A Pluckeye Forum

A place for Pluckeye users to chew the cud.

You are not logged in.

#1 2020-08-25 16:51:38

mamurtaza
Member
Registered: 2018-12-12
Posts: 12

whitelist from pluck verdicts on ubuntu

I am trying to download and install drake(drake.mit.edu) and it requires a few steps which includes installing Bazel. When I try to proceed, it gives me a bunch of error and pluck verdicts show that it is block curl, wget and java on specific ip address and port.

I am not sure how can I allow those which returned from pluck verdicts.

Last edited by mamurtaza (2020-08-25 16:57:12)

Offline

#2 2020-08-25 17:17:28

jon
Administrator
Registered: 2017-01-10
Posts: 344

Re: whitelist from pluck verdicts on ubuntu

There are many ways to do it.

pluck + allow program curl
pluck + when now+20m allow everything
pluck + allow 1.2.3.4
pluck + allow bazel-domain-names

The domain names won't show in pluck verdicts, but if you know what they are, on Linux, Pluckeye will use them.

If you want more help, best show the exact commands you are executing.

Offline

#3 2020-08-26 05:08:40

mamurtaza
Member
Registered: 2018-12-12
Posts: 12

Re: whitelist from pluck verdicts on ubuntu

It also seems that with level 2 I also have issues with sudo apt update. I get the following message

E: The repository 'https://storage.googleapis.com/bazel-apt stable Release' no longer has a Release file.
N: Updating from such a repository can't be done securely, and is therefore disabled by default.
N: See apt-secure(8) manpage for repository creation and user configuration details.

where as pluck verdicts shows the following

00:58:47.251 allow 9385 http 91.189.95.83:80
00:58:47.251 allow 9382 http 140.211.166.134:80
00:58:47.251 allow 9388 http 91.189.91.38:80
00:58:47.260 block 9386 http 64.233.185.128:443
00:58:47.261 block 9386 http [2607:f8b0:4002:0c02:0000:0000:0000:0080]:443
00:58:47.261 block 9386 http 108.177.122.128:443
00:58:47.261 block 9386 http [2607:f8b0:4002:0c03:0000:0000:0000:0080]:443
00:58:47.261 block 9386 http 74.125.138.128:443
00:58:47.261 block 9386 http [2607:f8b0:4002:0c09:0000:0000:0000:0080]:443
00:58:47.261 block 9386 http 172.217.215.128:443
00:58:47.261 block 9386 http 74.125.21.128:443
00:58:47.261 block 9386 http 64.233.177.128:443
00:58:47.261 block 9386 http 173.194.219.128:443
00:58:47.261 block 9386 http 64.233.185.128:443
00:58:47.261 block 9386 http [2607:f8b0:4002:0c02:0000:0000:0000:0080]:443
00:58:47.261 block 9386 http 108.177.122.128:443
00:58:47.261 block 9386 http [2607:f8b0:4002:0c03:0000:0000:0000:0080]:443
00:58:47.261 block 9386 http 74.125.138.128:443
00:58:47.261 block 9386 http [2607:f8b0:4002:0c09:0000:0000:0000:0080]:443
00:58:47.261 block 9386 http 172.217.215.128:443
00:58:47.261 block 9386 http 74.125.21.128:443
00:58:47.261 block 9386 http 64.233.177.128:443
00:58:47.261 block 9386 http 173.194.219.128:443
00:58:47.272 allow 9383 http 13.226.94.9:80
00:58:47.272 allow 9384 http 13.226.94.31:443
00:58:47.277 allow 9381 http 13.90.56.68:443
00:58:47.282 allow 9387 http 91.189.88.152:80
00:58:47.425 allow 9385 http 91.189.95.83:80
00:58:47.600 allow 9385 http 91.189.95.83:80
00:59:23.894 allow 10284 http 13.226.94.101:443
00:59:23.894 allow 10282 http 140.211.166.134:80
00:59:23.894 allow 10285 http 91.189.95.83:80
00:59:23.894 allow 10287 http 91.189.91.39:80
00:59:23.895 allow 10286 http 64.233.185.128:443
00:59:23.895 allow 10283 http 13.226.94.15:80
00:59:23.913 allow 10281 http 13.90.56.68:443
00:59:23.924 allow 10288 http 91.189.91.39:80
00:59:24.071 allow 10285 http 91.189.95.83:80
00:59:24.250 allow 10285 http 91.189.95.83:80
00:59:28.737 allow 11374 http 13.226.94.101:443
00:59:28.737 allow 11372 http 140.211.166.134:80
00:59:28.737 allow 11376 http 64.233.185.128:443
00:59:28.737 allow 11375 http 91.189.95.83:80
00:59:28.737 allow 11371 http 13.90.56.68:443
00:59:28.737 allow 11377 http 91.189.91.39:80
00:59:28.737 allow 11373 http 13.226.94.15:80
00:59:28.737 allow 11378 http 91.189.91.38:80
00:59:28.916 allow 11375 http 91.189.95.83:80
00:59:29.091 allow 11375 http 91.189.95.83:80
00:59:39.159 allow 12435 http 140.211.166.134:80
00:59:39.159 allow 12438 http 91.189.95.83:80
00:59:39.160 allow 12436 http 13.226.94.15:80
00:59:39.160 allow 12441 http 91.189.91.38:80
00:59:39.160 allow 12439 http 64.233.185.128:443
00:59:39.160 allow 12437 http 13.226.94.101:443
00:59:39.160 allow 12440 http 91.189.91.39:80
00:59:39.179 allow 12434 http 13.90.56.68:443
00:59:39.336 allow 12438 http 91.189.95.83:80
00:59:39.511 allow 12438 http 91.189.95.83:80
01:00:07.240 allow 13435 bazel [0000:0000:0000:0000:0000:0000:0000:0001]:40159
01:05:12.578 allow 19011 http 91.189.95.83:80
01:05:12.579 allow 19008 http 140.211.166.134:80
01:05:12.590 block 19012 http 64.233.177.128:443
01:05:12.591 block 19012 http [2607:f8b0:4002:0c09:0000:0000:0000:0080]:443
01:05:12.591 block 19012 http 108.177.122.128:443
01:05:12.591 block 19012 http [2607:f8b0:4002:0c06:0000:0000:0000:0080]:443
01:05:12.591 block 19012 http 64.233.185.128:443
01:05:12.591 block 19012 http [2607:f8b0:4002:0c08:0000:0000:0000:0080]:443
01:05:12.591 block 19012 http 74.125.196.128:443
01:05:12.591 block 19012 http 64.233.177.128:443
01:05:12.591 block 19012 http [2607:f8b0:4002:0c09:0000:0000:0000:0080]:443
01:05:12.591 block 19012 http 108.177.122.128:443
01:05:12.591 block 19012 http [2607:f8b0:4002:0c06:0000:0000:0000:0080]:443
01:05:12.591 block 19012 http 64.233.185.128:443
01:05:12.591 block 19012 http [2607:f8b0:4002:0c08:0000:0000:0000:0080]:443
01:05:12.591 block 19012 http 74.125.196.128:443
01:05:12.599 allow 19009 http 13.226.94.15:80
01:05:12.609 allow 19010 http 13.226.94.93:443
01:05:12.609 allow 19013 http 91.189.88.152:80
01:05:12.610 allow 19014 http 91.189.91.38:80
01:05:12.649 allow 19007 http 13.90.56.68:443
01:05:12.753 allow 19011 http 91.189.95.83:80
01:05:12.929 allow 19011 http 91.189.95.83:80
01:05:48.564 allow 19925 http 91.189.91.39:80
01:05:48.564 block 19923 http 74.125.196.128:443
01:05:48.564 block 19923 http [2607:f8b0:4002:0c08:0000:0000:0000:0080]:443
01:05:48.564 block 19923 http 64.233.185.128:443
01:05:48.564 block 19923 http [2607:f8b0:4002:0c06:0000:0000:0000:0080]:443
01:05:48.564 block 19923 http 108.177.122.128:443
01:05:48.564 block 19923 http [2607:f8b0:4002:0c09:0000:0000:0000:0080]:443
01:05:48.564 allow 19920 http 13.226.94.76:80
01:05:48.564 block 19923 http 64.233.177.128:443
01:05:48.564 allow 19924 http 91.189.91.39:80
01:05:48.564 block 19923 http 74.125.196.128:443
01:05:48.565 block 19923 http [2607:f8b0:4002:0c08:0000:0000:0000:0080]:443
01:05:48.565 block 19923 http 64.233.185.128:443
01:05:48.565 block 19923 http [2607:f8b0:4002:0c06:0000:0000:0000:0080]:443
01:05:48.565 block 19923 http 108.177.122.128:443
01:05:48.565 block 19923 http [2607:f8b0:4002:0c09:0000:0000:0000:0080]:443
01:05:48.565 block 19923 http 64.233.177.128:443
01:05:48.565 allow 19921 http 13.226.94.101:443
01:05:48.591 allow 19918 http 13.90.56.68:443
01:05:48.613 allow 19922 http 91.189.95.83:80
01:05:48.714 allow 19919 http 140.211.166.134:80
01:05:48.789 allow 19922 http 91.189.95.83:80
01:05:48.964 allow 19922 http 91.189.95.83:80


So I can get it around if allow port 443 but then images from many website on the internet also gets allowed.

Offline

#4 2020-08-26 05:13:07

mamurtaza
Member
Registered: 2018-12-12
Posts: 12

Re: whitelist from pluck verdicts on ubuntu

Thank you it worked by allowing storage.googleapis.com in the allow list as well.

Offline

#5 2020-09-10 16:27:37

mamurtaza
Member
Registered: 2018-12-12
Posts: 12

Re: whitelist from pluck verdicts on ubuntu

I am trying to run https://github.com/RobotLocomotion/drake-iiwa-driver and it has some java component and therefore it gets blocks.

pluck verdicts shows me the following

12:15:56.534 allow 20177 bazel [0000:0000:0000:0000:0000:0000:0000:0001]:37813
12:15:56.534 allow 20177 bazel [0000:0000:0000:0000:0000:0000:0000:0001]:37813
12:15:56.602 block 19491 java [0000:0000:0000:0000:0000:ffff:8c52:7203]:443
12:15:56.703 block 19491 java [0000:0000:0000:0000:0000:ffff:8c52:7203]:443
12:15:56.905 block 19491 java [0000:0000:0000:0000:0000:ffff:8c52:7203]:443
12:15:57.306 block 19491 java [0000:0000:0000:0000:0000:ffff:8c52:7203]:443
12:15:58.129 block 19491 java [0000:0000:0000:0000:0000:ffff:8c52:7203]:443
12:15:59.731 block 19491 java [0000:0000:0000:0000:0000:ffff:8c52:7203]:443
12:16:02.933 block 19491 java [0000:0000:0000:0000:0000:ffff:8c52:7203]:443
12:16:09.335 block 19491 java [0000:0000:0000:0000:0000:ffff:8c52:7203]:443
12:16:43.865 allow 20286 bazel [0000:0000:0000:0000:0000:0000:0000:0001]:37813
12:16:43.865 allow 20286 bazel [0000:0000:0000:0000:0000:0000:0000:0001]:37813
12:16:43.904 block 19491 java [0000:0000:0000:0000:0000:ffff:8c52:7203]:443
12:16:44.004 block 19491 java [0000:0000:0000:0000:0000:ffff:8c52:7203]:443
12:16:44.205 block 19491 java [0000:0000:0000:0000:0000:ffff:8c52:7203]:443
12:16:44.609 block 19491 java [0000:0000:0000:0000:0000:ffff:8c52:7203]:443
12:16:45.411 block 19491 java [0000:0000:0000:0000:0000:ffff:8c52:7203]:443
12:16:47.013 block 19491 java [0000:0000:0000:0000:0000:ffff:8c52:7203]:443
12:16:50.215 block 19491 java [0000:0000:0000:0000:0000:ffff:8c52:7203]:443
12:16:56.616 block 19491 java [0000:0000:0000:0000:0000:ffff:8c52:7203]:443
12:17:48.151 allow 20389 git-remote-http 140.82.112.4:443
12:18:15.081 allow 20462 ssh 140.82.112.4:22
12:18:15.549 allow 20469 ssh 140.82.112.4:22
12:20:17.635 allow 20572 bazel [0000:0000:0000:0000:0000:0000:0000:0001]:37813
12:20:17.635 allow 20572 bazel [0000:0000:0000:0000:0000:0000:0000:0001]:37813
12:20:18.654 allow 20572 bazel [0000:0000:0000:0000:0000:0000:0000:0001]:41129
12:20:18.654 allow 20572 bazel [0000:0000:0000:0000:0000:0000:0000:0001]:41129
12:20:19.096 block 20587 java [0000:0000:0000:0000:0000:ffff:8c52:7104]:443
12:20:19.197 block 20587 java [0000:0000:0000:0000:0000:ffff:8c52:7104]:443
12:20:19.399 block 20587 java [0000:0000:0000:0000:0000:ffff:8c52:7104]:443
12:20:19.800 block 20587 java [0000:0000:0000:0000:0000:ffff:8c52:7104]:443
12:20:20.625 block 20587 java [0000:0000:0000:0000:0000:ffff:8c52:7104]:443
12:20:22.230 block 20587 java [0000:0000:0000:0000:0000:ffff:8c52:7104]:443
12:20:25.432 block 20587 java [0000:0000:0000:0000:0000:ffff:8c52:7104]:443
12:20:31.833 block 20587 java [0000:0000:0000:0000:0000:ffff:8c52:7104]:443

What is the best way to get it sorted without going back to level 1

Offline

#6 2020-09-10 21:16:50

RNYC
Moderator
Registered: 2017-01-14
Posts: 271

Re: whitelist from pluck verdicts on ubuntu

Did you try

pluck + allow program java

Offline

Board footer

Powered by FluxBB