Its easy when you know how!
Guacamole is very well thought out Mike and team have done an
exceptional job, however we customize guacamole to do what we want it to
do, strip out the code not used, then harden it with FIPS140-2, I merely
gave examples of what you could do, beside you should be using some type
of SIEM anyways as part of your security posture. I hope you find what
you are looking for.
*Thank You*
Sean Hulbert
*Founder / CEO*
*Security Centric Inc.*
A Cybersecurity Virtualization Enablement Company
/StormCloud Gov, Protected CUI Environment!/
Industry's most secure virtual desktops!
*/FedRAMP MIL4 in process (RAR)/*
System Award Management
*CAGE: 8AUV4*
*SAM ID: UMJLJ8A7BMT3*
AFCEA San Francisco Chapter President
If you have heard of a hacker by name, he/she has failed, fear the
hacker you haven’t heard of!
CONFIDENTIALITY NOTICE: This communication with its contents may contain
confidential and/or legally privileged information. It is solely for the
use of the intended recipient(s). Unauthorized interception, review, use
or disclosure is prohibited and may violate applicable laws including
the Electronic Communications Privacy Act. If you are not the intended
recipient, please contact the sender and destroy all copies of the
communication. Content within this email communication is not legally
binding as a contract and no promises are guaranteed unless in a formal
contract outside this email communication.
igitur qui desiderat pacem, praeparet bellum!!!
Epitoma Rei Militaris
On 4/26/2024 2:02 PM, Stephan von Krawczynski wrote:
You are aware that the talk is about a piece of information (IP) the basic
service (indeed apache) has naturally.
Your explanation alone shows how broken by design the thing is. You need a
logfile, a database, a script and a layer 7 firewall for obtaining an IP?
And then you call it easy. Gimme a break...
On Fri, 26 Apr 2024 10:51:01 -0700
Sean Hulbert<shulb...@securitycentric.net.INVALID> wrote:
This is easy,
1. Use a SIEM on the NGINX or Apache log files set your trigger to look
for the api token.
2. Parse the log file directly using bash awk sed if fi else then pull
the IP address
3. Create a new table in the Guacamole database then add a variable to
the connection info page, take option 2 and inject the IP to the new
table to be displayed.
4. Put a Layer 7 firewall in front of the Guacamole system and capture
all data streams to and from (assuming this is external use).
*Thank You*
Sean Hulbert
*Founder / CEO*
*Security Centric Inc.*
A Cybersecurity Virtualization Enablement Company
/StormCloud Gov, Protected CUI Environment!/
Industry's most secure virtual desktops!
*/FedRAMP MIL4 in process (RAR)/*
System Award Management
*CAGE: 8AUV4*
*SAM ID: UMJLJ8A7BMT3*
AFCEA San Francisco Chapter President
If you have heard of a hacker by name, he/she has failed, fear the
hacker you haven’t heard of!
CONFIDENTIALITY NOTICE: This communication with its contents may contain
confidential and/or legally privileged information. It is solely for the
use of the intended recipient(s). Unauthorized interception, review, use
or disclosure is prohibited and may violate applicable laws including
the Electronic Communications Privacy Act. If you are not the intended
recipient, please contact the sender and destroy all copies of the
communication. Content within this email communication is not legally
binding as a contract and no promises are guaranteed unless in a formal
contract outside this email communication.
igitur qui desiderat pacem, praeparet bellum!!!
Epitoma Rei Militaris
On 4/26/2024 6:10 AM, Nick Couchman wrote:
On Fri, Apr 26, 2024 at 6:47 AM Molina de la Iglesia, Manuel
<manuel.molina-de-la-igle...@veolia.com.invalid> wrote:
Hello,
After following the provided documentation, I cannot find a
solution to get the real client IP.
I have my application (PHP) on the same Guacamole Server, this
application gets the user token:
image.png
The Tomcat log (after use the following pattern on the server.xml
valve) I use: %{x-forwarded-for}i %l %u %t "%r" %s %b
The log is OK (display the user IP)
image.png
This does not look like the Tomcat log, this looks like a log for
httpd or Nginx, which means *that* is getting your client IP address.
Do you have your Proxy configured to pass the X-Forwarded-For header
through to Tomcat?
-Nick
---------------------------------------------------------------------
To unsubscribe, e-mail:user-unsubscr...@guacamole.apache.org
For additional commands, e-mail:user-h...@guacamole.apache.org
