Re: [Dhis2-users] [Dhis2-devs] Problem with Analytic Reports (Vizualizer and pivot table)
Hi Emmanuel, first try to go to data administration maintenance generate category option combos and go. Then try running analytics again. If that does not help, please chech whether you have any categories without any category options. If so remove them. Let us know how it goes. regards, Lars On Feb 5, 2014 11:13 PM, Knut Staring knu...@gmail.com wrote: .My guess is a problem with your categoryoptioncombos, but again, whenever there is an error, please share the (same) log file. Perhaps someone has time to have a look at your db, though if you don't have much in it yet, it could be advisable to start a fresh (just create a new empty db and point to that one in hibernate.properties) On Wed, Feb 5, 2014 at 10:47 PM, Emmanuel Willer CHARLES emmanuelwil...@gmail.com wrote: it is surely for test. i tried to run resource table i have the attached error message. On Wed, Feb 5, 2014 at 2:19 PM, Knut Staring knu...@gmail.com wrote: I think the relevant file is tomcat7-stdout.2014-02-05.log. I see you are running on Windows 7, is that just for testing on your laptop or is it meant to be a server? Below is the last part of the log, which seems to show a problem with categories. Others should have more insight on this, but you could try going to Maintenance - Data Administration - Resource Table and click on Generate Table. --- * INFO 2014-02-05 15:03:10,491 Version: 3.5.3 (Service.java [taskScheduler-1]) * INFO 2014-02-05 15:03:10,491 JRE Version: 1.7.0_40 (Service.java [taskScheduler-1]) * INFO 2014-02-05 15:03:10,491 JRE Impl Version: 24.0-b56 (Service.java [taskScheduler-1]) * INFO 2014-02-05 15:03:10,491 O/S: Windows 7 / amd64 / 6.1 (Service.java [taskScheduler-1]) * ERROR 2014-02-05 15:03:10,501 Unexpected error occurred in scheduled task. (TaskUtils.java [taskScheduler-1]) java.lang.ArrayIndexOutOfBoundsException: 0 at org.hisp.dhis.common.CombinationGenerator.getCurrent(CombinationGenerator.java:124) at org.hisp.dhis.common.CombinationGenerator.getNext(CombinationGenerator.java:98) at org.hisp.dhis.dataelement.DataElementCategoryCombo.getSortedOptionCombos(DataElementCategoryCombo.java:171) at org.hisp.dhis.resourcetable.DefaultResourceTableService.generateCategoryOptionComboNames(DefaultResourceTableService.java:206) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source) at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source) at java.lang.reflect.Method.invoke(Unknown Source) On Wed, Feb 5, 2014 at 9:05 PM, Emmanuel Willer CHARLES emmanuelwil...@gmail.com wrote: ok. i send all files found in the logs folder. On Wed, Feb 5, 2014 at 1:34 PM, Knut Staring knu...@gmail.com wrote: Fine. But the most important is your Tomcat log file. Sent from my mobile On 5 Feb 2014 20:33, Emmanuel Willer CHARLES emmanuelwil...@gmail.com wrote: Hi Knut, here are the requested information. version 2.13 build number: 12941. thanks On Wed, Feb 5, 2014 at 1:31 PM, Knut Staring knu...@gmail.comwrote: Hi Emmanuel, pls let us know the version and build number, and share your log file. Sent from my mobile On 5 Feb 2014 17:43, Emmanuel Willer CHARLES emmanuelwil...@gmail.com wrote: Hello Guys I think I need a little help out there. everything is set up, and I completed few forms in data entry for some months and org units, when running dataset reports, we can see the data is stored. scheduling is started, when I run analytic reports it takes a while in showing the working/progress bar, but doesn't give the complete status, and when i try to pull up data in the pivot table it doesn't show values (no value found). -- ___ Charles Emmanuel Willer 12,Lilavois 50 Croix des Bouquets, HT Tels: +509-3842-3854 / +509-3270-0655 Skype: emmanuelwiller emmanuelwil...@gmail.com emmanuelwil...@yahoo.com ___ Mailing list: https://launchpad.net/~dhis2-devs Post to : dhis2-d...@lists.launchpad.net Unsubscribe : https://launchpad.net/~dhis2-devs More help : https://help.launchpad.net/ListHelp -- ___ Charles Emmanuel Willer 12,Lilavois 50 Croix des Bouquets, HT Tels: +509-3842-3854 / +509-3270-0655 Skype: emmanuelwiller emmanuelwil...@gmail.com emmanuelwil...@yahoo.com -- ___ Charles Emmanuel Willer 12,Lilavois 50 Croix des Bouquets, HT Tels: +509-3842-3854 / +509-3270-0655 Skype: emmanuelwiller emmanuelwil...@gmail.com emmanuelwil...@yahoo.com -- Knut Staring Dept. of Informatics, University of Oslo +4791880522 http://dhis2.org -- ___ Charles Emmanuel Willer 12,Lilavois 50 Croix des Bouquets, HT Tels: +509-3842-3854 / +509-3270-0655 Skype: emmanuelwiller emmanuelwil...@gmail.com
Re: [Dhis2-users] [Dhis2-devs] Bangladesh's main DHIS2 installation hacked and solved
Hi Hannan, I think this attack might also be related to the Struts exploit. We did see random jsp files being uploaded at one occasion. The fix for the Struts exploit was done in 2.12 at revision 11341, so it means that you must upgrade your DHIS version (from 11312) in order to get protection. regards, Lars On Thu, Feb 6, 2014 at 9:18 AM, Jason Pickering jason.p.picker...@gmail.com wrote: Hi Hannan, I had several servers (4 to be exact) which were compromised due to a vulnerability in Struts. Lars sent out an email a few weeks ago, that informed everyone they needed to upgrade immediately. I know of other server which have also been compromised. One was running Tomcat as root (an exceptionally bad idea). Because of the compromise, a full reinstallation of the server software would be required. In your case, it does seem to be a bit more serious, and not consistent with the previous compromises I have seen. These compromises were limited to the machine sending out a huge amount of traffic, but otherwise, there did not seem to be any further issues. A few tips, you may want to consider 0) A complete reinstall of the system might be in order, given the extent of the attack. 1) Be sure that the Tomcat process is not running as root, and that the user which can execute Tomcat cannot login to the system directly (i.e. has their shell set to /bin/false) 2) Close port 8080 and remove the Tomcat manager. Instead, only have port 80/443 on the machine open. Additionally, do not run SSH on port 22, and be sure that you can only login to the server with a key, which is protected itself by a strong password. 3) Consider attempting to look for vulnerabilities your self, with tools such as Nessus and Nmap 4) Ensure that you are running a firewall on the server itself, i.e. do not trust your upstream providers firewall. 5) Ensure that all Tomcat installs, Java,DHIS2 and the system software itself is fully up to date 6) Consider running an IDS such as OSSEC on your machine to look for unauthorized intrusions. 7) Use tools such as monit to monitor for spurious processes or suspicious file activity. Hope this helps. Best regards, Jason On Thu, Feb 6, 2014 at 8:36 AM, Hannan Khan hann...@gmail.com wrote: Yes Morten, I installed through the package manager. The tomcat version is Apache Tomcat/7.0.26. Regards Hannan On Thu, Feb 6, 2014 at 12:07 PM, Morten Olav Hansen morte...@gmail.comwrote: Also make sure that your tomcat is up to date.. there exists several vulnerabilities in older versions (not sure how you installed it, but if you are using a linux distribution, its wise to install it through the package manager) -- Morten On Thu, Feb 6, 2014 at 1:00 PM, Knut Staring knu...@gmail.com wrote: Hannan, which build of DHIS2 ? Which Java version? Ubuntu? Sent from my mobile On Feb 6, 2014 6:29 AM, Hannan Khan hann...@gmail.com wrote: Dear experts Our main DHIS2 implementation (mishealth) for the health sector was hacked yesterday evening, around 4:30 PM local time. After login by any user it showing the attached message. We immediately stop the tomact7 service and check the database. We find the database is intact. After investigation I find that the hacker inserted three files to do this. First file index.html contain an alert alert(Admin, You Are Hacked by Malaysia Hacker!) and a body text h1Hacked by BadCat/h1. Which was placed in the application folder /tomcat7/webapps/mishealth/. Second files index.html contain another script which redirects to pastebin.com/raw.php?i=LZEdbBz6 was placed in the /tomcat7/webapps/mishealth/dhis-web-commons/security/. Third file guige.jsp is contain a script was placed in the /tomcat7/webapps/mishealth/dhis-web-commons/security/. For our server, it seems that only first file is executing after login. I find few more suspicious files which I am investigating and will share with the experts in next few days. I configured the server with only external open port is 8080. Other two ports (SSH and WEBMIN) are open for internal IP only. External access is possible only through VPN client. According to the firewall maintaining vendor, that hacker might access through 8080. How we prevent and secure that? I configure the database in other server and that server is only accessible through one private IP block. The tomcat server, the backup servers and our administrator/development team are in that block. Now please suggest how can we secure our servers more. Regards Muhammad Abdul Hannan Khan -- Senior Technical Advisor - HIS Priority Area Health Deutsche Gesellschaft für Internationale Zusammenarbeit (GIZ) GmbH House10/A, Road 90, Gulshan 2, Dhaka 1212, Bangladesh T +880-2- 8816459, 8816412 ext 118 M+88 01819 239 241 M+88 01534 312 066 F +88 02 8813 875 E hannan.k...@giz.de S hannan.khan.dhaka B
[Dhis2-users] Link values with GIS
Hi everyone, I try to display values by clicking organisation unit on GIS but I fail to do it. Could someone help me on how to do. thank you. ___ Mailing list: https://launchpad.net/~dhis2-users Post to : dhis2-users@lists.launchpad.net Unsubscribe : https://launchpad.net/~dhis2-users More help : https://help.launchpad.net/ListHelp
Re: [Dhis2-users] [Dhis2-devs] Bangladesh's main DHIS2 installation hacked and solved
Thanks Lars. Today we update DHIS2 to version 13 build 12864. Regards Hannan On Thu, Feb 6, 2014 at 5:50 PM, Lars Helge Øverland larshe...@gmail.comwrote: Hi Hannan, I think this attack might also be related to the Struts exploit. We did see random jsp files being uploaded at one occasion. The fix for the Struts exploit was done in 2.12 at revision 11341, so it means that you must upgrade your DHIS version (from 11312) in order to get protection. regards, Lars On Thu, Feb 6, 2014 at 9:18 AM, Jason Pickering jason.p.picker...@gmail.com wrote: Hi Hannan, I had several servers (4 to be exact) which were compromised due to a vulnerability in Struts. Lars sent out an email a few weeks ago, that informed everyone they needed to upgrade immediately. I know of other server which have also been compromised. One was running Tomcat as root (an exceptionally bad idea). Because of the compromise, a full reinstallation of the server software would be required. In your case, it does seem to be a bit more serious, and not consistent with the previous compromises I have seen. These compromises were limited to the machine sending out a huge amount of traffic, but otherwise, there did not seem to be any further issues. A few tips, you may want to consider 0) A complete reinstall of the system might be in order, given the extent of the attack. 1) Be sure that the Tomcat process is not running as root, and that the user which can execute Tomcat cannot login to the system directly (i.e. has their shell set to /bin/false) 2) Close port 8080 and remove the Tomcat manager. Instead, only have port 80/443 on the machine open. Additionally, do not run SSH on port 22, and be sure that you can only login to the server with a key, which is protected itself by a strong password. 3) Consider attempting to look for vulnerabilities your self, with tools such as Nessus and Nmap 4) Ensure that you are running a firewall on the server itself, i.e. do not trust your upstream providers firewall. 5) Ensure that all Tomcat installs, Java,DHIS2 and the system software itself is fully up to date 6) Consider running an IDS such as OSSEC on your machine to look for unauthorized intrusions. 7) Use tools such as monit to monitor for spurious processes or suspicious file activity. Hope this helps. Best regards, Jason On Thu, Feb 6, 2014 at 8:36 AM, Hannan Khan hann...@gmail.com wrote: Yes Morten, I installed through the package manager. The tomcat version is Apache Tomcat/7.0.26. Regards Hannan On Thu, Feb 6, 2014 at 12:07 PM, Morten Olav Hansen morte...@gmail.comwrote: Also make sure that your tomcat is up to date.. there exists several vulnerabilities in older versions (not sure how you installed it, but if you are using a linux distribution, its wise to install it through the package manager) -- Morten On Thu, Feb 6, 2014 at 1:00 PM, Knut Staring knu...@gmail.com wrote: Hannan, which build of DHIS2 ? Which Java version? Ubuntu? Sent from my mobile On Feb 6, 2014 6:29 AM, Hannan Khan hann...@gmail.com wrote: Dear experts Our main DHIS2 implementation (mishealth) for the health sector was hacked yesterday evening, around 4:30 PM local time. After login by any user it showing the attached message. We immediately stop the tomact7 service and check the database. We find the database is intact. After investigation I find that the hacker inserted three files to do this. First file index.html contain an alert alert(Admin, You Are Hacked by Malaysia Hacker!) and a body text h1Hacked by BadCat/h1. Which was placed in the application folder /tomcat7/webapps/mishealth/. Second files index.html contain another script which redirects to pastebin.com/raw.php?i=LZEdbBz6 was placed in the /tomcat7/webapps/mishealth/dhis-web-commons/security/. Third file guige.jsp is contain a script was placed in the /tomcat7/webapps/mishealth/dhis-web-commons/security/. For our server, it seems that only first file is executing after login. I find few more suspicious files which I am investigating and will share with the experts in next few days. I configured the server with only external open port is 8080. Other two ports (SSH and WEBMIN) are open for internal IP only. External access is possible only through VPN client. According to the firewall maintaining vendor, that hacker might access through 8080. How we prevent and secure that? I configure the database in other server and that server is only accessible through one private IP block. The tomcat server, the backup servers and our administrator/development team are in that block. Now please suggest how can we secure our servers more. Regards Muhammad Abdul Hannan Khan -- Senior Technical Advisor - HIS Priority Area Health Deutsche Gesellschaft für Internationale Zusammenarbeit (GIZ) GmbH House10/A, Road 90, Gulshan 2, Dhaka 1212,
Re: [Dhis2-users] [Dhis2-devs] Problem with Analytic Reports (Vizualizer and pivot table)
Hi all, you were all right, it was a problem with category and category combination thank you all. now that the problem is solve i can take the time to tackle another issue. that you all are going to be in copy. On Thu, Feb 6, 2014 at 2:18 AM, Lars Helge Øverland larshe...@gmail.comwrote: Hi Emmanuel, first try to go to data administration maintenance generate category option combos and go. Then try running analytics again. If that does not help, please chech whether you have any categories without any category options. If so remove them. Let us know how it goes. regards, Lars On Feb 5, 2014 11:13 PM, Knut Staring knu...@gmail.com wrote: .My guess is a problem with your categoryoptioncombos, but again, whenever there is an error, please share the (same) log file. Perhaps someone has time to have a look at your db, though if you don't have much in it yet, it could be advisable to start a fresh (just create a new empty db and point to that one in hibernate.properties) On Wed, Feb 5, 2014 at 10:47 PM, Emmanuel Willer CHARLES emmanuelwil...@gmail.com wrote: it is surely for test. i tried to run resource table i have the attached error message. On Wed, Feb 5, 2014 at 2:19 PM, Knut Staring knu...@gmail.com wrote: I think the relevant file is tomcat7-stdout.2014-02-05.log. I see you are running on Windows 7, is that just for testing on your laptop or is it meant to be a server? Below is the last part of the log, which seems to show a problem with categories. Others should have more insight on this, but you could try going to Maintenance - Data Administration - Resource Table and click on Generate Table. --- * INFO 2014-02-05 15:03:10,491 Version: 3.5.3 (Service.java [taskScheduler-1]) * INFO 2014-02-05 15:03:10,491 JRE Version: 1.7.0_40 (Service.java [taskScheduler-1]) * INFO 2014-02-05 15:03:10,491 JRE Impl Version: 24.0-b56 (Service.java [taskScheduler-1]) * INFO 2014-02-05 15:03:10,491 O/S: Windows 7 / amd64 / 6.1 (Service.java [taskScheduler-1]) * ERROR 2014-02-05 15:03:10,501 Unexpected error occurred in scheduled task. (TaskUtils.java [taskScheduler-1]) java.lang.ArrayIndexOutOfBoundsException: 0 at org.hisp.dhis.common.CombinationGenerator.getCurrent(CombinationGenerator.java:124) at org.hisp.dhis.common.CombinationGenerator.getNext(CombinationGenerator.java:98) at org.hisp.dhis.dataelement.DataElementCategoryCombo.getSortedOptionCombos(DataElementCategoryCombo.java:171) at org.hisp.dhis.resourcetable.DefaultResourceTableService.generateCategoryOptionComboNames(DefaultResourceTableService.java:206) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source) at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source) at java.lang.reflect.Method.invoke(Unknown Source) On Wed, Feb 5, 2014 at 9:05 PM, Emmanuel Willer CHARLES emmanuelwil...@gmail.com wrote: ok. i send all files found in the logs folder. On Wed, Feb 5, 2014 at 1:34 PM, Knut Staring knu...@gmail.com wrote: Fine. But the most important is your Tomcat log file. Sent from my mobile On 5 Feb 2014 20:33, Emmanuel Willer CHARLES emmanuelwil...@gmail.com wrote: Hi Knut, here are the requested information. version 2.13 build number: 12941. thanks On Wed, Feb 5, 2014 at 1:31 PM, Knut Staring knu...@gmail.comwrote: Hi Emmanuel, pls let us know the version and build number, and share your log file. Sent from my mobile On 5 Feb 2014 17:43, Emmanuel Willer CHARLES emmanuelwil...@gmail.com wrote: Hello Guys I think I need a little help out there. everything is set up, and I completed few forms in data entry for some months and org units, when running dataset reports, we can see the data is stored. scheduling is started, when I run analytic reports it takes a while in showing the working/progress bar, but doesn't give the complete status, and when i try to pull up data in the pivot table it doesn't show values (no value found). -- ___ Charles Emmanuel Willer 12,Lilavois 50 Croix des Bouquets, HT Tels: +509-3842-3854 / +509-3270-0655 Skype: emmanuelwiller emmanuelwil...@gmail.com emmanuelwil...@yahoo.com ___ Mailing list: https://launchpad.net/~dhis2-devs Post to : dhis2-d...@lists.launchpad.net Unsubscribe : https://launchpad.net/~dhis2-devs More help : https://help.launchpad.net/ListHelp -- ___ Charles Emmanuel Willer 12,Lilavois 50 Croix des Bouquets, HT Tels: +509-3842-3854 / +509-3270-0655 Skype: emmanuelwiller emmanuelwil...@gmail.com emmanuelwil...@yahoo.com -- ___ Charles Emmanuel Willer 12,Lilavois 50 Croix des Bouquets, HT Tels: +509-3842-3854 / +509-3270-0655 Skype: emmanuelwiller emmanuelwil...@gmail.com emmanuelwil...@yahoo.com
Re: [Dhis2-users] Link values with GIS
Hi Franck, I think you need to elaborate a bit in order to get some help with this issue. Please also have a look here: http://www.dhis2.org/doc/snapshot/en/user/html/ch18.html On Thu, Feb 6, 2014 at 2:23 PM, HAKIZIMANA Franck francescoh...@gmail.comwrote: Hi everyone, I try to display values by clicking organisation unit on GIS but I fail to do it. Could someone help me on how to do. thank you. ___ Mailing list: https://launchpad.net/~dhis2-users Post to : dhis2-users@lists.launchpad.net Unsubscribe : https://launchpad.net/~dhis2-users More help : https://help.launchpad.net/ListHelp ___ Mailing list: https://launchpad.net/~dhis2-users Post to : dhis2-users@lists.launchpad.net Unsubscribe : https://launchpad.net/~dhis2-users More help : https://help.launchpad.net/ListHelp
Re: [Dhis2-users] Postgresql memory optimization
Hi Emmanuel, you need to change the kernel settings if you increase the postgres shared_memory settings above default and not in postgres 9.3. See the part on sysctl.conf in the manual. If you are not on a production instance I would have skipped that part and left it on default. Lars On Thu, Feb 6, 2014 at 7:04 PM, Emmanuel Willer CHARLES emmanuelwil...@gmail.com wrote: Hi all, again, thank you for the help you have given me so far with the problem with the category and category combination. everything is quite well. but I have been experiencing issues when ever i Use the implementation manual explanation to optimize postgresql it prevents tomcat from running. I was able to ootimize java with javaoptions values but not postgresql. Can anyone help please?? -- ___ Charles Emmanuel Willer 12,Lilavois 50 Croix des Bouquets, HT Tels: +509-3842-3854 / +509-3270-0655 Skype: emmanuelwiller emmanuelwil...@gmail.com emmanuelwil...@yahoo.com ___ Mailing list: https://launchpad.net/~dhis2-users Post to : dhis2-users@lists.launchpad.net Unsubscribe : https://launchpad.net/~dhis2-users More help : https://help.launchpad.net/ListHelp