Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Rita ignores log files that aren't explicitly at least mode 444 #30

Open
william-stearns opened this issue Aug 30, 2024 · 0 comments
Open

Rita ignores log files that aren't explicitly at least mode 444 #30

william-stearns opened this issue Aug 30, 2024 · 0 comments

Comments

@william-stearns
Copy link
Contributor

Rita runs under sudo, so it should be able to access any file on the system. Instead, when handed a directory of log files with mode 600 it returns "no valid log files found". (Confirmed that when the log files modes are changed to 644 the rita import command runs successfully and builds the database.)
Command used: rita import --database pi_zeek_2024_04_29 -l /home/wstearns/pi_zeek/2024-04-29/
Version tested: 5.0.8
The section in question appears to be

rita/cmd/import.go

Line 421 in 93b2dc5

// check if the file is readable

It's unclear to me why line 422 "_, err := afs.Open(path)" returns an error as rita running as root should be able to read this. Is it some oddity where it's running as root on the host but inside the docker container it's not (meaning the files truly are unreadable)?
Could we at least warn the user that the mode is the problem (and all files should be world readable) instead of saying "no valid log files found"?
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@william-stearns