I believe there is an issue within the hive image.
For example take the : thehive4-berkleydb-cortex31 template.
Change the docker compose like so:
version: '3.8'
services:
elasticsearch_thp:
image: 'elasticsearch:7.11.1'
container_name: elasticsearch_thp
restart: unless-stopped
ports:
- '0.0.0.0:9200:9200'
environment:
- http.host=0.0.0.0
- discovery.type=single-node
- cluster.name=hive
- script.allowed_types= inline
- thread_pool.search.queue_size=100000
- thread_pool.write.queue_size=10000
- gateway.recover_after_nodes=1
- xpack.security.enabled=false
- bootstrap.memory_lock=true
- ES_JAVA_OPTS=-Xms256m -Xmx256m
ulimits:
nofile:
soft: 65536
hard: 65536
volumes:
- './vol/elasticsearch/data:/usr/share/elasticsearch/data'
- './vol/elasticsearch/logs:/usr/share/elasticsearch/logs'
cortex:
image: 'thehiveproject/cortex:latest'
container_name: cortex
restart: unless-stopped
command:
--job-directory ${JOB_DIRECTORY}
environment:
- 'JOB_DIRECTORY=${JOB_DIRECTORY}'
volumes:
- './vol/cortex/application.conf:/etc/cortex/application.conf'
- './vol/cortex/jobs:${JOB_DIRECTORY}'
- '/var/run/docker.sock:/var/run/docker.sock'
depends_on:
- elasticsearch_thp
ports:
- '0.0.0.0:9001:9001'
thehive:
image: 'thehiveproject/thehive4:latest'
container_name: thehive4
restart: unless-stopped
ports:
- '0.0.0.0:9000:9000'
volumes:
- ./vol/thehive/application.conf:/etc/thehive/application.conf
#- ./vol/thehive/db:/opt/thp/thehive/db
#- ./vol/thehive/index:/opt/thp/thehive/index
#- ./vol/thehive/data:/opt/thp/thehive/data
command: '--no-config --no-config-secret'
Notice how I commented out thehive volumes so that it should not have any local permission.
When you launch the composer file thehive image keep restarting (this was happening originally with the local volumes mounted).
Checking the logs gives:
Error injecting constructor, java.nio.file.AccessDeniedException: /opt/thp
So I am wondering whether the folder is not correct or there is an issue within the application.
@nadouani for visibility.
I believe there is an issue within the hive image.
For example take the : thehive4-berkleydb-cortex31 template.
Change the docker compose like so:
Notice how I commented out thehive volumes so that it should not have any local permission.
When you launch the composer file thehive image keep restarting (this was happening originally with the local volumes mounted).
Checking the logs gives:
Error injecting constructor, java.nio.file.AccessDeniedException: /opt/thpSo I am wondering whether the folder is not correct or there is an issue within the application.
@nadouani for visibility.