In the process of hacking around with dbus-monitor, I tried connecting to the Avahi daemon:
$ dbus-monitor --system \
"type='signal',interface='org.freedesktop.Avahi.Server',member='StateChanged'"
This will respond to changes in the state of the Avahi daemon.
$ sudo restart avahi-daemon
signal sender=org.freedesktop.DBus ->
dest=:1.315
serial=2
path=/org/freedesktop/DBus;
interface=org.freedesktop.DBus;
member=NameAcquired
string ":1.315"
signal sender=:1.318 ->
dest=(null destination)
serial=4
path=/;
interface=org.freedesktop.Avahi.Server;
member=StateChanged
int32 1
string "org.freedesktop.Avahi.Success"
signal sender=:1.318 ->
dest=(null destination)
serial=13
path=/;
interface=org.freedesktop.Avahi.Server;
member=StateChanged
int32 2
string "org.freedesktop.Avahi.Success"
However, I cannot browse services like this.
$ dbus-send --system --dest=org.freedesktop.Avahi --print-reply \
/ org.freedesktop.Avahi.Server.ServiceBrowserNew \
int32:-1 int32:-1 string:'_http._tcp' string:'local' uint32:0
method return sender=:1.345 ->
dest=:1.354
reply_serial=2
object path "/Client5/ServiceBrowser1"
$ dbus-monitor --system \
"type='signal',interface='org.freedesktop.Avahi.ServiceBrowser'"
As far as I understand, this should respond to new/removed http service
instances, but it does not.
Why?
Update:
Executing the equivalent of the above shell commands with the python and c APIs
worked as expected. However, they could not connect to a ServiceBrowser which I
had constructed using dbus-send and I could not use dbus-monitor to listen
to a ServiceBrowser they constructed.
At this point, my best guesses are:
Once the connection is closed (by the termination of the dbus-send command),
the ServiceBrowser I created is destroyed. However this does not explain why
dbus-monitor is unable to connect to a ServiceBrowser which is in active
communication with my python script.
The signals from the ServiceBrowser are emitted only to the connection which
instantiated them.
I believe the problem is caused by the dbus policy.
Try to change the avahi dbus policy in /etc/dbus-1/system.d/avahi-dbus.conf like this (remember to restart avahi daemon):
<busconfig>
<policy context="default">
<!-- All messages may be received by default -->
<allow receive_requested_reply="false" receive_type="method_call" eavesdrop="true"/>
<allow receive_requested_reply="false" receive_type="method_return" eavesdrop="true"/>
<allow receive_requested_reply="false" receive_type="error" eavesdrop="true"/>
<allow receive_requested_reply="false" receive_type="signal" eavesdrop="true"/>
<allow eavesdrop="true"/>
</policy>
<policy user="root">
<allow send_destination="*" eavesdrop="true"/>
<allow receive_sender="*" eavesdrop="true"/>
</policy>
</busconfig>
And use root privilege to run dbus-monitor:
sudo dbus-monitor --system \
"type='signal',interface='org.freedesktop.Avahi.ServiceBrowser'"
reference: http://blog.nutsfactory.net/2011/03/08/test-and-debug-dbus/
Related
I have tried to create my trace dbus daemon, needed to kio terminal autospawning routines. Problem is, I have got:
method call time=1666778936.233014 sender=:1.1 -> destination=org.kde.kio.appkinddetector.system_helper serial=2 path=/org/kde/framework/kio/console_systemdaemon; interface=org.kde.framework.kio.console_systemdaemon.mobj; member=registerProcess
uint32 32765
error time=1666778936.270515 sender=org.freedesktop.DBus -> destination=:1.1 error_name=org.freedesktop.DBus.Error.Spawn.PermissionsInvalid reply_serial=2
string "The permission of the setuid helper is not correct"
Config files are:
# cat /etc/dbus-1/system.d/org.kde.kio.appkinddetector.system_helper.conf
<!DOCTYPE busconfig PUBLIC
"-//freedesktop//DTD D-BUS Bus Configuration 1.0//EN"
"http://www.freedesktop.org/standards/dbus/1.0/busconfig.dtd">
<busconfig>
<policy user="root">
<allow own="org.kde.kio.appkinddetector.system_helper"/>
</policy>
<policy context="default">
<allow send_destination="org.kde.kio.appkinddetector.system_helper"
send_interface="org.kde.framework.kio.console_systemdaemon.mobj"/>
</policy>
</busconfig>
# cat /usr/share/dbus-1/system-services /org.kde.kio.appkinddetector.system_helper.service
[D-BUS Service]
Name=org.kde.kio.appkinddetector.system_helper
Exec=/kde/src/build/franework/kio/bin/kio-appkinddetector-systemservice
User=root
I think, there exist an configuration error, but I cannot figure out, where.
I work inside docker daemon, which OpenSUSE Tumbleweed installed. I also give high access/permission of host to container.
I an not very familiar with solr. I have installed solr successfully. It is using jetty webserver. My solr version is 4.10.3. It admin page is not protected by password. Anyone can access it. I want to apply a paaword on solr admin. How I will do it?
Enable authentication in solr admin running with solr 6.1 and jetty
Pre condition:
Solr version 6.1
Solr is running successfully in the system
Solr Admin running through jetty
Process:
1. Edit jetty.xml
Edit the file “server/etc/jetty.xml”
Add following before the Configure tag ends
<Call name="addBean">
<Arg>
<New class="org.eclipse.jetty.security.HashLoginService">
<Set name="name">Test Realm</Set>
<Set name="config"><SystemProperty name="jetty.home" default="."/>/etc/realm.properties</Set>
<Set name="refreshInterval">0</Set>
</New>
</Arg>
</Call>
2. Edit webdefault.xml
Edit the file “server/etc/webdefault.xml”
Add following before the web-app tag ends
<security-constraint>
<web-resource-collection>
<web-resource-name>Solr authenticated application</web-resource-name>
<url-pattern>/</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>core1-role</role-name>
</auth-constraint>
</security-constraint>
<login-config>
<auth-method>BASIC</auth-method>
<realm-name>Test Realm</realm-name>
</login-config>
Special Note:
Value used in the role-name tag need to be same used in “realm.properties” file
3. Create new file “realm.properties”
Create a file named “realm.properties” in the location “server/etc/” and put the below content
admin: admin123,core1-role
User Name: admin
Password: admin123
Role name: core1-role
(This need to be same as the name used in role-name tag in server/etc/webdefault.xml” file )
4. Final Step
Restart Solr server
Now access Solr in your browser http://localhost:8983/solr/
You will find the browser is asking for username and password. Enter the username and password.
For version below 5
If you are using solr-webapp then you need to modify web.xml file and add these lines:
<security-constraint>
<web-resource-collection>
<web-resource-name>Solr Lockdown</web-resource-name>
<url-pattern>/</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>solr_admin</role-name>
<role-name>admin</role-name>
</auth-constraint>
</security-constraint>
<login-config>
<auth-method>BASIC</auth-method>
<realm-name>Solr</realm-name>
</login-config>
For Jetty server, you need to add below lines in /example/etc/webdefault.xml
<security-constraint>
<web-resource-collection>
<web-resource-name>Solr authenticated application</web-resource-name>
<url-pattern>/</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>**admin-role**</role-name>
</auth-constraint>
</security-constraint>
<login-config>
<auth-method>BASIC</auth-method>
<realm-name>Test Realm</realm-name>
</login-config>
Update /example/etc/jetty.xml file
<Call name="addBean">
<Arg>
<New class="org.eclipse.jetty.security.HashLoginService">
<Set name="name">Test Realm</Set>
<Set name="config"><SystemProperty name="jetty.home" default="."/>/etc/realm.properties</Set>
<Set name="refreshInterval">0</Set>
</New>
</Arg>
</Call>
/example/etc/realm.properties :
admin: s3cr3t, admin-role
Username = admin
password = s3cr3t.
Role name = admin-role
Solr version 5+
In latest Solr version folder structure got changed. You will find all files in below folder-path.
{SOLR_HOME}/server/etc/jetty.xml
{SOLR_HOME}/server/etc/webdefault.xml
Create new credential file at {SOLR_HOME}/server/etc/realm.properties:
admin: s3cr3t, admin-role
For more info you can help solr wiki docs
If you are using tomcat,
Open [Tomcat install dir]\tomcat-users.xml for editing.
Add the following lines within the <tomcat-user> element and save the changes (using your own username and password):
<role rolename="solr_admin"/><user username="your_username" password="your_password" roles="solr_admin"/>
Open Tomcat install dir\webapps\solr\WEB-INF\web.xml for editing.
"solr" in the path is the name of the instance you want to secure. Typically this is "solr," but may be different if you are running an advanced setup.
Add the following lines within the <web-app> element:
<security-constraint>
<web-resource-collection>
<web-resource-name>Solr Lockdown</web-resource-name>
<url-pattern>/</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>solr_admin</role-name>
<role-name>admin</role-name>
</auth-constraint>
</security-constraint>
<login-config>
<auth-method>BASIC</auth-method>
<realm-name>Solr</realm-name></login-config>
Save the changes and restart Tomcat. Test your changes by starting a new browser session and navigating to your site, for ex. http://localhost:8080/solr/ You should be prompted for credentials.
If your Tomcat install dir tomcat-users.xml file is being modified then
go to tomcat-users.xml file under Servers in Project Explorer and add your changes there.
As setting a password to Solr is a pain in the ass (sorry, but some time you have to name it as it is) I propose an other solution: Restrict access to it using iptables.
If you install Apache Solr Server usually the Server will listen on Port 8983. Hence the servers admin interface will be available under:
http://YOUR_SERVERS_IP:8983/solr/
So we can restrict connections to port 8983 as follows:
iptables -A INPUT -p tcp -s localhost --dport 8983 -j ACCEPT
iptables -A INPUT -p tcp -s YOUR_SERVERS_IP --dport 8983 -j ACCEPT
iptables -A INPUT -p tcp --dport 8983 -j DROP
This will accept all requests from localhost (first line) and from the server's IP itself (second line), but drop all other connections (last line). The second line is not necessary but helps us to find easy access to Solr's admin interface. To access the admin interface form a local machine, we have to forward all connections to the server at first. The easiest way to do this, is using sshuttle (lazy mans VPN):
sshuttle --dns -r root#YOUR_SERVERS_IP 0/0
Performing this command on the local machine, from where we want to access the admin interface.
An other option is, to use ssh tunnelling with the open ssh client:
ssh -D 1080 root#YOUR_SERVERS_IP
Set up a socks proxy in your browser to port 1080.
I'm dealing with Solr v.4.10 too and this is really annoyingly hard. None of the so-called "solutions" works for me. I ended up installing Nginx on my Ubuntu box and proxy the :8983 port to docker, where password is required by Nginx. This works for me.
I have just to inform what was solution in my case. Actually my website was written in ajax that's why by setting passowrd also protect my website. So its not the solution in case where solr has to be used by open internet. So its best solution as guided by solr wiki is to use proxies like node.js, nginex etc. as given here
Using node.js proxy and applying iptable rules ( as guided above) solve my problem.
When I am running solr with runjetty in eclipse ,I am getting an exception(IlleagalStateException) and port no:8080 already in use?
Can anyone help me on this?
in your solr installation folders, search for "example/etc/jetty.xml"
this is the relevant part you're looking for:
<Set name="port">
<SystemProperty name="jetty.port" default="8080"/>
</Set>
change the "default" value as you like (unused port)
or launch jetty adding
-Djetty.port=11111
from the command line (1111 is just a random number, you choose again the one you need)
This means that there is a java service which is using the port, go to task manager and process and kill any javaw process that is running currently ...
Hope that might fix.
change you apache tomcat port to some other port and try again...
Please set port value in server.xml file
Its path is like,
Tomcat-installation-dir\conf\server.xml
Search tag like this,
<!-- Define a non-SSL HTTP/1.1 Connector on port 8080 -->
<Connector port="8080" maxHttpHeaderSize="8192"
maxThreads="150" minSpareThreads="25" maxSpareThreads="75"
enableLookups="false" redirectPort="8443" acceptCount="100"
connectionTimeout="20000" disableUploadTimeout="true" />
Change the port number to any other number like 9090 for example, and after changes it should look like this,
<!-- Define a non-SSL HTTP/1.1 Connector on port 9090 -->
<Connector port="9090" maxHttpHeaderSize="8192"
maxThreads="150" minSpareThreads="25" maxSpareThreads="75"
enableLookups="false" redirectPort="8443" acceptCount="100"
connectionTimeout="20000" disableUploadTimeout="true" />
Dont change anything other than connector port,change only the value of port and save the file and now hit the url,
localhost:9090
Or use the port number which you have updated in the server.xml file.
localhost:port_in_server.xml
So if every thing goes fine it should open the tomcat home page....This will make sure that you have changed the tomcat's default port(i.e.8080)listen to 9090.
Shutdown the tomcat server at this point.
Now you stop and restart the jetty server and it will work for you with no issues..
Hope this helps....
I am using Tomcat 7.0.29 fronted with Apache 2.2.22 modproxy.
Configured Ajp as the protocol in httpd.conf and AjpNioProtocol in server.xml.
After the server starts, the logs are filled with the following message:
Severe: Invalid message received with signature 20599
com.apache.coyote.ajp.AjpMessage processHeader
There are no requests sent to the web or tomcat server and it still throws that error. Access logs in tomcat and apache show that no request is coming in.
What is causing the invalid message error?
Here is the configuration :
httpd.conf
ProxyPass /wl ajp:// ip : port /wl
ProxyPassReverse /wl ajp:// ip : port /wl
server.xml
<Connector port="port"
protocol="org.apache.coyote.ajp.AjpNioProtocol"
connectionTimeout="20000"
acceptorThreadCount="2"
maxThreads="1600"
redirectPort="8443" />
For me, the problem was simple. I was sending HTTP requests but the connector was configured with AJP protocol. My connector in server.xml was configured like this:
<Connector port="8009" protocol="AJP/1.3" redirectPort="8443"/>
But when I changed it to this:
<Connector port="8009" protocol="HTTP/1.1" redirectPort="8443"/>
The error went away.
Hopefully that will help someone with this error.
This may also happen when buffer sizes are not same at both ends: logs mention invalid AJP message and browser receive 400 error code.
I have fixed the situation with both packetSize on AJP connector and ProxyIOBufferSize in Apache2 configuration.
In Tomcat server.xml:
<Connector protocol="AJP/1.3" port="8009"
connectionTimeout="20000"
packetSize="65536"
proxyName="yourproxy.domain.ltd" proxyPort="80"
/>
In Apache2 mod_proxy_ajp configuration, add the statement ProxyIOBufferSize 65536.
It was found that one of the internal processes was calling that port and sending http requests causing the "Invalid message.." error. So I ended up adding an additional http Connector for those internal processes
There are no requests sent to the web or tomcat server and it still throws that error. Access logs in tomcat and apache show that no request is coming in. What is causing the invalid message error?
Just some hint for other people because I forgot the same in one of my configs by accident: The mentioned Connector in server.xml is listening globally, because only port is specified, without any address. The latter is defined to listen globally by default:
By default, this port will be used on all IP addresses associated with the server.
https://tomcat.apache.org/tomcat-7.0-doc/config/http.html
So without any additional firewall or such it might be that bad clients are simply testing for open ports using various protocols, which might or might not be HTTP and therefore resulting in error messages with different signatures. Without very good reasons, there shouldn't be any need to make AJP globally available, especially not in case of a proxy-setup like used by the thread starter.
<Connector address="localhost" port="port"
protocol="org.apache.coyote.ajp.AjpNioProtocol"
connectionTimeout="20000"
acceptorThreadCount="2"
maxThreads="1600"
redirectPort="8443" />
I got a similar message today:
Nov 18, 2016 4:25:00 PM org.apache.coyote.ajp.AjpMessage processHeader
SEVERE: Invalid message received with signature 65524
The root cause of my problem was that selinux wasn't letting apache connect to tomcat. I'm a little confused as to how this error was a result - I'd expect that there would be no connection, period. Best guess, i probably attempted to manually connect to that port with telnet. Doing that certainly gives a similar message.
Regardless, perhaps this selinux reminder will be helpful to someone else who ends up here.
I want to expose methods of my application on System bus using Qt Dbus in Qt Creator.
while using session bus ,the methods get exposed, but with system bus I am only able to see the Service name with which i registered but no methods to be exposed under it.(I am checking it in D-feet)
What should i do ?
You have to place your config file (e.g: example-dbus.conf) in /etc/dbus-1/system.d/
The example-dbus.conf file looks like:
<!DOCTYPE busconfig PUBLIC
"-//freedesktop//DTD D-BUS Bus Configuration 1.0//EN"
"http://www.freedesktop.org/standards/dbus/1.0/busconfig.dtd">
<busconfig>
<!-- Only root user can own the service -->
<policy user="root">
<allow own="com.company.qtdbus"/>
</policy>
<!-- Allow anyone to invoke methods on server, except SetHostName -->
<policy context="default">
<allow send_destination="com.company.qtdbus"/>
<allow receive_sender="com.company.qtdbus"/>
<deny send_destination="com.company.qtdbus"
send_interface="com.company.qtdbus.Server" send_member="SetHostName"/>
</policy>
<!-- Allow everything, including access to SetHostName -->
<policy user="root">
<allow send_destination="com.company.qtdbus"/>
<allow receive_sender="com.company.qtdbus"/>
</policy>
</busconfig>
Restart the dbus daemon with /etc/init.d/d-bus restart and now you should be allowed to connect to the system bus. In fact, if you not allowed to connect to the system bus, a error message will be shown.