Server information error?



  • I was also changing httpd settings and restarted it and php-fpm and I noticed that on the dashboard now under storage node disk usage it has no graph and says 0.00iB. Even if I set settings back to default and restart the web server (httpd/php-fpm) it still shows the same thing

    alt text
    alt text



  • Curl calls in themselves aren’t inherently insecure to my knowledge, they can be without validated input like you said. I just go with the practice of turning features off for securities sake rather than leaving it all on and running on default settings unless something we use needs to use it in which case I don’t mind turning it on unless there’s a huge security risk attached.

    TL;DR I just try to keep my systems locked down until areas need to be enabled for programs, instead of leaving everything default.


  • Senior Developer

    @Sebastian-Roth In particular, pdodb, mysql, ftp, etc… Can be FAR more damaging and dangerous especially if input is not validated.

    What makes these curl calls “inherently dangerous?” What makes them insecure? How do you expect systems to cross-communicate with one another if the mechanisms available are not enabled in your environment?


  • Developer

    @Karrade said in Server information error?:

    Hopefully whenever 2.0 is released it will go a ways towards letting us be more secure with our FOG deployments because FOG really is a godsend.

    We’ll definitely work towards more security in FOG 2.0 but don’t see why CURL calls should be omitted altogether. Why do you think they are dangerous? Sure they can be if input is not validated. But there are many more function just the same.



  • @Sebastian-Roth I figured it out. I tried to lock down the web-server a bit, and I assumed FOG didn’t use anything like curl_exec since it’s not listed on the wiki anywhere but it does so things like disable_functions=curl_exec,curl_multi_exec caused it to not load any information from the server at all as far as stats go.

    Hopefully whenever 2.0 is released it will go a ways towards letting us be more secure with our FOG deployments because FOG really is a godsend.


  • Developer

    @Karrade said in Server information error?:

    I was also changing httpd settings and restarted it and php-fpm

    What exactly did you change?

    Check the logs and post here (see my signature…).



  • @Tom-Elliott SELinux is already set to Permissive so it just gives warnings.



  • This post is deleted!

  • Senior Developer

    Please try:
    setenforce 0

    Refresh the page.


Log in to reply
 

436
Online

6.2k
Users

13.6k
Topics

128.1k
Posts