Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

IntelOwl behind restrictive proxy. #257

Closed
mboaisha opened this issue Nov 16, 2020 · 3 comments
Closed

IntelOwl behind restrictive proxy. #257

mboaisha opened this issue Nov 16, 2020 · 3 comments

Comments

@mboaisha
Copy link 

NAME="CentOS Linux"
VERSION="7 (Core)"
ID="centos"
ID_LIKE="rhel fedora"
VERSION_ID="7"
PRETTY_NAME="CentOS Linux 7 (Core)"
ANSI_COLOR="0;31"
CPE_NAME="cpe:/o:centos:centos:7"
HOME_URL="https://www.centos.org/"
BUG_REPORT_URL="https://bugs.centos.org/"

CENTOS_MANTISBT_PROJECT="CentOS-7"
CENTOS_MANTISBT_PROJECT_VERSION="7"
REDHAT_SUPPORT_PRODUCT="centos"
REDHAT_SUPPORT_PRODUCT_VERSION="7"

Linux redacted 3.10.0-1160.el7.x86_64 #1 SMP Mon Oct 19 16:18:59 UTC 2020 x86_64 x86_64 x86_64 GNU/Linux

Docker: Docker version 19.03.13, build 4484c46d9d
Docker Compose: docker-compose version 1.27.4, build 40524192

So far IntelOwl is working well, looks like I am able to use "local" analyzers i.e. yara scans but not the ones requiring external API calls i.e. Pulsedive and AbuseIPDB.

I think it's something that has to do with the containers not having the proxy settings. Here is IntelOwl failing to get results from AbuseIPDB:

HTTPSConnectionPool(host='api.abuseipdb.com', port=443): Max retries exceeded with url: /api/v2/check?ipAddress=70.32.0.65&maxAgeInDays=180&verbose=True (Caused by NewConnectionError('<urllib3.connection.VerifiedHTTPSConnection object at 0x7f64581e52d0>: Failed to establish a new connection: [Errno 101] Network is unreachable'))

Is there a way I could get the containers to "talk" with the proxy? Not sure how to edit the docker-compose.yml file to "save" the proxy settings.
@mlodic
Copy link
Member

mlodic commented Nov 16, 2020

Hey @mboaisha, this issue is not related to IntelOwl but to your infrastructure. I should close this.

However check this docs and let me know: https://docs.docker.com/network/proxy/#configure-the-docker-client

@mboaisha
Copy link
Author

mboaisha commented Nov 16, 2020
edited
Loading

I reconfigured Docker's proxy settings and now I get SSL errors.... I added the proxy's certificate to the host machine's store and it still would not work....

edit: Here is an example from an AbuseIPDB API call: HTTPSConnectionPool(host='api.abuseipdb.com', port=443): Max retries exceeded with url: /api/v2/check?ipAddress=164.52.24.162&maxAgeInDays=180&verbose=True (Caused by SSLError(SSLCertVerificationError(1, '[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: unable to get local issuer certificate (_ssl.c:1091)')))

Also started getting this error.

image

Not sure where to proceed from here.

@mlodic
Copy link
Member

mlodic commented Nov 17, 2020

The message you found is related to an open issue intelowlproject/IntelOwl-ng#61, nothing to worry about. The application still works correctly.

Check this to resolve the SSL certificate issue: https://stackoverflow.com/questions/20267339/docker-behind-proxy-that-changes-ssl-certificate.

As said before this is not related to IntelOwl issue so I am closing this.

@mlodic mlodic closed this as completed Nov 17, 2020
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@mboaisha @mlodic