I was looking into suricata and I could not understand something about configuration file. As in the documentation we need to add our rule file to the suricata.yaml like this:
default-rule-path: /usr/local/etc/suricata/rules
rule-files:
- suricata.rules
- /path/to/local.rules
Should we need write the directory of the local.rules(sample file) ? Or we just keep it as /path/...
Which one is the correct usage?
Thanks in advance
Both are fine. A rule file without a leading / will be loaded relative to the default-rule-path. I will often have a section that looks like:
default-rule-path: /var/lib/suricata/rules
rules-files:
- suricata.rules
- /etc/suricata/rules/local.rules
Where suricata.rules is the output of suricata-update. And local.rules is just a rule file I manually update.
Related
I have a check.env file, in which I have some variables like
SharedAccessKey=
I want to put a value in the check.env file from my node.js code. Articles on internet are there for updating at the running time of node.js, but my requirement is to change in the file and keep the file with changes made.
How can I accomplish that.
I got this link : How to change variables in the .env file dynamically in Laravel?
but it is in some other language, how can I do in node.js.
I was unable to find out the best solution so went with another solution of mine that I took.
I am using two files now both .env extensions and I am copying main .env file to another empty .env file (like check1.env to check2.env).
Any modifications I am making is in the second file (check2.env).
And I am using string replacement in the .env file, using fs.readLine() and getting the string and the data.replace(), this worked for me.
The reason to use two .env files is that even if I change in the second file, again by copying from the first file I will get same string search and will replace with a different value.
-- Please suggest if there is an any better approach. Thanks
I have a URL, looking below:
www.abc.com/postblog.php?url=xyz
I just want to remove [ postblog.php?url= ]. How i do this. i want my new url look like this:
www.abc.com/xyz
or
www.abc.com/blog/xyz
I am using a windows server, and i am applying both type of file web.config & .htaccess . Which one is worked and how i implement this url formation.
Check this:
https://httpd.apache.org/docs/current/howto/htaccess.html
*In general, you should only use .htaccess files when you don't have access to the main server configuration file.
I wonder if you can configure logstash in the following way:
Background Info:
Every day I get a xml file pushed to my server, which should be parsed.
To indicate a complete file transfer afterwards I get an empty .ctl (custom file) transfered to the same folder.
The files both have the following name schema 'feedback_{year}{yearday}_UTC{hoursminutesseconds}_51.{extention}' (e.g. feedback_16002_UTC235953_51.xml). So they have the same file name but one is with .xml and the other is a .ctl file.
Question:
Is there a way to configure logstash to wait parsing the xml file until the according .ctl file is present?
EDIT:
Is there maybe a way to archiev that with filebeat?
EDIT2:
It would also be enough to be able to configure logstash in a way that it will wait x minutes before starting to process a new file, if that is easier.
Thanks for any help in advance
Your problem is that you don't want to start the parser before the file transfer hasn't been completed. So, why don't push the data to a file (file-complete.xml) when you find your flag file (empty.ctl)?
Here is the possible logic for a script and runs using crontab:
if empty.ctl exists:
Clear file-complete.xml
Add the content of file.xml to file-complete.xml.
Remove empty.ctl
This way, you'd need to parse the data from file-complete.xml. I think is simpler to debug and configure.
Hope it helps,
I'm attempting to ensure all but a few specific lines are removed from a file. I can get halfway there with the following task.
- name: ensure only the correct lines are present
lineinfile: dest=/path/to/file
regexp="pattern1|pattern2[0-9]*|pattern3[0-9]*"
state=present
backup=yes
Ultimately I want to ensure that pattern1, pattern2[0-9]*, and pattern3[0-9]* are the only lines that remain in this file. I've attempted to come up with a regex that negates this one and then specify state=absent but I've been unsuccessful so far.
If you want only specific lines in your file, why don't you just transfer that file with your desired lines to the remote server? You can use copy module to transfer that file as is or template module to dynamically substitute some variables inside or even assemble module to generate a file from some fragments(such as config).
I have a Java Web App running on Tomcat on which I'm supposed to exploit Path traversal vulnerability. There is a section (in the App) at which I can upload a .zip file, which gets extracted in the server's /tmp directory. The content of the .zip file is not being checked, so basically I could put anything in it. I tried putting a .jsp file in it and it extracts perfectly. My problem is that I don't know how to reach this file as a "normal" user from browser. I tried entering ../../../tmp/somepage.jsp in the address bar, but Tomcat just strips the ../ and gives me http://localhost:8080/tmp/ resource not available.
Ideal would be if I could somehow encode ../ in the path of somepage.jsp so that it gets extracted in the web riot directory of the Web App. Is this possible? Are there maybe any escape sequences that would translate to ../ after extracting?
Any ideas would be highly appreciated.
Note: This is a school project in a Security course where I'm supposed to locate vulnerabilities and correct them. Not trying to harm anyone...
Sorry about the downvotes. Security is very important, and should be taught.
Do you pass in the file name to be used?
The check that the server does is probably something something like If location starts with "/tmp" then allow it. So what you want to do is pass `/tmp/../home/webapp/"?
Another idea would be to see if you could craft a zip file that would result in the contents being moved up - like if you set "../" in the filename inside the zip, what would happen? You might need to manually modify things if your zip tools don't allow it.
To protect against this kind of vulnerability you are looking for something like this:
String somedirectory = "c:/fixed_directory/";
String file = request.getParameter("file");
if(file.indexOf(".")>-1)
{
//if it contains a ., disallow
out.print("stop trying to hack");
return;
}
else
{
//load specified file and print to screen
loadfile(somedirectory+file+".txt");
///.....
}
If you just were to pass the variable "file" to your loadfile function without checking, then someone could make a link to load any file they want. See https://www.owasp.org/index.php/Path_Traversal