Re: How to get client IP address ?
Its easy when you know how!
Guacamole is very well thought out Mike and team have done an
exceptional job, however we customize guacamole to do what we want it to
do, strip out the code not used, then harden it with FIPS140-2, I merely
gave examples of what you could do, beside you should be using some type
of SIEM anyways as part of your security posture. I hope you find what
you are looking for.
*Thank You*
Sean Hulbert
*Founder / CEO*
*Security Centric Inc.*
A Cybersecurity Virtualization Enablement Company
/StormCloud Gov, Protected CUI Environment!/
Industry's most secure virtual desktops!
*/FedRAMP MIL4 in process (RAR)/*
System Award Management
*CAGE: 8AUV4*
*SAM ID: UMJLJ8A7BMT3*
AFCEA San Francisco Chapter President
If you have heard of a hacker by name, he/she has failed, fear the
hacker you haven’t heard of!
CONFIDENTIALITY NOTICE: This communication with its contents may contain
confidential and/or legally privileged information. It is solely for the
use of the intended recipient(s). Unauthorized interception, review, use
or disclosure is prohibited and may violate applicable laws including
the Electronic Communications Privacy Act. If you are not the intended
recipient, please contact the sender and destroy all copies of the
communication. Content within this email communication is not legally
binding as a contract and no promises are guaranteed unless in a formal
contract outside this email communication.
igitur qui desiderat pacem, praeparet bellum!!!
Epitoma Rei Militaris
On 4/26/2024 2:02 PM, Stephan von Krawczynski wrote:
You are aware that the talk is about a piece of information (IP) the basic
service (indeed apache) has naturally.
Your explanation alone shows how broken by design the thing is. You need a
logfile, a database, a script and a layer 7 firewall for obtaining an IP?
And then you call it easy. Gimme a break...
On Fri, 26 Apr 2024 10:51:01 -0700
Sean Hulbert wrote:
This is easy,
1. Use a SIEM on the NGINX or Apache log files set your trigger to look
for the api token.
2. Parse the log file directly using bash awk sed if fi else then pull
the IP address
3. Create a new table in the Guacamole database then add a variable to
the connection info page, take option 2 and inject the IP to the new
table to be displayed.
4. Put a Layer 7 firewall in front of the Guacamole system and capture
all data streams to and from (assuming this is external use).
*Thank You*
Sean Hulbert
*Founder / CEO*
*Security Centric Inc.*
A Cybersecurity Virtualization Enablement Company
/StormCloud Gov, Protected CUI Environment!/
Industry's most secure virtual desktops!
*/FedRAMP MIL4 in process (RAR)/*
System Award Management
*CAGE: 8AUV4*
*SAM ID: UMJLJ8A7BMT3*
AFCEA San Francisco Chapter President
If you have heard of a hacker by name, he/she has failed, fear the
hacker you haven’t heard of!
CONFIDENTIALITY NOTICE: This communication with its contents may contain
confidential and/or legally privileged information. It is solely for the
use of the intended recipient(s). Unauthorized interception, review, use
or disclosure is prohibited and may violate applicable laws including
the Electronic Communications Privacy Act. If you are not the intended
recipient, please contact the sender and destroy all copies of the
communication. Content within this email communication is not legally
binding as a contract and no promises are guaranteed unless in a formal
contract outside this email communication.
igitur qui desiderat pacem, praeparet bellum!!!
Epitoma Rei Militaris
On 4/26/2024 6:10 AM, Nick Couchman wrote:
On Fri, Apr 26, 2024 at 6:47 AM Molina de la Iglesia, Manuel
wrote:
Hello,
After following the provided documentation, I cannot find a
solution to get the real client IP.
I have my application (PHP) on the same Guacamole Server, this
application gets the user token:
image.png
The Tomcat log (after use the following pattern on the server.xml
valve) I use: %{x-forwarded-for}i %l %u %t %r %s %b
The log is OK (display the user IP)
image.png
This does not look like the Tomcat log, this looks like a log for
httpd or Nginx, which means *that* is getting your client IP address.
Do you have your Proxy configured to pass the X-Forwarded-For header
through to Tomcat?
-Nick
-
To unsubscribe, e-mail:user-unsubscr...@guacamole.apache.org
For additional commands, e-mail:user-h...@guacamole.apache.org
Re: How to get client IP address ?
You are aware that the talk is about a piece of information (IP) the basic
service (indeed apache) has naturally.
Your explanation alone shows how broken by design the thing is. You need a
logfile, a database, a script and a layer 7 firewall for obtaining an IP?
And then you call it easy. Gimme a break...
On Fri, 26 Apr 2024 10:51:01 -0700
Sean Hulbert wrote:
> This is easy,
>
> 1. Use a SIEM on the NGINX or Apache log files set your trigger to look
> for the api token.
>
> 2. Parse the log file directly using bash awk sed if fi else then pull
> the IP address
>
> 3. Create a new table in the Guacamole database then add a variable to
> the connection info page, take option 2 and inject the IP to the new
> table to be displayed.
>
> 4. Put a Layer 7 firewall in front of the Guacamole system and capture
> all data streams to and from (assuming this is external use).
>
>
>
> *Thank You*
> Sean Hulbert
> *Founder / CEO*
>
>
> *Security Centric Inc.*
> A Cybersecurity Virtualization Enablement Company
> /StormCloud Gov, Protected CUI Environment!/
>
>
> Industry's most secure virtual desktops!
>
>
> */FedRAMP MIL4 in process (RAR)/*
> System Award Management
> *CAGE: 8AUV4*
> *SAM ID: UMJLJ8A7BMT3*
>
> AFCEA San Francisco Chapter President
> If you have heard of a hacker by name, he/she has failed, fear the
> hacker you haven’t heard of!
>
> CONFIDENTIALITY NOTICE: This communication with its contents may contain
> confidential and/or legally privileged information. It is solely for the
> use of the intended recipient(s). Unauthorized interception, review, use
> or disclosure is prohibited and may violate applicable laws including
> the Electronic Communications Privacy Act. If you are not the intended
> recipient, please contact the sender and destroy all copies of the
> communication. Content within this email communication is not legally
> binding as a contract and no promises are guaranteed unless in a formal
> contract outside this email communication.
>
> igitur qui desiderat pacem, praeparet bellum!!!
>
> Epitoma Rei Militaris
>
> On 4/26/2024 6:10 AM, Nick Couchman wrote:
> > On Fri, Apr 26, 2024 at 6:47 AM Molina de la Iglesia, Manuel
> > wrote:
> >
> > Hello,
> >
> > After following the provided documentation, I cannot find a
> > solution to get the real client IP.
> >
> > I have my application (PHP) on the same Guacamole Server, this
> > application gets the user token:
> >
> > image.png
> >
> > The Tomcat log (after use the following pattern on the server.xml
> > valve) I use: %{x-forwarded-for}i %l %u %t %r %s %b
> >
> > The log is OK (display the user IP)
> >
> > image.png
> >
> >
> > This does not look like the Tomcat log, this looks like a log for
> > httpd or Nginx, which means *that* is getting your client IP address.
> > Do you have your Proxy configured to pass the X-Forwarded-For header
> > through to Tomcat?
> >
> > -Nick
> >
-
To unsubscribe, e-mail: user-unsubscr...@guacamole.apache.org
For additional commands, e-mail: user-h...@guacamole.apache.org
RE: Issue with VNC on new 1.5.4 installation
Update: after some playing around and digging around, it appears as though the VNC connections work when we disable FIPS on the RHEL 8 Guacamole server. However, it is a security requirement set by our organization to have FIPS enabled, so how can we make this work with FIPS enabled? Thanks, Harry -Original Message- From: Devine, Harry (FAA) Sent: Thursday, April 25, 2024 9:55 AM To: user@guacamole.apache.org Subject: RE: Issue with VNC on new 1.5.4 installation CAUTION: This email originated from outside of the Federal Aviation Administration (FAA). Do not click on links or open attachments unless you recognize the sender and know the content is safe. I am now running guacd in Debug mode via "/usr/local/sbin/guacd -f -L debug", and here's what I see when I try to connect to a VNC connection: guacd[4319]: INFO: Creating new client for protocol "vnc" guacd[4319]: INFO: Connection ID is "$b2d849e6-b5e5-4b56-94e6-839c29da92c6" guacd[4369]: DEBUG: Processing instruction: size guacd[4369]: DEBUG: Processing instruction: audio guacd[4369]: DEBUG: Processing instruction: video guacd[4369]: DEBUG: Processing instruction: image guacd[4369]: DEBUG: Processing instruction: timezone guacd[4369]: DEBUG: Processing instruction: name guacd[4369]: INFO: Cursor rendering: local guacd[4369]: DEBUG: Parameter "swap-red-blue" omitted. Using default value of 0. guacd[4369]: DEBUG: Parameter "color-depth" omitted. Using default value of 0. guacd[4369]: DEBUG: Parameter "force-lossless" omitted. Using default value of 0. guacd[4369]: DEBUG: Parameter "dest-port" omitted. Using default value of 0. guacd[4369]: DEBUG: Parameter "encodings" omitted. Using default value of "zrle ultra copyrect hextile zlib corre rre raw". guacd[4369]: DEBUG: Parameter "autoretry" omitted. Using default value of 0. guacd[4369]: DEBUG: Parameter "reverse-connect" omitted. Using default value of 0. guacd[4369]: DEBUG: Parameter "listen-timeout" omitted. Using default value of 5000. guacd[4369]: DEBUG: Parameter "enable-audio" omitted. Using default value of 0. guacd[4369]: DEBUG: Parameter "enable-sftp" omitted. Using default value of 0. guacd[4369]: DEBUG: Parameter "sftp-hostname" omitted. Using default value of "xxx.xxx.xxx.xxx". guacd[4369]: DEBUG: Parameter "sftp-port" omitted. Using default value of "22". guacd[4369]: DEBUG: Parameter "sftp-username" omitted. Using default value of "". guacd[4369]: DEBUG: Parameter "sftp-password" omitted. Using default value of "". guacd[4369]: DEBUG: Parameter "sftp-passphrase" omitted. Using default value of "". guacd[4369]: DEBUG: Parameter "sftp-root-directory" omitted. Using default value of "/". guacd[4369]: DEBUG: Parameter "sftp-server-alive-interval" omitted. Using default value of 0. guacd[4369]: DEBUG: Parameter "sftp-disable-download" omitted. Using default value of 0. guacd[4369]: DEBUG: Parameter "sftp-disable-upload" omitted. Using default value of 0. guacd[4369]: DEBUG: Parameter "recording-name" omitted. Using default value of "recording". guacd[4369]: DEBUG: Parameter "recording-exclude-output" omitted. Using default value of 0. guacd[4369]: DEBUG: Parameter "recording-exclude-mouse" omitted. Using default value of 0. guacd[4369]: DEBUG: Parameter "recording-include-keys" omitted. Using default value of 0. guacd[4369]: DEBUG: Parameter "create-recording-path" omitted. Using default value of 0. guacd[4369]: DEBUG: Parameter "disable-copy" omitted. Using default value of 0. guacd[4369]: DEBUG: Parameter "disable-paste" omitted. Using default value of 0. guacd[4369]: DEBUG: Parameter "wol-send-packet" omitted. Using default value of 0. guacd[4369]: INFO: User "@8f157edc-f209-45de-808e-734861dd5816" joined connection "$b2d849e6-b5e5-4b56-94e6-839c29da92c6" (1 users now present) guacd[4369]: DEBUG: Client is using protocol version "VERSION_1_5_0" guacd[4369]: DEBUG: GCrypt initialization started. guacd[4369]: DEBUG: GCrypt initialization completed. guacd[4369]: ERROR: Unable to connect to VNC server. guacd[4369]: INFO: User "@8f157edc-f209-45de-808e-734861dd5816" disconnected (0 users remain) guacd[4369]: INFO: Last user of connection "$b2d849e6-b5e5-4b56-94e6-839c29da92c6" disconnected guacd[4369]: DEBUG: Requesting termination of client... guacd[4369]: DEBUG: Client terminated successfully. guacd[4319]: INFO: Connection "$b2d849e6-b5e5-4b56-94e6-839c29da92c6" removed. guacd[4319]: DEBUG: Unable to request termination of client process: No such process guacd[4319]: DEBUG: All child processes for connection "$b2d849e6-b5e5-4b56-94e6-839c29da92c6" have been terminated. Thanks, Harry -Original Message- From: Devine, Harry (FAA) Sent: Thursday, April 25, 2024 9:33 AM To: user@guacamole.apache.org Subject: RE: Issue with VNC on new 1.5.4
Re: How to get client IP address ?
This is easy,
1. Use a SIEM on the NGINX or Apache log files set your trigger to look
for the api token.
2. Parse the log file directly using bash awk sed if fi else then pull
the IP address
3. Create a new table in the Guacamole database then add a variable to
the connection info page, take option 2 and inject the IP to the new
table to be displayed.
4. Put a Layer 7 firewall in front of the Guacamole system and capture
all data streams to and from (assuming this is external use).
*Thank You*
Sean Hulbert
*Founder / CEO*
*Security Centric Inc.*
A Cybersecurity Virtualization Enablement Company
/StormCloud Gov, Protected CUI Environment!/
Industry's most secure virtual desktops!
*/FedRAMP MIL4 in process (RAR)/*
System Award Management
*CAGE: 8AUV4*
*SAM ID: UMJLJ8A7BMT3*
AFCEA San Francisco Chapter President
If you have heard of a hacker by name, he/she has failed, fear the
hacker you haven’t heard of!
CONFIDENTIALITY NOTICE: This communication with its contents may contain
confidential and/or legally privileged information. It is solely for the
use of the intended recipient(s). Unauthorized interception, review, use
or disclosure is prohibited and may violate applicable laws including
the Electronic Communications Privacy Act. If you are not the intended
recipient, please contact the sender and destroy all copies of the
communication. Content within this email communication is not legally
binding as a contract and no promises are guaranteed unless in a formal
contract outside this email communication.
igitur qui desiderat pacem, praeparet bellum!!!
Epitoma Rei Militaris
On 4/26/2024 6:10 AM, Nick Couchman wrote:
On Fri, Apr 26, 2024 at 6:47 AM Molina de la Iglesia, Manuel
wrote:
Hello,
After following the provided documentation, I cannot find a
solution to get the real client IP.
I have my application (PHP) on the same Guacamole Server, this
application gets the user token:
image.png
The Tomcat log (after use the following pattern on the server.xml
valve) I use: %{x-forwarded-for}i %l %u %t %r %s %b
The log is OK (display the user IP)
image.png
This does not look like the Tomcat log, this looks like a log for
httpd or Nginx, which means *that* is getting your client IP address.
Do you have your Proxy configured to pass the X-Forwarded-For header
through to Tomcat?
-Nick
Re: RDP issues in Guacamole 1.5.5
On Fri, Apr 26, 2024 at 6:50 AM Santiago Garcia Mantinan wrote: > Hi! > > I can confirm this behaviour also on our setup (connecting against a Debian > xrdp 0.9.21.1). > > > We started fiddling with the connection settings in Guacamole of one of > our machines and noticed that if the "Enable audio input (microphone)" > (Parameters -> Device Redirection) option was flagged, it started showing > this behaviour. > > Once disabled, we could RDP into the system. > > Alessio, thanks a lot for this report, this is the same issue we are having > here and I believe the same one that other users have descrived on the > thread "Cannot connect XRDP when migrate from 1.5.4 to 1.5.5" from the 8th > of April. > > Like you, when we disable mic it works, if not, it gets stuck :-( > > If more info is needed to look at this, just let us know. > > It's already resolved in Git, at the very least for the 1.6.0 release. We have not decided if we'll do a 1.5.6 bugfix release or not. -Nick
Re: How to get client IP address ?
On Fri, Apr 26, 2024 at 6:47 AM Molina de la Iglesia, Manuel
wrote:
> Hello,
>
> After following the provided documentation, I cannot find a solution to
> get the real client IP.
>
> I have my application (PHP) on the same Guacamole Server, this application
> gets the user token:
>
> [image: image.png]
>
> The Tomcat log (after use the following pattern on the server.xml valve) I
> use: %{x-forwarded-for}i %l %u %t %r %s %b
>
> The log is OK (display the user IP)
>
> [image: image.png]
>
>
This does not look like the Tomcat log, this looks like a log for httpd or
Nginx, which means *that* is getting your client IP address. Do you have
your Proxy configured to pass the X-Forwarded-For header through to Tomcat?
-Nick
>
Re: RDP issues in Guacamole 1.5.5
Hi! I can confirm this behaviour also on our setup (connecting against a Debian xrdp 0.9.21.1). > We started fiddling with the connection settings in Guacamole of one of our > machines and noticed that if the "Enable audio input (microphone)" > (Parameters -> Device Redirection) option was flagged, it started showing > this behaviour. > Once disabled, we could RDP into the system. Alessio, thanks a lot for this report, this is the same issue we are having here and I believe the same one that other users have descrived on the thread "Cannot connect XRDP when migrate from 1.5.4 to 1.5.5" from the 8th of April. Like you, when we disable mic it works, if not, it gets stuck :-( If more info is needed to look at this, just let us know. Regards. -- Manty/BestiaTester -> http://manty.net - To unsubscribe, e-mail: user-unsubscr...@guacamole.apache.org For additional commands, e-mail: user-h...@guacamole.apache.org
Re: How to get client IP address ?
Hello,
After following the provided documentation, I cannot find a solution to get
the real client IP.
I have my application (PHP) on the same Guacamole Server, this application
gets the user token:
[image: image.png]
The Tomcat log (after use the following pattern on the server.xml valve) I
use: %{x-forwarded-for}i %l %u %t %r %s %b
The log is OK (display the user IP)
[image: image.png]
But guacamole log still display the application IP (that on this case runs
on the same server)
[image: image.png]
Any suggestions?
Thanks
*Manel Molina*
*manuel.molina-de-la-igle...@veolia.com
*
*Dirección de Ciberseguridad*
Ciutat de L’Aigua (D38)
Paseo de la Zona Franca, 48
08038 Barcelona / España
www.veolia.com
El lun, 22 abr 2024 a las 4:35, Nick Couchman () escribió:
> On Sun, Apr 21, 2024 at 5:18 PM Ivanmarcus
> wrote:
>
>> Stephan,
>>
>> Having been around here for a while I'd be very surprised to find code
>> contributions simply 'ignored'. If you look at Guacamole's development
>> history I think you'd see that contributions are welcomed, and where
>> they address a need and/or fit the project well they are incorporated.
>>
>> Naturally there would be discussion, and it *may* be that some
>> contributions are not [immediately] accepted, however they would not be
>> discarded out of hand for no reason. Perhaps this has been your
>> experience of other projects but please don't anticipate it here.
>>
>>
> Yes, completely agree. There is definitely scrutiny of changes and
> discussion around it, and a rather robust review process. So, while changes
> will not be discarded out of hand, for no reason, they will also not be
> blindly accepted.
>
>
>> Otherwise it's my view (and clearly that of many others) that Guacamole
>> is not a 'mediocre' product. It has its flaws and no doubt could be
>> improved, but being derogatory about something is not especially
>> productive and rarely a good way to effect change.
>>
>> Thus I wonder if you might spend a little time looking closely at
>> Guacamole's development and how/why it works the way it does presently?
>> As an active project with good interaction and hard working developers,
>> input from experienced coders would be gratefully received. However I
>> suggest the usual way to go about changing something is first to become
>> involved, become 'known' by your contributions, to gain better knowledge
>> of the issues and direction facing the project, and thence be able to
>> effect positive and cohesive change...
>>
>>
> +1
>
> I would love to see the community of active contributors, both developers
> and supporters on the mailing list, grow to include a greater number and
> more diverse population.
>
> -Nick
>
Re: Cannot connect XRDP when migrate from 1.5.4 to 1.5.5
Hi! > yesterday I've upgraded my both Docker containers guacd and guacamole from > 1.5.4 to 1.5.5 Like Alessio says in his mail "RDP issues in Guacamole 1.5.5" from the 10th of April, it is related to audio, if you disable mic on the connection it will work. This happens not only on containers but on other setups as well, I build it myself with exactly the same rules, and is also hanging. I have tested with different freerdp versions, latest 2.11.7 and the one I compiled against when I compiled 1.5.4 (2.11.5) and it hangs in all of them until I remove mic on the connection. Regards. -- Manty/BestiaTester -> http://manty.net - To unsubscribe, e-mail: user-unsubscr...@guacamole.apache.org For additional commands, e-mail: user-h...@guacamole.apache.org
