","level":"info","msg":"数据来源启动","source_name":"ITEvent","time":"2023-09-20 15:03:29"}
==> web.log <==
Now listening on: http://0.0.0.0
Application started. Press CTRL+C to shut down.
==> engine.log <==
2023/09/20 15:29:38 Sarama consumer up and running!...
==> web.log <==
2023/09/20 15:29:45 net/http: invalid Cookie.Domain ".2.104"; dropping domain attribute
———————————————————————————————————————————————————————
5、docker ps:
root@watchadmin:/opt/watchadmin/WatchAD2.0-master# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
ae462e82893a watchad20-master-iatp "./entrypoint.sh" 11 minutes ago Up 11 minutes watchad20-master-iatp-1
68ef7e72add5 wurstmeister/kafka "start-kafka.sh" 11 minutes ago Up 11 minutes 0.0.0.0:9092->9092/tcp, :::9092->9092/tcp watchad20-master-kafka-1
705fae2ec29b wurstmeister/zookeeper "/bin/sh -c '/usr/sb…" 11 minutes ago Up 11 minutes 22/tcp, 2888/tcp, 3888/tcp, 0.0.0.0:2181->2181/tcp, :::2181->2181/tcp watchad20-master-zookeeper-1
f206162b28a1 mongo:4.2 "docker-entrypoint.s…" 11 minutes ago Up 11 minutes 0.0.0.0:27017->27017/tcp, :::27017->27017/tcp watchad20-master-mongo-1
———————————————————————————————————————————————————————
6、docker compose.yml:
root@watchadmin:/opt/watchadmin/WatchAD2.0-master# cat docker-compose.yml
version: '3'
services:
zookeeper:
image: wurstmeister/zookeeper
ports:
- "2181:2181"
kafka:
image: wurstmeister/kafka
ports:
- "9092:9092"
depends_on:
- zookeeper
environment:
# client 要访问的 broker 地址
KAFKA_ADVERTISED_HOST_NAME: ${KAFKAHOST}
KAFKA_BROKER_ID: 1
# 通过端口连接 zookeeper
KAFKA_ZOOKEEPER_CONNECT: zookeeper:2181
# 外部网络只能获取到容器名称,在内外网络隔离情况下
# 通过名称是无法成功访问 kafka 的
# 因此需要通过绑定这个监听器能够让外部获取到的是 IP
KAFKA_ADVERTISED_LISTENERS: ${KAFKAADV}
# kafka 监听器,告诉外部连接者要通过什么协议访问指定主机名和端口开放的 Kafka 服务。
KAFKA_LISTENERS: PLAINTEXT://0.0.0.0:9092
# 设置 kafka 日志位置
KAFKA_LOG_DIRS: "/kafka/logs"
volumes:
- ./data/kafka/logs:/kafka/logs
mongo:
image: mongo:4.2
ports:
- "27017:27017"
environment:
MONGO_INITDB_ROOT_USERNAME: ${MONGOUSER}
MONGO_INITDB_ROOT_PASSWORD: ${MONGOPWD}
volumes:
- ./data/mongo:/data/db
iatp:
build: .
network_mode: host
depends_on:
- kafka
- mongo
———————————————————————————————————————————————————————
7、域控配置:
———————————————————————————————————————————————————————
不知道为什么注册失败,也看其他issue的回答,尝试更改.env文件,但是还是不成功,请帮忙分析下原因。十分感谢。
数据源输出配置影响实时威胁正常告警
{ "Address": "x.x.x.x:9092", "Topic": "ad_out" }
这块配置后,不仅topic接受不到数据,实时威胁的告警也不吐了
{
"Address": "",
"Topic": ""
}
置空后恢复正常告警
问题咨询
Hi、花了两天完成了手动搭建,在5、初始化kafka消费者配置 修改为与kafka集群匹配的Brokers、Topic、Group等信息时,复制的命令提示参数-source无效。根据help显示及6、7。发现-source需要放在前面 改为 ./main source init --sourcename ITEvent
还想咨询下有测试接入sysmon的日志么?有没有规则文件可以参考下。
请问下,web页面的默认账户密码是什么?
用docker搭建好了,但没法登录,不知道web页面的账户密码,麻烦告知下,谢谢
求助,未查询到域控
域控为windows server2022,搭建好后,web页面登陆数据库中没有用户,进入docker容器后重新初始化,显示无法查询到域控,具体如下:
是因为linux没有加入到域的原因吗 ???还是和windows server2022有关呀
具体.env如下:
#KAFKA配置,需修改为当前服务器的IP
KAFKAHOST=192.168.131.128
KAFKAADV=PLAINTEXT://192.168.131.128:9092
BROKER=192.168.131.128:9092
#Mongo配置,默认账号密码
MONGOUSER=IATP
MONGOPWD=IATP-by-360
#域控配置,其中DCUSER为域内用户的DN
DCNAME="zgtest.local"
DCSERVER=192.168.131.131
DCUSER="CN=Administrator,CN=Users,DC=zgtest,DC=local"
DCPWD="Admin123"
#WEB配置,可配置为域内任意用户,或DCUSER的CN
WEBUSER="Administrator"
如何对删除AD对象动作进行告警?
如何对删除AD对象动作进行告警?
server端kafka接收到数据但web端无数据
server端已成功部署服务,LDAP登陆WEB也可以进入后台,可以看到系统配置中接入域相关配置、数据源输入配置,但是无法看到实时威胁里的内容
能否支持双域
大佬 ,目前能否支持双域呢,需要部署2套系统吗
请问登陆时,容器日志有如下报错,怎么解决
==> web.log <==
[HTTP Server] http: panic serving 192.168.23.1:58289: runtime error: invalid memory address or nil pointer dereference
goroutine 53 [running]:
net/http.(*conn).serve.func1(0xc00056ad20)
/usr/local/go/src/net/http/server.go:1801 +0x147
panic(0x11860a0, 0x1d003b0)
/usr/local/go/src/runtime/panic.go:975 +0x47a
go.mongodb.org/mongo-driver/mongo.(*Cursor).closeImplicitSession(0x0)
/go/src/iatp_opensource/vendor/go.mongodb.org/mongo-driver/mongo/cursor.go:267 +0x22
panic(0x11860a0, 0x1d003b0)
/usr/local/go/src/runtime/panic.go:969 +0x1b9
go.mongodb.org/mongo-driver/mongo.(*Cursor).Close(0x0, 0x157a3e0, 0xc0000ae048, 0x0, 0x0)
/go/src/iatp_opensource/vendor/go.mongodb.org/mongo-driver/mongo/cursor.go:180 +0x51
panic(0x11860a0, 0x1d003b0)
/usr/local/go/src/runtime/panic.go:969 +0x1b9
go.mongodb.org/mongo-driver/mongo.(*Cursor).All(0x0, 0x157a3e0, 0xc0000ae048, 0x10d82e0, 0xc00038c1e0, 0x0, 0x0)
/go/src/iatp_opensource/vendor/go.mongodb.org/mongo-driver/mongo/cursor.go:209 +0x1e7
iatp/iatp_wbm/repositories.(*userMemoryRepository).SearchByName(0xc00035c1c0, 0xc00035c380, 0x16, 0x12f66c4, 0x8, 0xc000389800)
/go/src/iatp_opensource/iatp_wbm/repositories/user_repository.go:46 +0xb9
iatp/iatp_wbm/services.(*userService).SearchByName(0xc00026b080, 0xc00035c380, 0x16, 0xc000268050, 0xf, 0x12)
/go/src/iatp_opensource/iatp_wbm/services/user_service.go:33 +0x47
iatp/iatp_wbm/controllers.(*UserController).PostLogin(0xc0003a8600, 0x0, 0x0)
/go/src/iatp_opensource/iatp_wbm/controllers/user_controller.go:118 +0xed
reflect.Value.call(0x1229fa0, 0xc0003a8600, 0x1613, 0x12f07c5, 0x4, 0x1d68040, 0x0, 0x0, 0x7, 0xc000607800, ...)
/usr/local/go/src/reflect/value.go:476 +0x8c7
reflect.Value.Call(0x1229fa0, 0xc0003a8600, 0x1613, 0x1d68040, 0x0, 0x0, 0x1613, 0xc000342740, 0x0)
/usr/local/go/src/reflect/value.go:337 +0xb9
github.com/kataras/iris/v12/mvc.(*ControllerActivator).handlerOf.func2(0x159eb20, 0xc0000e2fc0)
/go/src/iatp_opensource/vendor/github.com/kataras/iris/v12/mvc/controller.go:497 +0x3cb
github.com/kataras/iris/v12/context.DefaultNext(0x159eb20, 0xc0000e2fc0)
/go/src/iatp_opensource/vendor/github.com/kataras/iris/v12/context/context.go:1343 +0x10c
github.com/kataras/iris/v12/context.(*context).Next(0xc0000e2fc0)
/go/src/iatp_opensource/vendor/github.com/kataras/iris/v12/context/context.go:1352 +0x3e
github.com/kataras/iris/v12/sessions.(*Sessions).Handler.func1(0x159eb20, 0xc0000e2fc0)
/go/src/iatp_opensource/vendor/github.com/kataras/iris/v12/sessions/sessions.go:105 +0x12d
github.com/kataras/iris/v12/context.Do(0x159eb20, 0xc0000e2fc0, 0xc00026b700, 0x2, 0x2)
/go/src/iatp_opensource/vendor/github.com/kataras/iris/v12/context/context.go:1030 +0x82
github.com/kataras/iris/v12/context.(*context).Do(0xc0000e2fc0, 0xc00026b700, 0x2, 0x2)
/go/src/iatp_opensource/vendor/github.com/kataras/iris/v12/context/context.go:1217 +0x55
github.com/kataras/iris/v12/core/router.(*routerHandler).HandleRequest(0xc00038cca0, 0x159eb20, 0xc0000e2fc0)
/go/src/iatp_opensource/vendor/github.com/kataras/iris/v12/core/router/handler.go:250 +0x562
github.com/kataras/iris/v12/core/router.(*Router).BuildRouter.func1(0x15766a0, 0xc0001ac2a0, 0xc0004ce500)
/go/src/iatp_opensource/vendor/github.com/kataras/iris/v12/core/router/router.go:135 +0x8f
github.com/kataras/iris/v12/core/router.(*Router).ServeHTTP(0xc000080fa0, 0x15766a0, 0xc0001ac2a0, 0xc0004ce500)
/go/src/iatp_opensource/vendor/github.com/kataras/iris/v12/core/router/router.go:227 +0x48
net/http.serverHandler.ServeHTTP(0xc0001ac0e0, 0x15766a0, 0xc0001ac2a0, 0xc0004ce500)
/usr/local/go/src/net/http/server.go:2843 +0xa3
net/http.(*conn).serve(0xc00056ad20, 0x157a3a0, 0xc0002d79c0)
/usr/local/go/src/net/http/server.go:1925 +0x8ad
created by net/http.(*Server).Serve
/usr/local/go/src/net/http/server.go:2969 +0x36c
[HTTP Server] http: panic serving 192.168.23.1:58290: runtime error: invalid memory address or nil pointer dereference
goroutine 54 [running]:
net/http.(*conn).serve.func1(0xc00056adc0)
/usr/local/go/src/net/http/server.go:1801 +0x147
panic(0x11860a0, 0x1d003b0)
/usr/local/go/src/runtime/panic.go:975 +0x47a
go.mongodb.org/mongo-driver/mongo.(*Cursor).closeImplicitSession(0x0)
/go/src/iatp_opensource/vendor/go.mongodb.org/mongo-driver/mongo/cursor.go:267 +0x22
panic(0x11860a0, 0x1d003b0)
/usr/local/go/src/runtime/panic.go:969 +0x1b9
go.mongodb.org/mongo-driver/mongo.(*Cursor).Close(0x0, 0x157a3e0, 0xc0000ae048, 0x0, 0x0)
/go/src/iatp_opensource/vendor/go.mongodb.org/mongo-driver/mongo/cursor.go:180 +0x51
panic(0x11860a0, 0x1d003b0)
/usr/local/go/src/runtime/panic.go:969 +0x1b9
go.mongodb.org/mongo-driver/mongo.(*Cursor).All(0x0, 0x157a3e0, 0xc0000ae048, 0x10d82e0, 0xc0005bc640, 0x0, 0x0)
/go/src/iatp_opensource/vendor/go.mongodb.org/mongo-driver/mongo/cursor.go:209 +0x1e7
iatp/iatp_wbm/repositories.(*userMemoryRepository).SearchByName(0xc00035c1c0, 0xc0000be1a0, 0x16, 0x12f66c4, 0x8, 0xc0000e4360)
/go/src/iatp_opensource/iatp_wbm/repositories/user_repository.go:46 +0xb9
iatp/iatp_wbm/services.(*userService).SearchByName(0xc00026b080, 0xc0000be1a0, 0x16, 0xc000595fe0, 0xf, 0x159eb20)
/go/src/iatp_opensource/iatp_wbm/services/user_service.go:33 +0x47
iatp/iatp_wbm/controllers.(*UserController).PostLogin(0xc000095170, 0x0, 0x0)
/go/src/iatp_opensource/iatp_wbm/controllers/user_controller.go:118 +0xed
reflect.Value.call(0x1229fa0, 0xc000095170, 0x1613, 0x12f07c5, 0x4, 0x1d68040, 0x0, 0x0, 0x7, 0xc000605800, ...)
/usr/local/go/src/reflect/value.go:476 +0x8c7
reflect.Value.Call(0x1229fa0, 0xc000095170, 0x1613, 0x1d68040, 0x0, 0x0, 0x1613, 0xc000342740, 0xc00005a8b8)
/usr/local/go/src/reflect/value.go:337 +0xb9
github.com/kataras/iris/v12/mvc.(*ControllerActivator).handlerOf.func2(0x159eb20, 0xc000276900)
/go/src/iatp_opensource/vendor/github.com/kataras/iris/v12/mvc/controller.go:497 +0x3cb
github.com/kataras/iris/v12/context.DefaultNext(0x159eb20, 0xc000276900)
/go/src/iatp_opensource/vendor/github.com/kataras/iris/v12/context/context.go:1343 +0x10c
github.com/kataras/iris/v12/context.(*context).Next(0xc000276900)
/go/src/iatp_opensource/vendor/github.com/kataras/iris/v12/context/context.go:1352 +0x3e
github.com/kataras/iris/v12/sessions.(*Sessions).Handler.func1(0x159eb20, 0xc000276900)
/go/src/iatp_opensource/vendor/github.com/kataras/iris/v12/sessions/sessions.go:105 +0x12d
github.com/kataras/iris/v12/context.Do(0x159eb20, 0xc000276900, 0xc00026b700, 0x2, 0x2)
/go/src/iatp_opensource/vendor/github.com/kataras/iris/v12/context/context.go:1030 +0x82
github.com/kataras/iris/v12/context.(*context).Do(0xc000276900, 0xc00026b700, 0x2, 0x2)
/go/src/iatp_opensource/vendor/github.com/kataras/iris/v12/context/context.go:1217 +0x55
github.com/kataras/iris/v12/core/router.(*routerHandler).HandleRequest(0xc00038cca0, 0x159eb20, 0xc000276900)
/go/src/iatp_opensource/vendor/github.com/kataras/iris/v12/core/router/handler.go:250 +0x562
github.com/kataras/iris/v12/core/router.(*Router).BuildRouter.func1(0x15766a0, 0xc000284000, 0xc0001a4600)
/go/src/iatp_opensource/vendor/github.com/kataras/iris/v12/core/router/router.go:135 +0x8f
github.com/kataras/iris/v12/core/router.(*Router).ServeHTTP(0xc000080fa0, 0x15766a0, 0xc000284000, 0xc0001a4600)
/go/src/iatp_opensource/vendor/github.com/kataras/iris/v12/core/router/router.go:227 +0x48
net/http.serverHandler.ServeHTTP(0xc0001ac0e0, 0x15766a0, 0xc000284000, 0xc0001a4600)
/usr/local/go/src/net/http/server.go:2843 +0xa3
net/http.(*conn).serve(0xc00056adc0, 0x157a3a0, 0xc0002d7840)
/usr/local/go/src/net/http/server.go:1925 +0x8ad
created by net/http.(*Server).Serve
/usr/local/go/src/net/http/server.go:2969 +0x36c
[HTTP Server] http: panic serving 192.168.23.1:58568: runtime error: invalid memory address or nil pointer dereference
goroutine 182 [running]:
net/http.(*conn).serve.func1(0xc0000ecc80)
/usr/local/go/src/net/http/server.go:1801 +0x147
panic(0x11860a0, 0x1d003b0)
/usr/local/go/src/runtime/panic.go:975 +0x47a
go.mongodb.org/mongo-driver/mongo.(*Cursor).closeImplicitSession(0x0)
/go/src/iatp_opensource/vendor/go.mongodb.org/mongo-driver/mongo/cursor.go:267 +0x22
panic(0x11860a0, 0x1d003b0)
/usr/local/go/src/runtime/panic.go:969 +0x1b9
go.mongodb.org/mongo-driver/mongo.(*Cursor).Close(0x0, 0x157a3e0, 0xc0000ae048, 0x0, 0x0)
/go/src/iatp_opensource/vendor/go.mongodb.org/mongo-driver/mongo/cursor.go:180 +0x51
panic(0x11860a0, 0x1d003b0)
/usr/local/go/src/runtime/panic.go:969 +0x1b9
go.mongodb.org/mongo-driver/mongo.(*Cursor).All(0x0, 0x157a3e0, 0xc0000ae048, 0x10d82e0, 0xc00038d180, 0x0, 0x0)
/go/src/iatp_opensource/vendor/go.mongodb.org/mongo-driver/mongo/cursor.go:209 +0x1e7
iatp/iatp_wbm/repositories.(*userMemoryRepository).SearchByName(0xc00035c1c0, 0xc000320760, 0x16, 0x12f66c4, 0x8, 0xc000389d80)
/go/src/iatp_opensource/iatp_wbm/repositories/user_repository.go:46 +0xb9
iatp/iatp_wbm/services.(*userService).SearchByName(0xc00026b080, 0xc000320760, 0x16, 0xc0003097f0, 0xf, 0x159eb20)
/go/src/iatp_opensource/iatp_wbm/services/user_service.go:33 +0x47
iatp/iatp_wbm/controllers.(*UserController).PostLogin(0xc0002f7a70, 0x0, 0x0)
/go/src/iatp_opensource/iatp_wbm/controllers/user_controller.go:118 +0xed
reflect.Value.call(0x1229fa0, 0xc0002f7a70, 0x1613, 0x12f07c5, 0x4, 0x1d68040, 0x0, 0x0, 0x7, 0xc000603800, ...)
/usr/local/go/src/reflect/value.go:476 +0x8c7
reflect.Value.Call(0x1229fa0, 0xc0002f7a70, 0x1613, 0x1d68040, 0x0, 0x0, 0x1613, 0xc000342740, 0xc0000618b8)
/usr/local/go/src/reflect/value.go:337 +0xb9
github.com/kataras/iris/v12/mvc.(*ControllerActivator).handlerOf.func2(0x159eb20, 0xc00031c870)
/go/src/iatp_opensource/vendor/github.com/kataras/iris/v12/mvc/controller.go:497 +0x3cb
github.com/kataras/iris/v12/context.DefaultNext(0x159eb20, 0xc00031c870)
/go/src/iatp_opensource/vendor/github.com/kataras/iris/v12/context/context.go:1343 +0x10c
github.com/kataras/iris/v12/context.(*context).Next(0xc00031c870)
/go/src/iatp_opensource/vendor/github.com/kataras/iris/v12/context/context.go:1352 +0x3e
github.com/kataras/iris/v12/sessions.(*Sessions).Handler.func1(0x159eb20, 0xc00031c870)
/go/src/iatp_opensource/vendor/github.com/kataras/iris/v12/sessions/sessions.go:105 +0x12d
github.com/kataras/iris/v12/context.Do(0x159eb20, 0xc00031c870, 0xc00026b700, 0x2, 0x2)
/go/src/iatp_opensource/vendor/github.com/kataras/iris/v12/context/context.go:1030 +0x82
github.com/kataras/iris/v12/context.(*context).Do(0xc00031c870, 0xc00026b700, 0x2, 0x2)
/go/src/iatp_opensource/vendor/github.com/kataras/iris/v12/context/context.go:1217 +0x55
github.com/kataras/iris/v12/core/router.(*routerHandler).HandleRequest(0xc00038cca0, 0x159eb20, 0xc00031c870)
/go/src/iatp_opensource/vendor/github.com/kataras/iris/v12/core/router/handler.go:250 +0x562
github.com/kataras/iris/v12/core/router.(*Router).BuildRouter.func1(0x15766a0, 0xc0001ac380, 0xc0004cff00)
/go/src/iatp_opensource/vendor/github.com/kataras/iris/v12/core/router/router.go:135 +0x8f
github.com/kataras/iris/v12/core/router.(*Router).ServeHTTP(0xc000080fa0, 0x15766a0, 0xc0001ac380, 0xc0004cff00)
/go/src/iatp_opensource/vendor/github.com/kataras/iris/v12/core/router/router.go:227 +0x48
net/http.serverHandler.ServeHTTP(0xc0001ac0e0, 0x15766a0, 0xc0001ac380, 0xc0004cff00)
/usr/local/go/src/net/http/server.go:2843 +0xa3
net/http.(*conn).serve(0xc0000ecc80, 0x157a3a0, 0xc000315100)
/usr/local/go/src/net/http/server.go:1925 +0x8ad
created by net/http.(*Server).Serve
/usr/local/go/src/net/http/server.go:2969 +0x36c
为何大多数人都存在这个问题
看了一下列表的issues,几乎全是这个问题,肯定是有哪个地方存在问题的。
[+] XXXXXX 域注册失败: 未查询到域控制器.
创建日志缓存....
我连80端口都没有起起来呢?师傅们,这是为啥?
事件分析延迟
说明:两台域控同时向测试环境推日志 一秒大约1000条消息
测试环境配置:16核 32G
问题描述:
kafka消息积压情况:大约积压2000条左右
硬件使用情况:iatp进程占用20% 内存0.1
事件处理延迟情况: 大约延迟20分钟
线程池使用情况:event_pool、learn_pool 同时running不超过100
尝试增加kafka分区提高消费能力 并未解决问题
域注册成功,新增用户失败
配置文件信息
日志信息
[root@localhost WatchAD2.0-master]# docker logs -f -n 200 watchad20master_iatp_1
[+] HAPPYFENG 域注册成功.
[+] 数据编号: 64ccbad1b8982d534fa264bf.
{"DomainName":"happyfeng.cc","DomainServer":"192.168.131.250","KDCServerName":"ADDC01.HAPPYFENG.CC","UserName":"CN=WatchAD,CN=Users,DC=happyfeng,DC=cc","PassWord":"Happy1234","DomainControls":["ADDC01"],"NetbiosDomain":"HAPPYFENG","SSL":false}
创建日志缓存....
[-]新增用户失败:请检查域内是否存在此用户
==> engine.log <==
==> web.log <==
==> engine.log <==
{"appName":"IATP Engine","file":"iatp.go","func":"iatp/iatp.registerBypassplugins","level":"info","msg":"加载实时日志检测插件","plugin_name":"Certificate Active","time":"2023-08-04 08:08:46"}
{"appName":"IATP Engine","file":"iatp.go","func":"iatp/iatp.registerBypassplugins","level":"info","msg":"加载实时日志检测插件","plugin_name":"TGT Activities","time":"2023-08-04 08:08:46"}
{"appName":"IATP Engine","file":"iatp.go","func":"iatp/iatp.registerBypassplugins","level":"info","msg":"加载实时日志检测插件","plugin_name":"AS-REP Abnormal Response","time":"2023-08-04 08:08:46"}
{"appName":"IATP Engine","file":"iatp.go","func":"iatp/iatp.registerBypassplugins","level":"info","msg":"加载实时日志检测插件","plugin_name":"Create Machine User","time":"2023-08-04 08:08:46"}
{"appName":"IATP Engine","file":"iatp.go","func":"iatp/iatp.registerBypassplugins","level":"info","msg":"加载实时日志检测插件","plugin_name":"Close Log Service","time":"2023-08-04 08:08:46"}
{"appName":"IATP Engine","file":"iatp.go","func":"iatp/iatp.registerBypassplugins","level":"info","msg":"加载实时日志检测插件","plugin_name":"MS17-010","time":"2023-08-04 08:08:46"}
{"appName":"IATP Engine","file":"iatp.go","func":"iatp/iatp.registerBypassplugins","level":"info","msg":"加载实时日志检测插件","plugin_name":"NEW GPO","time":"2023-08-04 08:08:46"}
{"appName":"IATP Engine","file":"iatp.go","func":"iatp/iatp.registerBypassplugins","level":"info","msg":"加载实时日志检测插件","plugin_name":"DCShadow","time":"2023-08-04 08:08:46"}
{"appName":"IATP Engine","file":"iatp.go","func":"iatp/iatp.registerBypassplugins","level":"info","msg":"加载实时日志检测插件","plugin_name":"Remote Code Execute","time":"2023-08-04 08:08:46"}
{"appName":"IATP Engine","file":"iatp.go","func":"iatp/iatp.registerBypassplugins","level":"info","msg":"加载实时日志检测插件","plugin_name":"Skeleton Key","time":"2023-08-04 08:08:46"}
{"appName":"IATP Engine","file":"iatp.go","func":"iatp/iatp.registerBypassplugins","level":"info","msg":"加载实时日志检测插件","plugin_name":"NTLM Relay","time":"2023-08-04 08:08:46"}
{"appName":"IATP Engine","file":"iatp.go","func":"iatp/iatp.registerBypassplugins","level":"info","msg":"加载实时日志检测插件","plugin_name":"Similar Dc User","time":"2023-08-04 08:08:46"}
{"appName":"IATP Engine","file":"iatp.go","func":"iatp/iatp.registerBypassplugins","level":"info","msg":"加载实时日志检测插件","plugin_name":"Reset Account Password","time":"2023-08-04 08:08:46"}
{"appName":"IATP Engine","file":"iatp.go","func":"iatp/iatp.registerBypassplugins","level":"info","msg":"加载实时日志检测插件","plugin_name":"Kerberoasting","time":"2023-08-04 08:08:46"}
{"appName":"IATP Engine","file":"iatp.go","func":"iatp/iatp.registerBypassplugins","level":"info","msg":"加载实时日志检测插件","plugin_name":"Clear Log","time":"2023-08-04 08:08:46"}
{"appName":"IATP Engine","file":"iatp.go","func":"iatp/iatp.registerBypassplugins","level":"info","msg":"加载实时日志检测插件","plugin_name":"Resource Based Constraint Delegation","time":"2023-08-04 08:08:46"}
{"appName":"IATP Engine","file":"iatp.go","func":"iatp/iatp.registerBypassplugins","level":"info","msg":"加载实时日志检测插件","plugin_name":"GPO DELEGATION","time":"2023-08-04 08:08:46"}
{"appName":"IATP Engine","file":"iatp.go","func":"iatp/iatp.registerBypassplugins","level":"info","msg":"加载实时日志检测插件","plugin_name":"Shadow Credentials","time":"2023-08-04 08:08:46"}
{"appName":"IATP Engine","file":"iatp.go","func":"iatp/iatp.registerBypassplugins","level":"info","msg":"加载实时日志检测插件","plugin_name":"SPN Jacking","time":"2023-08-04 08:08:46"}
{"appName":"IATP Engine","file":"iatp.go","func":"iatp/iatp.registerBypassplugins","level":"info","msg":"加载实时日志检测插件","plugin_name":"ZeroLogon","time":"2023-08-04 08:08:46"}
{"appName":"IATP Engine","file":"iatp.go","func":"iatp/iatp.registerBypassplugins","level":"info","msg":"加载实时日志检测插件","plugin_name":"samAccountName Spoofing","time":"2023-08-04 08:08:46"}
{"appName":"IATP Engine","file":"iatp.go","func":"iatp/iatp.registerBypassplugins","level":"info","msg":"加载实时日志检测插件","plugin_name":"SpoolSample","time":"2023-08-04 08:08:46"}
{"appName":"IATP Engine","file":"iatp.go","func":"iatp/iatp.registerBypassplugins","level":"info","msg":"加载实时日志检测插件","plugin_name":"DSRM Change","time":"2023-08-04 08:08:46"}
{"appName":"IATP Engine","file":"iatp.go","func":"iatp/iatp.registerBypassplugins","level":"info","msg":"加载实时日志检测插件","plugin_name":"Abnormal Permissions","time":"2023-08-04 08:08:46"}
{"appName":"IATP Engine","file":"iatp.go","func":"iatp/iatp.registerBypassplugins","level":"info","msg":"加载实时日志检测插件","plugin_name":"Local Dump Ntds","time":"2023-08-04 08:08:46"}
{"appName":"IATP Engine","file":"iatp.go","func":"iatp/iatp.registerBypassplugins","level":"info","msg":"加载实时日志检测插件","plugin_name":"ADCS-ESC","time":"2023-08-04 08:08:46"}
{"appName":"IATP Engine","file":"iatp.go","func":"iatp/iatp.registerBypassplugins","level":"info","msg":"加载实时日志检测插件","plugin_name":"JuicyPotato","time":"2023-08-04 08:08:46"}
{"appName":"IATP Engine","file":"iatp.go","func":"iatp/iatp.registerBypassplugins","level":"info","msg":"加载实时日志检测插件","plugin_name":"DCSync","time":"2023-08-04 08:08:46"}
{"appName":"IATP Engine","file":"iatp.go","func":"iatp/iatp.registerBypassplugins","level":"info","msg":"加载实时日志检测插件","plugin_name":"Explicit Credential","time":"2023-08-04 08:08:46"}
{"appName":"IATP Engine","file":"iatp.go","func":"iatp/iatp.registerBypassplugins","level":"info","msg":"加载实时日志检测插件","plugin_name":"SID History","time":"2023-08-04 08:08:46"}
{"appName":"IATP Engine","file":"iatp.go","func":"iatp/iatp.Start","level":"info","msg":"IATP 配置加载完成","time":"2023-08-04 08:08:46"}
{"appName":"IATP Engine","file":"iatp.go","func":"iatp/iatp.Start.func3","level":"info","msg":"计划任务服务启动完成","time":"2023-08-04 08:08:46"}
{"appName":"IATP Engine","file":"iatp.go","func":"iatp/iatp.registerSourceEvent","level":"info","msg":"数据来源启动","source_name":"ITEvent","time":"2023-08-04 08:08:46"}
==> web.log <==
Now listening on: http://0.0.0.0
Application started. Press CTRL+C to shut down.
==> engine.log <==
2023/08/04 08:46:20 Sarama consumer up and running!...
env配置文件
#KAFKA配置,需修改为当前服务器的IP
KAFKAHOST=192.168.131.101
KAFKAADV=PLAINTEXT://192.168.131.101:9092
BROKER=192.168.131.101:9092
#Mongo配置,默认账号密码
MONGOUSER=IATP
MONGOPWD=IATP-by-360
#域控配置,其中DCUSER为域内用户的DN
DCNAME="happyfeng.cc"
DCSERVER=192.168.131.250
DCUSER="CN=WatchAD,CN=Users,DC=happyfeng,DC=cc"
DCPWD="Happy1234"
#WEB配置,可配置为域内任意用户,或DCUSER的CN
WEBUSER="WatchAD"
已安装成功~~~
安装步骤如下:
git项目后
创建.env文件并配置
KAFKAHOST=192.168.11.4
KAFKAADV=PLAINTEXT://192.168.11.4:9092
BROKER=192.168.11.4:9092
MONGOUSER=admin
MONGOPWD=admin123
DCNAME="goad.local"
DCSERVER=192.168.11.10
DCUSER="CN=iatptest, CN=Users, DC=goad, DC=local"
DCPWD="Test123@"
WEBUSER="iatptest"
配置文件中的iatptest用户参考创建 #16 (comment)
dcuser配置信息查询
然后执行
docker-compose build
docker-compose up -d
完成后如果还是不行进入到watchad20_iatp_1容器执行entrypoint.sh,但是是手动执行,自己修改相关配置信息
./iatp init --mongourl mongodb://admin:[email protected]:27017
./iatp init --mongourl mongodb://admin:[email protected]:27017 --domainname goad.local --domainserver 192.168.11.10 --username iatptest --password Test123@
./iatp init --mongourl mongodb://admin:[email protected]:27017 --index
./iatp web --init --authdomain goad.local --user iatptest
./iatp source --sourcename ITEvent --sourceengine event_log --brokers 192.168.11.4:9092 --topic winlogbeat --group iatp --oldest false --kafka true
nohup ./iatp run --engine_start > engine.log 2>&1 &
nohup ./iatp run --web_start > web.log 2>&1 &
# 使用tail命令持续输出日志
tail -f engine.log web.log
接下来就是配置域控策略 下载winlogbeat并接入平台即可
部署完成之后无法验证
按照文档配置完.env 之后 启动web登录提示不存在该用户
进入容器中停止进程重新执行./entrypoint.sh 日志如下
[root@localhost home]# ./entrypoint.sh
[+] xxxxx 域注册失败: 未查询到域控制器.
创建日志缓存....
[-]认证域配置失败:数据库中未注册该域信息, mongo: no documents in result
panic: runtime error: invalid memory address or nil pointer dereference
[signal SIGSEGV: segmentation violation code=0x1 addr=0x0 pc=0xe197a3]
当 WatchAD 部署在域外时,可能会产生验证问题。
测试环境
域名: testad.com
KDC: Windows Server 2012 R2
- 用户名: Administrator
- 密码: P@ssw0rd
Ubuntu20.04 ( WatchAD2, Docker部署)
Ubuntu20.04 未加入 testad.com
在部署时,.env 文件采用如下配置
#域控配置
DCNAME="testad.com"
DCSERVER=172.16.33.144
DCUSER="administrator"
DCPWD="P@ssw0rd"
此时 watchad20_iatp 存在报错 域注册失败: 未查询到域控制器, 抓包看了下是登陆凭证无效。
查询了一些 文档,感觉上是 Ubuntu 在域外的原因。修改 DCUSER 值,添加域名,即能LDAP绑定成功。
// 以下两种修改方式都可以使 LDAP 绑定成功
DCUSER = "[email protected]"
DCUSER = "testad\\administrator"
随后进入 Web 页面,使用相同的用户名,密码登陆,发现报错 Network Errror
watchad20_iatp 报错如下
HTTP Server] http: panic serving 172.16.33.1:58531: runtime error: index out of range [0] with length 0
goroutine 499 [running]:
net/http.(*conn).serve.func1(0xc0005b7680)
/usr/local/go/src/net/http/server.go:1801 +0x147
panic(0x1251060, 0xc0002c56a0)
/usr/local/go/src/runtime/panic.go:975 +0x47a
iatp/iatp_wbm/controllers.(*UserController).PostLogin(0xc0002ac960, 0x0, 0x0)
/go/src/iatp_opensource/iatp_wbm/controllers/user_controller.go:140 +0x856
看着是在验证成功后,查ldap去拿 displayName, 但是没拿到, entrys 为 nil。
// WatchAD2.0/iatp_wbm/controllers/user_controller.go
if login {
c.Session.Set("authenticated", true)
entrys := auth_client.SearchEntryByCN(user_name, []string{"displayName"}, nil)
c.Session.Set("user_name", entrys[0].GetAttributeValue("displayName"))
} else {
return mvc.Response{
Code: 500,
Object: map[string]interface{}{
"status": 500,
"msg": "验证失败",
},
}
}这里直接把 user_name 带入 ldap 查询。拿 ldp 试了下,只能为 administrator ; 而 [email protected]、testad\administrator 这两个都不行。
因此这里始终存在冲突。
- 使用
administrator无法查询到域控制器,但应该能登陆成功 - 使用
testad\administrator、[email protected]可以查询到域控制器,但登陆时会报错 "Network Error"
师傅们看下能否解决这个问题。
感谢!!!
怎么将日志转给 splunk 有配置格式吗
怎么将日志转给 splunk 有配置格式吗
这个报错怎么解决哇 师傅们
登录提示network error
抓取到报错日志如下:
mongo_1 | 2023-07-27T05:21:08.377+0000 I NETWORK [listener] connection accepted from 172.20.0.1:55860 #102 (2 connections now open)
mongo_1 | 2023-07-27T05:21:08.377+0000 I NETWORK [conn102] received client metadata from 172.20.0.1:55860 conn102: { driver: { name: "mongo-go-driver", version: "v1.8.2" }, os: { type: "linux", architecture: "amd64" }, platform: "go1.15.15" }
mongo_1 | 2023-07-27T05:21:08.378+0000 I NETWORK [listener] connection accepted from 172.20.0.1:55864 #103 (3 connections now open)
mongo_1 | 2023-07-27T05:21:08.378+0000 I NETWORK [conn103] received client metadata from 172.20.0.1:55864 conn103: { driver: { name: "mongo-go-driver", version: "v1.8.2" }, os: { type: "linux", architecture: "amd64" }, platform: "go1.15.15" }
mongo_1 | 2023-07-27T05:21:08.379+0000 I ACCESS [conn103] Supported SASL mechanisms requested for unknown user 'IATP@admin'
mongo_1 | 2023-07-27T05:21:08.379+0000 I ACCESS [conn103] SASL SCRAM-SHA-1 authentication failed for IATP on admin from client 172.20.0.1:55864 ; UserNotFound: Could not find user "IATP" for db "admin"
mongo_1 | 2023-07-27T05:21:08.380+0000 I NETWORK [conn102] end connection 172.20.0.1:55860 (2 connections now open)
mongo_1 | 2023-07-27T05:21:08.380+0000 I NETWORK [conn103] end connection 172.20.0.1:55864 (1 connection now open)
mongo_1 | 2023-07-27T05:21:08.784+0000 I NETWORK [listener] connection accepted from 172.20.0.1:55868 #104 (2 connections now open)
mongo_1 | 2023-07-27T05:21:08.784+0000 I NETWORK [conn104] received client metadata from 172.20.0.1:55868 conn104: { driver: { name: "mongo-go-driver", version: "v1.8.2" }, os: { type: "linux", architecture: "amd64" }, platform: "go1.15.15" }
iatp_1 | [HTTP Server] http: panic serving 172.19.32.6:25381: runtime error: invalid memory address or nil pointer dereference
iatp_1 | goroutine 140 [running]:
iatp_1 | net/http.(*conn).serve.func1(0xc0003db360)
iatp_1 | /usr/local/go/src/net/http/server.go:1801 +0x147
iatp_1 | panic(0x11860a0, 0x1d003b0)
iatp_1 | /usr/local/go/src/runtime/panic.go:975 +0x47a
iatp_1 | go.mongodb.org/mongo-driver/mongo.(*Cursor).closeImplicitSession(0x0)
iatp_1 | /go/src/iatp_opensource/vendor/go.mongodb.org/mongo-driver/mongo/cursor.go:267 +0x22
iatp_1 | panic(0x11860a0, 0x1d003b0)
iatp_1 | /usr/local/go/src/runtime/panic.go:969 +0x1b9
iatp_1 | go.mongodb.org/mongo-driver/mongo.(*Cursor).Close(0x0, 0x157a3e0, 0xc0000b4048, 0x0, 0x0)
iatp_1 | /go/src/iatp_opensource/vendor/go.mongodb.org/mongo-driver/mongo/cursor.go:180 +0x51
iatp_1 | panic(0x11860a0, 0x1d003b0)
iatp_1 | /usr/local/go/src/runtime/panic.go:969 +0x1b9
iatp_1 | go.mongodb.org/mongo-driver/mongo.(*Cursor).All(0x0, 0x157a3e0, 0xc0000b4048, 0x10d82e0, 0xc0003a4740, 0x0, 0x0)
iatp_1 | /go/src/iatp_opensource/vendor/go.mongodb.org/mongo-driver/mongo/cursor.go:209 +0x1e7
iatp_1 | iatp/iatp_wbm/repositories.(*userMemoryRepository).SearchByName(0xc00043fc20, 0xc0004f63ca, 0x5, 0x12f66c4, 0x8, 0xc0004e1ac0)
iatp_1 | /go/src/iatp_opensource/iatp_wbm/repositories/user_repository.go:46 +0xb9
iatp_1 | iatp/iatp_wbm/services.(*userService).SearchByName(0xc00042fb10, 0xc0004f63ca, 0x5, 0xc0004f63d9, 0xc, 0x159eb20)
iatp_1 | /go/src/iatp_opensource/iatp_wbm/services/user_service.go:33 +0x47
iatp_1 | iatp/iatp_wbm/controllers.(*UserController).PostLogin(0xc0002cccc0, 0x0, 0x0)
iatp_1 | /go/src/iatp_opensource/iatp_wbm/controllers/user_controller.go:118 +0xed
iatp_1 | reflect.Value.call(0x1229fa0, 0xc0002cccc0, 0x1613, 0x12f07c5, 0x4, 0x1d68040, 0x0, 0x0, 0x7, 0xc0005ed800, ...)
iatp_1 | /usr/local/go/src/reflect/value.go:476 +0x8c7
iatp_1 | reflect.Value.Call(0x1229fa0, 0xc0002cccc0, 0x1613, 0x1d68040, 0x0, 0x0, 0x1613, 0xc0002a9a00, 0xc00005b8b8)
iatp_1 | /usr/local/go/src/reflect/value.go:337 +0xb9
iatp_1 | github.com/kataras/iris/v12/mvc.(*ControllerActivator).handlerOf.func2(0x159eb20, 0xc0000eaab0)
iatp_1 | /go/src/iatp_opensource/vendor/github.com/kataras/iris/v12/mvc/controller.go:497 +0x3cb
iatp_1 | github.com/kataras/iris/v12/context.DefaultNext(0x159eb20, 0xc0000eaab0)
iatp_1 | /go/src/iatp_opensource/vendor/github.com/kataras/iris/v12/context/context.go:1343 +0x10c
iatp_1 | github.com/kataras/iris/v12/context.(*context).Next(0xc0000eaab0)
iatp_1 | /go/src/iatp_opensource/vendor/github.com/kataras/iris/v12/context/context.go:1352 +0x3e
iatp_1 | github.com/kataras/iris/v12/sessions.(*Sessions).Handler.func1(0x159eb20, 0xc0000eaab0)
iatp_1 | /go/src/iatp_opensource/vendor/github.com/kataras/iris/v12/sessions/sessions.go:105 +0x12d
iatp_1 | github.com/kataras/iris/v12/context.Do(0x159eb20, 0xc0000eaab0, 0xc0003c68e0, 0x2, 0x2)
iatp_1 | /go/src/iatp_opensource/vendor/github.com/kataras/iris/v12/context/context.go:1030 +0x82
iatp_1 | github.com/kataras/iris/v12/context.(*context).Do(0xc0000eaab0, 0xc0003c68e0, 0x2, 0x2)
iatp_1 | /go/src/iatp_opensource/vendor/github.com/kataras/iris/v12/context/context.go:1217 +0x55
iatp_1 | github.com/kataras/iris/v12/core/router.(*routerHandler).HandleRequest(0xc0002abb80, 0x159eb20, 0xc0000eaab0)
iatp_1 | /go/src/iatp_opensource/vendor/github.com/kataras/iris/v12/core/router/handler.go:250 +0x562
iatp_1 | github.com/kataras/iris/v12/core/router.(*Router).BuildRouter.func1(0x15766a0, 0xc00023c2a0, 0xc000321900)
iatp_1 | /go/src/iatp_opensource/vendor/github.com/kataras/iris/v12/core/router/router.go:135 +0x8f
iatp_1 | github.com/kataras/iris/v12/core/router.(*Router).ServeHTTP(0xc00007e1e0, 0x15766a0, 0xc00023c2a0, 0xc000321900)
iatp_1 | /go/src/iatp_opensource/vendor/github.com/kataras/iris/v12/core/router/router.go:227 +0x48
iatp_1 | net/http.serverHandler.ServeHTTP(0xc00023c0e0, 0x15766a0, 0xc00023c2a0, 0xc000321900)
iatp_1 | /usr/local/go/src/net/http/server.go:2843 +0xa3
iatp_1 | net/http.(*conn).serve(0xc0003db360, 0x157a3a0, 0xc0001fc300)
iatp_1 | /usr/local/go/src/net/http/server.go:1925 +0x8ad
iatp_1 | created by net/http.(*Server).Serve
iatp_1 | /usr/local/go/src/net/http/server.go:2969 +0x36c
求个讨论群
师傅搞个相关的讨论群组吧
域注册失败: 未查询到域控制器.
配置认证域LDAP 由于web 管理端依赖于LDAP进行身份验证,所以需提前配置好认证域LDAP的相关配置 ./main init --mongourl mongodb://mongo: [email protected]:27017 --domainname demo.com --domainserver 10.10.10.11 --username "IATP" --password "Pass123" --ssl
在执行这一步的时候。
[root@localhost WatchAD2.0]# ./main init --mongourl mongodb://test:[email protected]:27017 --domainname "test.com" --domainserver 192.168.17.130 --username administrator --password XXXXXXX--ssl
[+] TEST 域注册失败: 未查询到域控制器.
我确定域账号跟域的网络之间是没有任何问题的,但是就是一直提示为查询到域控制器,这个咋搞啊
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.