Have searched https://nixos.org/nixos/options.html#networking for networking options. And I have not found something that may achieve this:
I would like a configuration which ensures that users don't have any network traffic.
As it would be a nix generation, running $ nixos-rebuild switch on a configuration.nix file without this network option, could put the computer network communication back to normal.
I have tried mannually calling $ sudo systemctl stop network-manager, but it had no results.
Similarily, nothing seemed to change when I tried modifying this in configuration.nix and then $ nixos-rebuild switch
networking.networkManager.enable = false
Any idea ?
Should I manually deal with each of the network interfaces ?
With everything else at defaults, this may be as simple as:
networking.useDHCP = false;
networking.interfaces = {};
Of course, you could also go more heavy-handed -- putting all your network hardware into the blacklistedKernelModules list, f/e -- and personally, I'd recommend that.
Related
I have a hardware firewall that won't accept CIDR entries larger than /24. I often need to block larger ranges (eg /17 or /20) but typing out all those /24 CIDRs is not practical.
I'm hoping someone has a way to do this - either with an online tool, something I can install on a Linux server, something I can install on a Windows computer, or even an Excel trick if that's possible. I'm desperate.
Example:
I want to enter this: 192.168.0.0/17
And get back a result like this:
192.168.0.0/24
192.168.1.0/24
192.168.2.0/24
192.168.3.0/24
192.168.4.0/24
... all the way to ...
192.168.127.0/24
This tool sort of does what I want, but has so much extra data in the results that it would be just as much work to clean it up as it is to enter each /24 manually.
http://jodies.de/ipcalc?host=192.168.0.0&mask1=17&mask2=24
If you want to write a bit of Java, then the following code, using the IPAddress Java library (Disclaimer: I am the project manager) handles this. If you do not know Java programming, then you'd need to start with a crash course in Java.
IPAddress addr = new IPAddressString("192.168.0.0/17").getAddress();
IPAddress shifted = addr.adjustPrefixLength(7, false);
Iterator<? extends IPAddress> iterator = shifted.prefixBlockIterator();
while(iterator.hasNext()) {
System.out.println(iterator.next());
}
Output:
192.168.0.0/24
192.168.1.0/24
192.168.2.0/24
192.168.3.0/24
...
192.168.125.0/24
192.168.126.0/24
192.168.127.0/24
I'm testing six distinct .jar-files that all need to handle the possibility of no online access.
Unfortunately, I am on a network disc, so disabling the network connection or pulling the ethernet cable does not work unless I move all the files to /tmp or /scratch and change my $HOME environment variable, all of which I'd rather not have to do as it ends up being a lot of work.
Is there a way to invoke java -jar and disable the process from accessing the internet? I have not found any such flag in the man-pages. Is there perhaps a UNIX-way of doing this, as in:
disallowinternetaccess java -jar Foo.jar
Tell your Java program to access the network through a proxy. For all internet access this would be a SOCKS5 proxy.
java -DsocksProxyHost=socks.example.com MyMain
I believe that if no proxy is running you should get an appropriate exception in your program. If you need full control of what is happening, you can look into - and possibly modify - http://jsocks.sourceforge.net/
See http://docs.oracle.com/javase/7/docs/technotes/guides/net/proxies.html for details.
Note: You can do this without any native Unix stuff, so this question fits perfectly fine on SO.
You need just turn on SecurityManager: -Djava.security.manager=default
see details - https://stackoverflow.com/a/4645781/814304
With this solution you can even handle which resource you want to show and which to hide.
I would like to connect via ssh to certain equipment in a network.
The requisites are:
It must run a command and capture the output of the ssh session in R (or in bash, or any other programming language, but I would prefer it in R language)
It must enter a plain-text password (as this equipment hasn't been accessed before, and can't be changed with a rsa keypair), so the ssh.utils package doesn't meet this requirement
sshpass can't be used, as I have noticed that it doesn't work for some devices I tested.
I've read all this posts but I can't find an effective way to perform it: link 1, link 2, link 3, link 4
I know the requirements are hard to accomplish, but thank you for your effort!
EDIT:
Sorry if I didn't make myself understandable. I mean I work locally in R and I want to connect to +3000 devices in all of my network via ssh. It is Ubiquiti equipment, and the only open ports are 80 and 22.
If ssh doesn't work, I will use the RSelenium package for R and extract info from port 80. But first I will try with ssh pory 22 as it is a lot more efficient than opening an emulated browser.
The big problem in all these Ubiquiti equipment is that they have a password to log in. That's why requisite No.2 is needed. When I must enter a server that I know, I spend time setting up the rsa keypair so that I don't have to enter a password everytime I connect to a specific server, but it's impossible (or at least, for me it's impossible) to configure all +3000 Ubiquiti equipment with these keypairs.
That's why I don't use snmp, for example, as this equipment maybe they have it activated or not, or the snmp configuration is mistaken. I mean, I have to use something that's activated by default, and in a way, ordered. And only port 80 and port 22 are activated and I know all the user's and password's equipment.
And sshpass is an utility in UNIX/Linux like this link explains that works for servers but doesn't work for Ubiquiti equipment, as long as I've tested it. So I can't use it.
The command I need to extract the output from is mca-status. Simply by entering that into the console makes it print some stats I will like to get from the Ubiquiti equipment.
Correct me, please, if I am wrong in something I've posted. Thanks.
I think you have this wrong. I also have no idea what you are trying to say in point 2, and I have not idea what point 3 is supposed to say.
Now: ssh is a authentication mechanism allowing you (trusted) access to another machine and the ability to run a command. This can be as simple as
edd#max:~$ ssh bud Rscript -e '2+2'
[1] 4
edd#max:~$
where I invoke R (or rather, Rscript) on the machine 'bud' (my desktop) from a session on the machine 'max' (my server). That command could be anything including something which writes to temporary or permanent files. You can then retrieve those files via scp.
Authentication is handled independently -- on Unix we often use ssh-agent which run in the background and against you authenticate on login.
Finally I solved it using the rPython package and the python's paramiko module, as there was no way to do it purely via R.
library(rPython)
python.exec(python.code = c("import paramiko",
"ssh = paramiko.SSHClient()",
"ssh.set_missing_host_key_policy(paramiko.AutoAddPolicy())",
sprintf('ssh.connect("%s", username="USER", password="PASSWORD") ', IP),
'stdin, stdout, stderr = ssh.exec_command("mca-status")',
'stats = stdout.readlines()'))
I'm new to RServe (and FastRWeb). I installed RServe 1.7.0 as I want to use its built-in webserver. As I already have apache running on this machine I want to run RServe/FastRWeb on a custom port.
I did cd /usr/local/lib/R/site-library/FastRWeb;sudo ./install.sh, which created /var/FastRWeb/ directory tree.
I'm not seeing any configuration file that mentions port. The default /var/FastRWeb/code/rserve.conf looks like this:
socket /var/FastRWeb/socket
sockmod 0666
source /var/FastRWeb/code/rserve.R
control enable
I'm guessing that means it uses unix sockets, by default? So I think my question is what exactly do I have to put in (and remove from) that file to, say, have it listen on TCP port 8888? And is there anything else I need to do? (I want to be able to connect from other machines, not just localhost.)
Possibly related, is I've looked at /var/FastRWeb/web/index.html and it contains javascript that is going to connect to /cgi-bin/R/ Is that path specific to when using Apache, or is it going to be fine, as-is, when using RServe?
There is an explanation of setting port in the Rserve 1.7.0 release announcement. Therefore, at the top of rserve.conf, I added this line: http.port 8888 Then I used the start script (as root), to start it.
This got me halfway as now http://127.0.0.1:8888/ works, but gives me a page that says:
Error in try(.http.request("/", NULL, NULL, c(48, 6f, 73, 74, 3a, 20, :
could not find function ".http.request"
The second half of the solution is to add this to the top of /var/FastRWeb/code/rserve.R:
library(FastRWeb)
.http.request <- FastRWeb:::.http.request
Then start things going by running /var/FastRWeb/code/start. There is no default handler, so you can test it with http://127.0.0.1:8888/info. Or a more interesting example is http://127.0.0.1:8888/example1.png (to view a chart) or http://127.0.0.1:8888/example2 (to view a mix of html and chart)
Note: I did not delete or edit any other configuration to get this working. That means we also have the unix socket listening. If that is not needed remove those two lines from the Rserve.conf file.
If you want it listening on all IP addresses, not just localhost, then add remote enable to your Rserve.conf file. NOTE: Make sure you understand the security consequences before opening your server to the world.
So, after those two changes, my /var/FastRWeb/code/Rserve.conf file looks like:
http.port 8888
remote enable
source /var/FastRWeb/code/rserve.R
control enable
Did you see Jay Emerson's write-up from a while back about how to use RServe as a backend for web-driven analysis? As I recall, one still uses Apache for the redirection, rather than an explicit port as you surmise here.
Jay's setup was very impressive. He used Rserve to provide mixed table/chart pages written via the grid package, all very slick and very fast, based of an immense data set (from a UN agency, or the World Bank, or something). But I can't find a link to that report right now...
i'm trying to get computer's state in my LAN...
thought about using QTcpSocket but it's not realy effective since port also should be inserted as:
socket->connectToHost("hostName", portNumber);
if (socket->waitForConnected(1000))
qDebug("Connected!");
can anyone demonstare me a better way to check if computer is responding ?
ping
int exitCode = QProcess::execute("ping", QStringList() << "-c1" << "hostname");
if (0 == exitCode) {
// it's alive
} else {
// it's dead
}
Arguments may vary. For example, I believe it would be ping -n 1 "hostname" on Windows. The example should work on most non-Windows versions.
Are you trying to check if your local machine is on the network or if a target machine is ?
There isn't a good cross platform way of doing this.
The nearest on qt is QNetworkInterface, and check attribute "ISup" - it's not perfect, it may be active if you have a network cable connected but just to a router, and inactive if you have a 3G modem but aren't on a call.
On Windows check InternetGetConnectedState()
One good way is just to verify that they can resolve domain names using QHostInfo. If they can then they likely have internet access:
QHostInfo::lookupHost("www.kde.org", this, SLOT(lookedUp(QHostInfo)));
Of course, you could just try to connect to the host as well, which is even better proof that everything is working correctly. I would do it asynchronously rather than synchronously, but it's truly the best test.