Are there any windows firewalls out there that can be configured, per application, to only allow network connectivity while the application has an open window (i.e. is not running in the background.) For instance, when steam is running in the background, it constantly communicates with the steam store (my DNS server revealed this). I'd like to block this, but allow it when I open the application.
Related
Use case is web service intended to run as an appliance on a headless Raspberry Pi. OS: Raspbian (Debian).
The web service is running under a non-root service account, using a custom-rolled Boost Beast-based web server (avoid!).
What I want to do: provide a button in the web interface, running in a remote user's browser that allows the system to be shut down or rebooted.
What I've tried so far ... (C/C++)
system("/usr/sbin/shutdown -P now"); // (or -r for reboot)
Fails with the messages:
... [3460]: Failed to set wall message, ignoring: Interactive authentication required.
... [3460]: Failed to power off system via logind: Interactive authentication required.
... [3460]: Failed to open initctl fifo: Permission denied
... [3460]: Failed to talk to init daemon.
I also tried creating a wrapper executable that has been SUID-ed to root, that in turn calls system("/usr/sbin/shutdown ...") with identical results. So even with root credentials, shutdown fails. (Also tried /sbin/reboot, which also fails).
The service in question is written in c++, and services a web socket. The web client app sends a web socket request to shut down the system; and the shutdown is performed in the C++ server code. Everything works fine when the server is started in an interactive session; but it does not work when running in a systemd service.
The web server itself is running as a systemd service using a system account (so no login credentials, and I really do not want login credentials for the service account).
I'm perfectly willing to reconfigure the system, or create a service specifically for this purpose if necessary, and to do what I can to address security issues. But I have no clue as to what the path forward is. The issue is particularly pressing because there's no shutdown button on an out-of-the-box Raspberry Pi (although I do plan to address that for my own Pi). The fact that one CAN install a shutdown button on a Raspberry Pi means there must be some what to do it.
Ideally, I'd like to leave the R-Pi in a state that's usable for other purposes. So a no-password boot into a shell isn't an attractive option. I don't think. And rsh-based solutions are unattractive because they would require the appliance to have a preinstalled login account, with pre-installed credentials (and we all know how THAT goes).
I solved the same issue by creating a C++ daemon, running as root, and listening ONLY on local host TCP port, in charge to shutdown the system when contacted by the web service.
Edit: Use https://man7.org/linux/man-pages/man2/reboot.2.html to shutdown the OS.
I have a remote machine that runs Ubuntu 14.04. It is powered on, but not logged into. I am writing a web application using Node.js that takes a username and password and logs in to this machine. This application is supposed to run on an Android tablet. I am not going to send further commands through the terminal, so I don't really require the session, but just logging in so that the remote machine starts running some processes.
I'm having trouble on how to start coding this. I'm not sure about what Node module to use, and whether or not to use the SSH protocol.
I've gone through a couple of solutions to related questions on the internet, but they either don't work on Android, or need the remote machine to be running some server already(which is not the case here, as the machine is not logged into).
I have a node.js website running on my Ubuntu VM. I can access it both from the host and the VM. But if I try http://192.168.10.120:80, from an external device connected to the same network over WiFi, it doesn't work.
What I need to do to make the web site accessible to external devices on the same local network?
I've been googling this for days, and still can't find an answer...
If the host is Windows, there's two things you'll have to do. One is setting up port forwarding in your VM settings. If you're using Virtual Box check this out. Also, depending on your internal networking setup, you may need to allow inbound connections to port 80 through Windows Firewall. Check out this article from Microsoft. The process hasn't really changed since Windows 7 so it should be the same on 8 or 10.
As a side note, security through obscurity sucks but I still wouldn't recommend using port 80.
I am using an android app that streams real-time accelerometer data to the specified ip address of a server. I have written a "server" in C running on Linux which is running in VMware.
I am connected to the hotspot created by the Windows7(Host machine) running the VMware Workstation.
So my question is how do I connect the virtual-machine to same network as the hotspot so that I can get the phone and the "server" program on the same network and stream data to the server program?
I use VirtualBox, but I'm guessing the settings are very similar in VMWare Workstation.
You probably need to do one or both of these things:
1) Port Forwarding. If your app is hitting port 80 (or whatever port), you'll need to tell VMWare that any hits coming in to the host machine on that port get forwarded to the VM. Of course, your VM will have to be listening on that port. I'd suggest using a high port number (over 1024) to minimize conflicts, and avoid annoying root/admin issues using a low port number.
2) Hopefully that gets you there. If not, you may need to change the virtual adapter settings on the VM. NAT mode is a good first try. If not, there are other modes (bridged, internal, host-only) you can tinker with. (Not sure if VMWare uses different names)
That's probably all you need for the topology you describe -- Android device connected directly to the same subnet as the host machine. If not, perhaps your hotspot routes all client traffic to the gateway (i.e. out to the Internet), without allowing direct access to localhost. If so, maybe there are settings for that. If not, ngrok is your new best friend.
It is SUPER easy and allows you to tunnel traffic from anywhere on the Internet to a specific service running on your machine. This would sidestep some of the issues above.
If you want to take your Android device to another network (e.g. cell network), then ngrok is absolutely the way to go, particularly for development and prototyping. This lets you avoid issues with DNS, routing, firewalls, etc.
I am working on a project and am attempting to run a FTP daemon on an azure vm running the Technical Preview 2. The Daemon reports that it is behind a NATed router, and as such I can not connect in via another means but the remote desktop connection. (I will be running other daemons on this server as well, and they also have this problem)
I need some way to access this router that my Azure server is behind to configure it to allow for the range of ports that i need to access.
The fine folks at MVA instructed me to ask here, so here I am.
I think you just need to open the port (endpoint setting in the portal) to the virtual machine, so check this article out.
Also, make sure the local firewall isn't blocking that ftp port... I'm pretty sure it's off by default.