Getting Data In

How to fix vetting issues while uploading app to cloud ?

AL3Z
Builder

Hi,

Which I am trying to upload the custom app to splunk cloud it is not passing the vetting, how we can fix this issue?

I have tried this in the Linux 

COPYFILE_DISABLE=1 tar --format ustar -cvzf <appname>.tar.gz <appname_directory>

 

[ Failure Summary ]
Failures will block the Cloud Vetting. They must be fixed.
check_for_bin_files
This file has execute permissions for owners, groups, or others. File: README/ta_mandiant_advantage_account.conf.spec
This file has execute permissions for owners, groups, or others. File: appserver/static/correlation_details_multiselect.js
This file has execute permissions for owners, groups, or others. File: README/ta_mandiant_advantage_settings.conf.spec
This file has execute permissions for owners, groups, or others. File: README/inputs.conf.spec
This file has execute permissions for owners, groups, or others. File: static/appIcon.png
This file has execute permissions for owners, groups, or others. File: README/addon_builder.conf.spec
This file has execute permissions for owners, groups, or others. File: default/collections.conf
This file has execute permissions for owners, groups, or others. File: appserver/static/correlation_details_button.css
This file has execute permissions for owners, groups, or others. File: third_party/pytz_lic.txt
This file has execute permissions for owners, groups, or others. File: default/data/ui/views/threat_intelligence_matched_events.xml
This file has execute permissions for owners, groups, or others. File: default/searchbnf.conf
This file has execute permissions for owners, groups, or others. File: default/data/ui/views/inputs.xml
This file has execute permissions for owners, groups, or others. File: appserver/static/js/jquery_mandiant.js
This file has execute permissions for owners, groups, or others. File: app.manifest
This file has execute permissions for owners, groups, or others. File: default/ta_mandiant_advantage_settings.conf
This file has execute permissions for owners, groups, or others. File: appserver/static/js/build/custom/datamodel_hook.js
This file has execute permissions for owners, groups, or others. File: metadata/default.meta
This file has execute permissions for owners, groups, or others. File: default/web.conf
This file has execute permissions for owners, groups, or others. File: appserver/static/js/build/custom/alerts_input_hook.js
This file has execute permissions for owners, groups, or others. File: appserver/static/js/build/0.licenses.txt
This file has execute permissions for owners, groups, or others. File: appserver/static/js/build/custom/account_hook.js
This file has execute permissions for owners, groups, or others. File: appserver/static/js/build/1.licenses.txt
This file has execute permissions for owners, groups, or others. File: default/data/ui/views/threat_intelligence_matched_events_summary.xml
This file has execute permissions for owners, groups, or others. File: default/app.conf
This file has execute permissions for owners, groups, or others. File: default/server.conf
This file has execute permissions for owners, groups, or others. File: default/inputs.conf
This file has execute permissions for owners, groups, or others. File: default/data/ui/views/security_validation_overview.xml
This file has execute permissions for owners, groups, or others. File: appserver/templates/base.html
This file has execute permissions for owners, groups, or others. File: appserver/static/js/jquery-3.5.0.min.js
This file has execute permissions for owners, groups, or others. File: default/commands.conf
This file has execute permissions for owners, groups, or others. File: splunkbase.manifest
This file has execute permissions for owners, groups, or others. File: appserver/static/js/build/entry_page.js
This file has execute permissions for owners, groups, or others. File: static/appIcon_2x.png
This file has execute permissions for owners, groups, or others. File: appserver/static/indicator_info_send.js
This file has execute permissions for owners, groups, or others. File: appserver/static/js/build/custom/vuln_fields_hook.js
This file has execute permissions for owners, groups, or others. File: appserver/static/js/build/3.js
This file has execute permissions for owners, groups, or others. File: static/appLogo_2x.png
This file has execute permissions for owners, groups, or others. File: TA-mandiant-advantage.aob_meta
This file has execute permissions for owners, groups, or others. File: appserver/static/js/build/0.js
This file has execute permissions for owners, groups, or others. File: appserver/static/js/mktoform.js
This file has execute permissions for owners, groups, or others. File: appserver/static/js/build/custom/matched_events_hook.js
This file has execute permissions for owners, groups, or others. File: default/data/ui/views/vulnerability_details.xml
This file has execute permissions for owners, groups, or others. File: appserver/static/js/build/globalConfig.json
This file has execute permissions for owners, groups, or others. File: appserver/static/correlation_details_button.js
This file has execute permissions for owners, groups, or others. File: appserver/static/vulnerability_overview.css
This file has execute permissions for owners, groups, or others. File: static/appIconAlt_2x.png
This file has execute permissions for owners, groups, or others. File: default/transforms.conf
This file has execute permissions for owners, groups, or others. File: default/data/ui/views/configuration.xml
This file has execute permissions for owners, groups, or others. File: static/appIconAlt.png
This file has execute permissions for owners, groups, or others. File: appserver/static/img/mandiant_img2.png
This file has execute permissions for owners, groups, or others. File: default/savedsearches.conf
This file has execute permissions for owners, groups, or others. File: appserver/static/js/build/entry_page.licenses.txt
This file has execute permissions for owners, groups, or others. File: appserver/static/js/build/3.licenses.txt
This file has execute permissions for owners, groups, or others. File: CP_mandiant_advantage.tar.gz
This file has execute permissions for owners, groups, or others. File: appserver/static/js/build/5.js
This file has execute permissions for owners, groups, or others. File: static/appLogo.png
This file has execute permissions for owners, groups, or others. File: appserver/static/js/underscore-min.js
This file has execute permissions for owners, groups, or others. File: default/addon_builder.conf
This file has execute permissions for owners, groups, or others. File: appserver/static/js/build/custom/input_hook.js
This file has execute permissions for owners, groups, or others. File: default/data/ui/views/dtm_alerts.xml
This file has execute permissions for owners, groups, or others. File: appserver/static/js/build/1.js
This file has execute permissions for owners, groups, or others. File: default/data/ui/views/asm_issues.xml
This file has execute permissions for owners, groups, or others. File: third_party/tenacity_lic.txt
This file has execute permissions for owners, groups, or others. File: appserver/static/pop_up.js
This file has execute permissions for owners, groups, or others. File: default/data/ui/views/threat_intelligence_overview.xml
This file has execute permissions for owners, groups, or others. File: default/data/ui/views/vulnerability_overview.xml
This file has execute permissions for owners, groups, or others. File: default/props.conf
This file has execute permissions for owners, groups, or others. File: README.txt
This file has execute permissions for owners, groups, or others. File: default/data/ui/views/security_validation_details.xml
This file has execute permissions for owners, groups, or others. File: default/data/ui/nav/default.xml
This file has execute permissions for owners, groups, or others. File: appserver/static/js/build/4.js
This file has execute permissions for owners, groups, or others. File: default/restmap.conf
This file has execute permissions for owners, groups, or others. File: default/macros.conf
This file has execute permissions for owners, groups, or others. File: default/data/ui/views/asm_entities.xml

 

Thanks in advance

0 Karma

gcusello
SplunkTrust
SplunkTrust

Hi @AL3Z,

how do you created your app, in Linux or in Windows?

open you tar.gz file in Linux and the the correct grants that you can see in another app download from splunkbase:

  • folder 755,
  • files 644.

in other words, you probably have grants 777 for your files that isn't acceptable for Splunk Cloud.

Ciao.

Giuseppe

0 Karma

AL3Z
Builder

@gcusello 


Hello,

I actually untarred the file in Windows using 7zip. Afterward, I employed the Ubuntu app from the app store and executed the following command:

bash

COPYFILE_DISABLE=1 tar --format ustar -cvzf <appname>.tar.gz <appname_directory>
Despite using "chmod 644 appname," the permissions persist at 777. Any suggestions on how to rectify this?

mandiant.jpg

Thanks

 

0 Karma

gcusello
SplunkTrust
SplunkTrust

Hi @AL3Z ,

as I said, you have to set 644 for all conf files and 755 for folders.

As also @PickleRick said, do this ation on a Linux server.

Ciao.

Giuseppe

0 Karma

AL3Z
Builder

@gcusello @PickleRick ,

I have changed the permissions sucessfully but after installing it is throwing a new error 

Something went wrong!
Failed to load current state for selected entity in form!

Details
Error: Request failed with status code 500
ERR0005

How do we fix this issue any idea?

Thanks in advance.

0 Karma

gcusello
SplunkTrust
SplunkTrust

Hi @AL3Z ,

where is the issue: in the upload procedure or in dashboard running?

if in upload procedure, the message should say what's the object with the issue.

In in dashboard running, there's something wrong or missing in the dashboard.

Ciao.

Giuseppe

0 Karma

AL3Z
Builder

@gcusello,

Yes it is in the dashboard running, Do you want me to paste the source code of dashboard here ?

0 Karma

PickleRick
SplunkTrust
SplunkTrust

That's another story. In order to keep the forums tidy, please create a separate thread for a new problem. Describe precisely what's going on and we'll see if we can help you.

0 Karma

gcusello
SplunkTrust
SplunkTrust

Hi @AL3Z ,

this means that the issue on the upload procedure is solved, now you have to debug your code to understand if there's something wrong or missing, e.g. an image or a JS.

If you need help, you should share the dashboard code (only if it's in Classical Dashboard).

Ciao.

Giuseppe

0 Karma

PickleRick
SplunkTrust
SplunkTrust

Don't use windows for manipulating unix-related files/archives. It's the same problem as with managing apps with deployment server run on Windows box - windows doesn't handle unix file permissions properly and even if you run WSL-based ubuntu to access your windows filesystem, it won't work properly since windows file permissions don't "match" unix ones.

Just copy your tar archive to the _inside_ of your WSL instance and untar it there.

gcusello
SplunkTrust
SplunkTrust

Hi @AL3Z,

don't untar the app in windows, copy it in Ubuntu and untar it in Ubuntu, so you can modify it as you want and you can give to files and folders the correct grants.

Than tar it (tar.gz) and copy the tarred file in the machine that you will use for the upload (also windows).

In other words, passing in windows erase the grants, so, when you try to upload it in Splunk Cloud it has wrong grants.

It's the same issue that you have if you try to use a Windows Deployment Server to deploy apps to Linux servers.

Ciao.

Giuseppe

0 Karma
Get Updates on the Splunk Community!

Enterprise Security Content Update (ESCU) | New Releases

In December, the Splunk Threat Research Team had 1 release of new security content via the Enterprise Security ...

Why am I not seeing the finding in Splunk Enterprise Security Analyst Queue?

(This is the first of a series of 2 blogs). Splunk Enterprise Security is a fantastic tool that offers robust ...

Index This | What are the 12 Days of Splunk-mas?

December 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...