Pls help <3 | FWCloud Forum

Pls help <3

ukro

ukro

Member
api
added 917 packages from 1330 contributors and audited 999 packages in 46.791s

10 packages are looking for funding
run `npm fund` for details

found 8 vulnerabilities (7 low, 1 high)
run `npm audit fix` to fix them, or `npm audit` for details

----------
(*) Creating database schema and initial data.
Database schema ... Application can not start: Handshake inactivity timeout
Error: Handshake inactivity timeout
at Handshake.<anonymous> (/opt/fwcloud/api/node_modules/mysql/lib/protocol/Protocol.js:160:17)
at Handshake.emit (events.js:315:20)
at Handshake._onTimeout (/opt/fwcloud/api/node_modules/mysql/lib/protocol/sequences/Sequence.js:124:8)
at Timer._onTimeout (/opt/fwcloud/api/node_modules/mysql/lib/protocol/Timer.js:32:23)
at listOnTimeout (internal/timers.js:554:17)
at processTimers (internal/timers.js:497:7)
--------------------
at Protocol._enqueue (/opt/fwcloud/api/node_modules/mysql/lib/protocol/Protocol.js:144:48)
at Protocol.handshake (/opt/fwcloud/api/node_modules/mysql/lib/protocol/Protocol.js:51:23)
at PoolConnection.connect (/opt/fwcloud/api/node_modules/mysql/lib/Connection.js:119:18)
at Pool.getConnection (/opt/fwcloud/api/node_modules/mysql/lib/Pool.js:48:16)
at /opt/fwcloud/api/node_modules/typeorm/driver/mysql/MysqlDriver.js:774:18
at new Promise (<anonymous>)
at MysqlDriver.createPool (/opt/fwcloud/api/node_modules/typeorm/driver/mysql/MysqlDriver.js:771:16)
at MysqlDriver.<anonymous> (/opt/fwcloud/api/node_modules/typeorm/driver/mysql/MysqlDriver.js:275:51)
at step (/opt/fwcloud/api/node_modules/tslib/tslib.js:136:27)
at Object.next (/opt/fwcloud/api/node_modules/tslib/tslib.js:117:57)
Installation canceled!

------
root@zeus:/home/xxxxxxx/Downloads# npm audit fix
npm ERR! code EAUDITNOPJSON
npm ERR! audit No package.json found: Cannot audit a project without a package.json

npm ERR! A complete log of this run can be found in:
npm ERR! /root/.npm/_logs/2021-02-04T22_45_32_850Z-debug.log


------/root/.npm/_logs/2021-02-04T22_45_32_850Z-debug.log
0 info it worked if it ends with ok
1 verbose cli [ '/usr/bin/node', '/usr/bin/npm', 'audit' ]
2 info using npm@6.14.10
3 info using node@v14.15.4
4 verbose npm-session a71329e89af608e1
5 verbose stack Error: No package.json found: Cannot audit a project without a package.json
5 verbose stack at /usr/lib/node_modules/npm/lib/audit.js:164:19
5 verbose stack at tryCatcher (/usr/lib/node_modules/npm/node_modules/bluebird/js/release/util.js:16:23)
5 verbose stack at Promise._settlePromiseFromHandler (/usr/lib/node_modules/npm/node_modules/bluebird/js/release/promise.js:514:35)
5 verbose stack at Promise._settlePromise (/usr/lib/node_modules/npm/node_modules/bluebird/js/release/promise.js:574:18)
5 verbose stack at Promise._settlePromise0 (/usr/lib/node_modules/npm/node_modules/bluebird/js/release/promise.js:619:10)
5 verbose stack at Promise._settlePromises (/usr/lib/node_modules/npm/node_modules/bluebird/js/release/promise.js:699:18)
5 verbose stack at Promise._fulfill (/usr/lib/node_modules/npm/node_modules/bluebird/js/release/promise.js:643:18)
5 verbose stack at PromiseArray._resolve (/usr/lib/node_modules/npm/node_modules/bluebird/js/release/promise_array.js:126:19)
5 verbose stack at PromiseArray._promiseFulfilled (/usr/lib/node_modules/npm/node_modules/bluebird/js/release/promise_array.js:144:14)
5 verbose stack at PromiseArray._iterate (/usr/lib/node_modules/npm/node_modules/bluebird/js/release/promise_array.js:114:31)
5 verbose stack at PromiseArray.init [as _init] (/usr/lib/node_modules/npm/node_modules/bluebird/js/release/promise_array.js:78:10)
5 verbose stack at Promise._settlePromise (/usr/lib/node_modules/npm/node_modules/bluebird/js/release/promise.js:571:21)
5 verbose stack at Promise._settlePromise0 (/usr/lib/node_modules/npm/node_modules/bluebird/js/release/promise.js:619:10)
5 verbose stack at Promise._settlePromises (/usr/lib/node_modules/npm/node_modules/bluebird/js/release/promise.js:699:18)
5 verbose stack at Promise._fulfill (/usr/lib/node_modules/npm/node_modules/bluebird/js/release/promise.js:643:18)
5 verbose stack at PromiseArray._resolve (/usr/lib/node_modules/npm/node_modules/bluebird/js/release/promise_array.js:126:19)
6 verbose cwd /home/xxxxxx/Downloads
7 verbose Linux 4.19.0-12-amd64
8 verbose argv "/usr/bin/node" "/usr/bin/npm" "audit"
9 verbose node v14.15.4
10 verbose npm v6.14.10
11 error code EAUDITNOPJSON
12 error audit No package.json found: Cannot audit a project without a package.json
13 verbose exit [ 1, true ]

----- run install again (there should be some catch or DB check? as it showed that all is OK,but isn't.

Updating fwcloud-websrv ...
Don't needs update, it is already up to date.

Updating fwcloud-ui ...
Don't needs update, it is already up to date.

Updating fwcloud-api ...
Don't needs update, it is already up to date.

Updating fwcloud-updater ...
Don't needs update, it is already up to date.

(*) Setting up permissions.
Creating fwcloud user/group and setting up permissions.

--- PROCESS COMPLETED ----
Your FWCloud system is ready!

If you need help please contact us:
info@fwcloud.net
fwcloud.net

FWCLOUD

fwcloud.net
--------------------------
This site can’t be reached xx.xx.xx.xx took too long to respond.
Try:

Checking the connection
Checking the proxy and the firewall
Running Windows Network Diagnostics
ERR_CONNECTION_TIMED_OUT

-----------
mysqld 2332 mysql 21u IPv4 487032 0t0 TCP 127.0.0.1:3306 (LISTEN)
sshd 17516 root 3u IPv4 167871 0t0 TCP *:22 (LISTEN)
sshd 17516 root 4u IPv6 167873 0t0 TCP *:22 (LISTEN)

-----------
sudo systemctl status fwcloud-api
Unit fwcloud-api.service could not be found.

----------------
MariaDB [fwcloud]> show tables;
Empty set (0.002 sec)

MariaDB [fwcloud]>

-------

Pls help :p
P.S. it would be nice to have full uninstall script :-X to try again :>
 
Last edited:
Carles Munyoz

Carles Munyoz

Administrator
Staff member
Hi ukro,
It seems a problem with the database creation process.

What is your Linux distribution?
Are you running FWCloud-Installer script using the root user or a user with sudo privileges?
The root user requires password for access the MariaDB database engine?
Is your Linux server behind a web proxy?

Regarding the uninstall procedure, ok we will include it in the FWCloud-Installer script as an option.
If you want run the install procedure again follow the next steps:
  1. Remove the /opt/fwcloud directory: rm -rf /opt/fwcloud
  2. Drop the fwcloud database: MariaDB > drop database fwcloud;
  3. Run FWCloud-Installer script. Make sure that you have the latest version of this script.
Please, answer my questions and let me know if these steps help solving the problem.
 
ukro

ukro

Member
Carles Munyoz said:
Hi ukro,
It seems a problem with the database creation process.

What is your Linux distribution?
Are you running FWCloud-Installer script using the root user or a user with sudo privileges?
The root user requires password for access the MariaDB database engine?
Is your Linux server behind a web proxy?

Regarding the uninstall procedure, ok we will include it in the FWCloud-Installer script as an option.
If you want run the install procedure again follow the next steps:
  1. Remove the /opt/fwcloud directory: rm -rf /opt/fwcloud
  2. Drop the fwcloud database: MariaDB > drop database fwcloud;
  3. Run FWCloud-Installer script. Make sure that you have the latest version of this script.
Please, answer my questions and let me know if these steps help solving the problem.
Click to expand...

1.debian buster
2.i forgot, embarasing,in my defence was late night :-D
3.yes asking for pw
4.no proxy

I will try later today again, when i have access.
I am installing as per fwcloud instructuons. So if i understand it is always taking the newest install.

Thank you <3
 
ukro

ukro

Member
Please if you can comment on this that i wrote earlier?

found 8 vulnerabilities (7 low, 1 high)
run `npm audit fix` to fix them, or `npm audit` for details

root@zeus:/home/xxxxxxx/Downloads# npm audit fix
npm ERR! code EAUDITNOPJSON
npm ERR! audit No package.json found: Cannot audit a project without a package.json

What i need to do?Or it will work after i fix DB?
So i will have everything ready to finalise the installation for later.

Thank you
 
Carles Munyoz

Carles Munyoz

Administrator
Staff member
These are node modules that we have already updated in the next release that we will publish next week.

The strange thing is the error indicating that there is no `package.json` file.

Please, try what I suggested in my previos post and give me feedback about the result.
 
ukro

ukro

Member
So i have done the steps, there was different error so i needed to remove the user as there is new generated password for fwcdbusr

DROP USER 'fwcdbusr'@'localhost';

Installation running from manual as root
fwcloud.net

Installation | FWCLOUD

fwcloud.net
After that
--- PROCESS COMPLETED ----
Your FWCloud system is ready!
I guess i had run it as user not as a root

one point as you are generating random password for DB, i would suggest maybe generate or ask user for UI password, as there might by some security issue between the installation and me changing/forgetTOchange the default password. *TINFOILHAT*



Please advice, i cant install certificate from the browser, what are my steps ?

Your connection is not private
Attackers might be trying to steal your information from xxxxxxxxxxxx (for example, passwords, messages, or credit cards). Learn more
NET::ERR_CERT_AUTHORITY_INVALID
Subject: fwcloud-websrv-7NkkCXN9CLFoIrMZ9FJdOuPvbvMtlH73

Issuer: fwcloud-websrv-7NkkCXN9CLFoIrMZ9FJdOuPvbvMtlH73

Expires on: May 12, 2023

Current date: Feb 5, 2021

Thank you <3
 
ukro

ukro

Member
The minimise option is awesome, UI is easy to understand, i just <3 it !!!
It would be nice if i have enabled logging, so i can see the logs in information tab in the edit rule tab something like this (cat kern.log | grep "RULE ID 18") maybe with life update 5sec? :p, or maybe if have time, sort in columns SIP,DIP,SPORT,DPORT,TCP/UDP/ICMP/?


And one small problem, where can i change GUI language? :-X
As it is taking my location and its not english :->

Is somewhere option to make rule with timeout. Lets say i want to ban ip for 5min?
 
Last edited:
Carles Munyoz

Carles Munyoz

Administrator
Staff member
Hi,
For your latests post I infer that you have successfully completed FWCloud installation. That's great! :)
I'm sorry because you had lot of problems during the install procedure.

Usually FWCloud installs very easy using the FWCloud-Installer script.
May you give me information about you environment (Linux distribution, database, etc.) in order to improve the install procedure for avoid other users have the same problems?

Regarding this comment:
one point as you are generating random password for DB, i would suggest maybe generate or ask user for UI password, as there might by some security issue between the installation and me changing/forgetTOchange the default password.
Click to expand...
Ok, thank you for the suggestion.
For simplicity we prefer avoid this request of information.

Please advice, i cant install certificate from the browser, what are my steps ?
Click to expand...
If you want install your own certificates you have to replace the next files with your own certificate and key file:
Code: 
/opt/fwcloud/websrv/config/tls/fwcloud-websrv.crt
/opt/fwcloud/websrv/config/tls/fwcloud-websrv.key
and restart FWCloud-Websrv service:
Code: 
# systemctl restart fwcloud-websrv


And one small problem, where can i change GUI language? :-X
Click to expand...
In the login screen, you can select the language in the upper right corner.

Is somewhere option to make rule with timeout. Lets say i want to ban ip for 5min?
Click to expand...
Not yet.

Next week we will publish a new release of FWCloud with lot of improvements.
You will be able to update by means of the FWCloud-UI interface. After the release, the next time you log into the user interface you will see a message indicating the new release and the option for run the update.

Thank you for trust FWCloud.
 
ukro

ukro

Member
Carles Munyoz said:
Hi,
For your latests post I infer that you have successfully completed FWCloud installation. That's great! :)
I'm sorry because you had lot of problems during the install procedure.

Usually FWCloud installs very easy using the FWCloud-Installer script.
May you give me information about you environment (Linux distribution, database, etc.) in order to improve the install procedure for avoid other users have the same problems?

Regarding this comment:

Ok, thank you for the suggestion.
For simplicity we prefer avoid this request of information.


If you want install your own certificates you have to replace the next files with your own certificate and key file:
Code: 
/opt/fwcloud/websrv/config/tls/fwcloud-websrv.crt
/opt/fwcloud/websrv/config/tls/fwcloud-websrv.key
and restart FWCloud-Websrv service:
Code: 
# systemctl restart fwcloud-websrv



In the login screen, you can select the language in the upper right corner.


Not yet.

Next week we will publish a new release of FWCloud with lot of improvements.
You will be able to update by means of the FWCloud-UI interface. After the release, the next time you log into the user interface you will see a message indicating the new release and the option for run the update.

Thank you for trust FWCloud.
Click to expand...

=============

1.
Truelly speaking installation was not a big problem as on this forum i resolved what i had :).
The problems were when you are installing initfram and dropbear to ssh to mount encrypted root partition :D and going from forum to forum, from tutorial to tutorial :D and finaly sorting that out.

If you need any more info from me, just write the commands, i will give the outputs.

I have pure debian buster from debian web site installed
lsb_release -a
No LSB modules are available.
Distributor ID: Debian
Description: Debian GNU/Linux 10 (buster)
Release: 10
Codename: buster

2.
If you want install your own certificates you have to replace the next files with your own certificate and key file:
Code: 
/opt/fwcloud/websrv/config/tls/fwcloud-websrv.crt
/opt/fwcloud/websrv/config/tls/fwcloud-websrv.key
and restart FWCloud-Websrv service:
Code: 
# systemctl restart fwcloud-websrv

I want to use the lets encrypt certificate, self generated in the install script?
I am not able to import it,the installed one from chrome browser.
Do i need to copy it manualy to my machine and install?

What is the easiest way, after install process to have valid certificate and auto-regenerate after, if i remember 3month is Let's encrypt?

Your connection is not private
Attackers might be trying to steal your information from xxxxxxxxx (for example, passwords, messages, or credit cards). Learn more


NET::ERR_CERT_AUTHORITY_INVALID

3.
Language change, perfect, i have missed it before :>

4.
Next week we will publish a new release of FWCloud with lot of improvements.

Very looking forward <3

5.Does the UI have some fail2ban-alike? If failed attempts were to apear, what will happen?
Or do you have some docs for regex to use with fail2ban?
For now i limited the UI to whitelist IPs that i use.

6.
So if i have lets say this server the main Fwcloud instance and want to control remote firewall rules of another server, should i just run the same install script on second server? Or i just need to install fwcloud API?

Thank you <3
 
Carles Munyoz

Carles Munyoz

Administrator
Staff member
Hi, I'm going to answer your questions next ...

1. Ok, thank you for the feedback.
The last Debian release is fully supported by FWCloud-Installer.
We have made several tests and FWCloud installs fine in a fresh Ubuntu 10 installation.

2. It is possible to use Let's Encrypt certificates.
You have to generate them and replace the files as I have already explained.

3. Great!

5. Not yet, but is in our roadmap.

6. From your current FWCloud installation you can manage any firewall accesible by means of SSH from your FWCloud server.
You can install an OpenVPN server in your FWCloud server (using the FWCloud user interface) and create what we call management VPNs for each one of your firewalls. This way you can access by means of ssh to the firewalls you want manage from your FWCloud installation through its respective management VPN.

We have several video tutorials in FWCloud website that can help you understand it better:
fwcloud.net

User Interface | FWCLOUD

fwcloud.net
 
ukro

ukro

Member
Greetings,
So if i understand that i actualy dont need to install any fwcloud to other machines? ssh is barely minumum enough to set it all right?
For VPN i will use wireguard offsite from fwcloud as i have experience with.

Is there some option to see the ssh known hosts hash changes, or is there any check when connecting to show if the hash was changed after the next connections? If there would be some check, what is the purpose of VPN?
If somebody dont want to expose ssh to internet? only VPN ?

Thank you!
 
Carles Munyoz

Carles Munyoz

Administrator
Staff member
Yes, you are right.
Wireguard is very similar to OpenVPN. Indeed, we have in our roadmap Wireward integration as an alternativa VPN to OpenVPN.

When FWCloud installs policy in a firewall by means of ssh, it is not needed a known hosts file.

The purpose of the VPN is avoid exposing ssh to the internet.
That is, firewall establishes a management VPN over the FWCloud server, and FWCloud installs policy over this firewall through its management VPN.
 
ukro

ukro

Member
WG noice, FTW!

I mean something different.
If one would MIM redirected ip packet and read the pw. When you have host file,in putty there is pop up that this is the fingerprint of the device,is it safe? YES/No.
So that way you are sure thats its your device.
If i am mistaken please correct me.
If this would be somewhere written or checked it might be useful for some.
When installing over ssh.
Atleast something in logs to pause if fingerprint changed,then press to continue.
If its BS then forget about it, maybe i am to absurd about security idk :>
I am ejoying the GUI, will be setting the WG client comunication and sql server rules soon.

Management VPN, Got it.

Thx!
 
Carles Munyoz

Carles Munyoz

Administrator
Staff member
Yes, I understand the MIM problem, but with the management VPN your are making sure that the firewall your are connecting is the right one.
 
Carles Munyoz

Carles Munyoz

Administrator
Staff member
Hi,
The new iptables-save import/export is now available in our last release:

New FWCloud release

We are very proud to announce the availability of a new FWCloud release with lot of new features and countless bug fixes. The most notable new feature is the firewall/cluster import wizard. This tool will simplify the procedure of importing IPTables based firewalls to FWCloud. Update procedure...
forum.fwcloud.net forum.fwcloud.net

We have added an import firewall/cluster wizard that allows easily incorporate IPTables based firewalls to FWCloud.
 
ukro

ukro

Member
Carles Munyoz said:
Hi,
The new iptables-save import/export is now available in our last release:

New FWCloud release

We are very proud to announce the availability of a new FWCloud release with lot of new features and countless bug fixes. The most notable new feature is the firewall/cluster import wizard. This tool will simplify the procedure of importing IPTables based firewalls to FWCloud. Update procedure...
forum.fwcloud.net forum.fwcloud.net

We have added an import firewall/cluster wizard that allows easily incorporate IPTables based firewalls to FWCloud.
Click to expand...

NOICE !
 
You must log in or register to reply here.
Top