System wide proxy audit

Similar Messages

• Why does my ssh tunnel drop when I switch on a system wide proxy

  The subject says pretty clearly what is puzzling me. After I establish a connection via ssh and initiate a tunnel for email access through a corporate firewall (using Apple Mail as the client and POP3 for the protocol), I find that enabling a system wide proxy (socks5, http, and https) via the same ssh tunnel causes the email to stop working. Upon switching, the http proxy (Safari) works fine -- e.g. the tunnel is healthy. This confuses me. The ssh link which hosts several tunnels is fine. I am forwarding local port 10025 and 10110 on the tunnel to a mail server behind the firewall. The socks5 proxy and http proxy are running on local ports 11080, 18080, and 18080, respectively. Why is Apple mail paying attention to the proxy settings at all? It would seem that since Apple Mail makes no attempt to connect (via the Activity window) that the link is dead, however, turning off the proxy brings the email tunnel back to normal. Wierd. Any advice? This is running on a normal 10.4 (not server), but I don't think there are any significant differences in behavior. I asked on the networking discussion, but got no response.

  Two things jump into my mind: poor WiFi signal strength on the desktop PC or a dirty OS installation on the desktop PC. I'm quite sure that this has nothing to do with the cisco VPN client itself.
  Assuming that you reach your remote workspace through the cisco VPN client it might also be that the remote part (the VPN concentrator) gets congested and drops your connection but than other employees would complain as well (can be checked with your ICT guys).
  The thing is: when you lose Internet connection on your laptop while surfing a web site and connection comes back again within no time you won't notice anything. If the same happens to a system constantly receiving encrypted packets and some are missing the VPN client will drop the connection. Completely different protocols (http/ipsec) that are differently prone to packet drops...

• "system-wide" proxy ?

  I might not have the terminology quite right on this, I'm far from being an expert on the subject. That's why I'm turning to you guys !!!!!!!!!
  I'm currently tethering my iPhone's connection via an app called PDANet which allows the computer to connect to a sort of 'wifi router' via an ad-hoc connection. While this doesn't quite work as they advertise it to (probably something I'm not doing that's getting auto 'automagically' in Windows/OS X), I am able to 'connect' to my iPhone and get offered an IP back when this app is running. I then launch the small socks server from the iPhone's term and voila I can use it to browse the tubes in firefox (with the proper settings).
  Which is what brings me to my question: using this connection to my socks5 server running on my iPhone, I can resolve names and do http, at least. I'm just wondering, why this could be not set up as a 'system wide' service. In other words, all apps that want to connect to a certain IP/domain to a certain port, will do so as they always do. In other words why can't I set up a sort of service or daemon that uses this socks5 connection to the iPhone and sends back the data to the apps? As if my nameserver were the IP on the iPhone ? Or would I need something else running on the phone to provide that capability ?
  Right now, when I dhcpcd, I get my IP from the iPhone, but nothing gets written in /etc/resolv.conf. I can only ping the iPhone's IP (which is the one I use to connect via proxy in firefox), and what I can only assume is my phone's IP on the 3G network, which starts with 10 (if that means anything to you experts.)....
  Anyway, I'd like your thoughts on this..

  delta24 wrote:Try creating a script in /etc/profile.d named proxy.sh having all the proxy config.
  The behavier I want to achieve is that I can hot swap proxy and non proxy networks without restarting the browser. This works under gnome because chromium reads the proxy config from gconf which gets updated on network change but this doesn't work without gnome.
  Most of the time I'm on networks without proxies. Only in university I need them. A simple switch to activate them when needed would be nice.

• System wide proxy settings without gnome and kde

  Hi,
  this is my software stack:
  linux
  X
  openbox
  chromium
  my university had the great idea to cencor and filter the internet so that students can't do bad stuff and besides that can't do anything at all. They even block ping and ssh connections.. but that's another story.
  here are my problems with that:
  chomium devs seem to live in a very small world in which only kde and gnome exist, because these envirenments are the only way to let chromium know that it should use a proxy server.
  I've written a small script that works perfectly for most of my stuff. here it is:
  $ cat ~/.proxyon
  export http_proxy='proxy.fh-brandenburg.de:3128'
  export https_proxy='proxy.fh-brandenburg.de:3128'
  export ftp_proxy='ftp-proxy.fh-brandenburg.de:21'
  export socks5_proxy='socks5-proxy.fh-brandenburg.de:1080'
  export HTTP_PROXY=http_proxy
  export HTTPS_PROXY=https_proxy
  export FTP_PROXY=ftp_proxy
  export SOCKS5_PROXY=socks5_proxy
  gsettings set org.gnome.system.proxy autoconfig-url 'http://proxy.fh-brandenburg.de/proxy.pac'
  gsettings set org.gnome.system.proxy mode 'manual'
  gsettings set org.gnome.system.proxy.http enabled true
  gsettings set org.gnome.system.proxy.http host 'proxy.fh-brandenburg.de'
  gsettings set org.gnome.system.proxy.http port 3128
  gsettings set org.gnome.system.proxy.https host 'proxy.fh-brandenburg.de'
  gsettings set org.gnome.system.proxy.https port 3128
  gsettings set org.gnome.system.proxy.ftp host 'ftp-proxy.fh-brandenburg.de'
  gsettings set org.gnome.system.proxy.ftp port 21
  gsettings set org.gnome.system.proxy.socks host 'socks5-proxy.fh-brandenburg.de'
  gsettings set org.gnome.system.proxy.socks port 1080
  gsettings set org.gnome.system.proxy ignore-hosts "['localhost', '127.0.0.0/8', '*.fh-brandenburg.de' ]"
  to start chromium i've made another script to test the proxy behavier:
  $ cat ~/start_chromium.sh
  source ~/.proxyon && echo $http_proxy && chromium
  This should work because I set every proxy variable I'm aware of and the script spits out the correct proxy server but chromium still don't uses any proxies. Does anyone have a solution to this? I'm out of ideas..

  delta24 wrote:Try creating a script in /etc/profile.d named proxy.sh having all the proxy config.
  The behavier I want to achieve is that I can hot swap proxy and non proxy networks without restarting the browser. This works under gnome because chromium reads the proxy config from gconf which gets updated on network change but this doesn't work without gnome.
  Most of the time I'm on networks without proxies. Only in university I need them. A simple switch to activate them when needed would be nice.

• Bypass system preferences proxy?

  Is there anyway to bypass the proxy (proxies) defined in os x system prefs? This is a useful "feature" of firefox that would be nice to do in safari, too.
  I have a proxy pac that I want my browsers to use, but I want other application to use the system wide proxy.
  I'm not hopeful but thought I'd ask anyway!
  Thanks,
  Sean

  Ditto this.
  In addition, Mail.app doesn't seem to be able to resolve DNS names when using a SOCKS proxy. I have to type in the IP of my IMAP server to go through the proxy, and simply cannot access a different IMAP server inside the proxy. :-/

• System-wide Transparent Proxy With URL Patterns

  Internet censorship -where I live- has almost turned web unusable so  I decided to setup a transparent proxy using Tor for my home network.
  Since Tor is so slow -here- proxying all traffic through Tor would slow my connection to a crawl.  Therefore I need a mechanism to selectively proxy the traffic.
  I know a bit of 'iptables' and it looks to me like the solution to my problem.  However there's a trick.  As most of the websites I need to access through Tor (like Google+, Facebook and such) use several IP addresses for their entry points, it's almost impossible for me to add 'iptables' rules for all of those IP addresses.  I need a mechanism to proxy the traffic based on URL patterns.  For example I need to be able to proxy access to '*.facebook.com' through Tor.
  So the question boils down to:  how can I setup a system-wide transparent proxy using URL patterns?
  Any idea/hint is much appreciated.  TIA,
  Bahman
  Last edited by bahman (2012-01-04 07:48:44)

  Use privoxy with socks5 forwarding:
  http://www.privoxy.org/user-manual/config.html#SOCKS
  http://www.privoxy.org/user-manual/acti … F-PATTERNS

• File Type Associations Do Not Stick System-Wide CS4

  When I set File Type Associations for PSD, Tiff, DNG and Jpeg fles in Bridge CS4 so that my files will open in PS CS3 (and insure that the same file associations apply in Bridge CS3), this works as it should from within CS4 and CS3, but it is impossible to introduce a system-wide change in Mac OS 10.5.5 via File-Info. It always reverts to CS4 for these file types, if I try to 'modify all'. The same thing happened when I upgraded from CS2 to CS3.

  If File Type Associations are set properly in the Bridge preferences, the default setting can be made to open files in PS CS3, with CS4 installed. This works from within CS3 and CS4. However, it sometimes happens that one is in the Finder, and the default remains PS CS4, however much one tries (via File-Get Info) to modify the default system-wide settings so that these files open in CS3. In any event, a bit invasive. Of course, if I could get comfortable with the Adjustment Layer Panels, all this would be unnecessary, but for the moment, there appear to be too many clicks, and it is going to take some time, so I don't want to burn bridges. Perhaps there is also some ambiguity in my mind as to what the pointing finger in the new Curves dialogue box, much like a tolling bell, is trying to tell me.
  But thanks, once again Anne, for your good-natured help.

• System-wide spell check will not work

  Hi,
  I can't get the system-wide spell check to work on my MacBook Pro with the Command + Shift + ; (semicolon) keys. Does anyone know of a solution to this problem? The Spell-Check on the Fly will work.
  Thank You,
  Guy

  I was able to zap the pram and that solved the problem.
  Guy

• ITunes 10.7 crashes all apps on Mountain Lion including Force Quit. First system wide prob with an apple computer since OSX introduced. Any ideas?

  updated to iTunes 10.7  from app Store last night. After the update, iTunes opens then stalls with the "spinning pizza wheel". Force Quit is unresponsive and will not shut it down. If I then open other applications say Safari for example, the problem migrates over to Safari and it similarly stalls and becomes unresponsive. The only way to solve the problem is to manually shut the computer down. This is the most significant problem I have experienced on an apple computer since OSX was introduced because it impacts on Force Quit which means that you have to shut the whole deal down. There are obvious problems for use of Apple TV and apple store etc. ! I am running mountain lion 10.8.1 on a 27" iMac with 2T Time Capsule connected wirelessly. How do I downgrade iTunes back to 10.6? I had no problems with Mountain Lion or iTunes up to that point.

  this is the exact same problem i've been dealing with for the past 2 days. after i installed itunes 10.7 for my iphone5 it would crash my mbp's lion system wide. i tried every solution i could find on google and i've actually had to reinstall lion & time machine my backups because of it. right now i'm too scared to redownload itunes 10.7. i actually feel like waiting for the "new itunes" that comes out in october.

• Is there any way to create a system-wide variable?

  Hello IDM gurus.
  Is there any way to create rarely changing system wide variables that can be loaded at system startup that will be available to all users? For example, at IDM system startup, the variables would be read from configuration or generic objects and live in memory for ALL users as opposed to each workflow/user having to read the same variables when the workflow is run.
  Any help would be appreciated.

  That may very well be the answer I'm looking for. Is there a way for that to be available within the entire application instead of having to read it in each workflow?

• Setting ALSA sound card system wide (rather than just in KDE)

  Hi,
  I've got an HTPC with an ATI Radeon HD 4350 graphics card running Arch x86. It has its own integrated sound card for outputting audio via HDMI, which is detected by ALSA as a separate device. I've managed to set it as the default audio device in KDE 4 (via System Settings). This allows applications such as Amarok and SMPlayer to properly output audio to the HD 4350's integrated sound card, but software such as Flash and MPlayer (from the command line) are still outputting audio to the motherboard's built-in sound card. How can I change this setting on a system-wide level? I've tried running alsaconf as root and adding
  pcm.!default {
  type hw
  card 2
  device 3
  to ~/.asoundrc; I got the card and device numbers from aplay:
  [htpc@exia ~]$ aplay -l
  **** List of PLAYBACK Hardware Devices ****
  card 0: Intel [HDA Intel], device 0: HDA Generic [HDA Generic]
  Subdevices: 1/1
  Subdevice #0: subdevice #0
  card 1: HDMI [HDA ATI HDMI], device 3: ATI HDMI [ATI HDMI]
  Subdevices: 1/1
  Subdevice #0: subdevice #0
  Here is the output from MPlayer when I try to play a video, complete with errors regarding audio:
  MPlayer UNKNOWN-4.4.0 (C) 2000-2009 MPlayer Team
  137 audio & 296 video codecs
  mplayer: could not connect to socket
  mplayer: No such file or directory
  Failed to open LIRC support. You will not be able to use your remote control.
  Playing /tmp/FlashmvWXPy.
  libavformat file format detected.
  [flv @ 0xac7d250]skipping flv packet: type 18, size 294, flags 0
  [lavf] Video stream found, -vid 0
  [lavf] Audio stream found, -aid 1
  VIDEO: [H264] 854x480 0bpp 29.970 fps 0.0 kbps ( 0.0 kbyte/s)
  ==========================================================================
  Opening video decoder: [ffmpeg] FFmpeg's libavcodec codec family
  Selected video codec: [ffh264] vfm: ffmpeg (FFmpeg H.264)
  ==========================================================================
  ==========================================================================
  Opening audio decoder: [faad] AAC (MPEG2/4 Advanced Audio Coding)
  FAAD: compressed input bitrate missing, assuming 128kbit/s!
  AUDIO: 44100 Hz, 2 ch, s16le, 128.0 kbit/9.07% (ratio: 16000->176400)
  Selected audio codec: [faad] afm: faad (FAAD AAC (MPEG-2/MPEG-4 Audio))
  ==========================================================================
  [AO OSS] audio_setup: Can't open audio device /dev/dsp: Device or resource busy
  [AO_ALSA] alsa-lib: confmisc.c:768:(parse_card) cannot find card '2'
  [AO_ALSA] alsa-lib: conf.c:3513:(_snd_config_evaluate) function snd_func_card_driver returned error: No such file or directory
  [AO_ALSA] alsa-lib: confmisc.c:392:(snd_func_concat) error evaluating strings
  [AO_ALSA] alsa-lib: conf.c:3513:(_snd_config_evaluate) function snd_func_concat returned error: No such file or directory
  [AO_ALSA] alsa-lib: confmisc.c:1251:(snd_func_refer) error evaluating name
  [AO_ALSA] alsa-lib: conf.c:3513:(_snd_config_evaluate) function snd_func_refer returned error: No such file or directory
  [AO_ALSA] alsa-lib: conf.c:3985:(snd_config_expand) Evaluate error: No such file or directory
  [AO_ALSA] alsa-lib: pcm.c:2211:(snd_pcm_open_noupdate) Unknown PCM default
  [AO_ALSA] Playback open error: No such file or directory
  [JACK] cannot open server
  [AO SDL] Samplerate: 44100Hz Channels: Stereo Format s16le
  [AO_ALSA] alsa-lib: confmisc.c:768:(parse_card) cannot find card '2'
  [AO_ALSA] alsa-lib: conf.c:3513:(_snd_config_evaluate) function snd_func_card_driver returned error: No such file or directory
  [AO_ALSA] alsa-lib: confmisc.c:392:(snd_func_concat) error evaluating strings
  [AO_ALSA] alsa-lib: conf.c:3513:(_snd_config_evaluate) function snd_func_concat returned error: No such file or directory
  [AO_ALSA] alsa-lib: confmisc.c:1251:(snd_func_refer) error evaluating name
  [AO_ALSA] alsa-lib: conf.c:3513:(_snd_config_evaluate) function snd_func_refer returned error: No such file or directory
  [AO_ALSA] alsa-lib: conf.c:3985:(snd_config_expand) Evaluate error: No such file or directory
  [AO_ALSA] alsa-lib: pcm.c:2211:(snd_pcm_open_noupdate) Unknown PCM default
  [AO SDL] Unable to open audio: No available audio device
  DVB card number must be between 1 and 4
  AO: [null] 44100Hz 2ch s16le (2 bytes per sample)
  Starting playback...
  VDec: vo config request - 854 x 480 (preferred colorspace: Planar YV12)
  VDec: using Planar YV12 as output csp (no 0)
  Movie-Aspect is 1.78:1 - prescaling to correct movie aspect.
  VO: [xv] 854x480 => 854x480 Planar YV12
  Thanks!
  Last edited by w1ntermute (2009-06-28 18:40:03)

  whoops wrote:Do you use the motherboard sound-card?
  No.
  whoops wrote:If not - did you try just turning it off in bios (or blacklisting the driver)?
  No, I haven't tried that. I'll give it a shot. Thanks for the tip!
  Last edited by w1ntermute (2009-07-02 18:11:53)

• I'm working with a Mac, with 10.10.2 system.  My Audition program has been working fine for years now.  But, there is a problem I can't solve.  All my markers on a given piece of audio allows me to left click to highlight the time signature until my audio

  I'm working with a Mac, with 10.10.2 system.  My Audition program has been working fine for years now.  But, there is a problem I can't solve.  All my markers on a given piece of audio allows me to left click to highlight the time signature until my audio reaches the one hour point.  From there on, the left click will not give me the drop down menu in order to copy and then paste into an Excel sheet I then have to submit for the proofing purposes.  After the one hour mark, I can only control/c in order to highlight, then when I slide up to my Excel sheet, I'm able to right click and paste.  Why is the program not, all of a su allowing me to left cllick the mouse and have a drop down menu give me the option to "copy, " as it does for any time signature markers up to 1:00:00.000?

  Which version of Audition? With the latest version of Audition running on a Windows 7 machine I can't get a dropdown menu at all when I left click on the time in Markers List. The only way to do it is with cntrl-c.

• Non-system wide DNS Lookups on RBL  (i.e. logical groups supported)

  Sun Java System Messaging Server documetation seems to state that RBL filtering can only exist in one of three files that are used for filtering based off of inbound connection IP address. My question is, can conditional execution occur for a section of one of these files based of destination e-mail address?
  I'd like to have multipule levels of e-mail filtering using RBL and allow users to be assinged to the level of filtering they desire by joining a logical group which will enable a level of RBL filtering for that logical group.
  Any help is greatly appreciated, as far as I can see, I can only have one system wide filtering set, so I can't possibly have one set of e-mail ids using 10 RBL (remote black lists) and another group e-mail ids using a smaller set of RBLs.
  ======= From the documentation =======
  MAIL_ACCESS : Used to block incoming connections based on combined information found in SEND_ACCESS and PORT_ACCESS tables: that is, the channel and address information found in SEND_ACCESS combined with the IP address and port number information found in PORT_ACCESS.
  ORIG_MAIL_ACCESS : Used to block incoming connections based on combined information found in ORIG_SEND_ACCESS and PORT_ACCESS tables: that is, the channel and address information found in ORIG_SEND_ACCESS combined with the IP address and port number information found in PORT_ACCESS.
  PORT_ACCESS : Used to block incoming connections based on IP number.
  ====================================

  Alas, the RBL stuff is done before iMS even knows who the message is addressd to. That stuff is done at the initial connection phase, as our philosophy is to reject a message just as soon as possible . . .
  After the message is accepted, then you can opt-in/out for things like spamassassin, brightmail, etc.

• FDM System-wide

  I tried using FDM and i love it. However, I did a thorough Google search and this forum for a solution to my issue but could not find any answer. I hope someone will be able to assist me with a solution.
  Am wondering if it is possible for FDM to fetch mails from an ISP Domain box (multidrop/catchall mailbox) that holds mails for several users , and then hand them to Postfix that has Dovecot LDA delivery configured. The mails will then be delivered (by Dovecot's LDA) to respective users. I use Fetchmail (that is able to do this), but there are some issues with it, (like sometimes it gets stuck on large mails, etc).
  Here I illustrate my current Fetchmail System-wide setup's /etc/fetchmailrc file:
  # /etc/fetchmailrc
  set postmaster [email protected]
  set no bouncemail
  set daemon 300
  set logfile =  "/var/log/fetchmail.log"
  poll isp.domain.com proto pop3
  localdomains abc.net
  no dns
  no envelope
  user domain_mbox_username
  pass domain_mbox_passwd
  is * here
  In the above fetchmailrc, "is * here*,  * is aliased to our catchall account in our local postfix server. The ISP domain mailbox is configured as a catch-all domain and it holds our users emails (several different email addresses but all "@abc.net")
  I couldnt find a way to do this with FDM since I am limited to delivering to mbox/maildir directly, and the way I understand it is that I would have to create individual inbox references. This would be tedious if we have some hundreds pop3  local mailboxes, ( I might be wrong in my assumption).
  With my current setup, aliasing to the catchall account automatically distributes to respective mailboxes by reading the mail headers. (and also am not very good in coding, please treat me like a newbie )
  Looking forward to your assistance.
  Thanks and regards,
  Clemo
  Last edited by wclemo (2013-07-24 17:28:45)

  Hi, this post is for 10g, bu I don't think much have changed (except the file location: \MWHOME\instances\instance1\bifoundation\OracleBIPresentationServicesComponent\coreapplication_obips1\catalog\YOUR_CATALOG\root\system\metadata)
  http://oraclebi.blog.com/tip-of-the-day-data-format-file-in-obiee/
  I didn't test it myself.

• W2K8 & Win7 - Setting system-wide Trusted file locations not working

  Win 2008 Network, Win 7 workstations.
  RE: Setting system-wide trusted file locations
  I have an application using Flash stored on a network location that accesses other files in the same location.  This causes the security warning "The following local application... is trying to communicate with this internet-enabled..."  I can add the location to the trusted sites in the Setting Manager and the warning goes away.  It is not practical however to do this on every machine on the network.  I have tried the FlashPlayerTrust directory and mms.cfg file and neither of these seem to work.  Is there a trick to getting the FlashPlayerTrust directory to work properly.  If I could get this working, I could create a script that copies this file to all machines on the network. 
  Any help you be greatly appreciated. 

  Hi Todd,
  Can you please provide just a little more detail?
  * When you say "accessess", what API is being used?  Are the paths to the other files relative, file: URI http: URI, other?
  * In the FlashPlayerTrust directory, are you using the same path notation as appears in the Settings Manager?  What's a sample {filename}.{ext} being used?
  Thanks!
  -Erica