RE: Multicast stuck at partclone page

@mashina Pick a class D IP address (except 224.0. 1.1) and put in it multicast address from your last screenshot to see if it helps.

@rtarr I had to renew my cert. Recompiled iPXE binary with error and chainload failed during PXE boot. Adding that line and recompiling worked without error. Thank you!

Hello all,

Happy holidays!

We are on latest released FOG 1.5.10. I upgraded from PHP 7.4 to 8.1 and 8.2. I’m getting HTTP ERROR 500 for both versions when logging with LDAP or any unknown accounts that are not listed under “User Management”. I re-ran the installation but it didn’t help. Would anyone be able to assist?

Thank you!

Hello all,

Our security team has asked us to enable SSO and use DUO for authentication through web and accessing FOS menu. We are on version 1.5.9 and only LDAP is available. With the released of version 1.5.10, can we SSO or is there away to use SSO with 1.5.9?

Thank you!

Thank you all for your help. I was able get an exemption from the security team for ftp plaintext. I’m down to the last issue about the nfs mount points and folder permissions. They don’t like the fact that these mount points are open to everyone. What is the proper way to secure them?
I currently have:
/images *(ro,sync,no_wdelay,no_subtree_check,insecure_locks,no_root_squash,insecure,fsid=0)
/images/dev *(rw,async,no_wdelay,no_subtree_check,no_root_squash,insecure,fsid=1)

What is the proper permission for /images folder (and sub folders)? It is now set to drwxrwxrwx. fogproject root 4096.

@technolust It looks like your Storage node is pointing to /fogserver/images. Verify if it exists otherwise change your image path and FTP path to /images

@Sebastian-Roth @george1421 Thank you. I’ll give them the source code to see what they say. @george1421 I explained that to them. They are okay with it but they need a written document from the developer in order to grant a exemption.

Good morning @george1421 @Sebastian-Roth. The security team agreed to grant an exception for ftp plain text authentication but they do need some documentations from the developer. I looked through the wiki but I could any places that mention this. Could you please point me to the right place?

@sebastian-roth Yes, sir! Lesson learned…for now.

@george1421 @Sebastian-Roth Thank you all for your help. I downgraded to php7 but couldn’t get around the HTTP error 500. We didn’t take a snapshot of the VM before messing around with it. It took a while for the admin to restore our FOG server from the backup. I’m staying at PHP 7.4.28 and mysql 5.7.33 for now.

@george1421 I updated FOG to 1.5.9 while working on these issues and was able to enable HTTPS with a custom cert. The site was loading fine/we were able to clone images from FOG server.

The security team also wanted me to update PHP 7.2.34 and mysql to the latest version.
I updated PHP to 8.1.3 and now the website is not loading. I’m getting HTTP ERROR 500.
What are the right steps to update php and its dependencies and MYSQL?
Sorry for asking too may questions.

Please scratch out my previous question.

systemctl enable httpd.service resolved it.

@george1421 I updated httpd to httpd2.4 version 2.4.52. Webservice is running but FOG webservice is not. I’m getting URL not found. I know there is an easy fix but I couldn’t find it on my note. I forgot to take a snap shot and don’t want to mess around to cause more damage =). Could you please point me some hint how to remedy this issue?

@george1421 said in Fog Server vulnerable:

sshd

Thank you very much @george1421. I will update apache and openssl to see how it goes.

We are not using fog clients or https so I’m not so worry about TLS 1.0. I couldn’t get https to work when we configured FOG in the past so I gave up on it. We only have one storage node and it’s on the same server.

You are right. We had a compliance audit. I will ask the security team to see if they can make an exemption on the ftp part.

Thanks again for your help.

Hello all,

I hope y’all stay safe and well.

My institution recently did a pen test a found a few vulnerabilities on the FOG server:

Vulnerable version of product HTTPD found – Apache HTTPD 2.4.6
Vulnerable version of component OpenSSL found – OpenSSL 1.0.2k-fips
Configuration item ftp.plaintext.authentication set to ‘true’
Insecure MAC algorithms in use: hmac-sha1,hmac-md5
Negotiated with the following insecure cipher suites:
* TLS 1.0 ciphers

If I manually upgrade APACHE and OpenSSL to the latest versions 2.4.52 and 3.0 respectively, would this break FOG in any way? I’m using FOG Version 1.5.8 on Enterprise Linux Server release 7.9 (Maipo).
Does openSSL version 3.0 resolve Insecure MAC algorithms and insecure cipher issues? How do I go about fixing ftp plaintext authentication issue?

Thank you.

@george1421 Just tried a download using FOS 1.5.7 v0.2.89. Legacy mode was at 11GB/m vs EUFI was at 2.2GB/m

@george1421 It is b0.3.13. It might not be partclone after all. I did some more tests. Downloading using UEFI mode is much slower than legacy mode. Legacy mode is at 6GB/minutes or more vs UEFI mode never go pass 2.8GB/minutes.

Upload speeds on both modes are about the same (5GB/min).

Hello All,

I got exited and upgraded my server from 1.5.7 to 1.5.8 and ran into a few issues.

Download speeds became very very slow from different subnets/images/computer models. We usually get around 5GB/min on a bad day to 12GB/min on a good day. Look like we are capped at 2 - 2.8 GB/minute consistently now. Sometimes it went down to under a GB. However, uploading speeds remain the same which is over 5GB/minutes. I’ve tried different inits as suggested in here but it didn’t help.

This is not an issue but i’m curious. On the web UI at the login window it says Latest Version:1.5.7, Latest Development Version:1.5.7.120 and on FOG Configuration page says “You’re running the latest alpha-branch version: 1.5.7.958”. Should all be 1.5.8 or later?

@george1421 built-in nic can upload/download image just fine. I’m not sure of how to get MAC address from firmware bios on a Mac.

@george1421 I took that MAC address and registered. Both nics picked up IP addresses correctly in FOS linux.
I happen to find another Mac Mini and FOS linux does report a different MAC address than from OS. Weird.