Errors and warnings in covenant logs (fresh install)
I just attempted to install covenant-kbx
and run it.
The system is clean of any previous covenant installation.
$ sudo docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
kaboxer/zenmap 7.91 1bf958b3030f 12 hours ago 672MB
kaboxer/zenmap current 1bf958b3030f 12 hours ago 672MB
registry.gitlab.com/kalilinux/packages/zenmap-kbx/zenmap 7.91 1bf958b3030f 12 hours ago 672MB
$ ls -1 ~/.local
share
Installation goes smoothly.
$ sudo apt install covenant-kbx
Reading package lists... Done
Building dependency tree... Done
Reading state information... Done
The following NEW packages will be installed:
covenant-kbx
0 upgraded, 1 newly installed, 0 to remove and 4 not upgraded.
Need to get 26.0 MB of archives.
After this operation, 26.3 MB of additional disk space will be used.
Get:1 http://http.kali.org/kali kali-rolling/main amd64 covenant-kbx amd64 0.6-0kali2 [26.0 MB]
Fetched 26.0 MB in 1s (47.0 MB/s)
Selecting previously unselected package covenant-kbx.
(Reading database ... 280714 files and directories currently installed.)
Preparing to unpack .../covenant-kbx_0.6-0kali2_amd64.deb ...
Unpacking covenant-kbx (0.6-0kali2) ...
Setting up covenant-kbx (0.6-0kali2) ...
Preparing covenant
Pulling registry.gitlab.com/kalilinux/packages/covenant-kbx/covenant:0.6 image from registry
Processing triggers for desktop-file-utils (0.26-1) ...
Processing triggers for mailcap (3.69) ...
Scanning processes...
Scanning linux images...
Running kernel seems to be up-to-date.
No services need to be restarted.
No containers need to be restarted.
No user sessions are running outdated binaries.
$ sudo docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
kaboxer/zenmap 7.91 1bf958b3030f 12 hours ago 672MB
kaboxer/zenmap current 1bf958b3030f 12 hours ago 672MB
registry.gitlab.com/kalilinux/packages/zenmap-kbx/zenmap 7.91 1bf958b3030f 12 hours ago 672MB
registry.gitlab.com/kalilinux/packages/covenant-kbx/covenant 0.6 4fe9df049fcf 14 hours ago 835MB
kaboxer/covenant 0.6 4fe9df049fcf 14 hours ago 835MB
kaboxer/covenant current 4fe9df049fcf 14 hours ago 835MB
Now I run covenant. The logs in the terminal are not pretty:
$ grep Exec /usr/share/applications/kaboxer-covenant-default-start.desktop
Exec=kaboxer run --detach --prompt-before-exit --component default covenant
$ kaboxer -vv run --component default covenant
Finding kaboxer applications
Analyzing /usr/share/kaboxer/covenant.kaboxer.yaml
Looking for local docker image in ('kaboxer/covenant', 'registry.gitlab.com/kalilinux/packages/covenant-kbx/covenant')
Analyzing /usr/share/kaboxer/zenmap.kaboxer.yaml
Analyzing /usr/share/kaboxer/firefox-developer-edition-en-us.kaboxer.yaml
Requesting https://gitlab.com/api/v4/projects/kalilinux%2Fpackages%2Fcovenant-kbx/registry/repositories
Result: [{'id': 1356517, 'name': 'kaboxer/covenant', 'path': 'kalilinux/packages/covenant-kbx/kaboxer/covenant', 'project_id': 20074781, 'location': 'registry.gitlab.com/kalilinux/packages/covenant-kbx/kaboxer/covenant', 'created_at': '2020-09-18T11:52:55.759Z', 'cleanup_policy_started_at': None}, {'id': 1864726, 'name': 'covenant', 'path': 'kalilinux/packages/covenant-kbx/covenant', 'project_id': 20074781, 'location': 'registry.gitlab.com/kalilinux/packages/covenant-kbx/covenant', 'created_at': '2021-04-13T14:30:37.436Z', 'cleanup_policy_started_at': None}]
Requesting https://gitlab.com/api/v4/projects/20074781/registry/repositories/1864726/tags
Result: [{'name': '0.6', 'path': 'kalilinux/packages/covenant-kbx/covenant:0.6', 'location': 'registry.gitlab.com/kalilinux/packages/covenant-kbx/covenant:0.6'}, {'name': 'latest', 'path': 'kalilinux/packages/covenant-kbx/covenant:latest', 'location': 'registry.gitlab.com/kalilinux/packages/covenant-kbx/covenant:latest'}]
Maximal version for image covenant is 0.6
Preparing covenant
No version found in tarball
Stopping because previous==target (0.6==0.6)
Finding kaboxer applications
Analyzing /usr/share/kaboxer/covenant.kaboxer.yaml
Looking for local docker image in ('kaboxer/covenant', 'registry.gitlab.com/kalilinux/packages/covenant-kbx/covenant')
Analyzing /usr/share/kaboxer/zenmap.kaboxer.yaml
Looking for local docker image in ('kaboxer/zenmap', 'registry.gitlab.com/kalilinux/packages/zenmap-kbx/zenmap')
Analyzing /usr/share/kaboxer/firefox-developer-edition-en-us.kaboxer.yaml
Looking for local docker image in ('kaboxer/firefox-developer-edition-en-us', 'registry.gitlab.com/kalilinux/packages/firefox-developer-edition-kbx/firefox-developer-edition-en-us')
Running image kaboxer/covenant:0.6
>>> Initializing user data in ~/.local/covenant/data
>>> Starting covenant
Please wait during the start, it can take a long time...
Found default JwtKey, replacing with auto-generated key...
warn: Microsoft.AspNetCore.DataProtection.Repositories.FileSystemXmlRepository[60]
Storing keys in a directory '/home/kali/.aspnet/DataProtection-Keys' that may not be persisted outside of the container. Protected data will be unavailable when container is destroyed.
warn: Microsoft.EntityFrameworkCore.Model.Validation[10400]
Sensitive data logging is enabled. Log entries and exception messages may include sensitive application data, this mode should only be enabled during development.
WARNING: Running Covenant non-elevated. You may not have permission to start Listeners on low-numbered ports. Consider running Covenant elevated.
Covenant has started! Navigate to https://127.0.0.1:7443 in a browser
Creating cert...
warn: Microsoft.AspNetCore.DataProtection.KeyManagement.XmlKeyManager[35]
No XML encryptor configured. Key {33e734a5-cbee-4a14-a898-0926153e77b7} may be persisted to storage in unencrypted form.
### no more logs at this point, until I open a web browser and load
### the page https://127.0.0.1:7443, which triggers various failures
fail: Microsoft.AspNetCore.Server.Kestrel[0]
Unexpected exception in TimingPipeFlusher.FlushAsync.
System.IO.IOException: The encryption operation failed, see inner exception.
---> Interop+OpenSsl+SslException: Operation failed with error - 5.
--- End of inner exception stack trace ---
at System.Net.Security.SslStream.WriteAsyncInternal[TWriteAdapter](TWriteAdapter writeAdapter, ReadOnlyMemory`1 buffer)
at System.IO.Pipelines.StreamPipeWriter.FlushAsyncInternal(CancellationToken cancellationToken)
at Microsoft.AspNetCore.Server.Kestrel.Core.Internal.Infrastructure.PipeWriterHelpers.ConcurrentPipeWriter.FlushAsyncAwaited(ValueTask`1 flushTask, CancellationToken cancellationToken)
at Microsoft.AspNetCore.Server.Kestrel.Core.Internal.Infrastructure.PipeWriterHelpers.TimingPipeFlusher.TimeFlushAsyncAwaited(ValueTask`1 pipeFlushTask, MinDataRate minRate, IHttpOutputAborter outputAborter, CancellationToken cancellationToken)
fail: Microsoft.AspNetCore.Server.Kestrel[0]
Unhandled exception while processing 0HM7VMAI2H7DO.
System.IO.IOException: The encryption operation failed, see inner exception.
---> Interop+OpenSsl+SslException: Operation failed with error - 5.
--- End of inner exception stack trace ---
at System.Net.Security.SslStream.WriteAsyncInternal[TWriteAdapter](TWriteAdapter writeAdapter, ReadOnlyMemory`1 buffer)
at System.IO.Pipelines.StreamPipeWriter.FlushAsyncInternal(CancellationToken cancellationToken)
at System.IO.Pipelines.StreamPipeWriter.CompleteAsync(Exception exception)
at Microsoft.AspNetCore.Server.Kestrel.Core.Internal.DuplexPipeStreamAdapter`1.DisposeAsync()
at Microsoft.AspNetCore.Server.Kestrel.Https.Internal.HttpsConnectionMiddleware.InnerOnConnectionAsync(ConnectionContext context)
at Microsoft.AspNetCore.Server.Kestrel.Https.Internal.HttpsConnectionMiddleware.InnerOnConnectionAsync(ConnectionContext context)
at Microsoft.AspNetCore.Server.Kestrel.Core.Internal.Infrastructure.KestrelConnection.ExecuteAsync()
fail: Microsoft.AspNetCore.Server.Kestrel[0]
Unexpected exception in TimingPipeFlusher.FlushAsync.
System.IO.IOException: The encryption operation failed, see inner exception.
---> Interop+OpenSsl+SslException: Operation failed with error - 5.
--- End of inner exception stack trace ---
at System.Net.Security.SslStream.WriteAsyncInternal[TWriteAdapter](TWriteAdapter writeAdapter, ReadOnlyMemory`1 buffer)
at System.IO.Pipelines.StreamPipeWriter.FlushAsyncInternal(CancellationToken cancellationToken)
at Microsoft.AspNetCore.Server.Kestrel.Core.Internal.Infrastructure.PipeWriterHelpers.ConcurrentPipeWriter.FlushAsyncAwaited(ValueTask`1 flushTask, CancellationToken cancellationToken)
at Microsoft.AspNetCore.Server.Kestrel.Core.Internal.Infrastructure.PipeWriterHelpers.TimingPipeFlusher.TimeFlushAsyncAwaited(ValueTask`1 pipeFlushTask, MinDataRate minRate, IHttpOutputAborter outputAborter, CancellationToken cancellationToken)
fail: Microsoft.AspNetCore.Server.Kestrel[0]
Unhandled exception while processing 0HM7VMAI2H7DP.
System.IO.IOException: The encryption operation failed, see inner exception.
---> Interop+OpenSsl+SslException: Operation failed with error - 5.
--- End of inner exception stack trace ---
at System.Net.Security.SslStream.WriteAsyncInternal[TWriteAdapter](TWriteAdapter writeAdapter, ReadOnlyMemory`1 buffer)
at System.IO.Pipelines.StreamPipeWriter.FlushAsyncInternal(CancellationToken cancellationToken)
at System.IO.Pipelines.StreamPipeWriter.CompleteAsync(Exception exception)
at Microsoft.AspNetCore.Server.Kestrel.Core.Internal.DuplexPipeStreamAdapter`1.DisposeAsync()
at Microsoft.AspNetCore.Server.Kestrel.Https.Internal.HttpsConnectionMiddleware.InnerOnConnectionAsync(ConnectionContext context)
at Microsoft.AspNetCore.Server.Kestrel.Https.Internal.HttpsConnectionMiddleware.InnerOnConnectionAsync(ConnectionContext context)
at Microsoft.AspNetCore.Server.Kestrel.Core.Internal.Infrastructure.KestrelConnection.ExecuteAsync()
Note that the covenant webpage loads, I can create a user, and covenant seems to be functional.
So it's possible that all of those warnings and errors are harmless and expected.