Imperva Cyber Community

 View Only
  • 1.  Logsdownloader.py pkcs decoding error

    Posted 01-20-2022 05:09
    I have been working through configuration of the logsdownloader.py from GitHub - imperva/incapsula-logs-downloader: A Python script for downloading log files from Incapsula. I've troubleshot about as much as I can, and believe I am entering the "I have missed some very minor tweak OR I have missed some fundamentally simple tweak, but can't seem to see it" territory:

    • Python 3.6.8
    • RHEL 8
    • Requirements already installed:
      • pycrypto
      • m2crypto
      • urllib3
      • Though there were a lot of requirements for the requirements...
    • Private/public key pair generated and uploaded per Imperva Documentation Portal
    • Edited line 285 of LogsDownloader.py to include UTF-8 encoding to fix one error about "must be in str, not bytes"
      • This error also appears from line 237, have not made any further edits yet though.
    • Logs1 CA has been configured to clear out cert errors

    2022-01-18 13:31:41,471 ERROR Error while trying to decrypt the file XXXX_XXXXX.log: pkcs decoding error
    2022-01-18 13:31:41,472 INFO Saving file XXXX_XXXXX..log locally to the 'fail' folder Error while trying to decrypt the fileXXXX_XXXXX..log Traceback (most recent call last):
    File "LogsDownloader.py", line 325, in decrypt_file
    content_decrypted_sym_key = rsa_private_key.private_decrypt(base64.b64decode(bytes(content_encrypted_sym_key, 'utf-8')), M2Crypto.RSA.pkcs1_padding)
    File "/usr/local/lib64/python3.6/site-packages/M2Crypto/RSA.py", line 83, in private_decrypt
    return m2.rsa_private_decrypt(self.rsa, data, padding)
    M2Crypto.RSA.RSAError: pkcs decoding error

    During handling of the above exception, another exception occurred:

    Traceback (most recent call last):
    File "LogsDownloader.py", line 224, in handle_file
    decrypted_file = self.decrypt_file(result[1], logfile)
    File "LogsDownloader.py", line 334, in decrypt_file
    raise Exception("Error while trying to decrypt the file" + filename)
    Exception: Error while trying to decrypt the fileXXX_XXXXX.log

    2022-01-18 13:31:41,472 ERROR Failed to downloading index file and starting to download all the log files in it - write() argument must be str, not bytes, Traceback (most recent call last):
    File "LogsDownloader.py", line 325, in decrypt_file
    content_decrypted_sym_key = rsa_private_key.private_decrypt(base64.b64decode(bytes(content_encrypted_sym_key, 'utf-8')), M2Crypto.RSA.pkcs1_padding)
    File "/usr/local/lib64/python3.6/site-packages/M2Crypto/RSA.py", line 83, in private_decrypt
    return m2.rsa_private_decrypt(self.rsa, data, padding)
    M2Crypto.RSA.RSAError: pkcs decoding error

    During handling of the above exception, another exception occurred:

    Traceback (most recent call last):
    File "LogsDownloader.py", line 224, in handle_file
    decrypted_file = self.decrypt_file(result[1], logfile)
    File "LogsDownloader.py", line 334, in decrypt_file
    raise Exception("Error while trying to decrypt the file" + filename)
    Exception: Error while trying to decrypt the fileXXXX_XXXXX..log

    During handling of the above exception, another exception occurred:

    Traceback (most recent call last):
    File "LogsDownloader.py", line 131, in get_log_files
    self.first_time_scan()
    File "LogsDownloader.py", line 200, in first_time_scan
    success = self.handle_file(log_file_name)
    File "LogsDownloader.py", line 237, in handle_file
    file.write(result[1])
    TypeError: write() argument must be str, not bytes

    #CloudWAF(formerlyIncapsula)

    ------------------------------
    Jesse Mercer
    ------------------------------


  • 2.  RE: Logsdownloader.py pkcs decoding error

    Posted 02-16-2022 08:00

    Hello Jesse,

    I am having the same issue. Did you manage to solve it?

    Kind regards,
    Javier



    ------------------------------
    Javier Ramon Moreno
    Security Engineer
    Sabadell
    ------------------------------



  • 3.  RE: Logsdownloader.py pkcs decoding error

    Posted 02-16-2022 08:10

    Hi Jesse,

    I just fixed it. Too many settings were enabled on my Setting.config file, keep it simple.

    This was helpful: https://xmlisse.wordpress.com/2020/07/23/retrieve-incapsula-logs-issues-and-tricks/

    Kind regards,
    Javier



    ------------------------------
    Javier Ramon Moreno
    Security Engineer
    Sabadell
    ------------------------------



  • 4.  RE: Logsdownloader.py pkcs decoding error

    Posted 03-09-2022 14:29

    That was the page I followed too, no cruft in the .config file.

    I've checked the keys in /configuration and I know I using a proper private/public key pair, and I am still getting


    2022-03-09 10:11:23,515 ERROR Failed to downloading index file and starting to download all the log files in it - write() argument must be str, not bytes, Traceback (most recent call last):
    File "LogsDownloader.py", line 325, in decrypt_file
    content_decrypted_sym_key = rsa_private_key.private_decrypt(base64.b64decode(bytes(content_encrypted_sym_key, 'utf-8')), M2Crypto.RSA.pkcs1_padding)
    File "/usr/local/lib64/python3.6/site-packages/M2Crypto/RSA.py", line 83, in private_decrypt
    return m2.rsa_private_decrypt(self.rsa, data, padding)
    M2Crypto.RSA.RSAError: pkcs decoding error



    ------------------------------
    Jesse Mercer
    ------------------------------



  • 5.  RE: Logsdownloader.py pkcs decoding error

    Posted 03-09-2022 15:48

    Private key was ASCII, saved it as UTF-8 and got rid of that error message, now


    File "LogsDownloader.py", line 324, in decrypt_file
    rsa_private_key = M2Crypto.RSA.load_key_string(private_key)
    File "/usr/local/lib64/python3.6/site-packages/M2Crypto/RSA.py", line 417, in load_key_string
    return load_key_bio(bio, callback)
    File "/usr/local/lib64/python3.6/site-packages/M2Crypto/RSA.py", line 399, in load_key_bio
    rsa_error()
    File "/usr/local/lib64/python3.6/site-packages/M2Crypto/RSA.py", line 334, in rsa_error
    raise RSAError(Err.get_error_message())
    M2Crypto.RSA.RSAError: no start line 

    Though outside of being UTF-8 now, it cats exactly the same as before.



    ------------------------------
    Jesse Mercer
    ------------------------------