Lightrun
question-mark
Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

Start OpenCTI using Systemd

See original GitHub issue

Hello,

I have successfully installed and started OpenCTI [Issue #1054] I’m trying to start it as a service.

I have created ct-start.sh:

#!/bin/sh

# Correct working directory
cd /home/cti/opencti/

# Start CTI
yarn serv

And I tested it, working great.

But when I created a service to call it, it fails:

cti.service:

[Unit]
Description=X-CTI
After=network.target

[Service]
User=cti
Group=cti
WorkingDirectory=/home/cti/opencti/
Environment="/home/cti/opencti/"
ExecStart=/home/cti/opencti/ct-start.sh

[Install]
WantedBy=multi-user.target

Status:

root@cti:/etc/systemd/system# systemctl status cti.service
● cti.service - X-CTI
   Loaded: loaded (/etc/systemd/system/cti.service; disabled; vendor preset: enabled)
   Active: failed (Result: exit-code) since Mon 2021-02-15 08:55:02 UTC; 7min ago
  Process: 83380 ExecStart=/home/cti/opencti/ct-start.sh (code=exited, status=203/EXEC)
 Main PID: 83380 (code=exited, status=203/EXEC)

Feb 15 08:55:02 cti systemd[1]: Started X-CTI.
Feb 15 08:55:02 cti systemd[83380]: cti.service: Failed to execute command: Exec format error
Feb 15 08:55:02 cti systemd[83380]: cti.service: Failed at step EXEC spawning /home/cti/opencti/ct-start.sh: Exec format error
Feb 15 08:55:02 cti systemd[1]: cti.service: Main process exited, code=exited, status=203/EXEC
Feb 15 08:55:02 cti systemd[1]: cti.service: Failed with result 'exit-code'.

Any advices?

Regards, Khalid

Issue Analytics

  • State:closed
  • Created 3 years ago
  • Reactions:1
  • Comments:18

github_iconTop GitHub Comments

2reactions
JeromeSRTcommented, Feb 17, 2021

@JeromeSRT

I believe I have to install grakn-core.service as a perquisite, right?

For OpenCTI V4, grakn-core is not needed

Yes, I’m using v4.1…

For OpenCTI V4, grakn-core is not needed so you can erase grain-core.service from the lines “After=” and “Requires=”.

I updated the OpenCTI Platform Ubuntu Systemd File.

2reactions
JeromeSRTcommented, Feb 17, 2021

Please share the file here, i’m sure it will be helpful for other.

  1. OpenCTI Platform Start Script

#!/bin/bash
#
#
#Script Lancement Platform / Workers / Connectors OpenCTI
#
#
#Lancement Platform OpenCTI
#
if [ `netstat -lnp | grep tcp | grep 4000 | grep node | wc -l` = 0 ] ; then
	cd /usr/share/opencti
	if [ ! -f /var/log/opencti/`date +%Y%m%d`_opencti-platfrom.log ] ; then
		touch /var/log/opencti/`date +%Y%m%d`_opencti-platform.log
	fi
	touch /tmp/opencti-platform.pid
	yarn serv 1>>/var/log/opencti/`date +%Y%m%d`_opencti-platform.log 2>>/var/log/opencti/`date +%Y%m%d`_opencti-platform.log &
	echo $! >> /tmp/opencti-platform.pid
#
#
#Vérification Ecoute Port Plateforme OpenCTI
#
	while [ `netstat -lnp | grep tcp | grep 4000 | grep LISTEN | grep node | wc -l` = 0 ] ; do
#		sleep 0.5
	done
#
#
#Lancement Workers OpenCTI
#
	cd /usr/share/opencti
	for ((i = 1 ; i <= 10 ; i++)) ; do
		if [ ! -f /var/log/opencti/`date +%Y%m%d`_opencti-worker-"$i".log ] ; then
			touch /var/log/opencti/`date +%Y%m%d`_opencti-worker-"$i".log
		fi
		touch /tmp/opencti-worker-"$i".pid
		python3 ./worker/worker.py 1>>/var/log/opencti/`date +%Y%m%d`_opencti-worker-"$i".log 2>>/var/log/opencti/`date +%Y%m%d`_opencti-worker-"$i".log &
		echo $! >> /tmp/opencti-worker-"$i".pid
	done
#
#
#Lancement Connectors Export File STIX / Import File PDF / Import File STIX OpenCTI
#
	cd /usr/share/opencti
	for con in "export-file-stix" "import-file-pdf-observables" "import-file-stix" ; do
		for rep in `ls ./connectors | grep "$con"` ; do
			if [ ! -f /var/log/opencti/`date +%Y%m%d`_opencti-"$rep".log ] ; then
				touch /var/log/opencti/`date +%Y%m%d`_opencti-"$rep".log
			fi
			touch /tmp/opencti-"$rep".pid
			python3 ./connectors/"$rep"/src/"$rep".py 1>>/var/log/opencti/`date +%Y%m%d`_opencti-"$rep".log 2>>/var/log/opencti/`date +%Y%m%d`_opencti-"$rep".log &
			echo $! >> /tmp/opencti-"$rep".pid
		done
	done
fi
#
#
#
  1. OpenCTI Platform Stop Script

#!/bin/bash
#
#
#Script Arret Connectors / Workers / Platform OpenCTI
#
#
#Arret Connectors Export File STIX / Import File PDF / Import File STIX OpenCTI
#
if [ `netstat -lnp | grep tcp | grep 4000 | wc -l` != 0 ] ; then
	cd /usr/share/opencti
	for con in export-file-stix import-file-pdf-observables import-file-stix ; do
		for fic in `ls /tmp | grep "$con"` ; do
			if [ -f /tmp/"$fic" ] ; then
				echo "fichier-$fic"
				kill -s TERM `cat /tmp/"$fic"`
			fi
		done
	done
#
#
#Arret Workers OpenCTI
#
	cd /usr/share/opencti
	for ((i = 1 ; i <= 10 ; i++)) ; do
		if [ -f /tmp/opencti-worker-"$i".pid ] ; then
			echo "fichier-worker-$i"
			kill -s TERM `cat /tmp/opencti-worker-"$i".pid`
		fi
	done
#
#
#Arret Platform OpenCTI
#
	cd /usr/share/opencti
	if [ -f /tmp/opencti-platform.pid ] ; then
		echo "fichier-opencti-platform"
		kill -s TERM `cat /tmp/opencti-platform.pid`
	fi
fi
  1. OpenCTI Platform Ubuntu Systemd File

[Unit]
Description=OpenCTI Platform
After=network-online.target elasticsearch.service minio.service redis-server.service rabbitmq-server.service
Wants=network-online.target
Requires=elasticsearch.service minio.service redis-server.service rabbitmq-server.service

[Service]
Type=forking

User=opencti
Group=opencti

ExecStart=/usr/share/opencti/01-Start-OpenCTI-Platform
#ExecStop=/usr/share/opencti/02-Stop-OpenCTI-Platform

WorkingDirectory=/usr/share/opencti

StandardOutput=journal
StandardError=journal

[Install]
WantedBy=multi-user.target

Sorry i did not find how to upload the files here…

Read more comments on GitHub >

github_iconTop Results From Across the Web

OpenCTI Platform on Ubuntu 20.04 - Virus Blog
Finally start the web platform with: yarn serv (inside the opencti directory). Next you will need some workers and connectors to ingest data....
Read more >
OpenCTI Installation - Blog
Note: Both virtual machines will require Docker to be installed. While you can install OpenCTI manually, save yourself the hassle and use the ......
Read more >
Blog – Page 4
Today we will have some fun with ELK Stack and CentOS. ... Systemd start/stop service on schedule ... Install OpenCTI using Docker.
Read more >
systemd System and Service Manager - Freedesktop.org
Starting Update UTMP about System Reboot/Shutdown. ... in the name (but don't like it either) is if you start a sentence with systemd....
Read more >
Adding new security data sources to Elastic SIEM | Elastic Blog
Getting started with adding a new security data source in your Elastic ... and Filebeat to run as a service using something like...
Read more >

github_iconTop Related Medium Post

No results found

github_iconTop Related StackOverflow Question

No results found

github_iconTroubleshoot Live Code

Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start Free

github_iconTop Related Reddit Thread

No results found

github_iconTop Related Hackernoon Post

No results found

github_iconTop Related Tweet

No results found

github_iconTop Related Dev.to Post

No results found

github_iconTop Related Hashnode Post

No results found
Previous page

MISP Connector | 0 events have been processed

Next page

Yarn Command failed with exit code 1