mosquitto denied access by tcpd - mosquitto

I used mosquitto as MQTT broker, and it seems if connection number is more than 1000, the below log printed. Anybody know something about this?
1470896904: Client connection from 111.7.170.177 denied access by tcpd.

I feel your process(mosquitto) have hit the maximum number of open file descriptors limit. Check your max open files by ulimit -n. Then increase the limit to max number of connections expected by you. E.g. For 10k connection it would be ulimit -n 10000
A note on ulimit(1). It is only set for the current terminal and for persistent changes you will need to edit config files as per your Linux flavor( /etc/security/limits.conf + /etc/pam.d/common-session* on Ubuntu ).

There might be another reason for this error message. The same message wil be displayed in the log if a client tries to connect and access is denied by TCPD. You need to adjust hosts.allow (in my case for localhost 127.0.0.1) to connect.

I had similar problem using Ubuntu 14 with mosquitto 1.6.3 and I solved my issue making these changes:
Open the: /etc/init/mosquitto.conf file
Add limit nofile 4096 4096 before exec;
4096 indicate the number of clients
service mosquitto stop
service mosquitto start
I hope help another people that have the same issue.

Related

Sidekiq can't connect to database?

I have "mariadb" set to 127.0.0.1 in my /etc/hosts file and sidekiq occasionally throws errors such as:
Mysql2::Error::ConnectionError: Unknown MySQL server host 'mariadb' (16)
The VM is not under significant load or anything like that.
Later edit: seems other gems have trouble resolving hosts too:
WARN -- : Unable to record event with remote Sentry server (Errno::EBUSY - Failed to open TCP connection to XXXX.ingest.sentry.io:443 (Device or resource busy - getaddrinfo)):
Anyone have any idea why that may happen?
I've figured this out a couple weeks ago but wanted to be sure before posting an answer.
I still can't figure out the mechanic of this issue but it was caused by fail2ban.
I had it running in a container polling the httpd logs and blocking the tremendous amount of bots scraping my sites.
Also I increased the max file handlers and inotify handlers.
fs.file-max = 131070
fs.inotify.max_user_watches = 65536
As soon as I got rid of fail2ban and increased the inotify handlers the errors disappeared.
Obviously fail2ban gets on the "do not touch" list because of this, and we've rolled out a 404/403/500 handler on application layer that pushes unknown IPs to Cloudflare.
Although this is probably an edge case I'm leaving this here in hope it helps someone at some point.

cqlsh connection error: Could not connect to localhost:9160

I am totally new to Cassandra and met the following error when using cqlsh:
cqlsh
Connection error: Could not connect to localhost:9160
I read the solutions from the following link and tried them all. But none of them works for me.
How to connect Cassandra to localhost using cqlsh?
I am working on CentOS6.5 and installed Cassandra2.0 using yum intall dsc20.
I ran into the same issue running the same OS and same install method. While the cassandra service claims that it's starting ok, if you run service cassandra status it would tell me that the process was dead. Here are the steps I took to fix it:
Viewing the log file at /var/log/cassandra/cassandra.log gave told me that my heap size was too small. Manually set the heap size in /etc/cassandra/conf/cassandra-env.sh:
MAX_HEAP_SIZE="1G"
HEAP_NEWSIZE="256M"
Tips on setting the heap size for your system can be found here
Next, the error log claimed the stack size was too small. Once again in /etc/cassandra/conf/cassandra-env.sh find a line that looks like JVM_OPTS="$JVM_OPTS -Xss128k" and raise that number to JVM_OPTS="$JVM_OPTS -Xss256k"
Lastly, the log complained that the local url was misformed and threw a java exception. I found the answer to the last part here. Basically, you want to manually bind your server's hostname in your /etc/hosts file.
127.0.0.1 localhost localhost.localdomain server1.example.com
Hope this helps~
Change:
/etc/cassandra/cassandra.yaml
Whether to start the thrift rpc server.
start_rpc: false
to
start_rpc: true

Finding Informix DB Server

I have a server and I know that there is an Informix installed on it, but I don't know who installed it. There is closed source client connecting to this server but I cannot get anything about it apart from username and password. I have no idea how to connect it, I don't know what would be the port number and server name of it. I have downloaded SQuirreL with JDBC Informix drivers.
How can I connect to JDBC Informix server without knowing the port and server name?
In short, you will need the port number, server name (and database name as well) to connect to Informix.
Assuming that you have permissions to hunt around on the box where Informix is installed, there are a few places where the details about your Informix server are likely to be found. Since I don't see any details as to the platform on which IDS (Informix) is installed in your case, I'll try to provide info for both Unix and Windows platforms. But first, a bit of background:
There are not too many parameters needed to set up a connection to Informix. Typically, all you would need are:
username
password
Server IP Address
Port
Server Name (the name of the Informix instance)
Database Name (the name of the db on [Server Name] to which you want to connect)
It sounds like you need to find out the last three.
Linux:
On a Linux platform (as well as Windows, I believe), there are environment variables that point the way to where on your system Informix is installed. The most important of these is %INFORMIXDIR%, which points to the root directory of your Informix installation. A lot of the time however, Informix is installed in /opt, so try there.
In %INFORMIXDIR%/etc on typical installs is a file called sqlhosts (it may have a suffix for your specific server instance, but it'll start with sqlhosts). In this file is the server name, and possibly the port number. %INFORMIXDIR%/etc/sqlhosts contains plaintext data in the following format:
ServerName NetType HostName Port/ServicesName
The first value is the server name you seek. The fourth value (Port/ServicesName) is either the port number, or the name of the entry in /etc/services which references the port number. If you don't see a port number, look in /etc/services.
For example, sqlhosts will probably contain something like this:
myservername onsoctcp informix.mydomain.com 12345
In this case, your server name is "myservername" and the port is 12345
Alternatively, it could look like this:
myservername onsoctcp informix.mydomain.com informixservice
in which case you would have to go look in /etc/services for a line that says
informixservice 12345/tcp
which will tell you the port.
Windows
Caveat: I've never dealt with Informix servers installed on Windows, however based on the IBM documentation, it doesn't seem much different in regards to the task at hand.
Instead of the file %INFORMIXDIR/etc/sqlhosts, the information you seek is contained in the registry key
HKEY_LOCAL_MACHINE\SOFTWARE\INFORMIX\SQLHOSTS
Use regedit.exe to read the values stored in this entry.
If you don't find a port number in that reg key, the Windows equivalent of Unix's /etc/services file is
C:\Windows\System32\drivers\etc\services
Examine this file with a text editor (notepad works fine).
Hopefully this helps. Good luck.
*Short answer: You can not .*
This kind of situation involves security issues , so , the database doesn't "publish" it self at your network for everyone knows it's there.
If you need discovery without contact the administrator of your (your?) environment, will need to use hackers techniques (nmap utility already help here) to discover some informations (IP, Port) and you still missing informations like servername, protocol ,username and password.
Just caution, because attempt of connection at Informix database listener will be logged.
Now, if you have access at the server where the database is you can look for sqlhosts file and get all this.
Another alternative, more reasonable is just ask to your DBA/Admin the configurations justifying why you want the access.
You CAN find servers on a host:
onstat -g dis
will listed servers even if they are offline (or potentially decommissioned).
Server information is in /INFORMIXTMP on UNIX/Linux and I would expect a simlar folder under C:\ in Windows.
You should add more information about working environment: what platform your client is, what platform your server is, do you have access to server machine etc.
If you know that something from your computer connects to other machine then you can use netstat to discover it. If you work on Linux then there is -p option that shows pid and application name to each connection.
At first we have to discover pid of closed source client:
[root#test1 ~]# ps aux | grep my_app
root 12457 0.0 3.2 3342440 333336 ? Sl Mar06 21:01 java -cp /usr/local/bin/my_app...
Now when I know pid I can use netstat:
[root#test1 ~]# netstat -tnp | grep 12457
tcp 0 0 ::ffff:169.0.1.71:55850 ::ffff:169.0.1.74:9088 ESTABLISHED 12457/java
From this output I can see that Infomix probably works on port 9088 of 169.0.1.74 machine.
On Windows you can use TCPView from SysInternals to see similar things.
On Windows you can also check ODBC Data Source Administrator (both 32 and 64 bit) to see if there is Informix driver in use.

Cassandra Cluster Setup getting JMX error

I m trying setup a cassandra cluster as a test bed but gave the JMX remote connection error. I seem to found the answer for my error from cassandra FAQ page
Nodetool says "Connection refused to host: 127.0.1.1" for any remote host. What gives?
Nodetool relies on JMX, which in turn relies on RMI, which in turn sets up it's own listeners and connectors as needed on each end of the exchange. Normally all of this happens behind the scenes transparently, but incorrect name resolution for either the host connecting, or the one being connected to, can result in crossed wires and confusing exceptions.
If you are not using DNS, then make sure that your /etc/hosts files are accurate on both ends. If that fails try passing the -Djava.rmi.server.hostname=$IP option to the JVM at startup (where $IP is the address of the interface you can reach from the remote machine).
But can somebody help me on how to do -Djava.rmi.server.hostname=$IP
Or what to add is hosts file, i know that in hosts normally we add "IP Alias", but whose ip and alias.
I dont know much java or either linux
I m currently working on ubuntu v10.04 and cassandra v0.74
Sudesh
For JMX you need to enable JMX-remoting:
java -Dcom.sun.management.jmxremote
Depending on from where you want to access the jmx-server, you also need to specify a port:
-Dcom.sun.management.jmxremote.port=12345
and set or disable passwords.
Have a look at http://download.oracle.com/javase/1.5.0/docs/guide/management/agent.html for more details.

How to Change Membase Memory Quota?

I have two Membase servers running with 1GB memory each. In the future, I want to replace them with two 8GB-memory servers. Is this possible with Membase? From the search I have made, I have the impression that once the memory quota is set, it can no longer be changed. If it is possible, how is it done?
Try this:
couchbase-cli cluster-init -c host:portnumber -u user -p password --cluster-init-ramsize=1024
Where host is your address, portnumber the port for your couchbase server, user is de administrator username and password the one you configured when you installed membase.
1024 is the amount of memory in MB.
This actually changed in 1.6.4, it used to not be possible, now the cluster will accept this command: Configuring a cluster's memory quota
The command is
curl -d memoryQuota=400
http://localhost:8091/pools/default
Link to the wikipedia page Perry is referring to is here

Resources