Forum

Hi,

I'm getting issue while accessing the page. Below is the details:

Hiawatha version: Hiawatha v7.5, cache, IPv6, Monitor, SSL, URL toolkit
Operating System: 3.0.21-perf+

hiawatha.conf

set START_PATH=/App/Aegis
# Hiawatha main configuration file
#
# GENERAL SETTINGS
#
#ServerId = www-data
ConnectionsTotal = 150
ConnectionsPerIP = 50
SystemLogfile = /home/anupam/AegisComponent/Hiawatha/Install/var/log/hiawatha/syy
stem.log
GarbageLogfile = /home/anupam/AegisComponent/Hiawatha/Install/var/log/hiawatha/gg
arbage.log
SetEnv LD_LIBRARY_PATH = START_PATH/web_if/cgi
#SetEnv LD_LIBRARY_PATH = /usr/local/var/www/hiawatha
#SetEnv HTTP_REFERER = hvac_get_dev_list.htm

# BINDING SETTINGS
# A binding is where a client can connect to.
#
Binding {
        Port = 80
#       Interface = 192.168.0.114
#       Interface = 10.112.43.73
        Interface = 0.0.0.0
#       MaxKeepAlive = 130
#       Interface = 127.0.0.1
#       MaxKeepAlive = 30
#       TimeForRequest = 3,20
}
#
Binding {
        Port = 443
#       Interface = ::1
#       MaxKeepAlive = 30
#       TimeForRequest = 3,20
        SSLcertFile = serverkey.pem
}
# BANNING SETTINGS
# Deny service to clients who misbehave.
#
#BanOnGarbage = 300
#BanOnMaxPerIP = 60
#BanOnMaxReqSize = 300
#KickOnBan = yes
#RebanDuringBan = yes


# COMMON GATEWAY INTERFACE (CGI) SETTINGS
# These settings can be used to run CGI applications. Use the 'php-fcgi'
# tool to start PHP as a FastCGI daemon.
#
#CGIhandler = /usr/bin/perl:pl
#CGIhandler = /usr/bin/php-cgi:php
#CGIhandler = /usr/bin/python:py
#CGIhandler = /usr/bin/ruby:rb
#CGIhandler = /usr/bin/ssi-cgi:shtml
CGIextension = esp
#
#FastCGIserver {
#       FastCGIid = PHP5
#       ConnectTo = 10.0.0.100:2005, 10.0.0.101:2005
#       Extension = php, php5
#       SessionTimeout = 30
#}


# URL TOOLKIT
# This URL toolkit rule was made for the Banshee PHP framework, which
# can be downloaded from http://www.hiawatha-webserver.org/banshee
#
#UrlToolkit {
#       ToolkitID = banshee
#       RequestURI isfile Return
#       Match ^/(css|files|images|js)/ Return
#       Match ^/(favicon.ico|robots.txt|sitemap.xml)$ Return
#       Match .*\?(.*) Rewrite /index.php?$1
#       Match .* Rewrite /index.php
#}


# DEFAULT WEBSITE
# It is wise to use your IP address as the hostname of the default website
# and give it a blank webpage. By doing so, automated webscanners won't find
# your possible vulnerable website.
#
#Hostname = 127.0.0.1
#Hostname = 10.112.43.73
Hostname = 0.0.0.0
#Hostname = 192.168.0.114
WebsiteRoot = START_PATH/web_if/cgi
StartFile = index.html
#StartFile = login_web.htm
#StartFile = login.html
TimeForCGI=360000
ExecuteCGI=yes
AccessLogfile = /home/anupam/AegisComponent/Hiawatha/Install/var/log/hiawatha/acc
cess.log
ErrorLogfile = /home/anupam/AegisComponent/Hiawatha/Install/var/log/hiawatha/errr
or.log
#ErrorHandler = 404:/error.cgi
#WrapCGI = wrap_id
#CGIwrapper = START_PATH/cgi-wrapper
# VIRTUAL HOSTS
# Use a VirtualHost section to declare the websites you want to host.
#
#VirtualHost {
#       Hostname = www.mywebsite.com
#       WebsiteRoot = /usr/local/var/www/website
#       StartFile = index.html
#       AccessLogfile = /var/www/my-domain/log/access.log
#       ErrorLogfile = /var/www/my-domain/log/error.log
#       TimeForCGI = 5
#       UseFastCGI = PHP5
#       UseToolkit = banshee
#       ExecuteCGI = yes
#       WrapCGI = jail
#}
# DIRECTORY SETTINGS
# You can specify some settings per directory.
#
#Directory {
#       Path = /usr/local/var/www/hiawatha/cgi
#       ExecuteCGI = yes
#       UploadSpeed = 10,2
#}

I checked the hiawatha.conf file with wigwam.

/App/Aegis/web_if/tmp_conf/nupam/AegisComponent/Hiawatha/Install//sbin/wigwam -c /App/Aegis/web_if/tmp_conf/

Reading hiawatha.conf
No non-fatal errors found in the Hiawatha configuration.

I'm running Hiawatha via script and below is the script (run_webserver.sh):

AEGIS_PATH=/App/Aegis
TMP_CONF_PATH=$AEGIS_PATH/web_if/tmp_conf
mkdir $TMP_CONF_PATH

COUNT=0

while [ $COUNT -eq 0 ] 
do
    echo $COUNT
    echo "Starting WebServer............................................"
export PATH=$PATH:/home/anupam/AegisComponent/Hiawatha/Install/sbin
cd $AEGIS_PATH
        hiawatha -d -c $TMP_CONF_PATH
        echo "Stopping Webserver..."
    sleep 10
done

When I see the hiawatha via ps command. It's running as a nobody.

$ps -aux|grep hiawatha

nobody 490 0.1 0.2 4692 1724 ttyHSL0 Sl 02:31 0:00 hiawatha -d -c /App/Aegis/web_if/tmp_conf
root 494 0.0 0.0 1868 536 ttyHSL0 S+ 02:31 0:00 grep hiawatha


When I'm accessing the webpage, I'm getting message on browser "Some internal error occured". Below is the error log fie.

Output of error.log file:

Sun 11 Jan 1970 02:16:08 +0000|10.112.43.39|/App/Aegis/web_if/cgi/Login.esp|ERROR opening socket: Permission denied
Sun 11 Jan 1970 02:16:08 +0000|10.112.43.39|/App/Aegis/web_if/cgi/Login.esp|ERROR connecting: Bad file descriptor


Please suggest.

Regards,
Anupam

Those are no Hiawatha errors, but errors printed by the Login.esp script/application.

As hiawatha is running with nobody, so it will execute all the files inside cgi directory with nobody. Login.esp file is creating the socket. In my board, I don't have permission to create socket with nobody. That's why I'm getting this error. Can you please suggest that how to run hiawatha with root or how to provide permission to nobody for socket creation etc.

All users are allowed to create sockets, but only root is allowed to create a socket and bind it to a portnumber lower than 1024.

Hiawatha won't run as root for security reasons. You can use a different non-root user for Hiawatha via the ServerID setting.