So in my local.bro file I have
@load packages <---- line 119
When I run zeekctl check I get
manager scripts failed.
fatal error in /usr/local/bro/site/local.bro, line 119: can't find packages
which makes me think there is be a package it cannot load either
because of corruption or said package is just not there. Is there a
way to crank up the verbose level so I can see what it was doing when
it went boink?
'packages' will exist if you've used bro-pkg/zkg to install any
packages. If you haven't used the package manager to install any
packages then you don't have a packages directory and trying to load
it will fail.
'packages' will exist if you've used bro-pkg/zkg to install any
packages. If you haven't used the package manager to install any
packages then you don't have a packages directory and trying to load
it will fail.
In that case, I think I am in trouble because I did use zkg to
install a few packages:
zkg install --force --nodeps domain-tld top-dns \
bro-shellshock \
venom \
file-extraction \
add-node-names \
zeek-cryptomining \
bro-doctor \
bro-interface-setup \
credit-card-exposure \
ssn-exposure
Ah, ok, in that case the zkg config might be wrong. A step people
often miss is running
zkg autoconfig
to have zkg discover where zeek is installed and where it should
install things too. check your ~/.zkg/config and verify if
script_dir points to your zeek installation. If not, running zkg
autoconfig and reinstalling the packages should fix things.
What's the output of `zkg config` ?
Did you previously run `zkg autoconfig` ?
If you don't do any configuration, the default location for zkg to
install packages is in $HOME/.zkg rather than inside your Zeek install
prefix and could explain why your `@load packages` doesn't find
anything.
- Jon
Thanks for everyone's replies! Yes, I was indeed missing `zkg
autoconfig` as you all guessed. After running I have
[root@bro scratch]# zkg config
[sources]
zeek = https://github.com/zeek/packages
[paths]
state_dir = /root/.zkg
script_dir = /usr/local/bro/share/bro/site
plugin_dir = /usr/local/bro/lib/bro/plugins
zeek_dist = /usr/local/bro
[root@bro scratch]#
I then installed the packages and then ran `broctl check` whose errors
now at least indicate I have progress:
[root@bro scratch]# broctl check
Hint: Run the broctl "deploy" command to get started.
manager scripts failed.
error in /usr/local/bro/share/bro/site/packages/__load__.bro, line 3:
Failed to open package
'/usr/local/bro/share/bro/site/packages/./add-node-names': missing
'__load__.bro' file
fatal error in /usr/local/bro/share/bro/site/packages/__load__.bro,
line 3: can't open
/usr/local/bro/share/bro/site/packages/./add-node-names/__load__.bro
[...]
[root@bro scratch]#
Now, if I look at __load__.bro
[root@bro scratch]# cat /usr/local/bro/share/bro/site/packages/__load__.bro
# WARNING: This file is managed by zkg.
# Do not make direct modifications here.
@load ./add-node-names
@load ./bro-shellshock
@load ./credit-card-exposure
@load ./domain-tld
@load ./file-extraction
@load ./ssn-exposure
@load ./top-dns
@load ./venom
@load ./zeek-cryptomining
[root@bro scratch]#
all is it doing is loading files off the
/usr/local/bro/share/bro/site/packages/ dir
[root@bro scratch]# ls -l /usr/local/bro/share/bro/site/packages/
total 8
-rw-r--r-- 1 root root 98 Mar 31 19:24 README
lrwxrwxrwx 1 root root 13 Apr 1 11:56 __load__.bro -> packages.zeek
lrwxrwxrwx 1 root root 13 Apr 1 11:56 __load__.zeek -> packages.zeek
drwxr-xr-x 2 root root 54 Mar 31 19:28 add-node-names
drwxr-xr-x 2 root root 95 Mar 31 19:27 bro-shellshock
drwxr-xr-x 2 root root 62 Mar 31 19:28 credit-card-exposure
drwxr-xr-x 2 root root 62 Mar 31 19:27 domain-tld
drwxr-xr-x 3 root root 106 Mar 31 19:27 file-extraction
lrwxrwxrwx 1 root root 13 Apr 1 11:56 packages.bro -> packages.zeek
-rw-r--r-- 1 root root 276 Apr 1 11:56 packages.zeek
drwxr-xr-x 2 root root 42 Mar 31 19:28 ssn-exposure
drwxr-xr-x 2 root root 42 Mar 31 19:27 top-dns
drwxr-xr-x 2 root root 60 Mar 31 19:27 venom
drwxr-xr-x 3 root root 112 Mar 31 19:28 zeek-cryptomining
[root@bro scratch]#
I do not know how it is going from that to trying to open
/usr/local/bro/share/bro/site/packages/./add-node-names/__load__.bro
Ah, you're trying to install some packages that have been updated to
work with zeek on an older bro installation. Can you upgrade to zeek
3.0.3 ?
Ah, you're trying to install some packages that have been updated to
work with zeek on an older bro installation. Can you upgrade to zeek
3.0.3 ?
Unfortunately not as of now. A few months later, maybe. Am I SOL
or there is a way to get the older versions of said packages if that
is what it takes?
You can try `zkg install --version ...` (see [1]) but I don't know
what version of the particular package(s) in question may work.
Alternatively, you can always fork, make the required changes and then
install your version.
- Jon
[1] https://docs.zeek.org/projects/package-manager/en/stable/zkg.html#install