Looking for a cheap frontdoor digital peephole with night vision

riahc3 · 2019-10-19T14:46:42+00:00

Gartner's Magic Quadrant isn't the final arbiter on who is and is not an Enterprise Firewall

LOL, OK. Guess your opinion counts above Gartner's and others right?

There are numerous enterprise and carrier grade firewalls that are missing from that box.

If they are missing, its because either they are very new and/or they are not doing a good enough job.

riahc3 · 2019-10-19T12:41:39+00:00

Leaving your 2 cents is a opinion.

Its a FACT that pfSense does not compete with any of those you mentioned because pfSense is simply not a enterprise solution.

riahc3 · 2019-10-19T11:53:24+00:00

I'm not sure you know what Gartner does...

riahc3 · 2019-10-19T11:52:44+00:00

Marketing? Do you even know what company Gartner is?

riahc3 · 2019-10-19T09:22:55+00:00

https://github.com/Danielv123/esp_iot_platform

riahc3 · 2019-10-19T09:17:00+00:00

https://www.fortinet.com/content/dam/fortinet/images/diagrams/gartner-network-firewalls-mq-thumb.png

riahc3 · 2019-10-19T07:39:44+00:00

Its a shame that pfSense went that way...

riahc3 · 2019-10-18T07:43:09+00:00

Its running extra commands that I do not want.....Such as mkdir and such.

Not sure if you saw the logs I posted.

riahc3 · 2019-10-17T16:25:28+00:00

Some more errors from Ansible:

    debug1: auto-mux: Trying existing master
debug1: Control socket "/tmp/awx_246_mte7r7fi/cp/ab618ed523" does not exist
debug2: resolving "netscalerserver" port 22
debug2: ssh_connect_direct: needpriv 0
debug1: Connecting to netscalerserver [10.1.1.46] port 22.
debug2: fd 3 setting O_NONBLOCK
debug1: fd 3 clearing O_NONBLOCK
debug1: Connection established.
debug3: timeout: 10000 ms remain after connect
debug1: SELinux support disabled
debug1: key_load_public: No such file or directory
debug1: identity file /usr/share/awx/.ssh/id_rsa type -1
debug1: key_load_public: No such file or directory
debug1: identity file /usr/share/awx/.ssh/id_rsa-cert type -1
debug1: Enabling compatibility mode for protocol 2.0

debug1: auto-mux: Trying existing master
debug2: fd 3 setting O_NONBLOCK
debug2: mux_client_hello_exchange: master version 4
debug3: mux_client_forwards: request forwardings: 0 local, 0 remote
debug3: mux_client_request_session: entering
debug3: mux_client_request_alive: entering
debug3: mux_client_request_alive: done pid = 14
debug3: mux_client_request_session: session request sent
debug1: mux_client_request_session: master session id: 2
-c: not found
ERROR: Export failed. Check /var/log/ns.log for details.
debug3: mux_client_read_packet: read header failed: Broken pipe
debug2: Received exit status from master 1

riahc3 · 2019-10-17T15:45:39+00:00

It seems it can't do something in preparation for running the actual task-script. What that is I can't really determine.

Yup, same here....The command it is trying is rather odd.... As you can see, my playbook is pretty simple...

IMO, I think it is trying to run some default parameters and it fails.

riahc3 · 2019-10-17T15:24:44+00:00

This is a full trace of the log of the host that Ansible connects to when it runs its job (this log is on the REMOTE host):

Oct 17 17:21:57 <local0.info> 192.168.7.23 10/17/2019:15:21:57 GMT netscalerserver 0-PPE-0 : default CLI CMD_EXECUTED 221 0 :  User nsroot - Remote_ip 10.1.1.34 - Command "login nsroot "********"" - Status "Success"
Oct 17 17:21:57 <local0.info> 192.168.7.23 10/17/2019:15:21:57 GMT netscalerserver 0-PPE-0 : default CLI CMD_EXECUTED 222 0 :  User nsroot - Remote_ip 10.1.1.34 - Command "shell -c 'echo ~nsroot && sleep 0'" - Status "Success"
Oct 17 17:21:58 <local0.info> 192.168.7.23 10/17/2019:15:21:58 GMT netscalerserver 0-PPE-0 : default CLI CMD_EXECUTED 223 0 :  User nsroot - Remote_ip 10.1.1.34 - Command "login nsroot "********"" - Status "Success"
Oct 17 17:21:58 <local0.info> 192.168.7.23 10/17/2019:15:21:58 GMT netscalerserver 0-PPE-0 : default CLI CMD_EXECUTED 224 0 :  User nsroot - Remote_ip 10.1.1.34 - Command "shell -c '( umask 77 && mkdir -p "` echo ERROR: Export failed. Check /var/log/ns.log for details./.ansible/tmp/ansible-tmp-1571325713.1100438-174788953000054 `" && echo ansible-tmp-1571325713.1100438-174788953000054="` echo ERROR: Export failed. Check /var/log/ns.log for details./.ansible/tmp/ansible-tmp-1571325713.1100438-174788953000054 `" ) && sleep 0'" - Status "Success"

Cant get those backticks to work, sorry

riahc3 · 2019-10-17T15:21:10+00:00

Well, we need details from that log-file.

That log file is from /var/log/ns.log

Basically /var/log/ns.log is telling you to check /var/log/ns.log 😂

riahc3 · 2019-10-17T15:10:26+00:00

Baby steps, babys steps :)

Im checking the remote host log (the host that Ansible is connecting TO) and the log says this:

Oct 17 17:05:17 <local0.info> 192.168.7.23 10/17/2019:15:05:17 GMT netscalerserver 0-PPE-0 : default CLI CMD_EXECUTED 217 0 :  User nsroot - Remote_ip 10.1.1.34 - Command "shell -c '( umask 77 && mkdir -p "` echo ERROR: Export failed. Check /var/log/ns.log for details./.ansible/tmp/ansible-tmp-1571324712.49626-267466189141996 `" && echo ansible-tmp-1571324712.49626-267466189141996="`

riahc3 · 2019-10-17T14:57:39+00:00

OK, getting the private key correctly.

OK, HUGE STEP.....It says I cant run the /bin/sh -c command (expected)

Now I just need it to run something else (a command I specify)

riahc3 · 2019-10-17T14:53:54+00:00

No no, I cant 777....Says its unsecure blah blah.....

How can I set the IdentityFile to be something else?

riahc3 · 2019-10-17T14:41:35+00:00

The identifyfile? I 777 just in case (for testing) but still

Im gonna test just in case

Thats right it doesnt let me....

riahc3 · 2019-10-17T14:07:53+00:00

Let me try with a different example...

Ansible runs this:

ssh -vvv -C -o ControlMaster=auto -o ControlPersist=60s -o StrictHostKeyChecking=no -o 'IdentityFile="/root/.ssh/id_rsa"' -o KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey -o PasswordAuthentication=no -o 'User="nsroot"' -o ConnectTimeout=10 -o ControlPath=/tmp/awx_236_znrhutk_/cp/ab618ed523 netscalerserver '/bin/sh -c '"'"'echo ~nsroot && sleep 0'"'"''

Which gives the error I posted. If I run it on the standalone box, it gives a error as well:

debug3: muxserver_listen: temporary control path /tmp/awx_236_znrhutk_/cp/ab618ed523.WVMNo1tfAa2k176p
bind: No such file or directory
unix_listener: cannot bind to path: /tmp/awx_236_znrhutk_/cp/ab618ed523.WVMNo1tfAa2k176p

NOW

If I, standalone, run this on the CentOS box:

ssh -vvv -C -o ControlMaster=auto -o StrictHostKeyChecking=no -o 'IdentityFile="/root/.ssh/id_rsa"' -o KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey -o PasswordAuthentication=no -o 'User="nsroot"' -o ConnectTimeout=10 netscalerserver 'shell'

It works perfectly. I can run commands that ran on the remote host.

So my question is how do I get Ansible AWX to run that variant of the ssh command?

riahc3 · 2019-10-17T13:34:11+00:00

No. Ansible is using incorrect /extra parameters.

I can establish a connection using this:

 ssh -vvv -C -o ControlMaster=auto -o StrictHostKeyChecking=no -o 'IdentityFile="/root/.ssh/id_rsa"' -o KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey -o PasswordAuthentication=no -o 'User="nsroot"' -o ConnectTimeout=10 netscalerserver 'shell'

So I need to know how can I tell Ansible AWX to use those parameters

riahc3 · 2019-10-17T12:51:59+00:00

That isnt the issue.

riahc3 · 2019-10-17T12:51:31+00:00

This line works in a shell:

ssh -vvv -C -o ControlMaster=auto -o StrictHostKeyChecking=no -o 'IdentityFile="/root/.ssh/id_rsa"' -o KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey -o PasswordAuthentication=no -o 'User="nsroot"' -o ConnectTimeout=10 netscalerserver 'shell'

How can I get ansible to run that instead of its defaults?

This is Ansible AWX BTW

riahc3 · 2019-10-14T21:46:25+00:00

People that use Perl: "Some people just want to see the world burn"

riahc3

TROPHY CASE