Bug 2182880

Summary: Satellite does not support Insights Malware detection with yara
Product: Red Hat Satellite Reporter: Matthew Yee <myee>
Component: RH Cloud - InsightsAssignee: Shimon Shtein <sshtein>
Status: CLOSED UPSTREAM QA Contact: Satellite QE Team <sat-qe-bz-list>
Severity: medium Docs Contact:
Priority: medium    
Version: 6.12.1CC: ahumbe, aruzicka, ehelms, smcdowel
Target Milestone: UnspecifiedKeywords: Triaged
Target Release: Unused   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2023-07-11 14:05:49 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Matthew Yee 2023-03-29 21:05:36 UTC 
Description of problem:
I have a host with yara installed. I want to enable the forwarding of yara data to Insights with insights-client so that Insights can detect Malware attacks. This is currently impossible.


Version-Release number of selected component (if applicable):
6.12.2

How reproducible:
Consistent

Steps to Reproduce:
1. Install yara on a rhel host.
2. Run insights-client --collector malware-detection

Actual results:
[root@ip-172-31-29-5 ~]# insights-client --collector malware-detection
Starting to collect Insights data for ip-172-31-29-5.us-west-1.compute.internal

Performing a test scan of /etc/insights-client/malware-detection-config.yml and the current process (PID 4500) to verify the malware-detection app is installed and scanning correctly ...

Unable to download rules from https://ip-172-31-29-12.us-west-1.compute.internal:443/redhat_access/r/insights/platform/malware-detection/v1/test-rule.yar: HTTPSConnectionPool(host='ip-172-31-29-12.us-west-1.compute.internal', port=443): Max retries exceeded with url: /redhat_access/r/insights/platform/malware-detection/v1/test-rule.yar (Caused by SSLError(SSLError(1, '[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:897)'),))

Expected results:


Additional info:
Comment 4 Eric Helms 2023-07-11 14:05:49 UTC 
This was a fix that needed to happen in insights-core and has been fixed:

https://github.com/RedHatInsights/insights-core/pull/3826