RE: [URL Verdict: Neutral][Non-DoD Source] Re: Guacamole on Docker Failed Login for guacadmin

["Tourville, Jeremy A CTR USARMY DEVCOM AVMC (USA)" <je...@army.mil.INVALID>]

Thank you Mike!  I knew asking in this forum was a bit of a long shot.  Your explanation makes sense.  The vendor doesn’t provide much in the way of support that I am aware of.  I couldn’t find any directions on how to deploy the image properly except for the link that points back to your original guacamole image.
Your response is very appreciated.

From: Michael Jumper <mj...@apache.org>
Sent: Monday, October 31, 2022 4:57 PM
To: user@guacamole.apache.org
Subject: Re: [URL Verdict: Neutral][Non-DoD Source] Re: Guacamole on Docker Failed Login for guacadmin


All active links contained in this email were disabled. Please verify the identity of the sender, and confirm the authenticity of all links contained within the message prior to copying and pasting the address to a Web browser.

________________________________

On Mon, Oct 31, 2022 at 11:46 AM Tourville, Jeremy A CTR USARMY DEVCOM AVMC (USA) <je...@army.mil.invalid>> wrote:
This isn’t my own custom image per se’.  The image URL is from Iron Bank.   Caution-https://ironbank.dso.mil/about < Caution-https://ironbank.dso.mil/about >
“The Iron Bank is the DoD repository of digitally signed, binary container images that have been hardened and accredited for DoD-wide use across classifications. All containers provide a variety of information such as their build and approval date, approval status, scan results, and more. The goal is to provide a place where DoD programs can find and utilize cutting-edge software and tools for their programs! Prior to creating a new container image, DoD programs can now check to see if the software they want to use is already containerized and exists in the Iron Bank for their use. If no container image exists, requests can be made with the Iron Bank onboarding team to add the container to our list. All containers must be sponsored by a DoD progam or directly by a vendor.”

The Iron Bank Image is derived from the Guacamole image.  They take the image and rebase it.  They also try to harden all images for security.

You'll definitely need to reach out to your vendor with respect to their image. We can't help with a third-party image (but can if you retry with the image we provide). If your vendor isn't sure what's going on, feel free to direct them to this list and perhaps we can help them.

That being said, I will take a look at the location you referenced.  I had seen other forums mention that path and some seemed to indicate it was a false positive.

It indicates at least that the image deviates from the image we provide, and it directly affects whether Guacamole can find its configuration files. If the log messages state that GUACAMOLE_HOME is "/etc/guacamole", but that's not where guacamole.properties is, then things will definitely not work. Here's what things normally look like:

21:47:20.082 [localhost-startStop-1] INFO  o.a.g.environment.LocalEnvironment - GUACAMOLE_HOME is "/home/guacamole/.guacamole".
21:47:20.242 [localhost-startStop-1] INFO  o.a.g.GuacamoleServletContextListener - Read configuration parameters from "/home/guacamole/.guacamole/guacamole.properties".

Reading from /etc/guacamole instead is fine, but if your image can't find its guacamole.properties at all, then your vendor has broken something in their image.

- Mike