March 2017 Archives

How to enable remote debugging of J2EE application running on Tomcat

- Change and sdd the following codes to $CATALINA_HOME/bin/startup.sh

# exec "$PRGDIR"/"$EXECUTABLE" start "$@"
export JPDA_ADDRESS=${TomcatServerIP}:8000
exec "$PRGDIR"/"$EXECUTABLE" jpda start "$@"

- Restart tomcat

- In Debug Configurations of Eclipse,
- Create new "Remote Java Application",
and set Host and Port to ${TomcatServerIP} , 8000

- Set break point and start debugging

How to Install multipul versions of php using phpenv


c.f.


http://qiita.com/uchiko/items/5f1843d3d848de619fdf


Tested in Cent7 + php 5.4.45(default)
Adding php 7 using phpenv.

git clone git://github.com/CHH/php-build.git ~/.phpenv/plugins/php-build
echo 'export PATH="$HOME/.phpenv/bin:$PATH"' >> ~/.bashrc
echo 'eval "$(phpenv init -)"' >> ~/.bashrc
exec $SHELL -l
phpenv install -l
phpenv install 7.1.3


--> Build error



- Install nesessary packages

yum install openssl-devel
yum install libcurl
yum install curl-devel 
yum --enablerepo=epel install libmcrypt


- Install mcrypt

yum install gcc-c++
tar zxvf re2c-0.16.tar.gz 
cd re2c-0.16/
./configure 
make
make install
c.f.


https://donow.jp/skillup/?p=1328


yum install --enablerepo epel libmcrypt-devel
yum install readline-devel
yum install libtidy
yum install --enablerepo epel libtidy
yum install --enablerepo epel libtidy-devel
yum install libxslt
yum install libxslt-devel
yum install autoconf
yum install automake
phpenv install 7.1.3


--> Success


# phpenv versions
  7.1.3

        

How to implement RSS Server using Tiny Tiny RSS

https://tt-rss.org/gitlab/fox/tt-rss/wikis/InstallationNotes
http://d.hatena.ne.jp/kt_hiro/20130315/1363310653
https://bucci.bp7.org/archives/24902



- Download tt-rss
git clone https://tt-rss.org/git/tt-rss.git tt-rss

chown -R apache:apache tt-rss/
mv tt-rss/ /var/www/html/html/


- Create DB


mysql> create database ttrss;
mysql> create user ttrss identified by 'pass';
mysql> grant all on ttrss.* to ttrss@localhost identified by 'pass';



- Install



http://www.reverse-edge.com/tt-rss/



--> Install mbstring see:



- Initial setting

Initial ID/Pass:
admin	/	password



- Register feeds



- Change permissions


[root@gamzatti tt-rss]# chmod -R 777 cache/images
[root@gamzatti tt-rss]# chmod -R 777 cache/upload
[root@gamzatti tt-rss]# chmod -R 777 cache/export
[root@gamzatti tt-rss]# chmod -R 777 cache/js
[root@gamzatti tt-rss]# chmod -R 777 feed-icons
[root@gamzatti tt-rss]# chmod -R 777 lock

[fmariko@gamzatti ~]$ cd /var/www/html/html/tt-rss/
[fmariko@gamzatti tt-rss]$ ls -ltr
合計 240


-rw-r--r-- 1 apache apache 8292 3月 6 06:33 2017 config.php

drwxrwxrwx  2 apache apache  4096  3月  6 06:33 2017 feed-icons
drwxrwxrwx  2 apache apache  4096  3月  6 06:33 2017 lock


- Update feeds


php update.php --feeds




        

How to protect Java based web application using mod_security



- Install mod_security

yum install mod_security

httpd -M | grep security
security2_module (shared)


--> mod_security is loaded.



- mod_security Settings

/etc/httpd/conf.d/mod_security.conf

SecRuleEngine On		-->enacle (choise this)
SecRuleEngine Off		-->disable
DetectionOnly             --> Detection Only


- Create rules

/etc/httpd/modsecurity.d/activated_rules/cve-s2-045.conf
SecRule REQUEST_HEADERS "OgnlContext|OgnlUtil" 
"id:001,phase:2,t:none,log,deny,msg:attack"


- (Install mod_proxy)


[root@struts-sv modules]# ls /etc/httpd/modules/mod_proxy*
/etc/httpd/modules/mod_proxy.so
/etc/httpd/modules/mod_proxy_ajp.so


--> mod_proxy.so and mod_proxy_ajp.so are installed by default.



- mod_proxy Settings



- (Load mod_proxy in httpd.conf)

LoadModule proxy_ajp_module modules/mod_proxy_ajp.so

[root@struts-sv modules]# httpd -M | grep proxy
Syntax OK
 proxy_module (shared)
 proxy_ajp_module (shared)


--> mod_proxy.so and mod_proxy_ajp.so are loaded by default.



- Proxy requests to ajp in httpd.conf

ProxyPass /struts2-showcase-2.3.31/ ajp://localhost:8009/struts2-showcase-2.3.31/


Above example, a request to http://hostname/struts2-showcase-2.3.31/ is forwardes to
http://hostname:8080/struts2-showcase-2.3.31/ via 8009(ajp).



- Restart httpd and tomcat



- Access Struts URI via http port (80) containing malicious requiest
e.g. http://hostname/struts2-showcase-2.3.31



- Request is denied by mod_security


Message: Access denied with code 403 (phase 2). Pattern match "OgnlContext|OgnlUtil" at 
REQUEST_HEADERS:Content-Type. [file "/etc/httpd/modsecurity.d/activated_rules/cve-s2-045.conf"]
[line "1"] [id "001"] [msg "attack"]

- Summary of vulnerabiliry


https://struts.apache.org/docs/s2-045.html



- When a request is conducted to Strunts application, built-in ServletFilter is executed.

   If content_type contains the strings "multipart/form-data",
org.apache.struts2.dispatcher.multipart.JakartaMultiPartRequest#parse() is called.
   (which is built in default parser of Struts core)
   So, if we don't modify the defaut settings of parser, attackers can reveledging the 
vulnerability by sending crafted requests contains multipart/form-data in content_type.


- The cause of the vulnerabiliry is the follwing:

     In processs of JakartaMultiPartRequest#parse(), an Exception is thrown and 
buildErrorMessage() is called if content_type is invalid format.
     During handling Exception object in buildErrorMessage(), malicious OGNL specified 
in content_type is executed, which leads to arbitory code execetion.


- Mitigation



- Reject malicious request by using ServletFilter or WAF.

    The following is an example of ServletFilter which retuns server error against malicious 
Content-Type containing OGNL expression.

------

    
    public void doFilter(ServletRequest request, ServletResponse response,
           FilterChain chain) 
           throws java.io.IOException, javax.servlet.ServletException
    {

        System.out.println("Servlet Filter: "+this.getClass().getName()+"Called.");
        HttpServletRequest httpRequest = (HttpServletRequest) request;
        String contentType = httpRequest.getHeader(CONTENT_TYPE);
        String uri = httpRequest.getRequestURI();
        
        BufferedReader reader = null;
        String body = "";
        try{
        	reader = httpRequest.getReader();
        	Stream lines = reader.lines();
        	body = lines.collect(Collectors.joining("\r\n"));
        } catch (IOException e) {
        	// skip filter
        	e.printStackTrace();
        	chain.doFilter(request, response);
        } finally{
        	reader.close();
        }
        
        Pattern p = Pattern.compile(SIGNATURE_OGNL);
        
        if (contentType!=null && !contentType.toLowerCase(Locale.ENGLISH).startsWith(MULTIPART) && 
        		p.matcher(contentType).find()){
        	System.out.println("Malicious Content-Type:"+contentType);
        	throw new ServletException(ERROR_INVALID_REQUEST);
        } else if (p.matcher(uri).find()){
        	System.out.println("Malicious URI:"+uri);
        	throw new ServletException(ERROR_INVALID_REQUEST);
        } else if (p.matcher(body).find()){
        	System.out.println("Malicious Request body:"+body);
        	throw new ServletException(ERROR_INVALID_REQUEST);
        }
        chain.doFilter(request, response);
    }

Example of Servlet filter


------



- Switch parser for multipart/form-data from JakartaMultiPartRequest to another.

     In 2.3.18 later, JakartaStreamMultiPartRequest is available. 
     We can switch parser by setting the following property in struts configuration 
(e.g. struts.xml)
     <constant name="struts.multipart.parser" value="jakarta-stream" />
     Then the follwing class is executed instead of JakartaMultiPartRequest:


https://struts.apache.org/maven/struts2-core/apidocs/org/apache/struts2/dispatcher/multipart/JakartaStreamMultiPartRequest.html

  

Selenium Web Driver for python


http://qiita.com/hiroseabook/items/c161462844aef87e0f0d



- Install required modules

pip install selenium
pip install pyvirtualdisplay
yum -y install xorg-x11-server-Xvfb


- Update firefox to the latest

tar xvf firefox-51.0.1.tar.bz2 
mv firefox /opt/
ln -s /opt/firefox/firefox /usr/local/bin/firefox

# /usr/local/bin/firefox -v
Mozilla Firefox 51.0.1


- Create test code
http://qiita.com/_akisato/items/2daafdbc3de544cf6c92


# cat seleniumTest.py 
from selenium import webdriver
from pyvirtualdisplay import Display

def readURL(filename):
    f = open(filename)
    lines = f.readlines()
    f.close()
    return lines

lines = readURL("url.txt") 
for line in lines:
    print(line)

    display = Display(visible=0, size=(1024, 768))
    display.start()
    driver = webdriver.Firefox()
    driver.get(line)
    html = driver.page_source.encode('utf-8')
    driver.quit()
               # required for closing browser
    print(html)

yum remove mariadb-libs
ls /var/lib/mysql/
rpm -qa | grep mariadb
rpm -qa | grep mysql

yum localinstall http://dev.mysql.com/get/mysql57-community-release-el6-7.noarch.rpm
yum repolist all | grep mysql
yum -y install yum-utils
yum-config-manager --disable mysql57-community
yum-config-manager --enable mysql56-community
yum repolist all | grep mysql
yum info mysql-community-server
yum -y install mysql-community-server
which mysqld
mysqld --version
systemctl status mysqld
systemctl start mysqld
mysqladmin -u root password 'root'

About this Archive

This page is an archive of entries from March 2017 listed from newest to oldest.

February 2017 is the previous archive.

April 2017 is the next archive.

Find recent content on the main index or look in the archives to find all content.