I'm trying to get a mosquitto broker to allow websockets on port 1884. For that I have edited the standard mosquitto.conf as such:
# Place your local configuration in /etc/mosquitto/conf.d/
#
# A full description of the configuration file is at
# /usr/share/doc/mosquitto/examples/mosquitto.conf.example
persistence true
persistence_location /var/lib/mosquitto/
log_dest file /var/log/mosquitto/mosquitto.log
include_dir /etc/mosquitto/conf.d
listener 1883
allow_anonymous true
listener 1884
protocol websockets
allow_anonymous true
However that doesn't seem to work since when I start the broker, it says:
1652941249: mosquitto version 1.4.15 (build date Tue, 18 Jun 2019 11:42:22 -0300) starting
1652941249: Using default config.
1652941249: Opening ipv4 listen socket on port 1883.
1652941249: Opening ipv6 listen socket on port 1883.
I've already tried adding a custom .conf file in the conf.d file and have it included by the mosquitto.conf but without success.
I have also noticed that whenever I try using the -c-flag to specifiy which config to use, it seems to freeze before being able to start.
First Using default config. means that specific instance is not using the config file at all, it is using the build in defaults which as just to listen on port 1883.
Second, mosquitto doesn't have a default config file, you must always use the -c option to pass the path to the config file you want to run.
Given the config file provided, it's probably not freezing, you have just told it to write the logs to a file so there will be NO output on the command line. You need to tail the /var/log/mosquitto/mosquitto.log file to see the output (also there is a small bug in the logging code that means it only prints when the buffer has been filed so log entries may be delayed until enough has been written to the buffer).
And finally v1.4.x is VERY old, you should be running the v2.x version as it contains logs of bug/security fixes.
Related
installed TigerVNC on Centos 8.3 and tried to run it with vncserver Command but it is giving me this message "vncserver has been replaced by a systemd unit."
I have also followed the instruction from this file /usr/share/doc/tigervnc/HOWTO.md and created a vnc session. the session is accessible only on loopback ip of the machine.
Result of : netstat -tulpn Command:
tcp 0 0 127.0.0.1:5905 0.0.0.0:* LISTEN 2645/Xvnc
tcp6 0 0 ::1:5905 :::* LISTEN 2645/Xvnc
how can i change loopback ip of vnc session to machine ip.
Minhaj:
I ran into this today. TigerVNC has been changed with the version 8.x Fedora kernel. I dug a bit & found it is related to "an upstream decision." What this means in simple English is that the project team made a design decision. I personally agree with the design changes since it brings greater control and security to VCN than previous versions. This is not to suggest the actual VNC protocol is SSL enabled. You should still employ best practices like using firewalld to prevent access to VCN ports and using SSH tunneling to get to the console, etc.
To get started, you'll need to do a bit of simple configuration work as described in /usr/share/doc/tigervnc/HOWTO.md. Start by reading the instructions in the file.
All tasks must be run with root priv, so use the sudo utility for all of them.
TASK 1: At the simplest level, begin by opening the file /etc/tigervnc/vncserver.users
Create an entry for each user that will use the service. For example:
:1=hwojteczko
:2=esong
Note the digit preceding each user name. This is the VNC console number that will be assigned to each user. Save the file.
TASK 2: Inspect the /usr/share/xsessions file to confirm the type of desktop installed on the system. The default desktop is gnome, but there are others, so be mindful of this.
TASK 3: Next, you'll need to modify the Xvnc options file. Fortunately, there are some commented entries already left in place, which can be removed. Open the file /etc/tigervnc/vncserver-config-defaults, remove the comments as shown below, but also add the desktop to the session config within the stanza. This will not likely be there, so it is easy to miss this step. See example below:
securitytypes=vncauth,tlsvnc
desktop=sandbox
geometry=2000x1200
localhost
alwaysshared
session=gnome
TASK 4: As the user, set a VNC password using vncpasswd . This will be similar to what you are accustomed to with previous versions of TigerVNC, but it WILL NOT start TigerVNC.
IMPORTANT: For the next task, you must make sure that you, or the user, is not logged into a desktop session. For those like me who develop code on Linux, this is an easy way to get tripped up. This is not a concern if you are accessing a remote server.
TASK 5: Start the VNC Service for the correct user session. See below:
systemctl start vncserver#:1
You'll see there is no output to speak of. Use sysctl and check the status. It is best to wait about 10-15 seconds before doing so to ensure the startup does not fail.
systemctl status vncserver#:1
TASK 6: Now, you can check to see that port 5901 is open with nmap, as in:
nmap -PN localhost
Which should report something like:
PORT STATE SERVICE
22/tcp open ssh
80/tcp open http
111/tcp open rpcbind
631/tcp open ipp
5901/tcp open vnc-1
now you can ssh to the host and tunnel VNC traffic securely, such as:
ssh hwojteczko#172.16.129.5 -N -L localhost:5901:localhost:5901
TASK 7: When you are done, don't forget to shutdown TigerVCN using systemctl, as in:
systemctl stop vncserver#:1
Happy coding......
h
on my server (os : ubuntu 16) I have update my nginx configuration file by mastake then save and close the file , Is there away to get previous file before changes , hint: I havn't restart nginx on my server yet . I need help immediately
Depends on your version of nginx.
See here: dump conf from running nginx process
in any case, you can dump the original nginx config-file with gdb.
Also, if you edited the file with a gnome software, there's a chance the config file backup is still there, under "filename~" (note the tilde at the end).
Or you can get the old inode from /proc/pid/fd (Linux keeps old used files in memory, until all processes using them exited - since nginx still runs, the inode is still there - inode or index node is the id of the file on the file system).
I have installed Snort and Barnyard2 following this guide.
I was about to install BASE but it requires PHP5 and it's no longer supported. I have PHP7 installed and cannot downgrade it.
After a bit of lurking I decided to use Graylog2 to view the logs.
Snort is configured to log in unified2 format then barnyard2 reads that and saves it to MySQL database.
As far as I understood (not much) logging to MySQL is pointless without BASE and I need to forward the logs to Graylog.
Now, should I
1) Remove Barnyard and tell Snort to log in human-readable format (not very efficient?) then send the logs to Graylog
2a) Tell Barnyard to stop sending the logs to MySQL but forward them directly to Greylog
2b) Tell Barnyard to just translate unified2 and write the human-readable log to another file then send it to Graylog.
In any case, How?
Snort, Barnyard and Graylog are on the same machine.
So, I've come up with this but I would like an opinion from someone who knows more than me.
Remove this from barnyard2 config file (example - Line 258 to 296)
output database: log, mysql, user=snort password=************** dbname=snort host=localhost sensor_name=sensor01
and add the proper output for syslog
output alert_syslog
(OR output log_syslog_full: sensor_name whatever, server 127.0.0.1, protocol udp, port 514 ?)
Then in syslog config (graylog documentation, here)
*.* #graylog.example.org:514;RSYSLOG_SyslogProtocol23Format
You can also configure barnyard to log directly to your Graylog server. Instead of logging via syslog to localhost, you just create a new syslog input on your Graylog server and point the barnyard syslog output to that ip/port.
I'm trying to setup everyauth for my node app. Although I've reached a step that I have no idea how to accomplish.
It's asking to setup local.host as an alias for localhost, but it references some linux folders, I'm using windows.
Here's the exact instructions I'm stumped on.
Important - Some OAuth Providers do not allow callbacks to localhost, so you will need to create a localhost alias called local.host. Make sure you set up your /etc/hosts so that 127.0.0.1 is also associated with 'local.host'. So inside your /etc/hosts file, one of the lines will look like: '127.0.0.1 localhost local.host'
(source here)
How do you accomplish this on windows?
This can be done by editing you hosts file. Open notepad++ (or notepad) as admin. Then hit open, and select C:\Windows\System32\drivers\etc\hosts. You will see:
# Copyright (c) 1993-2006 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# ...
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host
127.0.0.1 localhost
::1 localhost
And add this line at the end:
127.0.0.1 local.host
Save and you're done
Regarding the answer (Add the entry to your HOSTS file)
This does not work entirely on Windows 10, Windows Server 2019. You CAN PING the new alias (ping local.host), but it you try to use it in windows explorer (\local.host), you get a login prompt that will always fail. Check the EVENT viewer and you will see:
Audit Failure ... A privileged service was called. . . .
C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe
Service Request Information: Privileges: SeTcbPrivilege
I've found no way around this.
So the answer is technically correct, but may not work in all cases.
I just installed the postgresql (as it says on postgresql), server is running like charm, no problem at all.
I just tried(want) to change the default port (5432) to (9898).
First I just tried to do it by postgresql.conf file under /var/lib/pgsql/data/postgresql.conf.
I just remove the comment for port related line, and change it as port=9898, but there is a comment saying overriding port here doesn't change anything for RHEL and deriven guys, it also says try to override the port config by service config file(cannot find it, where is it?).
I also change the postmaster.opts too (doesn't work the same).
Finally! how may I change the Postgresql 9.2.7 port number on CentOS 7?
Finally I found it, the service file is /lib/systemd/system/postgresql.service, I just change the following line.
Environment=PGPORT=9898
stop the service as
service postgresql stop
then reload the daemon services using this
systemctl daemon-reload
Finally start the postgresql using
service postgresql start
Now it's working like charm :D
Login to psql. Try
show config_file ;
That is the file you should change. Did you restart the server after changing the port?
You can also try the file under /etc/rc.d/init.d for PostgreSQL if it is running as a service.
From /lib/systemd/system/postgresql.service
# It's not recommended to modify this file in-place, because it will be
# overwritten during package upgrades. If you want to customize, the
# best way is to create a file "/etc/systemd/system/postgresql.service",
# containing
# .include /lib/systemd/system/postgresql.service
# ...make your changes here...
# For more info about custom unit files, see
# http://fedoraproject.org/wiki/Systemd#How_do_I_customize_a_unit_file.2F_add_a_custom_unit_file.3F
# For example, if you want to change the server's port number to 5433,
# create a file named "/etc/systemd/system/postgresql.service" containing:
# .include /lib/systemd/system/postgresql.service
# [Service]
# Environment=PGPORT=5433
# This will override the setting appearing below.
I think it is better to follow the steps above.
I am using Amazon EC2 instance with Amazon Linux AMI release ( A kind of CentOS it seems). I needed to change PGPORT variable in /etc/init.d/postgresql file and restart the postgresql service using 'service postgresql restart'. And it works!!
PGPORT=some_new_port # /etc/init.d/postgresql