Bug 2182880 - Satellite does not support Insights Malware detection with yara
Summary: Satellite does not support Insights Malware detection with yara
Keywords:
Status: CLOSED UPSTREAM
Alias: None
Product: Red Hat Satellite
Classification: Red Hat
Component: RH Cloud - Insights
Version: 6.12.1
Hardware: Unspecified
OS: Unspecified
medium
medium
Target Milestone: Unspecified
Assignee: Shimon Shtein
QA Contact: Satellite QE Team
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2023-03-29 21:05 UTC by Matthew Yee
Modified: 2023-07-11 14:05 UTC (History)
4 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed: 2023-07-11 14:05:49 UTC
Target Upstream Version:
Embargoed:


Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Issue Tracker SAT-18207 0 None None None 2023-06-07 17:41:19 UTC
Red Hat Knowledge Base (Solution) 6997170 0 None None None 2023-03-30 12:37:05 UTC

Description Matthew Yee 2023-03-29 21:05:36 UTC
Description of problem:
I have a host with yara installed. I want to enable the forwarding of yara data to Insights with insights-client so that Insights can detect Malware attacks. This is currently impossible.


Version-Release number of selected component (if applicable):
6.12.2

How reproducible:
Consistent

Steps to Reproduce:
1. Install yara on a rhel host.
2. Run insights-client --collector malware-detection

Actual results:
[root@ip-172-31-29-5 ~]# insights-client --collector malware-detection
Starting to collect Insights data for ip-172-31-29-5.us-west-1.compute.internal

Performing a test scan of /etc/insights-client/malware-detection-config.yml and the current process (PID 4500) to verify the malware-detection app is installed and scanning correctly ...

Unable to download rules from https://ip-172-31-29-12.us-west-1.compute.internal:443/redhat_access/r/insights/platform/malware-detection/v1/test-rule.yar: HTTPSConnectionPool(host='ip-172-31-29-12.us-west-1.compute.internal', port=443): Max retries exceeded with url: /redhat_access/r/insights/platform/malware-detection/v1/test-rule.yar (Caused by SSLError(SSLError(1, '[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:897)'),))

Expected results:


Additional info:

Comment 4 Eric Helms 2023-07-11 14:05:49 UTC
This was a fix that needed to happen in insights-core and has been fixed:

https://github.com/RedHatInsights/insights-core/pull/3826


Note You need to log in before you can comment on or make changes to this bug.