Login timeout for server manager

This is an administrative interface for servers that could be directly accessible on Internet.
Even with mitigation of access by filtering ip addreses, “secure by default” should be the key point.
Therefore, i don’t think that these defaults are secure enough.

I understand also the point for “backward compatibility”, but in this case the approach used on TLS policies does not fit. This is not a service available to people or user, it’s an interface where people should know why it’s there and why it’s should be secure.
IMO, security first, then the accessibility or backward compatibility.

1 Like

Yes, I agree: we will be there soon. As 7.5 is behind the corner I’d start by releasing a backward-compatible default. Starting from 7.5 we can adjust the default values for new installations.

I will not release an UI immediately. The first release will be based on a DB prop setup or a configuration file.

Please, @pike @danb35 @dnutan @mrmarkuz, review and comment the admin’s manual change proposal

Look at GitHub File changes tab! Even suggestions about how to improve the English is really appreciated!

You can test the new feature by running this command /cc @quality_team

yum --enablerepo=nethserver-testing update nethserver-httpd-admin

Follow the manual to enable it.

Starting from NS7.5 we can issue new default values:

  • 15 minutes idle MaxSessionIdleTime
  • 8 hours absolute MaxSessionLifeTime

What do you think?

Instead of config setprop httpd-admin MaxSessionIdleTime '' MaxSessionLifeTime '' to disable the timeouts, I wonder whether it might be better to do config delprop httpd-admin MaxSessionIdleTime, etc., but it generally looks good and clear. I hope that when we get a panel for it, we won’t be stuck with typing in numbers of seconds to set the values, though.

1 Like

It’s well written and understandable.

89 +The new timeout values will affect new sessions. They does not change any active
90 +session.

I tried it on a VM and httpd-admin is not accessible anymore:

grafik

/var/log/messages:

Apr 20 13:31:25 testserver httpd: [1] Call to undefined method Nethgui\Framework::setSessionSetup() - File /usr/share/nethesis/nethserver-manager/index.php, line 81

1 Like

Please ensure the latest package was installed:

 yum localinstall http://packages.nethserver.org/nethserver/7.4.1708/testing/x86_64/Packages/nethserver-httpd-admin-2.1.1-1.2.gd8fa293.ns7.noarch.rpm

Nothing to do. It’s installed. The system was updated.

Installed Packages
nethserver-httpd-admin.noarch     2.1.1-1.2.gd8fa293.ns7     @nethserver-testing

Sorry, kind of a pet peeve of mine, but localinstall is inappropriate here for two reasons: (1) you aren’t, in fact, installing a package that’s local to the machine; and (2) it’s been deprecated in any event, so really it should never be used at all. yum install is the droid you’re looking for.

1 Like

You’re right. Please try again with this (futuristic) command :wink: /cc @danb35

yum install http://packages.nethserver.org/nethserver/7.4.1708/testing/x86_64/Packages/nethserver-httpd-admin-2.1.1-1.3.g7639ef3.ns7.noarch.rpm

Updated… will check in few days.

You fixed it. :+1: Server manager was accessible after update. Session idle timeout works. :clap:

2 Likes

The default MaxSessionIdleTime for NS 7.5 has been increased to 1 hour to avoid problems during slow restore procedure from the UI.

1 Like