How to enable remote debugging of J2EE application running on Tomcat
- Change and sdd the following codes to $CATALINA_HOME/bin/startup.sh
# exec "$PRGDIR"/"$EXECUTABLE" start "$@"
export JPDA_ADDRESS=${TomcatServerIP}:8000
exec "$PRGDIR"/"$EXECUTABLE" jpda start "$@"
- Restart tomcat
- In Debug Configurations of Eclipse,
- Create new "Remote Java Application",
and set Host and Port to ${TomcatServerIP} , 8000
- Set break point and start debugging
c.f.
http://qiita.com/uchiko/items/5f1843d3d848de619fdf
Tested in Cent7 + php 5.4.45(default)
Adding php 7 using phpenv.
git clone git://github.com/CHH/php-build.git ~/.phpenv/plugins/php-build
echo 'export PATH="$HOME/.phpenv/bin:$PATH"' >> ~/.bashrc
echo 'eval "$(phpenv init -)"' >> ~/.bashrc
exec $SHELL -l
phpenv install -l
phpenv install 7.1.3
--> Build error
- Install nesessary packages
yum install openssl-devel
yum install libcurl
yum install curl-devel
yum --enablerepo=epel install libmcrypt
- Install mcrypt
yum install gcc-c++
tar zxvf re2c-0.16.tar.gz
cd re2c-0.16/
./configure
make
make install
c.f.
https://donow.jp/skillup/?p=1328
yum install --enablerepo epel libmcrypt-devel
yum install readline-devel
yum install libtidy
yum install --enablerepo epel libtidy
yum install --enablerepo epel libtidy-devel
yum install libxslt
yum install libxslt-devel
yum install autoconf
yum install automake
phpenv install 7.1.3
--> Success
# phpenv versions
7.1.3
How to implement RSS Server using Tiny Tiny RSS
https://tt-rss.org/gitlab/fox/tt-rss/wikis/InstallationNotes
http://d.hatena.ne.jp/kt_hiro/20130315/1363310653
https://bucci.bp7.org/archives/24902
- Download tt-rss
git clone https://tt-rss.org/git/tt-rss.git tt-rss
chown -R apache:apache tt-rss/
mv tt-rss/ /var/www/html/html/
- Create DB
mysql> create database ttrss;
mysql> create user ttrss identified by 'pass';
mysql> grant all on ttrss.* to ttrss@localhost identified by 'pass';
- Install
http://www.reverse-edge.com/tt-rss/
--> Install mbstring see:
- Initial setting
Initial ID/Pass:
admin / password
- Register feeds
- Change permissions
[root@gamzatti tt-rss]# chmod -R 777 cache/images
[root@gamzatti tt-rss]# chmod -R 777 cache/upload
[root@gamzatti tt-rss]# chmod -R 777 cache/export
[root@gamzatti tt-rss]# chmod -R 777 cache/js
[root@gamzatti tt-rss]# chmod -R 777 feed-icons
[root@gamzatti tt-rss]# chmod -R 777 lock
[fmariko@gamzatti ~]$ cd /var/www/html/html/tt-rss/
[fmariko@gamzatti tt-rss]$ ls -ltr
合計 240
-rw-r--r-- 1 apache apache 8292 3月 6 06:33 2017 config.php
drwxrwxrwx 2 apache apache 4096 3月 6 06:33 2017 feed-icons
drwxrwxrwx 2 apache apache 4096 3月 6 06:33 2017 lock
- Update feeds
php update.php --feeds
- Install mod_security
yum install mod_security
httpd -M | grep security
security2_module (shared)
--> mod_security is loaded.
- mod_security Settings
/etc/httpd/conf.d/mod_security.conf
SecRuleEngine On -->enacle (choise this)
SecRuleEngine Off -->disable
DetectionOnly --> Detection Only
- Create rules
/etc/httpd/modsecurity.d/activated_rules/cve-s2-045.conf
SecRule REQUEST_HEADERS "OgnlContext|OgnlUtil"
"id:001,phase:2,t:none,log,deny,msg:attack"
- (Install mod_proxy)
[root@struts-sv modules]# ls /etc/httpd/modules/mod_proxy*
/etc/httpd/modules/mod_proxy.so
/etc/httpd/modules/mod_proxy_ajp.so
--> mod_proxy.so and mod_proxy_ajp.so are installed by default.
- mod_proxy Settings
- (Load mod_proxy in httpd.conf)
LoadModule proxy_ajp_module modules/mod_proxy_ajp.so
[root@struts-sv modules]# httpd -M | grep proxy
Syntax OK
proxy_module (shared)
proxy_ajp_module (shared)
--> mod_proxy.so and mod_proxy_ajp.so are loaded by default.
- Proxy requests to ajp in httpd.conf
ProxyPass /struts2-showcase-2.3.31/ ajp://localhost:8009/struts2-showcase-2.3.31/
Above example, a request to http://hostname/struts2-showcase-2.3.31/ is forwardes to
http://hostname:8080/struts2-showcase-2.3.31/ via 8009(ajp).
- Restart httpd and tomcat
- Access Struts URI via http port (80) containing malicious requiest
e.g. http://hostname/struts2-showcase-2.3.31
- Request is denied by mod_security
Message: Access denied with code 403 (phase 2). Pattern match "OgnlContext|OgnlUtil" at
REQUEST_HEADERS:Content-Type. [file "/etc/httpd/modsecurity.d/activated_rules/cve-s2-045.conf"]
[line "1"] [id "001"] [msg "attack"]
https://struts.apache.org/docs/s2-045.html
- When a request is conducted to Strunts application, built-in ServletFilter is executed.
If content_type contains the strings "multipart/form-data",
org.apache.struts2.dispatcher.multipart.JakartaMultiPartRequest#parse() is called.
(which is built in default parser of Struts core)
So, if we don't modify the defaut settings of parser, attackers can reveledging the
vulnerability by sending crafted requests contains multipart/form-data in content_type.
- The cause of the vulnerabiliry is the follwing:
In processs of JakartaMultiPartRequest#parse(), an Exception is thrown and
buildErrorMessage() is called if content_type is invalid format.
During handling Exception object in buildErrorMessage(), malicious OGNL specified
in content_type is executed, which leads to arbitory code execetion.
- Mitigation
- Reject malicious request by using ServletFilter or WAF.
The following is an example of ServletFilter which retuns server error against malicious
Content-Type containing OGNL expression.
------
public void doFilter(ServletRequest request, ServletResponse response,
FilterChain chain)
throws java.io.IOException, javax.servlet.ServletException
{
System.out.println("Servlet Filter: "+this.getClass().getName()+"Called.");
HttpServletRequest httpRequest = (HttpServletRequest) request;
String contentType = httpRequest.getHeader(CONTENT_TYPE);
String uri = httpRequest.getRequestURI();
BufferedReader reader = null;
String body = "";
try{
reader = httpRequest.getReader();
Stream lines = reader.lines();
body = lines.collect(Collectors.joining("\r\n"));
} catch (IOException e) {
// skip filter
e.printStackTrace();
chain.doFilter(request, response);
} finally{
reader.close();
}
Pattern p = Pattern.compile(SIGNATURE_OGNL);
if (contentType!=null && !contentType.toLowerCase(Locale.ENGLISH).startsWith(MULTIPART) &&
p.matcher(contentType).find()){
System.out.println("Malicious Content-Type:"+contentType);
throw new ServletException(ERROR_INVALID_REQUEST);
} else if (p.matcher(uri).find()){
System.out.println("Malicious URI:"+uri);
throw new ServletException(ERROR_INVALID_REQUEST);
} else if (p.matcher(body).find()){
System.out.println("Malicious Request body:"+body);
throw new ServletException(ERROR_INVALID_REQUEST);
}
chain.doFilter(request, response);
}
Example of Servlet filter
------
- Switch parser for multipart/form-data from JakartaMultiPartRequest to another.
In 2.3.18 later, JakartaStreamMultiPartRequest is available.
We can switch parser by setting the following property in struts configuration
(e.g. struts.xml)
<constant name="struts.multipart.parser" value="jakarta-stream" />
Then the follwing class is executed instead of JakartaMultiPartRequest:
http://qiita.com/hiroseabook/items/c161462844aef87e0f0d
- Install required modules
pip install selenium
pip install pyvirtualdisplay
yum -y install xorg-x11-server-Xvfb
- Update firefox to the latest
tar xvf firefox-51.0.1.tar.bz2
mv firefox /opt/
ln -s /opt/firefox/firefox /usr/local/bin/firefox
# /usr/local/bin/firefox -v
Mozilla Firefox 51.0.1
- Create test code
http://qiita.com/_akisato/items/2daafdbc3de544cf6c92
# cat seleniumTest.py
from selenium import webdriver
from pyvirtualdisplay import Display
def readURL(filename):
f = open(filename)
lines = f.readlines()
f.close()
return lines
lines = readURL("url.txt")
for line in lines:
print(line)
display = Display(visible=0, size=(1024, 768))
display.start()
driver = webdriver.Firefox()
driver.get(line)
html = driver.page_source.encode('utf-8')
driver.quit()
# required for closing browser
print(html)
yum remove mariadb-libs
ls /var/lib/mysql/
rpm -qa | grep mariadb
rpm -qa | grep mysql
yum localinstall http://dev.mysql.com/get/mysql57-community-release-el6-7.noarch.rpm
yum repolist all | grep mysql
yum -y install yum-utils
yum-config-manager --disable mysql57-community
yum-config-manager --enable mysql56-community
yum repolist all | grep mysql
yum info mysql-community-server
yum -y install mysql-community-server
which mysqld
mysqld --version
systemctl status mysqld
systemctl start mysqld
mysqladmin -u root password 'root'
