I am able to integrate ZAP running on another machine(let's say machine-B) with Jenkins installed on one machine (machine-A). While building a project, ZAP starts from another machine(B), but the resources(memory, heap) are utilised from one machine(A), which shouldn't be so.
Could someone suggest how to achieve the same?
By default ZAP will only allow connections from the local machine. You can set which IP addresses can connect to the API using the command line:
-config api.addrs.addr.name=123.456.789.123
If you are using ZAP in a completely isolated environment you can allow all IP addresses to connect to the ZAP API using:
-config api.addrs.addr.name=.* -config api.addrs.addr.regex=true
You will also need to set or disable the API key.
For more details see this FAQ: https://github.com/zaproxy/zaproxy/wiki/FAQremote
Related
Possible to Change Jenkins URL? : http://localhost:8080
Currently I have jenkins setup on a virtual machine.
Is it possible to setup Jenkins on a URL which is more is accessible for other users?
For example I dont want other users to access test results by connecting to the Virtual machine instead I want them to access a URL from their own device in turn enabling them to login and see test results via jenkins.
thanks for you help
Let's say IP of your virtual machine is 192.168.x.x.
Open the Port 8080 via firewall and then change the URL of jenkins from
"Manage Jenkins >>Config Sys >> Jenkins Location>" to "http://192.168.x.x:8080"
Now you can access it from other machine on same network domain.Just have to hit the url http://192.168.x.x:8080
You can now create different users with different privileges for the same.
You can find it under Manage Jenkins >> Manage Users >> Create Users.
It is related to networking. The machines should be on the same network, so they can talk to each other (unless you have public IP).
The ONLY rule to give access is, that machines can talk to each other (of course, in their language, 0's & 1's).
I suggest following things to do to share the URL:
Ask the users to connect to the same network that your machine is in.
Verify whether they are able to PING your machine IP (get it from ipconfig command for windows - router assigns IP for your machine, that starts with 192.168 or 10.10). command example: ping 10.10.1.10
If any issues in Ping, it might be Windows Firewall or Anti-virus which might be blocking, so allow the IPs in your firewall so they can access your machine.
Then ask them to access Jenkins using the following URL http://[IP of your machine:8080]
We want the Jenkins web interface to be accessible from anywhere (not
just on the local machine), so we’re going to open up the config file:
sudo nano /usr/local/opt/jenkins-lts/homebrew.mxcl.jenkins-lts.plist
Find this line:
<string>--httpListenAddress=127.0.0.1</string>
And change it to:
<string>--httpListenAddress=0.0.0.0</string>
RF : Installing Jenkins on macOS
I have an Ant script that I use to populate/prepare a database. All I need is to set the host, port and credentials for the database. It works fine for MySQL and DB2, the DB just need to be reachable from were the script is executed.
The DB service in Bluemix gives me a DB with an IP (75.x.x.x) that is only reachable from the internal network of Bluemix, it is not accessible externally.
My understanding is that my ant script needs to be executed from inside the Bluemix network/servers.
How can I do that?
What would be the alternatives?
I'm considering to create a NodeJS script to trigger that ant internally, but I'm not sure if it will work properly.
dashDB always had the ability for local clients (outside of Bluemix) to connect to the cloud database, and SQL Database later added the feature as well. So you should be able to populate a database as long as you have the correct driver client installed on your local machine.
Can you provide more details on how you tested that the IP is not reachable? Is there a firewall put in place between your local machine and Bluemix? Note that ping is not a good test because the port is blocked for security reasons. You may try the JDBC port indicated on the connection page from the console.
See link for instructions on how to make a connection:
https://www.ng.bluemix.net/docs/#services/SQLDB/index.html#connecting-to-sqldb
You might be able to use a simple custom buildpack. You can start with a sample like this one:
https://github.com/dmikusa-pivotal/cf-test-buildpack
fork it and modify the bin/compile script to run your ant task instead. Then put your ant script (and probably executable as I expect it is not installed in the Bluemix environment) in a directory and run
cf push <appname> -b <your forked git url>
To push it to Bluemix and run it. If you're just using it once you can probably get away with hard-coding the address and credentials, or else you can bind to the same service instance and get the info from VCAP_SERVICES.
I am currently running Jenkins on a GCE VM. As a build step, I want to trigger a Jenkins job on another VM in the same project. The problem is, HTTP and HTTPS access to the VMs is disabled, and I cannot use curl to trigger it remotely. An SSH tunnel remains the only option. But SSH onto a VM requires a google_compute_engine private key file, which helps you log in to a particular user..I was confused about how to use this file for the Jenkins user, which does not have a separate shell and was hoping for some advice. Thanks in advance!
The easiest way is to apply the default firewall rules to allow HTTP and HTTPS traffic to the instance by setting the Allow HTTP traffic and Allow HTTPS traffic checkboxs on in its detailed view at Developers Console, or adding the http-server and https-server tags manually by using gcloud command: "
gcloud compute instances add-tags INSTANCE --tags http-server https-server".
Setting up an SSH tunnel to Jenkins port of service is a possibility and it doesn't require using google_compute_engine key necessarily. You can configure and additional key and copy the public part for that key into Jenkins user's authorized_keys file directly, as you would with any other server. See this link for more details. If you use a custom SSH key, remember to specify the related private key when setting up the tunnel.
Another more straight-forward option would be creating new firewall rules for Jenkins ports and applying them to the Jenkins instance.
I have a PowerShell script hosted in Windows Server 2008 R2. This script need to invoke a UNIX script residing in a UNIX server. After completion of execution of script it must return the output to the calling script. (PowerShell Script). I am implementing it in highly secured servers. Hence cannot use third party built tools/Libraries unless they are authenticated and approved by standards. If there is any standard library which I can make use of and accomplish this task will be appreciated.
There is no "native" way to do it that I'm aware of.
The most secure method I can think of offhand which will be accepted by your review board is to use ssh with keys for authentication. Yes, you'll have to acquire & install an SSH client for Windows, but if your servers are "highly secured" then your security people should be very happy to hear that you want to use SSH. SSH should already be running on the UNIX servers.
You can use ssh to execute any command on the remote system (that you're authorized to execute) instead of creating a login shell simply by appending the command to the end of the ssh command line (as described by the link above).
I have a java process on a linux server, which runs with this option: -Dcom.sun.management.jmxremote
So I cannot just connect to this process via jconsole running on my local pc (because neither port nor -Dcom.sun.management.jmxremote.ssl=false options are set up).
But still, how can I connect to the application and run some operations over some of its MBeans? It this possible? I have a ssh access to the server and would be able to run it "locally" on the server (but not changing the options unfortunately)
According to JMX documentation the -Dcom.sun.management.jmxremote option
Enables the JMX remote agent and local monitoring via JMX connector published on a private
interface used by jconsole. The jconsole tool can use this connector if it is executed by
the same user ID as the user ID that started the agent. No password or access files are
checked for requests coming via this connector.
The naming is a bit unfortunate because it in fact enables the local monitoring only.
Since you can not change the options but can access the server via SSH the only option is to use X server forwarding (ssh -X ...) and run jconsole (or better yet jvisualvm which has specific optimisations for running remotely).