Thursday, January 3, 2019

Java jdb Error: "ERROR: transport error 202: getaddrinfo: unknown host"

I was trying to debug a java program on the command line using the Java jdb debugger when I was faced with a "transport error 202: getaddrinfo: unknown host" error:
$ jdb MyProg
Initializing jdb ...
> run
run MyProg
VM start exception: VM initialization failed for: /Library/Java/JavaVirtualMachines/jdk-11.0.1.jdk/Contents/Home/bin/java -Xdebug -Xrunjdwp:transport=dt_socket,address=mycomputername.local:58341,suspend=y MyProg

ERROR: transport error 202: getaddrinfo: unknown host
ERROR: JDWP Transport dt_socket failed to initialize, TRANSPORT_INIT(510)
JDWP exit error AGENT_ERROR_TRANSPORT_INIT(197): No transports initialized [:732]

Fatal error:
Target VM failed to initialize.
The jdb documentation has this to say:
C:\> jdb MyClass
When started this way, jdb invokes a second Java VM with any specified parameters, loads the specified class, and stops the VM before executing that class's first instruction.
We can see the exact command jdb used do run this second Java VM in the error output above:
java -Xdebug -Xrunjdwp:transport=dt_socket,address=mycomputername.local:58341,suspend=y MyProg
The problem seemed to occur when jdb was trying to resolve the host name "mycomputername.local".
getaddrinfo: unknown host
Adding the host mycomputername.local to my Mac /etc/hosts did the trick.

/etc/hosts:

127.0.0.1    localhost
127.0.0.1    mycomputername.local
After that change jdb was able to run the class without any issues.
$ jdb MyProg
Initializing jdb ...
> run
run MyProg
Set uncaught java.lang.Throwable
Set deferred uncaught java.lang.Throwable
>
VM Started: 

Hello World

The application exited

References

jdb - The Java Debugger
https://docs.oracle.com/javase/7/docs/technotes/tools/windows/jdb.html
JDWP - Java Debug Wire Protocol
https://docs.oracle.com/javase/8/docs/technotes/guides/troubleshoot/introclientissues005.html
getaddrinfo
http://man7.org/linux/man-pages/man3/getaddrinfo.3.html

Tuesday, December 8, 2015

Block WordPress XML-RPC Requests Using Apache .htaccess

I recently noticed an increase in unauthorized attempts to access the /xmlrpc.php endpoint of the company WordPress blog. Although the attempts seem to have been unsuccessful, we did decide to limit access to the endpoint to requests originating from the company networks and VPN nodes. The following are some steps you can take if you are facing a similar situation.

Edit the blog .htaccess file:

vi /var/www/html/style-blog/style-blog/.htaccess

Add or update the following:

# Block WordPress xmlrpc.php requests
<Files xmlrpc.php>
order deny,allow
deny from all
allow from 50.111.111.111
allow from 127.0.0.1
</Files>

This blocks access to xmlrpc.php from all hosts except localhost and 50.111.111.111 (the fictitious IP address for the San Francisco Office).

To grant access to a host, simply white-list the host's IP address using the `allow from` directive. The Apache daemon may have to be restarted for the changes to take effect:

sudo /etc/init.d/httpd restart

To test whether it works access http://blog.mycompany.com/xmlrpc.php . The following cURL command can be used to check XML-RPC access is:

curl http://blog.mycompany.com/xmlrpc.php

You should see the following message accessed from a machine whose public IP address is white-listed:

"XML-RPC server accepts POST requests only."

You should see the following output when accessed from a machine whose public IP address is NOT white-listed:

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>403 Forbidden</title>
</head><body>
<h1>Forbidden</h1>
<p>You don't have permission to access /xmlrpc.php
on this server.</p>
<hr>
<address>Apache/2.2.31 (Amazon) Server at blog.weddingtonway.com Port 80</address>
</body></html>

Thursday, November 5, 2015

Creating and Verifying MD5 Checksums

Creating MD5 Checksums

The md5sum command found on most Unix/Linux operating systems can be used to create MD5 checksums for files or to verify the integrity of files if the MD5 checksums for those files are already available.

Let us suppose you want to create an MD5 checksum file containing the checksums for the binary files my_disk_image-1.iso, my_disk_image-2.iso and my_disk_image-3.iso. You can accomplish this by passing the three files as arguments to the md5sum command and redirecting the output to a text file:

$ md5sum -b my_disk_image-1.iso my_disk_image-2.iso my_disk_image-3.iso > MD5SUM

The "-b" option instructs the md5sum command to treat each file as a binary file. If you are working text with files, you can use the "-t" option. The generated checksum file "MD5SUM" will look similar to the following:

302d1a8fa7e13871d9909947eb23935d *my_disk_image-1.iso
2f5be4a2fe3d80b134aba6c6023eca57 *my_disk_image-2.iso
52237af3336321e0b03586055b8e5d78 *my_disk_image-3.iso

The first 32 characters of each line is the MD5 checksum for the file mentioned on that line. The asterisk that precedes the file name indicates that the file is a binary file.

Directories and Subdirectories

The following command can be used to compute checksums for file in a given directory and it's sub-directories.

find /path/to/the/directory -type f -print0 | xargs -0 md5sum > MD5SUM

This command creates a file called "md5sums" containing the MD5 checksum for all the files in /usr/share/man and its sub-directories.

find /usr/share/man -type f -print0 | xargs -0 md5sum -b > md5sums

As you can see the by the path names, the command has created MD5 hashes for files residing at various levels of the directory tree.

...
3710f7bc99303ceb90a1ae1e75361913 */usr/share/man/fr/man7/backend.7.gz
f3f6fb8a04b9e78971d875ed8645f848 */usr/share/man/fr/man7/filter.7.gz
9caaf4f56d9f2a72ce9fe977c703475c */usr/share/man/man5/sane-dc210.5.gz
f170bb97e4fc6b919426cfecc2ef583b */usr/share/man/man5/faillog.5.gz
...

Verifying a File's Integrity Using it's MD5 Checksum

To generate the MD5 checksum for a file you can do the following:

$ md5sum -b my_disk_image-1.iso
e36e064cf65e4dc62ea279dc860c8f9a *my_disk_image-1.iso

Checking each of the 32 characters of the checksum against the original is tedious. If you already have the original MD5 checksum file, you can perform the following:

$ cat MDSUM
302d1a8fa7e13871d9909947eb23935d *my_disk_image-1.iso
2f5be4a2fe3d80b134aba6c6023eca57 *my_disk_image-2.iso
52237af3336321e0b03586055b8e5d78 *my_disk_image-3.iso
$ ls my*.iso
my_disk_image-1.iso  my_disk_image-2.iso my_disk_image-3.iso
$ md5sum -c MD5SUM 
my_disk_image-1.iso: OK
my_disk_image-2.iso: OK
my_disk_image-3.iso: OK

Here are some status messages you may see:

OK                   - MD5 checksums matched.
FAILED               - Generally means the MD5 checksums did not match.
FAILED open or read  - The file could not be read or is missing.

When Checksums Fail

Here is a case where validating the checksums failed:

my_disk_image-1.iso: OK
my_disk_image-2.iso: FAILED
md5sum: my_disk_image-3.iso: No such file or directory
my_disk_image-3.iso: FAILED open or read
md5sum: WARNING: 1 of 3 listed files could not be read
md5sum: WARNING: 1 of 2 computed checksums did NOT match

In the above scenario:

  • my_disk_image-1.iso was identical to the original.
  • my_disk_image-2.iso was different from the original.
  • my_disk_image-3.iso was missing from the directory.

Beyond MD5

The sha1sum (that is a "one", not lowercase "L") command can be used to create a SHA-1 Checksum. The sha225sum, sha256su, sha384sum, and sha512sum commands compute the 224, 256, 384, and 512 bit (respectively) SHA-2 hashes. The usage and options of these commands are the same as for the m5sum command.

Links

MD5
http://en.wikipedia.org/wiki/MD5
checksum
http://en.wikipedia.org/wiki/Checksum
md5sum
http://en.wikipedia.org/wiki/Md5sum

Tuesday, June 9, 2015

Using Peddler to Access Amazon Marketplace Web Service (MWS)

Peddler is a Ruby Gem that can be used to access Amazon Marketplace Web Service (Amazon MWS) from Ruby. The following are some Ruby snippets that can be used to write a Ruby script that accesses MWS or to make ad-hoc queries against MWS from within IRb (Interactive Ruby.

Install Peddler Gem:

gem install peddler
Successfully installed excon-0.45.3
Successfully installed jeff-1.3.0
Successfully installed peddler-0.16.0

You may have to use sudo, depending on how you installed RubyGems.

Setup the Peddler client instance:

require 'peddler'

# Setup client
client = MWS::Orders::Client.new({
  :primary_marketplace_id => "ATVPD00000000",                             # Marketplace ID
  :merchant_id            => "A1UX7000000000",                            # Seller ID
  :aws_access_key_id      => "AKIAJ000000000000000",                      # AWS Access Key ID
  :aws_secret_access_key  => "fT+tcCTUBUsd7w00000000000000000000000000"   # Secret Key
})

# Setup error callback. This helps debugging Amazon API error messages.
client.on_error{|req,resp| puts resp.body }

# Get API Status
puts client.get_service_status

The following are some of the ways you can query MWS orders:

# Retrieve orders. CreatedAfter or LastUpdatedAfter must be specified.
# - created_after
# - created_before
# - last_updated_after
# - last_updated_before
# - order_status  (Unshipped, Shipped, Canceled)

resp1 = client.list_orders(:created_after => '2015-05-01')
puts resp1.body

resp2 = client.list_orders(:created_after => '2015-05-01', :order_status => ['Unshipped', 'PartiallyShipped'])
puts resp2.body

resp3 = client.list_orders(:created_after => '2015-05-01', :order_status => ['Shipped'])
puts resp3.body

These are some documentation pages that were helpful when investigating Peddler:

Peddler
https://github.com/hakanensari/peddler
Peddler API Docs
MWS::Orders::Client
MWS::Orders::Client#list_orders
Amazon API Docs
List Orders

Friday, October 24, 2014

Images in Active Admin Index pages.

An example of how images can be embedded in Active Admin index pages in a Ruby on Rails application:
ActiveAdmin.register ColorGroup do
  index :download_links => [:csv] do
    selectable_column
    column(:id) { |it| auto_link it, it.id }
    column(:name) { |it| auto_link it, it.name }
    column(:slug) { |it| auto_link it, it.slug }
    column(:family) { |it| auto_link it.color_family, it.color_family.name if it.color_family.present? }
    column :asset_url
    column :order
    column :image do |it|
      if it.nil?
        "N/A"
      else
        # Use image_tag here...
        link_to sanitize("<img src=\"#{it.asset_url}\" class=\"cgs-img\" width=\"101\" height=\"24\" />"), it.asset_url
      end
    end
    actions
  end
end

Monday, October 13, 2014

Block IP Addresses Using iptables

This post describes the steps to block the IP address that is the origin of a brute-force attack against a WordPress blog.

WARNING!

Make sure you DO NOT block your own IP addresses, or apply and global rules which would block the SSH port (port 22).

Identify IP Addresses to Block (Blog Server)

Tail the blog server apache logs:

sudo tail -f /var/log/httpd/access_log
199.188.70.163 - - [12/Oct/2014:16:29:03 +0000] "POST /wp-login.php HTTP/1.0" 200 4432 "-" "-"
37.59.125.22 - - [12/Oct/2014:16:29:03 +0000] "POST /wp-login.php HTTP/1.0" 200 4432 "-" "-"
199.188.70.163 - - [12/Oct/2014:16:29:04 +0000] "POST /wp-login.php HTTP/1.0" 200 4432 "-" "-"
37.59.125.22 - - [12/Oct/2014:16:29:05 +0000] "POST /wp-login.php HTTP/1.0" 200 4432 "-" "-"
37.59.125.22 - - [12/Oct/2014:16:29:05 +0000] "POST /wp-login.php HTTP/1.0" 200 4432 "-" "-"

This shows two ip addresses, 199.188.70.163 and 37.59.125.22 attempting to brute-force the blog's Word Press login page:

It is worth checking the Apache error log:

sudo tail -f  /var/log/httpd/access_log

Blocking IP Addresses Using iptables

List existing iptables rules:

# List iptables rules
sudo iptables -S
-P INPUT ACCEPT
-P FORWARD ACCEPT
-P OUTPUT ACCEPT

The output of the -S switch can be used to re-create the given rule from the command line or a rule script. To block a single IP addresses 199.188.70.163 and 37.59.125.22 do the following:

sudo iptables -A INPUT -s 199.188.70.163 -j DROP
sudo iptables -A INPUT -s 37.59.125.22 -j DROP

Listing the iptables rules once more should show the DROP rules that were added in the previous step:

# List iptables rules
sudo iptables -S
-P INPUT ACCEPT
-P FORWARD ACCEPT
-P OUTPUT ACCEPT
-A INPUT -s 199.188.70.163 -j DROP
-A INPUT -s 37.59.125.22 -j DROP

The two rules that were added have not taken effect yet. To save them do the following:

# Save the iptables rules
sudo /etc/init.d/iptables save

NOTE: The /sbin/service command is available on the blog server, so you can use that to save iptables rules:

sudo /sbin/service iptables save
The service command runs /etc/init.d/ scripts without passing on environment variables defined by the user.

When successfully saved, it should display a message such as:

iptables: Saving firewall rules to /etc/sysconfig/iptables:[  OK  ]

Removing iptables Rules

List iptables Rules:

sudo iptables -S
-P INPUT ACCEPT
-P FORWARD ACCEPT
-P OUTPUT ACCEPT
-A INPUT -s 199.188.70.0/24 -j DROP
-A INPUT -s 37.59.125.0/24 -j DROP

The following lists the form in a more readable form:

# List rules with line number in verbose mode
sudo iptables -L -n -v --line-numbers

In the following output the "num" column represents the line number within each Chain (INPUT, FORWARD, and OUTPUT). This number will be will be used to remove the rules.

Chain INPUT (policy ACCEPT 31267 packets, 2159K bytes)
num   pkts bytes target     prot opt in     out     source               destination
1      206 12472 DROP       all  --  *      *       199.188.70.0/24      0.0.0.0/0
2      313 20047 DROP       all  --  *      *       37.59.125.0/24       0.0.0.0/0

Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
num   pkts bytes target     prot opt in     out     source               destination

Chain OUTPUT (policy ACCEPT 14419 packets, 75M bytes)
num   pkts bytes target     prot opt in     out     source               destination

Look at the number on the left in the "num" column, then use number to delete the rule. For example delete line number 2 (subnet 37.59.125.0/24), enter:

sudo iptables -D INPUT 2

This will not take effect until it the rule is saved:

# Save the iptables rules
sudo /etc/init.d/iptables save

Identify Other IP Addresses Performing Similar Attacks

Use the following command to identify IP addresses making large number of login attempts the WordPress blog:

# IP addresses making POST request to the WordPress login page
grep wp-login /var/log/httpd/access_log | grep POST | awk '{print $1}'| sort | uniq -c | sort -nr
  20154 199.188.70.163
  14105 194.65.224.242
   3732 37.59.125.22
     40 37.1.222.114
     25 192.187.99.194

Make sure that you EXCLUDE remove your own IP addresses and other legitimate IP addresses from the above list before blocking them. In this case we should probably block the first three ( 20154 199.188.70.163, 194.65.224.242, and 37.59.125.22) and not the last two (37.1.222.114 and 192.187.99.194).

You may want to use an IP address lookup tool such as MaxMind GeoIP Lookup to see where the IP address is located:

Finding Your Public IP Address on the Command Line

The following is a Bash command that can be used to quickly find the public IP address your internet service provider (ISP) has given you. This is not the same as the IP address seen by your broadband router, which is usually an private IP address within the ISPs network, or the IP address given to your computer, which is a private IP address issued by my home router.

This command simply makes a "what is my ip" query to Google, which in turn displays the IP address it sees the request originating from. The awk command parses the IP address from the rest of the HTML and prints it to the command line.

curl -s 'https://www.google.com/search?q=what+is+my+ip' | awk 'match($0, /\(Client.*: (.*)\)/){print substr($0, RSTART, RLENGTH)}'
(Client IP address: 50.x.x.x)

Saturday, May 18, 2013

Using Gnuplot in Bash Shell Scripts

This is an example of how Gnuplot scripts can be embedded within Bash scripts using Bash Here Documents (heredocs):

#!/bin/bash

filename="log/load_me.log.1368725550"

awk '/for 10000000/ {c+=1; if(c > 46){n+=1; printf "%s\t%s\n", n, $2} }' $filename > log/values.dat

window_size=50
ruby running_average.rb log/values.dat $window_size > log/averages.dat

gnuplot -p <<EOSCRIPT

set title 'Time to Insert Relationships in Batches of 10M in Neo4j batch-import'
set xlabel 'Batches of 10M Rels on `date "+%Y-%m-%d at %H:%M:%S %Z"`'
set ylabel 'Time Taken (s)'
set grid

# Draw trend line
f(x) = a*x**3 + b*x**2 + c*x + d

set fit quiet
fit f(x) 'log/values.dat' using 1:(\$2/1000) via a,b,c,d
unset fit

# Scale column No.2 by 1000 to turn ms in s.
plot 'log/values.dat' using 1:(\$2/1000) title 'Time to Insert Rels' with lines, f(x) title 'Fit', 'log/averages.dat' using 1:5 title "Average $window_size" with lines

pause -1 "\n\nHit return to continue\n\n"

EOSCRIPT

num_stats=`wc -l log/values.dat | awk '{print $1}'`

tail -$window_size log/values.dat | awk -v num_stats="$num_stats" '{n+=1; s+=$2}
END{
  avg=s/(n*1000);
  print "Average of last", n, "is", avg, "(s)";
  print "Num Rels Stats =", num_stats;
  print "Hours Remaining =", (3300-num_stats+46)*avg/3600;
  printf "Percentage complete = %.2f%%\n", (num_stats * 100 / 3300.0); 
}'

echo -e "Completed at `date`\n\n"

References

Gnuplot fit command
http://www.manpagez.com/info/gnuplot/gnuplot-4.6.0/gnuplot_263.php
Bash Here Documents
https://www.tldp.org/LDP/abs/html/here-docs.html
Wikipedia Here Document
https://en.wikipedia.org/wiki/Here_document