Не стартует служба cabinet.service

Betobet

Member
Здравствуйте,
Установил Nemesida WAF Free по инструкции, на моменте проверки запуска служб получаю

cabinet.service: Failed to set invocation ID on control group /system.slice/cabinet.service, ignoring: Operation not permitted

Все остальные службы корректно запустились. Подскажите, в какую сторону искать
 
Странно. Сейчас перезапустил службы, запустились все корректно, но /waf/personal все равно отдает 404

systemctl status cabinet cabinet_ipinfo cabinet_attack_nottification cabinet_vts
● cabinet.service - Init script for the Nemesida WAF Personal Cabinet
Loaded: loaded (/lib/systemd/system/cabinet.service; enabled; vendor preset: enabled)
Active: active (running) since Tue 2020-10-27 06:44:15 UTC; 5s ago
Main PID: 21819 (uwsgi)
CGroup: /system.slice/cabinet.service
├─21819 /var/www/app/venv/bin/uwsgi --ini /var/www/app/cabinet.ini
├─21824 /var/www/app/venv/bin/uwsgi --ini /var/www/app/cabinet.ini
├─21825 /var/www/app/venv/bin/uwsgi --ini /var/www/app/cabinet.ini
├─21826 /var/www/app/venv/bin/uwsgi --ini /var/www/app/cabinet.ini
└─21827 /var/www/app/venv/bin/uwsgi --ini /var/www/app/cabinet.ini

Oct 27 06:44:15 vaigumenov systemd[1]: Started Init script for the Nemesida WAF Personal Cabinet.
Oct 27 06:44:15 vaigumenov cabinet[21819]: [uWSGI] getting INI configuration from /var/www/app/cabinet.ini

● cabinet_ipinfo.service - Cabinet ip information Service
Loaded: loaded (/lib/systemd/system/cabinet_ipinfo.service; enabled; vendor preset: enabled)
Active: active (running) since Tue 2020-10-27 06:44:14 UTC; 6s ago
Main PID: 21812 (python3)
CGroup: /system.slice/cabinet_ipinfo.service
└─21812 /var/www/app/venv/bin/python3 /var/www/app/main/eventloop/mem_ip.py

Oct 27 06:44:14 vaigumenov systemd[1]: Started Cabinet ip information Service.

● cabinet_attack_nottification.service - Attack notify
Loaded: loaded (/lib/systemd/system/cabinet_attack_nottification.service; enabled; vendor preset: enabled)
Active: active (running) since Tue 2020-10-27 06:44:14 UTC; 6s ago
Main PID: 21813 (python3)
CGroup: /system.slice/cabinet_attack_nottification.service
└─21813 /var/www/app/venv/bin/python3 /var/www/app/main/eventloop/attack_notify.py

Oct 27 06:44:14 vaigumenov systemd[1]: Started Attack notify.

● cabinet_vts.service - VTS Service
Loaded: loaded (/lib/systemd/system/cabinet_vts.service; enabled; vendor preset: enabled)
Active: active (running) since Tue 2020-10-27 06:44:14 UTC; 6s ago
Main PID: 21814 (python3)
CGroup: /system.slice/cabinet_vts.service
└─21814 /var/www/app/venv/bin/python3 /var/www/app/main/eventloop/vtsr.py

Oct 27 06:44:14 vaigumenov systemd[1]: Started VTS Service.
Oct 27 06:44:16 vaigumenov python3[21814]: 27/Oct/2020:06:44:16 +0000 INFO: Started
 
Last edited:
Здравствуйте,

у вас на этом порту в Nginx есть еще настроенные виртуальные хосты? Пришлите пожалуйста ошибку из error лога Nginx.
 
Здравствуйте,

у вас на этом порту в Nginx есть еще настроенные виртуальные хосты? Пришлите пожалуйста ошибку из error лога Nginx.
Да, на этом порту еще 5 сайтов. По моему плану waf должен сработать на всех, но, похоже, мой план проваливается.

Мде, весь лог завален только такими сообщениями
2020/10/28 07:26:05 [error] 25671#25671: *17682 FastCGI sent in stderr: "QueryIterator.php on line 118
PHP message: PHP Notice: Only variable references should be returned by reference in /var/www/html/old.altke.ru/lib/eclipse/QueryIterator.php on line 118
 
Да, на этом порту еще 5 сайтов. По моему плану waf должен сработать на всех, но, похоже, мой план проваливается.

Мде, весь лог завален только такими сообщениями
2020/10/28 07:26:05 [error] 25671#25671: *17682 FastCGI sent in stderr: "QueryIterator.php on line 118
PHP message: PHP Notice: Only variable references should be returned by reference in /var/www/html/old.altke.ru/lib/eclipse/QueryIterator.php on line 118

решение проблемы простое - смените порт от ЛК в настройках файла вирт. хоста nginx.
 
решение проблемы простое - смените порт от ЛК в настройках файла вирт. хоста nginx.
При старте nginx ошибка
nginx: [error] Nemesida WAF: an error occurred while reading system UUID
 
При старте nginx ошибка
nginx: [error] Nemesida WAF: an error occurred while reading system UUID

Что-то блокирует возможность получения UUID, но ошибка не должна влиять на запуск nginx и старт ЛК.
 
Что-то блокирует возможность получения UUID, но ошибка не должна влиять на запуск nginx и старт ЛК.
Форма авторизации стартанула, но при любых действиях с ней отдает 500 ошибку
 
Форма авторизации стартанула, но при любых действиях с ней отдает 500 ошибку

Вероятно, допущена ошибка при настройке ЛК/API/БД. Включите режим дебага в ЛК или проверьте журналы в /var/log/uwsgi/cabinet/app.log.

Или воспользуйтесь персональной технической поддержкой (7.500 рублей/час)
 
Вероятно, допущена ошибка при настройке ЛК/API/БД. Включите режим дебага в ЛК или проверьте журналы в /var/log/uwsgi/cabinet/app.log.
Сделал все по текстовой инструкции (с учетом других портов ) и перепроверил по видеоинструкции.

*** Starting uWSGI 2.0.19.1 (64bit) on [Mon Nov 16 02:46:00 2020] ***
compiled with version: 6.3.0 20170516 on 26 October 2020 09:14:40
os: Linux-2.6.32-042stab145.3 #1 SMP Thu Jun 11 14:05:04 MSK 2020
nodename: nodename
machine: x86_64
clock source: unix
detected number of CPU cores: 2
current working directory: /var/www/app
detected binary path: /var/www/app/venv/bin/uwsgi
!!! no internal routing support, rebuild with pcre support !!!
your processes number limit is 385553
your memory page size is 4096 bytes
*** WARNING: you have enabled harakiri without post buffering. Slow upload could be rejected on post-unbuffered webservers ***
detected max file descriptor number: 1024
lock engine: pthread robust mutexes
thunder lock: disabled (you can enable it with --thunder-lock)
uwsgi socket 0 bound to UNIX address /var/www/app/cabinet.sock fd 3
Python version: 3.5.3 (default, Sep 27 2018, 17:25:39) [GCC 6.3.0 20170516]
*** Python threads support is disabled. You can enable it with --enable-threads ***
Python main interpreter initialized at 0x5633248cbea0
your server socket listen backlog is limited to 100 connections
your mercy for graceful operations on workers is 60 seconds
mapped 364520 bytes (355 KB) for 4 cores
*** Operational MODE: preforking ***
WSGI app 0 (mountpoint='') ready in 1 seconds on interpreter 0x5633248cbea0 pid: 31825 (default app)
*** uWSGI is running in multiple interpreter mode ***
spawned uWSGI master process (pid: 31825)
spawned uWSGI worker 1 (pid: 31829, cores: 1)
spawned uWSGI worker 2 (pid: 31830, cores: 1)
spawned uWSGI worker 3 (pid: 31831, cores: 1)
spawned uWSGI worker 4 (pid: 31832, cores: 1)
SIGINT/SIGQUIT received...killing workers...
worker 1 buried after 1 seconds
worker 2 buried after 1 seconds
worker 3 buried after 1 seconds
worker 4 buried after 1 seconds
goodbye to uWSGI.
VACUUM: unix socket /var/www/app/cabinet.sock removed.
*** Starting uWSGI 2.0.19.1 (64bit) on [Mon Nov 16 08:53:39 2020] ***
compiled with version: 6.3.0 20170516 on 16 November 2020 08:53:20
os: Linux-2.6.32-042stab145.3 #1 SMP Thu Jun 11 14:05:04 MSK 2020
nodename: nodename
machine: x86_64
clock source: unix
detected number of CPU cores: 2
current working directory: /var/www/app
detected binary path: /var/www/app/venv/bin/uwsgi
!!! no internal routing support, rebuild with pcre support !!!
your processes number limit is 385553
your memory page size is 4096 bytes
*** WARNING: you have enabled harakiri without post buffering. Slow upload could be rejected on post-unbuffered webservers ***
detected max file descriptor number: 1024
lock engine: pthread robust mutexes
thunder lock: disabled (you can enable it with --thunder-lock)
uwsgi socket 0 bound to UNIX address /var/www/app/cabinet.sock fd 3
Python version: 3.5.3 (default, Sep 27 2018, 17:25:39) [GCC 6.3.0 20170516]
*** Python threads support is disabled. You can enable it with --enable-threads ***
Python main interpreter initialized at 0x55e88a3d8ea0
your server socket listen backlog is limited to 100 connections
your mercy for graceful operations on workers is 60 seconds
mapped 364520 bytes (355 KB) for 4 cores
*** Operational MODE: preforking ***
WSGI app 0 (mountpoint='') ready in 1 seconds on interpreter 0x55e88a3d8ea0 pid: 20814 (default app)
*** uWSGI is running in multiple interpreter mode ***
spawned uWSGI master process (pid: 20814)
spawned uWSGI worker 1 (pid: 20889, cores: 1)
spawned uWSGI worker 2 (pid: 20891, cores: 1)
spawned uWSGI worker 3 (pid: 20892, cores: 1)
spawned uWSGI worker 4 (pid: 20895, cores: 1)
SIGINT/SIGQUIT received...killing workers...
worker 1 buried after 1 seconds
worker 2 buried after 1 seconds
worker 3 buried after 1 seconds
worker 4 buried after 1 seconds
goodbye to uWSGI.
VACUUM: unix socket /var/www/app/cabinet.sock removed.
*** Starting uWSGI 2.0.19.1 (64bit) on [Mon Nov 16 09:49:32 2020] ***
compiled with version: 6.3.0 20170516 on 16 November 2020 08:53:20
os: Linux-2.6.32-042stab145.3 #1 SMP Thu Jun 11 14:05:04 MSK 2020
nodename: nodename
machine: x86_64
clock source: unix
detected number of CPU cores: 2
current working directory: /var/www/app
detected binary path: /var/www/app/venv/bin/uwsgi
!!! no internal routing support, rebuild with pcre support !!!
your processes number limit is 385553
your memory page size is 4096 bytes
*** WARNING: you have enabled harakiri without post buffering. Slow upload could be rejected on post-unbuffered webservers ***
detected max file descriptor number: 1024
lock engine: pthread robust mutexes
thunder lock: disabled (you can enable it with --thunder-lock)
uwsgi socket 0 bound to UNIX address /var/www/app/cabinet.sock fd 3
Python version: 3.5.3 (default, Sep 27 2018, 17:25:39) [GCC 6.3.0 20170516]
*** Python threads support is disabled. You can enable it with --enable-threads ***
Python main interpreter initialized at 0x5561cafe4ea0
your server socket listen backlog is limited to 100 connections
your mercy for graceful operations on workers is 60 seconds
mapped 364520 bytes (355 KB) for 4 cores
*** Operational MODE: preforking ***
WSGI app 0 (mountpoint='') ready in 1 seconds on interpreter 0x5561cafe4ea0 pid: 2638 (default app)
*** uWSGI is running in multiple interpreter mode ***
spawned uWSGI master process (pid: 2638)
spawned uWSGI worker 1 (pid: 2644, cores: 1)
spawned uWSGI worker 2 (pid: 2645, cores: 1)
spawned uWSGI worker 3 (pid: 2646, cores: 1)
spawned uWSGI worker 4 (pid: 2647, cores: 1)
 
Сделал все по текстовой инструкции (с учетом других портов ) и перепроверил по видеоинструкции.

*** Starting uWSGI 2.0.19.1 (64bit) on [Mon Nov 16 02:46:00 2020] ***
compiled with version: 6.3.0 20170516 on 26 October 2020 09:14:40
os: Linux-2.6.32-042stab145.3 #1 SMP Thu Jun 11 14:05:04 MSK 2020
nodename: nodename
machine: x86_64
clock source: unix
detected number of CPU cores: 2
current working directory: /var/www/app
detected binary path: /var/www/app/venv/bin/uwsgi
!!! no internal routing support, rebuild with pcre support !!!
your processes number limit is 385553
your memory page size is 4096 bytes
*** WARNING: you have enabled harakiri without post buffering. Slow upload could be rejected on post-unbuffered webservers ***
detected max file descriptor number: 1024
lock engine: pthread robust mutexes
thunder lock: disabled (you can enable it with --thunder-lock)
uwsgi socket 0 bound to UNIX address /var/www/app/cabinet.sock fd 3
Python version: 3.5.3 (default, Sep 27 2018, 17:25:39) [GCC 6.3.0 20170516]
*** Python threads support is disabled. You can enable it with --enable-threads ***
Python main interpreter initialized at 0x5633248cbea0
your server socket listen backlog is limited to 100 connections
your mercy for graceful operations on workers is 60 seconds
mapped 364520 bytes (355 KB) for 4 cores
*** Operational MODE: preforking ***
WSGI app 0 (mountpoint='') ready in 1 seconds on interpreter 0x5633248cbea0 pid: 31825 (default app)
*** uWSGI is running in multiple interpreter mode ***
spawned uWSGI master process (pid: 31825)
spawned uWSGI worker 1 (pid: 31829, cores: 1)
spawned uWSGI worker 2 (pid: 31830, cores: 1)
spawned uWSGI worker 3 (pid: 31831, cores: 1)
spawned uWSGI worker 4 (pid: 31832, cores: 1)
SIGINT/SIGQUIT received...killing workers...
worker 1 buried after 1 seconds
worker 2 buried after 1 seconds
worker 3 buried after 1 seconds
worker 4 buried after 1 seconds
goodbye to uWSGI.
VACUUM: unix socket /var/www/app/cabinet.sock removed.
*** Starting uWSGI 2.0.19.1 (64bit) on [Mon Nov 16 08:53:39 2020] ***
compiled with version: 6.3.0 20170516 on 16 November 2020 08:53:20
os: Linux-2.6.32-042stab145.3 #1 SMP Thu Jun 11 14:05:04 MSK 2020
nodename: nodename
machine: x86_64
clock source: unix
detected number of CPU cores: 2
current working directory: /var/www/app
detected binary path: /var/www/app/venv/bin/uwsgi
!!! no internal routing support, rebuild with pcre support !!!
your processes number limit is 385553
your memory page size is 4096 bytes
*** WARNING: you have enabled harakiri without post buffering. Slow upload could be rejected on post-unbuffered webservers ***
detected max file descriptor number: 1024
lock engine: pthread robust mutexes
thunder lock: disabled (you can enable it with --thunder-lock)
uwsgi socket 0 bound to UNIX address /var/www/app/cabinet.sock fd 3
Python version: 3.5.3 (default, Sep 27 2018, 17:25:39) [GCC 6.3.0 20170516]
*** Python threads support is disabled. You can enable it with --enable-threads ***
Python main interpreter initialized at 0x55e88a3d8ea0
your server socket listen backlog is limited to 100 connections
your mercy for graceful operations on workers is 60 seconds
mapped 364520 bytes (355 KB) for 4 cores
*** Operational MODE: preforking ***
WSGI app 0 (mountpoint='') ready in 1 seconds on interpreter 0x55e88a3d8ea0 pid: 20814 (default app)
*** uWSGI is running in multiple interpreter mode ***
spawned uWSGI master process (pid: 20814)
spawned uWSGI worker 1 (pid: 20889, cores: 1)
spawned uWSGI worker 2 (pid: 20891, cores: 1)
spawned uWSGI worker 3 (pid: 20892, cores: 1)
spawned uWSGI worker 4 (pid: 20895, cores: 1)
SIGINT/SIGQUIT received...killing workers...
worker 1 buried after 1 seconds
worker 2 buried after 1 seconds
worker 3 buried after 1 seconds
worker 4 buried after 1 seconds
goodbye to uWSGI.
VACUUM: unix socket /var/www/app/cabinet.sock removed.
*** Starting uWSGI 2.0.19.1 (64bit) on [Mon Nov 16 09:49:32 2020] ***
compiled with version: 6.3.0 20170516 on 16 November 2020 08:53:20
os: Linux-2.6.32-042stab145.3 #1 SMP Thu Jun 11 14:05:04 MSK 2020
nodename: nodename
machine: x86_64
clock source: unix
detected number of CPU cores: 2
current working directory: /var/www/app
detected binary path: /var/www/app/venv/bin/uwsgi
!!! no internal routing support, rebuild with pcre support !!!
your processes number limit is 385553
your memory page size is 4096 bytes
*** WARNING: you have enabled harakiri without post buffering. Slow upload could be rejected on post-unbuffered webservers ***
detected max file descriptor number: 1024
lock engine: pthread robust mutexes
thunder lock: disabled (you can enable it with --thunder-lock)
uwsgi socket 0 bound to UNIX address /var/www/app/cabinet.sock fd 3
Python version: 3.5.3 (default, Sep 27 2018, 17:25:39) [GCC 6.3.0 20170516]
*** Python threads support is disabled. You can enable it with --enable-threads ***
Python main interpreter initialized at 0x5561cafe4ea0
your server socket listen backlog is limited to 100 connections
your mercy for graceful operations on workers is 60 seconds
mapped 364520 bytes (355 KB) for 4 cores
*** Operational MODE: preforking ***
WSGI app 0 (mountpoint='') ready in 1 seconds on interpreter 0x5561cafe4ea0 pid: 2638 (default app)
*** uWSGI is running in multiple interpreter mode ***
spawned uWSGI master process (pid: 2638)
spawned uWSGI worker 1 (pid: 2644, cores: 1)
spawned uWSGI worker 2 (pid: 2645, cores: 1)
spawned uWSGI worker 3 (pid: 2646, cores: 1)
spawned uWSGI worker 4 (pid: 2647, cores: 1)

Попробуйте активировать debug-режим в настройках ЛК, после чего повторите вход.

Из типичных допускаемых ошибок, которые приводят к ошибке 500 - нет доступа к БД, не созданы таблицы или не выполнена миграция.
 
Из типичных допускаемых ошибок, которые приводят к ошибке 500 - нет доступа к БД, не созданы таблицы или не выполнена миграция.
В postgresql.conf прописал ip сервера и порт, запускаю, у меня сайты недоступны. ПАМАГИТИ, не понимаю чего еще ему надо
 
В postgresql.conf прописал ip сервера и порт, запускаю, у меня сайты недоступны. ПАМАГИТИ, не понимаю чего еще ему надо

Здравствуйте,

не запуск nwaf-cabinet не может привести к блокировки трафика, вы можете узнать причины блокировки в файлах журнала Nginx.
 
Здравствуйте,

не запуск nwaf-cabinet не может привести к блокировки трафика, вы можете узнать причины блокировки в файлах журнала Nginx.

Итак. Я сдвинулся с мертвой точки.
В cabinet.conf у меня 0.0.0.0:225 (порт для входа в кабинет).
В nw-api.conf у меня listen 8080.
В nwaf.conf у меня айпи сервера.
По итогу:
Ребут -> ничего не работает.
service postgresql stop -> сайт работает, кабинет, очевидно, нет.
service postgresql start -> сайт работает, кабинет работает и даже логинится.
example.com/<script>alert(0)</script> -> сайт грузится без верстки.
после этого сайт и кабинет падают в 403 ошибку пока не рестартанется nginx
 
Здравствуйте,

не запуск nwaf-cabinet не может привести к блокировки трафика, вы можете узнать причины блокировки в файлах журнала Nginx.
В логе nwaf_update.log
2020-12-09 03:45:59,668 RULE_UPDATE_LOG INFO The timestamp on the remote server has not chagned (1607350309)

В логе attack_nottification.log
03/Dec/2020:10:38:45 +0000 ERROR: could not fetch attacks from db could not connect to server: Connection refused Is the server running on host "127.0.0.1" and accepting TCP/IP connections on port 5432?

*** Starting uWSGI 2.0.19.1 (64bit) on [Wed Dec 9 04:25:05 2020] ***
compiled with version: 6.3.0 20170516 on 16 November 2020 08:53:20
os: Linux-2.6.32-042stab145.3 #1 SMP Thu Jun 11 14:05:04 MSK 2020
nodename: vaigumenov
machine: x86_64
clock source: unix
detected number of CPU cores: 2
current working directory: /var/www/app
detected binary path: /var/www/app/venv/bin/uwsgi
!!! no internal routing support, rebuild with pcre support !!!
your processes number limit is 385553
your memory page size is 4096 bytes
*** WARNING: you have enabled harakiri without post buffering. Slow upload could be rejected on post-unbuffered webservers ***
detected max file descriptor number: 1024
lock engine: pthread robust mutexes
thunder lock: disabled (you can enable it with --thunder-lock)
uwsgi socket 0 bound to UNIX address /var/www/app/cabinet.sock fd 3
Python version: 3.5.3 (default, Sep 27 2018, 17:25:39) [GCC 6.3.0 20170516]
*** Python threads support is disabled. You can enable it with --enable-threads ***
Python main interpreter initialized at 0x557befb8b2f0
your server socket listen backlog is limited to 100 connections
your mercy for graceful operations on workers is 60 seconds
mapped 364520 bytes (355 KB) for 4 cores
*** Operational MODE: preforking ***
WSGI app 0 (mountpoint='') ready in 7 seconds on interpreter 0x557befb8b2f0 pid: 1558 (default app)
*** uWSGI is running in multiple interpreter mode ***
spawned uWSGI master process (pid: 1558)
spawned uWSGI worker 1 (pid: 1589, cores: 1)
spawned uWSGI worker 2 (pid: 1590, cores: 1)
spawned uWSGI worker 3 (pid: 1591, cores: 1)
spawned uWSGI worker 4 (pid: 1592, cores: 1)
 
В логе nwaf_update.log
2020-12-09 03:45:59,668 RULE_UPDATE_LOG INFO The timestamp on the remote server has not chagned (1607350309)

В логе attack_nottification.log
03/Dec/2020:10:38:45 +0000 ERROR: could not fetch attacks from db could not connect to server: Connection refused Is the server running on host "127.0.0.1" and accepting TCP/IP connections on port 5432?

*** Starting uWSGI 2.0.19.1 (64bit) on [Wed Dec 9 04:25:05 2020] ***
compiled with version: 6.3.0 20170516 on 16 November 2020 08:53:20
os: Linux-2.6.32-042stab145.3 #1 SMP Thu Jun 11 14:05:04 MSK 2020
nodename: vaigumenov
machine: x86_64
clock source: unix
detected number of CPU cores: 2
current working directory: /var/www/app
detected binary path: /var/www/app/venv/bin/uwsgi
!!! no internal routing support, rebuild with pcre support !!!
your processes number limit is 385553
your memory page size is 4096 bytes
*** WARNING: you have enabled harakiri without post buffering. Slow upload could be rejected on post-unbuffered webservers ***
detected max file descriptor number: 1024
lock engine: pthread robust mutexes
thunder lock: disabled (you can enable it with --thunder-lock)
uwsgi socket 0 bound to UNIX address /var/www/app/cabinet.sock fd 3
Python version: 3.5.3 (default, Sep 27 2018, 17:25:39) [GCC 6.3.0 20170516]
*** Python threads support is disabled. You can enable it with --enable-threads ***
Python main interpreter initialized at 0x557befb8b2f0
your server socket listen backlog is limited to 100 connections
your mercy for graceful operations on workers is 60 seconds
mapped 364520 bytes (355 KB) for 4 cores
*** Operational MODE: preforking ***
WSGI app 0 (mountpoint='') ready in 7 seconds on interpreter 0x557befb8b2f0 pid: 1558 (default app)
*** uWSGI is running in multiple interpreter mode ***
spawned uWSGI master process (pid: 1558)
spawned uWSGI worker 1 (pid: 1589, cores: 1)
spawned uWSGI worker 2 (pid: 1590, cores: 1)
spawned uWSGI worker 3 (pid: 1591, cores: 1)
spawned uWSGI worker 4 (pid: 1592, cores: 1)


Здравствуйте,

проверьте, что по реквизитам из /var/www/app/cabinet/settings.py есть доступ к базам данных.
 
Back
Top