Scirius - Invalid user login after docker-compose

[michal25]

After docker-compose provided by this script:

#!/bin/bash
cd /SELKS/docker
./easy-setup.sh --non-interactive -i enp0s31f6 --iA --restart-mode always --es-memory 4G --ls-memory 4G
docker-compose pull
##sudo -E docker-compose up -d
##sudo -E docker-compose up -d --force-recreate
sudo -E docker compose up -d --force-recreate

Scirius results with no user/admin login possible (screenshot)

suricata-build.txt

Password reset script works, but with no result.
https://github.com/StamusNetworks/SELKS/wiki/Docker#password-reset

Any idea to repair?

Best regards
Michal

[pevma]

If this is a fresh install the defaults should work -
https://github.com/StamusNetworks/SELKS/wiki/Docker#credentials-and-log-in

[michal25]

This is not a fresh install. It is a production install with data, updated with ./easy-setup.sh script.
Default credentials not work, the password reset (or user create) script works but no logon possible.

[michal25]

And fresh SELKS docker install
https://github.com/StamusNetworks/SELKS/wiki/Docker
gives exact the same result

[syst3]

Hi michal25,
I just tried the password reset and it works.
So you updated the old SELKS containers. How did you do that ?

[michal25]

I updated the old SELKS containers via this script:
#!/bin/bash
cd /SELKS/docker
./easy-setup.sh --non-interactive -i enp0s31f6 --iA --restart-mode always --es-memory 4G --ls-memory 4G
docker-compose pull
##sudo -E docker-compose up -d
##sudo -E docker-compose up -d --force-recreate
sudo -E docker compose up -d --force-recreate

From this point the Scirius Invalid logon issue occurs.

And now:
https://github.com/StamusNetworks/SELKS/wiki/Docker#password-reset

root@SELKS2:~# docker exec -it scirius bash
root@aeacdffe6e9e:/# python3 /opt/scirius/manage.py changepassword selks-user
CommandError: user 'selks-user' does not exist

First problem - the selks-user is not known.

so create_or_restore_scirius_superuser

root@aeacdffe6e9e:/# python3 /opt/scirius/manage.py create_or_restore_scirius_superuser -u selks-user -p selks-user
root@aeacdffe6e9e:/#

Now I restarted all selks containers via portainer and try to login via selks-user / selks-user

WOW. Now I can log in this selks/suricata probe, but no data, no rulesets, nothing.
Something is still wrong.

[michal25]

BUT!
When you update the containers again, the result will be again with
root@SELKS2:~# docker exec -it scirius bash
root@aeacdffe6e9e:/# python3 /opt/scirius/manage.py changepassword selks-user
CommandError: user 'selks-user' does not exist

[michal25]

One more thing.
The old updater script was this:
#!/bin/bash
cd /SELKS/docker
./easy-setup.sh --non-interactive -i enp0s31f6 --iA --restart-mode always --es-memory 4G --ls-memory 4G
sudo -E docker-compose up -d

(Ubuntu server 64 bit 22.04)

[michal25]

At this time I can log to one probe (but data cleared), the second probe stll refuse the login.

[michal25]

After container update in the first probe:
#471 (comment)

Result is this:
#######################

PULLING CONTAINERS

#######################

WARN[0000] /opt/SELKS/docker/docker-compose.yml: version is obsolete
[+] Pulling 34/34
✔ arkime Pulled 1.2s
✔ nginx Pulled 1.4s
✔ evebox Pulled 1.7s
✔ kibana Pulled 1.5s
✔ logstash Pulled 1.4s
✔ scirius Pulled 1.2s
✔ cron Pulled 12.4s
✔ ec99f8b99825 Already exists 0.0s
✔ 3da4f612341a Pull complete 3.2s
✔ 573b5ac68f7b Pull complete 3.3s
✔ 4bbcab15f16d Pull complete 4.7s
✔ fb41714b135e Pull complete 5.5s
✔ ee132497ed2b Pull complete 6.4s
✔ 7a116c51c9ce Pull complete 6.5s
✔ a1000f6213a9 Pull complete 6.5s
✔ 461e48505aac Pull complete 6.5s
✔ f2558ce2c794 Pull complete 7.2s
✔ 94b4b1a365ee Pull complete 7.2s
✔ bfa79ddc2d82 Pull complete 7.2s
✔ 646e00788d26 Pull complete 10.0s
✔ 0899c1bca4c0 Pull complete 10.0s
✔ 4ed4acf2a5e9 Pull complete 10.0s
✔ suricata Pulled 13.5s
✔ b47560b41596 Already exists 0.0s
✔ 4bf975ccfbeb Pull complete 9.0s
✔ 4e2af67f55aa Pull complete 10.4s
✔ 93a3ed052bbc Pull complete 10.5s
✔ f692c4c695cd Pull complete 10.5s
✔ 7a8b56d75304 Pull complete 10.5s
✔ 5471143770e0 Pull complete 10.9s
✔ a443e5318a31 Pull complete 11.4s
✔ 525315cfe71d Pull complete 11.4s
✔ 4f4fb700ef54 Pull complete 11.5s
✔ elasticsearch Pulled 1.3s

To start SELKS, run 'sudo -E docker compose up -d'

WARN[0000] /opt/SELKS/docker/docker-compose.yml: version is obsolete
[+] Running 9/9
✔ Container evebox Running 0.0s
✔ Container nginx Running 0.0s
✔ Container arkime Started 17.7s
✔ Container scirius Healthy 38.2s
✔ Container kibana Running 0.0s
✔ Container elasticsearch Running 0.0s
✔ Container cron Started 17.7s
✔ Container suricata Started 27.3s
✔ Container logstash Started 27.6s

root@suricata:~# docker exec -it scirius bash
root@c90fbff3e2e6:/# python3 /opt/scirius/manage.py changepassword selks-user

You have 141 unapplied migration(s). Your project may not work properly until you apply the migrations for app(s): accounts, auth, authtoken, contenttypes, rules, sessions, suricata.
Run 'python manage.py migrate' to apply them.
Traceback (most recent call last):
File "/root/.local/lib/python3.9/site-packages/django/db/backends/utils.py", line 84, in _execute
return self.cursor.execute(sql, params)
File "/root/.local/lib/python3.9/site-packages/django/db/backends/sqlite3/base.py", line 423, in execute
return Database.Cursor.execute(self, query, params)
sqlite3.OperationalError: no such table: auth_user

The above exception was the direct cause of the following exception:

Traceback (most recent call last):
File "/opt/scirius/manage.py", line 10, in
execute_from_command_line(sys.argv)
File "/root/.local/lib/python3.9/site-packages/django/core/management/init.py", line 419, in execute_from_command_line
utility.execute()
File "/root/.local/lib/python3.9/site-packages/django/core/management/init.py", line 413, in execute
self.fetch_command(subcommand).run_from_argv(self.argv)
File "/root/.local/lib/python3.9/site-packages/django/core/management/base.py", line 354, in run_from_argv
self.execute(*args, **cmd_options)
File "/root/.local/lib/python3.9/site-packages/django/core/management/base.py", line 398, in execute
output = self.handle(*args, options)
File "/root/.local/lib/python3.9/site-packages/django/contrib/auth/management/commands/changepassword.py", line 41, in handle
u = UserModel._default_manager.using(options['database']).get({
File "/root/.local/lib/python3.9/site-packages/django/db/models/query.py", line 431, in get
num = len(clone)
File "/root/.local/lib/python3.9/site-packages/django/db/models/query.py", line 262, in len
self._fetch_all()
File "/root/.local/lib/python3.9/site-packages/django/db/models/query.py", line 1324, in _fetch_all
self._result_cache = list(self._iterable_class(self))
File "/root/.local/lib/python3.9/site-packages/django/db/models/query.py", line 51, in iter
results = compiler.execute_sql(chunked_fetch=self.chunked_fetch, chunk_size=self.chunk_size)
File "/root/.local/lib/python3.9/site-packages/django/db/models/sql/compiler.py", line 1175, in execute_sql
cursor.execute(sql, params)
File "/root/.local/lib/python3.9/site-packages/django/db/backends/utils.py", line 66, in execute
return self._execute_with_wrappers(sql, params, many=False, executor=self._execute)
File "/root/.local/lib/python3.9/site-packages/django/db/backends/utils.py", line 75, in _execute_with_wrappers
return executor(sql, params, many, context)
File "/root/.local/lib/python3.9/site-packages/django/db/backends/utils.py", line 84, in _execute
return self.cursor.execute(sql, params)
File "/root/.local/lib/python3.9/site-packages/django/db/utils.py", line 90, in exit
raise dj_exc_value.with_traceback(traceback) from exc_value
File "/root/.local/lib/python3.9/site-packages/django/db/backends/utils.py", line 84, in _execute
return self.cursor.execute(sql, params)
File "/root/.local/lib/python3.9/site-packages/django/db/backends/sqlite3/base.py", line 423, in execute
return Database.Cursor.execute(self, query, params)
django.db.utils.OperationalError: no such table: auth_user

Of cource, I can provide
python3 /opt/scirius/manage.py migrate

and this command will migrate the python rulse, but the effect is (every time), this

python3 /opt/scirius/manage.py changepassword selks-user
CommandError: user 'selks-user' does not exist

And the nologin problem remains.

[pevma]

The upgrade should be like so https://github.com/StamusNetworks/SELKS/wiki/Docker#upgrade-all-containers

[michal25]

git pull reports an error and aborted

root@SELKS2:/SELKS/docker# git pull
hint: Pulling without specifying how to reconcile divergent branches is
hint: discouraged. You can squelch this message by running one of the following
hint: commands sometime before your next pull:
hint:
hint: git config pull.rebase false # merge (the default strategy)
hint: git config pull.rebase true # rebase
hint: git config pull.ff only # fast-forward only
hint:
hint: You can replace "git config" with "git config --global" to set a default
hint: preference for all repositories. You can also pass --rebase, --no-rebase,
hint: or --ff-only on the command line to override the configured default per
hint: invocation.
remote: Enumerating objects: 526, done.
remote: Counting objects: 100% (336/336), done.
remote: Compressing objects: 100% (133/133), done.
remote: Total 526 (delta 207), reused 299 (delta 198), pack-reused 190
Receiving objects: 100% (526/526), 157.77 KiB | 1.88 MiB/s, done.
Resolving deltas: 100% (339/339), completed with 4 local objects.
From https://github.com/StamusNetworks/SELKS
19f76ab..4af455c master -> origin/master

• [new branch] wip-selks10-v2 -> origin/wip-selks10-v2
• [new branch] wip-selks10-v3 -> origin/wip-selks10-v3
• [new tag] selks-10.0 -> selks-10.0
  Updating 19f76ab..4af455c
  error: Your local changes to the following files would be overwritten by merge:
  docker/containers-data/suricata/etc/selks6-addin.yaml
  Please commit your changes or stash them before you merge.
  Aborting
  root@SELKS2:/SELKS/docker# docker compose pull
  WARN[0000] /SELKS/docker/docker-compose.yml: version is obsolete
  [+] Pulling 9/9
  ✔ logstash Pulled 1.4s
  ✔ kibana Pulled 1.5s
  ✔ scirius Pulled 0.9s
  ✔ suricata Pulled 1.1s
  ✔ arkime Pulled 1.0s
  ✔ nginx Pulled 1.2s
  ✔ cron Pulled 1.3s
  ✔ elasticsearch Pulled 1.2s
  ✔ evebox Pulled 1.3s
  root@SELKS2:/SELKS/docker# docker compose stop
  WARN[0000] /SELKS/docker/docker-compose.yml: version is obsolete
  [+] Stopping 9/9
  ✔ Container nginx Stopped 0.4s
  ✔ Container kibana Stopped 10.6s
  ✔ Container evebox Stopped 10.5s
  ✔ Container suricata Stopped 2.0s
  ✔ Container logstash Stopped 10.6s
  ✔ Container elasticsearch Stopped 0.0s
  ✔ Container arkime Stopped 0.0s
  ✔ Container cron Stopped 10.5s
  ✔ Container scirius Stopped 10.3s
  root@SELKS2:/SELKS/docker# sudo -E docker compose up -d
  WARN[0000] /SELKS/docker/docker-compose.yml: version is obsolete
  WARN[0000] Found orphan containers ([selks-db-1]) for this project. If you removed or renamed this service in your compose file, you can run this command with the --remove-orphans flag to clean it up.
  [+] Running 9/9
  ✔ Container scirius Healthy 7.5s
  ✔ Container evebox Started 0.7s
  ✔ Container suricata Started 7.8s
  ✔ Container elasticsearch Started 0.6s
  ✔ Container kibana Started 0.7s
  ✔ Container arkime Started 0.9s
  ✔ Container nginx Started 0.8s
  ✔ Container cron Started 0.6s
  ✔ Container logstash Started 7.9s
  root@SELKS2:/SELKS/docker#

The result is still the same. No login.

[pevma]

are all containers up and running:

docker ps -a

[michal25]

No way.
I had to backup configuration files (suricata.yaml, selks6-addin.yaml)
clean all containers,
remove all containers,

Install selks/docker from scratch
and
recreate the selks superuser

Now I can run the new selks,
create new superuser,

put back the suricata.yaml, selks6-addin.yaml parameters and restart selks and suricata caintainers.
Now selks/suricata works (no data on pie graphs, but this is no problem at this time).

Here is the reinstall procedure:

`
docker compose stop

Removing containers along with their data
docker compose down -v

dpkg --purge docker-buildx-plugin docker-ce-cli docker-ce-rootless-extras docker-ce docker-compose-plugin docker wmdocker

Basic installation
git clone https://github.com/StamusNetworks/SELKS.git
cd SELKS/docker/
./easy-setup.sh
sudo -E docker compose up -d

Restarting containers
sudo docker compose restart [container-name]

Password reset
A password change and a reset can also be done from the command line:
Attach to the Scirius docker

docker exec -it scirius bash
python3 /opt/scirius/manage.py changepassword selks-user
`

[rfoard]

Thanks @michal25, your steps worked for me too.