RE: FOG iPXE menu “Deploy Image” not working

Hi,

I’m setting up a new FOG server. The installation went through successfully. I can deploy image just fine when scheduling a task through the web UI. However, Deploy Image function from FOG iPXE doesn’t work. After entering user/password (either correct or not), the screen goes back to the FOG menu. I reran the installation many times. I even deleted fog database from mysql and deleted fog web folder but nothing help.

FOG version: 1.5.10.1634

What could be the problem? Thank you in advance for your help!

Hi @Tom-Elliott. Do you know which settings do I need to change so outgoing email is not coming from Apache?
I changed the outgoing email for FROM EMAIL and EMAIL BINARY in the web UI to donotreply@mydomain.com. Notification email went out as apache@myfogserver.localdomain. I then set myorigin = mydomain.com in main.cf, I received the notification from donotreply@mydomain.com which looks correct but according to maillog, and full header of the email, the email was sent from apache@mydomain.com.

Hi @rogalskij. Did you have change anything for EMAIL BINARY after installing Postfix? If I want to use a specific FROM EMAIL address , would I need to replace noreply@${server-name}.com in EMAIL BINARY to that specific from email address?

@mashina Pick a class D IP address (except 224.0. 1.1) and put in it multicast address from your last screenshot to see if it helps.

@rtarr I had to renew my cert. Recompiled iPXE binary with error and chainload failed during PXE boot. Adding that line and recompiling worked without error. Thank you!

Hello all,

Happy holidays!

We are on latest released FOG 1.5.10. I upgraded from PHP 7.4 to 8.1 and 8.2. I’m getting HTTP ERROR 500 for both versions when logging with LDAP or any unknown accounts that are not listed under “User Management”. I re-ran the installation but it didn’t help. Would anyone be able to assist?

Thank you!

Hello all,

Our security team has asked us to enable SSO and use DUO for authentication through web and accessing FOS menu. We are on version 1.5.9 and only LDAP is available. With the released of version 1.5.10, can we SSO or is there away to use SSO with 1.5.9?

Thank you!

Thank you all for your help. I was able get an exemption from the security team for ftp plaintext. I’m down to the last issue about the nfs mount points and folder permissions. They don’t like the fact that these mount points are open to everyone. What is the proper way to secure them?
I currently have:
/images *(ro,sync,no_wdelay,no_subtree_check,insecure_locks,no_root_squash,insecure,fsid=0)
/images/dev *(rw,async,no_wdelay,no_subtree_check,no_root_squash,insecure,fsid=1)

What is the proper permission for /images folder (and sub folders)? It is now set to drwxrwxrwx. fogproject root 4096.

@technolust It looks like your Storage node is pointing to /fogserver/images. Verify if it exists otherwise change your image path and FTP path to /images

@Sebastian-Roth @george1421 Thank you. I’ll give them the source code to see what they say. @george1421 I explained that to them. They are okay with it but they need a written document from the developer in order to grant a exemption.

Good morning @george1421 @Sebastian-Roth. The security team agreed to grant an exception for ftp plain text authentication but they do need some documentations from the developer. I looked through the wiki but I could any places that mention this. Could you please point me to the right place?

@sebastian-roth Yes, sir! Lesson learned…for now.

@george1421 @Sebastian-Roth Thank you all for your help. I downgraded to php7 but couldn’t get around the HTTP error 500. We didn’t take a snapshot of the VM before messing around with it. It took a while for the admin to restore our FOG server from the backup. I’m staying at PHP 7.4.28 and mysql 5.7.33 for now.

@george1421 I updated FOG to 1.5.9 while working on these issues and was able to enable HTTPS with a custom cert. The site was loading fine/we were able to clone images from FOG server.

The security team also wanted me to update PHP 7.2.34 and mysql to the latest version.
I updated PHP to 8.1.3 and now the website is not loading. I’m getting HTTP ERROR 500.
What are the right steps to update php and its dependencies and MYSQL?
Sorry for asking too may questions.

Please scratch out my previous question.

systemctl enable httpd.service resolved it.

@george1421 I updated httpd to httpd2.4 version 2.4.52. Webservice is running but FOG webservice is not. I’m getting URL not found. I know there is an easy fix but I couldn’t find it on my note. I forgot to take a snap shot and don’t want to mess around to cause more damage =). Could you please point me some hint how to remedy this issue?

@george1421 said in Fog Server vulnerable:

sshd

Thank you very much @george1421. I will update apache and openssl to see how it goes.

We are not using fog clients or https so I’m not so worry about TLS 1.0. I couldn’t get https to work when we configured FOG in the past so I gave up on it. We only have one storage node and it’s on the same server.

You are right. We had a compliance audit. I will ask the security team to see if they can make an exemption on the ftp part.

Thanks again for your help.

Hello all,

I hope y’all stay safe and well.

My institution recently did a pen test a found a few vulnerabilities on the FOG server:

Vulnerable version of product HTTPD found – Apache HTTPD 2.4.6
Vulnerable version of component OpenSSL found – OpenSSL 1.0.2k-fips
Configuration item ftp.plaintext.authentication set to ‘true’
Insecure MAC algorithms in use: hmac-sha1,hmac-md5
Negotiated with the following insecure cipher suites:
* TLS 1.0 ciphers

If I manually upgrade APACHE and OpenSSL to the latest versions 2.4.52 and 3.0 respectively, would this break FOG in any way? I’m using FOG Version 1.5.8 on Enterprise Linux Server release 7.9 (Maipo).
Does openSSL version 3.0 resolve Insecure MAC algorithms and insecure cipher issues? How do I go about fixing ftp plaintext authentication issue?

Thank you.

@george1421 Just tried a download using FOS 1.5.7 v0.2.89. Legacy mode was at 11GB/m vs EUFI was at 2.2GB/m