I'm working on an apache module that can check the libipset API to test if an IP is in a list. This is being used as a backup firewall for proxied connections.
I've managed to get everything working up until the C script calls type = ipset_type_get(session, cmd);. After testing, I believe the main problem is that libipset requires higher permissions. I'm not getting a permission error, just a null value. However, when I run the C script directly using apache as the user, I can get it to work when I grant sudo privileges to apache for the script.
I've tried 1 and 2 in the answers here and they've both failed. Is there any other way to force root for the ipset API call?
This action might need cap_net_admin.
If using systemd to control the process, you can add it like this:
[Service]
...
CapabilityBoundingSet=CAP_NET_ADMIN
Another approach would be to set the binary executable's capabilities.
setcap cap_net_admin=ep /usr/sbin/apache2
If using apparmour, you coould instead set up a profile for apache and include the line
capability net_admin,
in the file ( /etc/apparmor.d/usr.sbin.apache2 )
( see here : https://serverfault.com/questions/932410/enabling-apparmor-for-apache2-in-ubuntu-18-04 )
Related
I have the latest version of thruk installed with naemon and livestatus. I want to be able to post commands from a python script to cmd.cgi from the same server without the interference of authentication. I have tried the settings of:
use_authentication=0
default_user_name=thrukadmin
but it doesn't seem to work in the thruk gui. When trying to post to the cgi from the thruk gui I get the error, "I'm sorry Dave......"
Any thoughts on why this not working right? The apache server on that system uses ldap to authenticate to the gui, could this be an issue?
Other thoughts?
It's much easier, you don't even need Thruk in the middle. You can simply write to Naemons command_file.
The external command list at https://www.naemon.org/documentation/developer/externalcommands/ contains an example for every possible command.
Here is a shell snippet which schedules a host downtime:
printf "[%lu] SCHEDULE_HOST_DOWNTIME;host1;1478648441;1478638441;1;0;3600;naemonadmin;This is an example comment.\n" `date +%s` > /var/lib/naemon/naemon.cmd
When using Thruk, you can use thruks cli script to send commands:
thruk r -d comment_data=test /hosts/localhost/cmd/schedule_host_downtime
Authentication is only required if you want to send commands by HTTP.
I am using the below command in jenkins to deploy the api proxies to apigee edge.
apigeetool deployproxy -u abc -o nonprod -e dev -n poc-jenkins1 -p xyz
But am getting the below error.
Error: Path /poc-deployment-automation conflicts with existing deployment path for revision 1 of the APIProxy poc-deploy-automation in organization nonprod, environment dev
Here is my requirement , please help me what command to use.
If API doesn’t exist in target environment, Create Api in new environment with version 1.
If API already exist in target environment, Create Api in new environment with new version (previous version + 1)
So what command should we use to fix the above error and what should we use to do the above 2 tasks.
Help Appreciated.
The apigeetool deployproxy command supports by default your requirements. It deploys the revision 1 if there is no proxy with the name, and increases the revision if it already exists.
However, based on the error you mentioned, it seems that you have a path conflict between two proxies. You are trying to deploy a proxy to a /poc-deployment-automation basepath, but there is another proxy called poc-deploy-automation which is listening on the same basepath. It is not possible, even if the proxy name is different, because the basepath is what apigee uses to redirect traffic to your proxy.
Check the xml file at the root of your proxy and change the basepath attribute.
Also, the basepath of an API Proxy can be anything, but could not be the same used at the same time by two proxies--only one can be deployed at time. The revision numbers are irrelevant in this situation.
I am using puppet module "Biemond orawls" orawls to install and orchestrate weblogic server, in orawls for successful configuration change puppet returns
exit code and i restart the weblogic server for every successful "Change" to update the changed configuration which is not good every time, because during changing anything in weblogic from weblogic admin console we get the indication that server restart required which is only applicable for particular selected attribute or resource changes, and orawls do not give any option to get status of restart required like WLST, so i want to use WLST command isRestartRequired([attributeName]) during every edit session inside orawls code which will tell me if restart is required or not instead of restarting server for every successful change in weblogic server and i want this status to be returned from orawls to puppet apply command.
i am using puppet apply command to change any weblogic server resources like -
apply -e 'include amd_wls_cluster' ${PUPPET_COMMON_OPTS} ${IS_NOOP}
which returns few specific code like - Puppet apply exit code
--detailed-exitcodes: Provide extra information about the run via exit codes. If enabled, 'puppet apply' will use the following exit codes:
0: The run succeeded with no changes or failures; the system was already in the desired state.
1: The run failed.
2: The run succeeded, and some resources were changed.
4: The run succeeded, and some resources failed.
6: The run succeeded, and included both changes and failures.
Here i want to add my own custom status code may be 7 if WLST isRestartRequired([attributeName]) return true
i tried searching a lot but could not find anything, is this possible to return custom exit code from biemond orawls to puppet.
or is there any such option which i can use to identify if server restart is required using puppet's biemond orawls module.
Thank you in advance.
i tried searching a lot but could not find anything, is this possible
to return custom exit code from biemond orawls to puppet.
No, Puppet does not provide a mechanism for customizing its exit codes. There is no hook exposed to modules that could provide for this.
or is there any such option which i can use to identify if server
restart is required using puppet's biemond orawls module.
As I wrote in comments, the usual pattern is to let Puppet manage the service restart (or even a server restart, though I don't see why that would be necessary). It's unclear exactly how that would look with orawls, which appears to have a ridiculously large public interface, but it looks like the docs contain several example configurations, and I would hope to see such a thing in at least one of those.
Alternatively, the Puppet agent can be configured (and in some versions is configured by default) to send reports describing each run to (typically) the master. The master can then be configured to process these via a user-provided processing module. These reports contain information about exactly which resources were changed, so you could surely use them to decide remotely whether to restart services / servers.
Seems like archiva 2.2 is completely ignoring Security properties
I am following this document:
I have set up the security.properties file under
D:\Apache\Archiva-2.2.0\conf
When I am setting a new password for a user in Archiva UI I am still getting:
You must provide a password containing at least 1 numeric character(s).
security.properties content:
# Security Policies
#security.policy.password.encoder=
security.policy.password.previous.count=9999
security.policy.password.expiration.days=99999
security.policy.password.expiration.enabled=false
security.policy.allowed.login.attempt=3
# Password Rules
security.policy.password.rule.alphanumeric.enabled=false
security.policy.password.rule.alphacount.enabled=false
security.policy.password.rule.alphacount.minimum=0
security.policy.password.rule.characterlength.enabled=true
security.policy.password.rule.characterlength.minimum=3
security.policy.password.rule.characterlength.maximum=0
security.policy.password.rule.musthave.enabled=false
security.policy.password.rule.numericalcount.enabled=false
security.policy.password.rule.numericalcount.minimum=0
security.policy.password.rule.reuse.enabled=false
security.policy.password.rule.nowhitespace.enabled=true
Stop her running and make a backup of your conf/archiva.xml file.
example:
service archiva stop
cp archiva.xml archiva.xml.orig
Edit the config values you want to modify within the main XML configuration file: conf/archiva.xml
Changing the numeric character count:
<numericalcount>
<minimum>0</minimum>
<enabled>false</enabled>
</numericalcount>
Changing the password expiration limit:
<expiration>
<enabled>false</enabled>
<days>999999</days>
</expiration>
These values should already be in your config file (they were in mine). Perhaps they were copied there after my unsuccessful attempts to configure them through the web UI.
Additionally, prevent any user caching behaviour while you're making changes:
<useUsersCache>false</useUsersCache>
Start her up again:
service archiva start
I found a workaround...
stop Archiva
Open the Archiva DB using squirrel sql
Go to SA/JDOUSER table
Column LAST_PASSWORD_CHANGE
Right click to make editable
Modify the value to 10 years from now...
Restart Archiva
Get your 10 years of quiet....
For some reason I cannot start RabbitMQ anymore after it crashed.
I am getting the following error:
erlexec: HOME must be set
I've tried to export my home to /home/ubuntu but still getting the same error.
Any ideas?
I'm assuming that you are trying to start rabbitmq with something like service start rabbitmq-server. If so, the service command strips out environment variables. So you will need to either define it in your start up script or in a config file for your startup script (see https://unix.stackexchange.com/a/44378).
Additionally, I believe the rabbitmq home directory is actually /var/lib/rabbitmq/.
I have found suitable solution for myself. You can run epmd service before RabbitMQ server. This is fixing issue with HOME variable and others.
erlexec needs the environment variable HOME to be set in order to place a cookie (that contains a string). If HOME was for some reason unset in the environment that you are running rabbitmq (or rabbitmqctl) in, then you will get this error.
Try to check if HOME is defined by typing:
$ env
to get the list of defined environments. If it was not defined try to define it with
$ export HOME=/var/lib/rabbitmq
If you are using python3 and tox, note that tox by default does not pass current environment variable to the test environment. You will have to add the following to tox.ini
setdev =
HOME=/var/lib/rabbitmq
Just wanted to mention it because it gave me a headache the entire day today and I finally understood what was the issue and I though I should share this hint.