We host our website on firebase. We fail a security check due to the following reason:
The remote web server hosts publicly available files whose contents may be indicative of a typical bash history. Such files may contain sensitive information that should not be disclosed to the public.
The following .bash_history files are available on the remote server : - /.bash_history Note, this file is being flagged because you have set your scan to 'Paranoid'. The contents of the detected file has not been inspected to see if it contains any of the common Linux commands one might expect to see in a typical .bash_history file. - /cgi-bin/.bash_history Note, this file is being flagged because you have set your scan to 'Paranoid'. The contents of the detected file has not been inspected to see if it contains any of the common Linux commands one might expect to see in a typical .bash_history file. - /scripts/.bash_history Note, this file is being flagged because you have set your scan to 'Paranoid'. The contents of the detected file has not been inspected to see if it contains any of the common Linux commands one might expect to see in a typical .bash_history file.
The problem is that we don't have an easy way to get access to the hosting machine and delete these files.
Anybody knows how it can be solved?
If you are using Firebase Hosting, you should check the directory (usually public) that you are uploading via the firebase deploy command. Hosting serves only those files (plus a couple of auto-generated ones under the reserved __/ path for auto-configuration).
If you have a .bash_history, cgi-bin/.bash_history or scripts/.bash_history in that public directory, then it will be uploaded to and served by Hosting. There are no automatically served files with those name.
You can check your public directory, and update the list of files to ignore on the next deploy using the firebase.json file (see this doc). You can also download all the files that Firebase Hosting is serving for you using this script.
Related
This is my WinDbg target launch link.
From
"E:\software\Windows Kits\10\Debuggers\x86\windbg.exe" -y SRV*
E:\symbol*http://msdl.microsoft.com/download/symbols -b -k com:port=//./pipe/com_1,baud=115200,pipe
to
"E:\software\Windows Kits\10\Debuggers\x86\windbg.exe" -y SRV*[cache*]E:\symbol;D:\projects*http://msdl.microsoft.com/download/symbols -b -k com:port=//./pipe/com_1,baud=115200,pipe
My local symbolic address is D:\projects, The local pdb file is always locked.
You are mixing the HTTP server SRV* with the cache cache*. And all in all I wonder why you actually need a cache. It doesn't look like you want one. You may have a larger misunderstanding of how a symbol path works. This answer will not go into all details as well.
Microsoft symbols
Let's begin with the Microsoft symbol server:
SRV*E:\symbol*http://msdl.microsoft.com/download/symbols
srv says that this is a HTTP server.
E:\symbol says where those symbols shall be stored
http://... says where to get the symbols from
the individual parts of that definition are separated by *
Your own symbols
What you probably want is to have your local symbols (PDB files on your disk) available. You do that with just
D:\projects
and nothing else, where D:\projects is a directory which directly contains the PDB files, which is often the case when you build the project locally on your machine.
If your company has a network share, you simply add the network share:
srv to say it's a online resource
C:\netsymbols as your local directory
\\ourserver\symbols for the network share
the individual parts of that definition are separated by * (like before)
If you have a company symbol server via HTTP (like TFS offers), you would use
srv to be a HTTP server.
E:\oursymbols says where those symbols shall be stored (don't put that directory near your source code, e.g. don't use D:\projects, because that likely contains your projects, not symbols)
http://tfs.example.com/myproject for your company's server.
the individual parts of that definition are separated by * (like before)
Combination of different symbol paths
You can combine different symbol paths using ;. You typically want to do that in the order of latency and throughput, i.e.
Your local hard disk (like D:\projects)
Your local network (like srv*C:\netsymbols*\\ourserver\symbols or local HTTP servers)
Internet (like Microsoft HTTP server)
D:\projects;srv*C:\netsymbols*\\ourserver\symbols;srv*E:\oursymbols*http://tfs.example.com/myproject;SRV*E:\symbol*http://msdl.microsoft.com/download/symbols
The cache
Now, the symbol cache is a harder to grasp concept. It is defined by
cache*E:\symbolcache
cache is the indicator that you want a cache
E:\symbolcache is where you want the cache to be on hard disk
the individual parts of that definition are separated by * (like before)
The cache will store everything which is right of it. So typically you put that first, giving
cache*E:\symbolcache;D:\projects;srv*C:\netsymbols*\\ourserver\symbols;srv*E:\oursymbols*http://tfs.example.com/myproject;SRV*E:\symbol*http://msdl.microsoft.com/download/symbols
I never used a cache, because I prefer to have individual locations for the different symbols. The cache may be useful if you don't specify HDD locations for each individual part.
Commands
If you're not sure how to construct a symbol path, take a look at .symfix and .sympath+. These will help you get a correct Microsoft symbol server as well as combine other paths correctly. See this answer for more examples on symbol paths and how they work.
I want to host multiple websites using a single IP address i.e using name-based virtual hosting. In some of the blogs, it is given that we need to create separate config files for different websites and should enable all of them. but how does the apache server know which config file to look into? i.e if I have three config files named website1.conf,website2.conf,default.conf and if I type website2 in the chrome how does the server know which config file to look into?
The server is compiled to look for a single configuration file, which can be overridden by the -f command line flag. The configuration file can explicitly Include other configuration files or entire directories of configuration files.
At startup, the server parses the configuration. If it leads to other files, so be it. If those files have <virtualhost> directives, then the server will look at the directives within them to figure out what you've told it about routing requests.
apachectl -S can summarize what the server knows about virtual hosts.
I have a Talend job that searches a directory and then uploads it to our database.
It's something like this: dbconnection>twaitforfile>tfilelist>fileschema>tmap>db
I have a subjobok that then commits the data into the table iterates through the directory and movies files to another folder.
Recently I was instructed to change the directory to a shared network path using the same components as before (I originally thought of changing components to tftpfilelist, etc.)
My question being how to direct it to the shared network path. I was able to get it to go through using double \ but it won't read any of the new files arriving.
Thanks!
I suppose if you use tWaitForFile on the local filesystem Talend/Java will hook somehow into the folder and get a message if a new file is being put into it.
Now, since you are on a network drive first of all this is out of reach of the component. Second, the OS behind the network drive could be different.
I understand your job is running all the time, listening. You could change the behaviour to putting a tLoop first which would check the file system for new files and then proceed. There must be some delta check in how the new files get recognized.
I have a batch file where I copy file from a different server. I have no issues running it on the server. But when I try to run it from a web application, the file does not copy. I keep getting access denied error. I have used xcopy, copy and robocopy.
I have provided full access to source and destination folder for all users.
No luck. Keep getting the same error :
copy /y \N01APW280\d$\Oracle\Middleware\user_projects\epmsystem1\diagnostics\logs\essbase\essbase_0\app\PLPLAN\PLPLAN.LOG D:\Hyperion\ERPI_Actuals_Load\Logs\
It is rather awkward to try and use a command-line utility, such as copy, from a web app; you should rather be using the programmatic abilities within your web application instead.
Aside from that, you main issue is that web apps are typically executed with very limited privileges, using local machine accounts that have no way of accessing administrative level shares on remote machines such as \N01APW280\d$. Another possible issue is that the local account that is being used by the web app cannot write to D:\Hyperion\ERPI_Actuals_Load\Logs\ folder. And finally, your app may have enough privileges to instantiate an external process such as copy.exe.
I have created a C# service that:
- Picks up and opens a local text file
- Opens an Excel-file used as template (saved locally)
- Fills in the data from the text file in the excel file
- Saves the Excel file to a network folder.
The service runs using a domain account (I cannot give the local system account rights on the network from our network admin...). When the service tries to open the template, I get an access denied error:
Microsoft Excel cannot access the file 'C:\BloxVacation\Template\BloxTemplate.xlsm'. There are several possible reasons:
• The file name or path does not exist.
• The file is being used by another program.
• The workbook you are trying to save has the same name as a currently open workbook.
The file does exist and the path is correct.
The file is not used by another user or program.
I try to OPEN the workbook (no other workbook is open), not SAVE it.
I have received the same error using the system account. The reason for this is that, when using interopservices, the system account needs a desktop folder (bug in Windows 7: http://forums.asp.net/t/1585488.aspx).
C:\Windows\System32\config\systemprofile\Desktop
C:\Windows\SysWOW64\config\systemprofile\Desktop
Create those 2 files and the error disappears for the system account.
I have given the domain user rights to those folders and the error disappears as well however, the service hangs on the code line where I open the excel file. When I execute the exact same code with the system account, the code execute well (Note: I save the file locally).
objXL.Workbooks.Open(BloxVacationService.ExcelTemplateFilePath)
Has anybody an idea how to solve this issue without having to rewrite the entire service in OpenXML? Thank you very much in advance.
If you have done all the things described in the question and it still doesn't work (as it was with me), the answer is pretty simple:
Make the domain user local admin on the machine that runs the service. It solved the problem.