Deploy.sh script not able to add user on Hive | Distributed Deployment | Digital Ocean

[Time2Rage]

First of all, hello to everyone.
I am currently setting up TPot for a project in university. We are supposed to run 2-3 Honeypots over the course of a month and analyse the attacks and traffic. I decided to set one up as a standalone, which works like a charm and two distributed sensors. My issue lies with the distributed version.

The Issue

I decided to set two sensors up distributed, to show the benefit of this solution concerning the persistence and resilience of the logs. And of course to get practice with more complex setups.
However I am not able to hook logstash up from the sensor to the hive using the deploy.sh script, due to a prompt for the sudo password.

Setup

Hive - Digital Ocean Droplet
- install successful
- dps.sh shows all relevant systems running cleanly
- no additional firewall rules

• Created a local user (hive1) in the sudo group which was then used in the install.sh script. It can log in on the web interface and is able to ssh into.
  Hive Sensor - Digital Ocean Droplet
  • install successful,
  • dps.sh shows all relevant systems running cleanly.
  • no additional firewall rules
• Same user setup as on the Hive

The deploy.sh problem

1. ssh into the Hive Sensor as root
2. run the deploy.sh script
3. provide Hive local hive1 username and password as well as IP of Hive

Diagnosis

• Running a pipe into a sudo command on Hive using Hive1 will always prompt for the password.
• visudo to disable the sudo password protection for this operation (yes I re-enable it afterwards) does not change this.
• The prompt in 4) is only an echo from the script I am not able to Ctrl+Shift+V the password and enter.
• After deploy.sh is finished the sensor will try to push logs to the Hive and get rejected, ending up in fail2ban

Am I doing something wrong or have a wrong understanding of the mechanics involved? Is it likely to be an issue with my Hive configuration? Any help at this point is highly appreciated.

Best regards,
Rene

[t3chn0m4g3]

This has been discussed in #1153, maybe you can solve it based on that discussion.