AIL Project 5.2 Adventures in a Linux Container
Coming out of the recent Virus Bulletin 2023 Small Talks in London, I was lucky to have been present and see more cybersecurity practitioners take notice of this cool project, especially from those who probably had never heard of it before (well, before me, at least!).
Wanting to make a fresh start after listening to some of the installation notes (there's something about hearing things first hand than on video) and fully leveraging my #HomeLab while waiting for electrical repairs to complete at the office, I started out with a fresh turnkey install of Ubuntu 22.04 LTS.
That turn(key-ed) out as not such a great idea. It appears that werkzeug.urls recently implemented some breaking changes which makes it incompatible with version of flask used in this project (issue pinned since the 5th of October 2023).
Jumping the gun a little, I hypothesized that maybe a full downgrade of the OS would result in that all things would get fixed when not using Python 3.10?
No problem! One of the points on why I think most of my future system installs on Proxmox VE are going to be LXC as doing a full OS install really takes time to do even if you've got a golden template sitting around to be cloned. This is how many of the commercial virtual private services/servers (VPS) aka hosting providers, do it. And, yes, some of them actually have Proxmox VE in the backend!
So, after shutting down the Linux container and nuking it from existence, I re-applied the same node ID and deployed Ubuntu 20.04 LTS. Doing so came with other unexpected challenges with sudo which I eventually resolved.
Alas, I'm documenting all of this in real-time as I install and we're still getting errors from Python 3.8 in the virtual environment.
This situation didn't happen in previous successful install. Something is going on >:-(
As an experiment, I downgraded flask and added Werkzeug in the requirements.txt as suggested in one of the comments, just to see what that would do:
And thankfully, the installation went through to completion!
Remember to restore the contents of requirements.txt to its original (remove additional comments and lines) prior to running the LAUNCH.sh file. The system will do a self-check and will fail to self-update, otherwise. Everything should be fine, we just needed to sidestep the earlier install dependency issue.
It should be worth noting that in order for flask to serve the web/UI that you'll need to modify the appropriate section under the file /configs/core.cfg so that it is bound to the network interface you plan to use for remote access. In my case, I wanted it to be bound to all/any interface:
Here's the moment of truth, the login page and dashboard:
The next part of the series is installing the data feeders, configuring the MISP and the Hive Project integrations, and finally get a fully working system!