Blog

Archive for Core-Admin

ANN: Core-Admin 1.0.32-3207 ready for download!

A new Core-Admin stable release is available with lots of features and corrections. Here is a brief description:

  1. NEW PLATFORMS: supported, Ubuntu Precise Pangolin LTS 12.04.3 andDebian Wheezy 7.0. See all our supported platforms here:
    http://www.core-admin.com/portal/get-it/supported-platforms
  2. IMPROVEMENTS: Dojo 1.6.2 is now default engine for web-client. Applied several updates to improve interface experience. Now installer is available in english and spanish. Now app installers are able to show a progress window with task completion (fully programmable and available to developers creating core-admin applications), and many more, see change-log.
  3. DEVELOPMENT: released core-admin app-builder to allow creating checkers and new applications on top of Core-Admin.
  4. GENERAL+SECURITY: many fixes and security updates were applied to this release. See log for more details.

See all details at the release note.

Posted in: Core-Admin, Releases

Leave a Comment (0) →

KB: 05112013-001: Webhosting management fails to add a new hosting reporting an error about quotas

Symptom

When trying to create a hosting inside Webhosting management, it fails with an error similar to:

setquota: Cannot open quotafile /home/aquota.user: Permission denied
setquota: Not all specified mountpoints are using quota.

Affected releases

All

Solution

Restart quota system. To do so you can use one the following methods:

  1. Run the following command if you have easy access to a root shell on the server:
    >> /etc/init.d/quota restart
  2. You can restart the service using “Process and services viewer”, by selecting “quota” service under unmanaged services. After selecting, use the restart option available.

Posted in: Core-Admin, Debian, Debian Lenny, Debian Squeeze, Debian Wheezy, KB

Leave a Comment (0) →

Connecting to your Core-Admin web panel

Introduction: how to connect to Core-Admin server

Core-Admin provides a web panel interface to administrate and monitor services, applications and machines. To get a real-time interaction between users and these machines’ services, Core-Admin takes advantage of  BEEP (Block Extensible Exchange Protocol http://www.beepcore.org).

However,  BEEP is based on TCP/IP and this protocol is not available “as is” in the current web browsers and it is not likely to be in the near future. For that, Core-Admin uses two methods (and there may be more in the future) to enable TCP/IP availability (in fact, something similar), so your browser can talk “BEEP” with the central server it is trying to connect to.

These methods, both available through jsVortex, are the following:

  • WebSocket: if the browser has support for this new technology, it will be the default choice.
  • JavaSocketConector: otherwise, Core-Admin will use a java applet to enable TCP/IP access.

All modern browsers (those comming out since 2010), including Internet Explorer 8 and so forth, includes support for JavaSocketConnector. In fact, any browser that has support for Java will have support for JavaSocketConnector.

Steps to connect

By default, your Core-Admin web-client will try to connect through WebSocket (this is done automatically). In the case it is not posible (because WebSocket isn’t detected), JavaSocketConnector will be enabled. At any time, you enable/force to use a particular interface by clicking on the link at the bottom left part of the interface:

In the case your browser does not support WebSocket, Core-Admin will detect it and will enable JavaSocketConnector interface without making you to pay attention to this detail.

You’ll see this is happening when your core-admin is loaded from an URL direction ending by: /index-java.html

In both cases, using WebSocket or JavaSocketConnector, your core-admin client will attempt to connect through the 602/TCP port. Therefore, be sure there is no firewall blocking that internet connection.

Connecting to your core-admin server without a signed certificate while using WebSocket

If your Core-Admin server doesn’t have a TLS/SSL signed certificate (signed by a known party), then it is possible you’ll receive the following error when connecting using WebSocket (failed to connect to wss://):

Assuming your BEEP server is there (because that error may be confused by just having your server down), this is because the browser is detecting the certificate isn’t signed or it cannot be trusted. Users have complained about browsers not providing a dialog to accept even this connections, anyhow, current options to solve this problem are:

  • To get a TLS/SSL certificate signed by a known party. It is by far the easiest solution and it is also the recommended way in the case you expect to provide access to general users (for example, for webhosting services), but it involves a cost for signing the certificate. Core-Admin users have especial prices for certificate signing, see next: core-admin certificates.
  • To use JavaSocketConnector which doesn’t suffers from this problem.
  • Create a browser exception to allow this connection.

Creating a browser exception to enable WebSocket without certificate

Next, we will show you how to add an exception for various web browsers:

  • Google Chrome: create a direct access which runs the following command:
    >> google-chrome –ignore-certificate-errors –user-data-dir=/tmp/core-admin
  • Mozilla Firefox: get into certificate management section and add an exception. For that, select Edit -> Preferences -> Advanced -> Cyphering -> View certificates -> Add exception. Inside, add the core-admin’s server direction to which you are trying to connect to, for example: wss://core-admin.servidor.com:602
    It is really important to pass the right server name (the one provided in the installation) to make it match with the url access.

Core-admin browsers compatibility table

Next it is shown currently web browsers supported by Core-Admin, showing versions and connection method available for each of them:

Google Chrome Firefox Safari Internet Explorer Opera
WebSocket (RFC6455) support 16.0 or higher 11.0 or higher 6.0 or higher 10 or higher 12.0 or higher
Support for JavaSocketConector
(requires java applet)
13.0 or higher 2.0 or higher 5.0 or higher 8 or higher 8.0 or higher
Requires signed certificate when using WebSocket?
Can be added an exception while using WebSocket?

 

Posted in: Certificates, Core-Admin, JavaSocketConnector, WebSocket

Leave a Comment (0) →

How to block Ips and how to manage currently blocked IPs

Blocing IPs with Core-Admin

To be able to manage currently blocked IP you need a machine administrator or platform admin user.

Once you sign in into core-admin, select the machine you want to manage from the left side panel (Machines) and after the machine administrator panel show up, then  click on “Ip blocker (2)”

Inside that application you’ve got on the left side currently blocked Ips section. Click on it “Blacklisted IPs” (3).

After clicking, it’ll appear the list of currently blocked IPs on this specific server along with other information about the kind of blocking applied and why. To add a new IP to block, click on  ”Add blacklisted ip” (4) on the toolbar located at the top of the list:

This will show a new form where we have to indicate the IP to block (5).

It is also recommended to write a comment about the blocking (why or event it) so you can better identify this later.

We have to also choose between permanent or temporal blocking (6). If you select temporal blocking, we have indicate for how long we want it to be blocked. If you click on the   icon, you’ll see various references to time equivalences.

Then, please to “Add a new Blacklisted ip” (7) at the bottom to save changes.

 

Removing a blocked IP from Core-Admin

To remove an IP blocked we have to click on the Blacklisted IPs (3) section (on the left panel) as we did in previous section.

Then we have to click on the blacklisted IP record we want to remove (4):

After that, a new window will show up allowing to manage this IP blocked record.

Then we have to click on “Remove blacklisted IP” (5).

 

Adding IPs to the blocking exception list with Core-Admin

Another useful option we have available with ip blocker tool is the blocking exception. This will allow us to manage which IPs shouldn’t be blocked automatically due to security processes that are automatically activated by Core-Admin or applications using blocking services from it.

To add a blocking exception is pretty straightforward. Once we have launched the IP blocker application, (steps 1 and 2), we have to click on “Unblockable IPs”(3) and then click on “Add whitelisted ip” (4).

A new window will appear where we can fill the details about the IP that mustn’t be blocked even when requested.

We provide the IP at (5).

It is really recommended to provide a comment or an event id to better identify this record later.

We also indicate the kind of record:  permanent o temporal (6).

Once finished, click on  “Add a new whitelisted Ip” (7).

 

IP blocker integration with your scripts and applications: commands

IP blocker application includes a shell script and a Python interface that allows other applications to trigger blocking operations in a manner that is consistent with the platform and with the advantage that all these blocking operations can be managed through the core-admin interface.

Here is the list of commands that can be used:

  • Show current blocking list
    >> crad-ip-blocker.py -l
  • Add a temporal blocking for 3600 seconds
    >> crad-ip-blocker.py -a IP temporal 3600 “Why it was blocked”
  • Add a permanent block
    >> crad-ip-blocker.py -a IP permanent
  • Remove a blocking
    • First show current rules:
      >> crad-ip-blocker.py -l
    • Then, choose one (picking the id) and the run:
      >> crad-ip-blocker.py -r ID

 

Contact

Feel free to contact us if you have questions or doubts while using Core-Admin. Use the following contact information to reach us.

 

 

Posted in: Core-Admin, Security

Leave a Comment (0) →
Page 2 of 2 12