systeminformation
systeminformation copied to clipboard
sebhildebrandt
ufw reported as not running in services
Describe the bug A clear and concise description of what the bug is. ufw reported as not running with si.services('*') while sudo service --status-all shows it as running
To Reproduce Steps to reproduce the behavior:
- used function: var newresult = await si.services('*')
- code snippet '....' sudo node test.js A simple script to with above command in it. Current Output
{
name: 'ufw',
running: false,
startmode: '',
pids: [],
cpu: 0,
mem: 0
},
sudo service --status-all [ + ] ufw
Expected behavior Expected it to be reported as active.
Environment (please complete the following information):
- systeminformation package version:
- OS: Distributor ID: Ubuntu Description: Ubuntu 20.04.3 LTS Release: 20.04 Codename: focal
- Hardware : Asus PN 51
@GerritKuilder Let me explain, how I am determing the status of each service:
If you run the following thwo commands:
systemctl --type=service --no-legend
service --status-all
you will propably (at least in my case) see the two different status for ufw
...
ufw.service loaded active exited Uncomplicated firewall
...
... which says exited
...
[ + ] ufw
...
... which says running
But in systeminformation I am not relying on this given status, I just run one of the commands to get the list of services. Then I will try to grab its status from ps
ps -axo pcpu,pmem,pid,command | grep ufw
Here we see no pid for this process ... and this is, why I assume that this service is not running.
Now lets check it another way:
service ufw status
with the following output:
● ufw.service - Uncomplicated firewall
Loaded: loaded (/lib/systemd/system/ufw.service; enabled; vendor preset: enabled)
Active: active (exited) since .....
Docs: man:ufw(8)
Main PID: XXX (code=exited, status=0/SUCCESS)
Tasks: 0 (limit: 76677)
Memory: 0B
CGroup: /system.slice/ufw.service
And also here we see that this has exited
So I assume that this service is not really running ... Do you think this is incorrect??
systemctl --type=service --no-legend
ufw.service loaded active exited Uncomplicated firewall
ufw.service - Uncomplicated firewall
Loaded: loaded (/lib/systemd/system/ufw.service; enabled; vendor preset: enabled)
Active: active (exited) since Mon 2022-01-10 20:42:32 CET; 3 days ago
Docs: man:ufw(8)
Main PID: 492 (code=exited, status=0/SUCCESS)
Tasks: 0 (limit: 37699)
Memory: 0B
CGroup: /system.slice/ufw.service
So far I can confirm what you see.
sudo ufw status
Status: active
To Action From
-- ------ ----
Anywhere DENY 167.99.133.28
Anywhere DENY 34.125.183.75
Anywhere DENY 66.240.205.34
Anywhere DENY 45.146.165.37
Anywhere DENY 178.239.21.103
Anywhere DENY 92.118.234.202
I checked also on a freshly installed ubuntu and got the same result. So this indicates expected behaviour
Googling for "ufw.service loaded active exited Uncomplicated firewall" shows that it seems quite common.
My firewall is up and running, based on the logs I see very recent bans (thanks to fail2ban)
Based on the freshly installed ubuntu raspberry (no active setup/modification of ufw and getting the same results as above) and this link[1] this looks like 'expected behaviour'
I will spend some more time on it over the next few days.
Thank you for your time and explanation sofar. Kind Regards,
Gerrit Kuilder
[1] https://www.cyberciti.biz/tips/how-do-i-enable-ufw-in-ubuntu-learn-how-to-protect-your-box.html
@GerritKuilder thank you for making further investigation. So we need to find a method to still determine really active services ...
Not naar a computer today. I will see if i can find more over the weekend....
So this is the official setup: https://help.ubuntu.com/community/UFW
sudo ufw enable To check the status of UFW:
sudo ufw status verbose The output should be like this:
youruser@yourcomputer:~$ sudo ufw status verbose [sudo] password for youruser: Status: active Logging: on (low) Default: deny (incoming), allow (outgoing) New profiles: skip
I am afraid there is not much more input I can provide right now. But feel free to ask to run tests if needed.
Kind Regards,
Gerrit Kuilder
Weird,
ran this morning (also after an upgrade)
sudo systemctl status ufw.service ● ufw.service - Uncomplicated firewall Loaded: loaded (/lib/systemd/system/ufw.service; disabled; vendor preset: enabled) Active: inactive (dead) Docs: man:ufw(8)
sudo ufw status verbose Status: active Logging: on (low) Default: deny (incoming), allow (outgoing), deny (routed) New profiles: skip
To Action From
Anywhere DENY IN 167.99.133.28 Anywhere DENY IN 34.125.183.75 Anywhere DENY IN 66.240.205.34
sudo service --status-all
[ + ] udev [ - ] ufw [ + ] unattended-upgrades
Looks like something has changed.
Weird
@GerritKuilder ... as ufw is only a CLI based frontend for iptables, this might be the reason, why there is no process maned ufw running permanently. You should on your side at least see iptables running.
ps -axo pcpu,pmem,pid,command | grep iptables
So as my approach is a generic one (gathering process information related to the service name) this does not work here ...
I think there is no way to see iptables running, I will need to look deeper into this and rely on the fact that it is working as expected.... I can't find iptables with the ps command. I have to wait on teh arrival of the raspberry pi I ordered to have a look at a complete OOB system
@GerritKuilder I will also do some more tests and research ... Thank you for all your support!
@GerritKuilder ... unfortunately I did not made any progress here. Seems that this is a special care that might be not detectable as wanted ... what do you think?
@GerritKuilder closing it for now. If you see any other possibility or hav any idea, feel free to reopen it.