Using 3ba59dbf5ae9cd3c1ac126db173a23ba25e427d5 (v21.10.6-5-g3ba59db):

collectors_1  | [2021-11-14 09:11:30 +0000] [1] [DEBUG] [None] [managers.collectors_manager] Sending status update...
collectors_1  | [2021-11-14 09:11:30 +0000] [1] [DEBUG] [Errno 2] No such file or directory: '/app/storage/id.txt'
collectors_1  | [2021-11-14 09:11:30 +0000] [1] [DEBUG] [None] [managers.collectors_manager] Core responded with: HTTP 0, Cannot read collector config file.

Should that file/directory be created on demand? Where should it come from?

No feeds are collected

When adding a new OSINT source, the form shows a field "Refresh interval". It is unclear for the user, which unit this is. Minutes? Seconds? Bananas?

I installed Taranis-NG on a Debian BullsEye system (manually upgraded docker-compose to 1.29) and am trying to log on to the web interface. However, the default credentials do not work. I am aware of https://github.com/SK-CERT/Taranis-NG/issues/92 so I tried installing the sample data as well. If I list the users using:

docker exec -it taranis-ng_core_1 python manage.py account --list

I get all present user accounts which include the defaults:

Id: 2 Username: admin Name: Test Administrator Roles: [2] Id: 3 Username: customer Name: Test Customer Roles: [] Id: 1 Username: user Name: Test User Roles: [1]

I even changed the password of the admin user to see whether that helps, but it did not.

Now I found that there is a significant difference between my issue and https://github.com/SK-CERT/Taranis-NG/issues/92, namely that I do not get any logging from a login in the console. It seems like the web interface doesn't contact the core or database at all.

Does anybody know why it does not work? I tried all different installation methods, including build from scratch, but nothing seems to help.

Thanks in advance!

I just installed TaranisNG on an UbuntuVM for testing and basically the only commands I used were those from docker/README.md (without changing any of the passwords in /docker/.env):

git clone https://github.com/SK-CERT/Taranis-NG.git
cd Taranis-NG
docker-compose -f docker/docker-compose.yml pull
docker-compose -f docker/docker-compose.yml up --no-build

Now the problem is that I can't login using the default credentials 'admin' / 'admin' or 'user' / 'user'. Did you change them recently?

This adds new functionality and fixes some bugs of the keyboard shortcuts but some remain.

• keyboard shortcuts: add jk, Enter, Esc for news item navigation in addition to the arrow keys, this allows to use the jk keys to be used to navigate through the news items. These keys are widely used for navigation and allow the fingers to rest at their natural position on the keyboard. Using the Escape to exit the news item detail view is intuitive and using enter to open the item as well.
• gui keyboard mixins: remove unused _keyAction gui: keyboard: match key presses more accurately
• use the characters themselves, allows differentiation between lower/upper case check if Ctrl and Alt are not pressed to prevent catching other events which are not meant to be treated (shortcuts handled by the browser) fixes #51
• new keyboard shortcut to open news item source 'o' opens the news item source of the selected or opened news item does not open multiple selected news items though
• gui: keyboard: move preventDefault to section where it fits better does only apply to a minority of cases
• gui keyboard: allow shortcuts when in focus some shortcuts are useful when an item is in focus, so move the detection mechanismis outside the focus-clause
• gui shortcuts for search function / to focus the search bar When in the search bar: Esc clears the text With another Esc if the field is empty un-sets the focus, allows the other shortcuts to work

I regularly see these error log entries:

core_1        | [2021-11-15 16:29:53 +0000] [12] [DEBUG] GET /api/v1/config/collectors-nodes                                                                                                                                                 
core_1        | [2021-11-15 16:29:53 +0000] [12] [DEBUG] [None] Cannot update collector status.                                                                                                                                              
core_1        | [2021-11-15 16:29:53 +0000] [12] [DEBUG] [None] Traceback (most recent call last):                                                                                                                                           
core_1        |   File "/app/taranis-ng-core/model/collectors_node.py", line 82, in get_all_json                                                                                                                                             
core_1        |     time_inactive = (datetime.now() - max(nodes[i].created, nodes[i].last_seen))                                                                                                                                             
core_1        | TypeError: '>' not supported between instances of 'datetime.datetime' and 'NoneType'                                                                                                                                         

I found that there is a minor mistake in the README, where the URL is referring to port 4433 instead of 4443. There is another reference in the installation manual that does refer to the correct location.

Automatic reloading of news items, when selection mode is active, means that all selections are lost (=data loss). Disabling automatic reload is not a perfect solution, items could still be added on the top without removing existing selections, but this prevents data loss and enhances the usability significantly.

• In Assess tab, switch to selection mode
• select one or more news items
• open a news item to read the text
• close the news item to go back to the list
• news item list refreshes and the selection vanishes

(same for using keyboard shortcuts)

An idea:

Additional to the defined OSINT groups, a virtual "global" or "all" group could show all news items from all sources and groups. This could also be the default group to show initially.

the source link is already displayed at the top, so remove the link which is displayed below the news item

Before:

(I'm still struggling with docker to get my local changes effective in the docker containers in order to validate that this actually works - any help is appreciated)

Many tickets are due to people running Taranis NG on a hostname other than localhost, but not editing docker/.env. Due to this, the GUI tries to access localhost and not the intended host for any API call, leading to failure in the login process.

The GUI currently uses two methods of getting the URI: the "hard-coded" strings made available by the environment replacements, and process.env if the GUI is run within the node.js environment.

Things to implement:

• The method of getting the proper URL should be centralised and modified in such a way that when no value is provided, it defaults to relative paths.
• The default installation should be modified to include empty paths or not include the variables at all

Login is not possible with the provided default credentials: The default credentials are user / user and admin / admin

Also edit of the existing account "admin" with sudo docker exec -it taranis-ng-core-1 python manage.py account -e --username admin --password admin does not work.

After loading the sample data, the only organization is SK-CERT. This organization has the 'user' and 'admin' accounts linked to it. Whenever I create a new organization and delete SK-CERT, it logically fails because it has other entities associated to it. However, it silently fails, nothing happens and the organization just remains there. The logs on the command line contain the following (complete stack trace omitted, since reproducing the issue should be easy):

database_1 | 2022-10-19 14:03:55.721 CEST [4130] ERROR: update or delete on table "organization" violates foreign key constraint "user_organization_organization_id_fkey" on table "user_organization" database_1 | 2022-10-19 14:03:55.721 CEST [4130] DETAIL: Key (id)=(1) is still referenced from table "user_organization". database_1 | 2022-10-19 14:03:55.721 CEST [4130] STATEMENT: DELETE FROM organization WHERE organization.id = 1 core_1 | [2022-10-19 14:03:55 +0200] [10] [ERROR] Error handling request /api/v1/config/organizations/1 core_1 | Traceback (most recent call last): core_1 | File "/usr/local/lib/python3.7/site-packages/sqlalchemy/engine/base.py", line 1820, in _execute_context core_1 | cursor, statement, parameters, context core_1 | File "/usr/local/lib/python3.7/site-packages/sqlalchemy/engine/default.py", line 732, in do_execute core_1 | cursor.execute(statement, parameters) core_1 | psycopg2.errors.ForeignKeyViolation: update or delete on table "organization" violates foreign key constraint "user_organization_organization_id_fkey" on table "user_organization" core_1 | DETAIL: Key (id)=(1) is still referenced from table "user_organization".

In my opinion, behavior should be either one of:

1. Raise an error message saying the related entities (list related entities) must be removed first;
2. Provide the option to delete entire tree of entities (list related entities) at once.

What do you think?

Thanks in advance!

ERROR: The Compose file './docker/docker-compose.yml' is invalid because: services.traefik.ports contains an invalid type, it should be a number, or an object services.bots.ports contains an invalid type, it should be a number, or an object services.collectors.ports contains an invalid type, it should be a number, or an object services.core.ports contains an invalid type, it should be a number, or an object services.presenters.ports contains an invalid type, it should be a number, or an object services.publishers.ports contains an invalid type, it should be a number, or an object services.traefik.ports contains an invalid type, it should be a number, or an object services.traefik.ports contains an invalid type, it should be a number, or an object services.bots.depends_on contains an invalid type, it should be an array services.collectors.depends_on contains an invalid type, it should be an array services.presenters.depends_on contains an invalid type, it should be an array services.publishers.depends_on contains an invalid type, it should be an array

• Refactor publishers to a buildable python module
• Add pytests to module

The changes in app.py & run.py allow the application to be started via either:

• flask run
• gunicorn
• python -m publishers

I refactored a lot of code this PR could also be done "less invasive", but I'm happy to explain every change made.

pytest could ultimatly also be included in the CI/CD pipeline from this https://github.com/SK-CERT/Taranis-NG/pull/79 PR.

Used docker to setup local docker instance. Trying to login as user/user / admin/admin results in error:

taranis-ng-core-1        | TARANIS NG Auth Error (Method: POST, Resource: /api/v1/auth/login, Activity Detail: User not exists after authentication: user, Activity Data: \{"username":"user","password":"user"\})  
taranis-ng-traefik-1     | 172.18.0.1 - - [25/Jul/2022:09:35:09 +0000] "POST /api/v1/auth/login HTTP/2.0" 401 41 "-" "-" 56 "[email protected]" "http://172.18.0.4:80" 13ms