I cannot access MISP dashboard

T-Guard T-Guard v1.0 Support
1

I am in the process of installing T-Guard components. After following all the steps in the setup GUI interface (I will attach a picture),

Installtion steps
Installtion steps768×486 65.7 KB

I can access the dashboard of (Wazuh, IRIS, and Shuffle) using the credential information provided in T-Guard documentation (I will attach a picture of the credential information provided in T-Guard documentation).
credential information provided in T-Guard documentation
credential information provided in T-Guard documentation709×317 28.6 KB

Still, I cannot access MISP dashboard although all the containers are running (I will attach a picture of all the running containers related to MISP).
MISP containers are ready
MISP containers are ready1211×683 181 KB

When I try to access MISP dashboard using (https://[IP]:1443), the page freezes.
No Connection to MISP
No Connection to MISP1209×721 48.7 KB

I also allowed port 1443 in my firewall (I will attach a picture of the firewall status)
Check ufw ports
Check ufw ports1188×762 23.2 KB

Note:
[I am using an Ubuntu 22.04 virtual machine installed on VirtualBox to do the setup].

Could you please help me to debug the issue?
I have been trying to solve the issue for a while, but no promising result.

2

Hi, Faris!

Thank you for your feedback on using our T-Guard SOC Package.

Regarding the issue you are facing, it seems to be caused by the T-Guard installation being on a machine or device that uses an internal network (not public). You need to change the baseurl configuration inside the MISP configuration file with the following steps:

  1. Edit the MISP config file:
sudo nano ~/t-guard/misp/config/config.php

  1. Change the IP address in ‘baseurl’ to your IP address used to access Wazuh, Shuffle, and IRIS (in your case, 192.168.56.102). Then, save it.

  2. Try to open the MISP dashboard again.

We hope this helps you resolve the issue.

Thank you!

3

Thank you for taking the time to reply,
The issue has been resolved after following the given instructions.

4

Thank you so much for the update! We’re delighted to hear that the issue has been resolved. :blush:

If you have any other questions or need further assistance, please feel free to reach out. We’re always here to help!

Best regards, T-Guard Team

5

Hello:
I also have the problem that MISP DashBoard cannot be opened. After modifying /t-guard/misp/configs/config.php to my internal IP, the web page can be opened.

image
image1085×505 15.1 KB

But when I log in using admin@admin.test/admin, “You have tripped the cross-site request forgery protection of MISP” appears. How to solve it?

image
image1670×367 19.4 KB

6

Hi, begize!

Regarding the issue you are facing, it appears that there might be an issue with the latest version of MISP. We recommend updating the MISP-core image to version 2.4.190 and the MISP-module image to version 2.4.187. Here are the steps to do so:

  1. Edit the MISP docker-compose.yml file:

nano ~/t-guard/misp/docker-compose.yml

  1. Scroll down to misp-core, then replace the image version from “latest” to “v2.4.190

    Screenshot 2024-08-29 094449
    Screenshot 2024-08-29 094449811×189 8.74 KB

  2. Scroll down again to misp-modules, then replace the image version from “latest” to “v2.4.187

    Screenshot 2024-08-29 094504
    Screenshot 2024-08-29 094504701×242 11.2 KB

  3. Save it

  4. Repeat the MISP installation step in setup.sh

We hope this helps you resolve the issue.

Thank you!

7

Hi :
After modifying the version and reinstalling it, i can log in normally, thank you~~

8

Thank you for the update! We’re delighted to hear that the issue has been resolved.

If you have any other questions or need further assistance, please feel free to reach out. We’re always here to help!

Best regards, T-Guard Team

9

Hello,
I followed those step and it does work, however I have another probleme.
When I want to go to misp, in Administration → List Auth Keys, I get :

This Page isn’t working right now
... can’t currently handle this request.
HTTP ERROR 500.

The error log say this:

2024-09-19 14:52:20 Error: [RedisException] ERR AUTH called without any password configured for the default user. Are you sure your configuration is correct?
Request URL: /auth_keys/index
Stack Trace:
#0 /var/www/MISP/app/Lib/Tools/RedisTool.php(44): Redis->auth()
#1 /var/www/MISP/app/Model/AuthKey.php(359): RedisTool::init()
#2 /var/www/MISP/app/Controller/AuthKeysController.php(39): AuthKey->getLastUsageForKeys()
#3 /var/www/MISP/app/Controller/Component/CRUDComponent.php(59): AuthKeysController->{closure}()
#4 /var/www/MISP/app/Controller/AuthKeysController.php(49): CRUDComponent->index()
#5 [internal function]: AuthKeysController->index()
#6 /var/www/MISP/app/Lib/cakephp/lib/Cake/Controller/Controller.php(499): ReflectionMethod->invokeArgs()
#7 /var/www/MISP/app/Lib/cakephp/lib/Cake/Routing/Dispatcher.php(193): Controller->invokeAction()
#8 /var/www/MISP/app/Lib/cakephp/lib/Cake/Routing/Dispatcher.php(167): Dispatcher->_invoke()
#9 /var/www/MISP/app/webroot/index.php(101): Dispatcher->dispatch()
#10 {main}
2024-09-19 14:52:20 Error: Fatal Error (1): Uncaught Error: Class ‘AppExceptionRenderer’ not found in /var/www/MISP/app/Lib/cakephp/lib/Cake/Error/ErrorHandler.php:126
Stack trace:
#0 [internal function]: ErrorHandler::handleException()
#1 {main}
thrown in [/var/www/MISP/app/Lib/cakephp/lib/Cake/Error/ErrorHandler.php, line 126]
2024-09-19 14:52:20 Error: [InternalErrorException] Internal Server Error
Request URL: /auth_keys/index
Stack Trace:
#0 /var/www/MISP/app/Lib/cakephp/lib/Cake/Error/ErrorHandler.php(212): ErrorHandler::handleFatalError()
#1 /var/www/MISP/app/Lib/cakephp/lib/Cake/Core/App.php(970): ErrorHandler::handleError()
#2 /var/www/MISP/app/Lib/cakephp/lib/Cake/Core/App.php(943): App::_checkFatalError()
#3 [internal function]: App::shutdown()
#4 {main}

I suppose this is a php version error but I can’t update it to 8.2.* (in the container it is php7.4.34)

PS: Is it necessary to use this AuthKey to link wazuh to misp ? the installation step end after iris and I am new to this ^^’

Thanks a lot

New security friend

10

Hey

I found a temporary solution. I removed all password in the misp/docker-compose.yml, because the problem was that I send a password when I try to connect to redis, however redis doesn’t except this password. What’s more I tried to add a requirepass but I was also waiting for and AUTH that isn’t set so I found it easier to juste remove the password.
This solution however isn’t the best so I will try to look for a way to make it work with the password.

Have a nice day

11

I ran into the same issue. I ended up executing /bin/bash in the context of the misp core docker image and generating a new auth key.

Once you’re in the local file system you can run this command to rest the auth key for a particular user:

./app/Console/cake user change_authkey [e-mail/user_id]

I changed into the console directory and ran it from ./cake

Running Ubuntu 24 over here. Hope it helps. GLHF