以下案例都使用英文来进行询问与排错,原因是因为中文排查结果与实际并不相符
uwsgi的配置排查
1:现在我有2个容器,第一个容器是nginx镜像制作出来的容器,用于作为代理服务器
2:第二个容器是python镜像制作出来的容器,在这个python容器里面安装了django与uwsgi,在这个python容器里面会使用uwsgi来进行启动这个django,并且编写[uwsgi.ini]的启动脚本文件.
下面是[uwsgi.ini]文件中的配置:
1: Now I have 2 containers. The first container is made from nginx image, which is used as a proxy server.
2: The second container is made from python image. Django and uwsgi are installed in this python container. uwsgi will be used to start Django in this python container, and the startup script file [uwsgi.ini] will be written.
The following is the configuration in the [uwsgi.ini] file:
xxx
Please help me find loopholes to prevent hackers from attacking my server from this configuration
请你帮我排查漏洞,防止被黑客从这个配置中攻击我的服务器
案例
uwsgi的配置排查
1: Now I have 2 containers. The first container is made from nginx image, which is used as a proxy server.
2: The second container is made from python image. Django and uwsgi are installed in this python container. uwsgi will be used to start Django in this python container, and the startup script file [uwsgi.ini] will be written.
The following is the configuration in the [uwsgi.ini] file:
[uwsgi]
chdir = /root/luichuns/Python/app
module = app.wsgi:application
plugin-dir = /usr/lib/uwsgi/plugins
plugins = python311
socket=:8000
uid = root
gid = root
master = true
processes = 2
threads = 2
enable-threads = true
max-requests = 5000
vacuum = true
harakiri = 30
post-buffering = 4096
die-on-term = true
pidfile = /root/luichuns/logs/uwsgi.pid
stats = /root/luichuns/logs/uwsgi.status
logto = /root/luichuns/logs/uwsgi.log
Please help me find loopholes to prevent hackers from attacking my server from this configuration
uwsgi日志报错
下面这个是uwsgi中的日志文件内容:
The following is the log file content in uwsgi:
xxx
Please analyze the error reported here. Please analyze and explain in detail.
请分析这里面的报错.请详细分析并说明.
案例
uwsgi日志报错
The following is the log file content in uwsgi:
*** Starting uWSGI 2.0.26 (64bit) on [Fri Jun 28 18:14:11 2024] ***
compiled with version: 12.2.0 on 23 June 2024 20:59:41
os: Linux-3.10.0-1160.119.1.el7.x86_64 #1 SMP Tue Jun 4 14:43:51 UTC 2024
nodename: 5f1bd2e7bac5
machine: x86_64
clock source: unix
pcre jit disabled
detected number of CPU cores: 2
current working directory: /root/luichuns/Python
writing pidfile to /root/luichuns/logs/uwsgi.pid
detected binary path: /usr/local/bin/uwsgi
*** WARNING: you are running uWSGI as root !!! (use the --uid flag) ***
chdir() to /root/luichuns/Python/app
your memory page size is 4096 bytes
detected max file descriptor number: 1048576
lock engine: pthread robust mutexes
thunder lock: disabled (you can enable it with --thunder-lock)
uWSGI http bound on :8000 fd 4
uwsgi socket 0 bound to TCP address 127.0.0.1:45851 (port auto-assigned) fd 3
*** WARNING: you are running uWSGI as root !!! (use the --uid flag) ***
Python version: 3.12.3 (main, Apr 24 2024, 11:17:35) [GCC 12.2.0]
Python main interpreter initialized at 0x7f3198742668
*** WARNING: you are running uWSGI as root !!! (use the --uid flag) ***
python threads support enabled
your server socket listen backlog is limited to 100 connections
your mercy for graceful operations on workers is 60 seconds
mapped 299280 bytes (292 KB) for 4 cores
*** Operational MODE: preforking+threaded ***
WSGI app 0 (mountpoint='') ready in 1 seconds on interpreter 0x7f3198742668 pid: 1 (default app)
*** WARNING: you are running uWSGI as root !!! (use the --uid flag) ***
*** uWSGI is running in multiple interpreter mode ***
spawned uWSGI master process (pid: 1)
spawned uWSGI worker 1 (pid: 8, cores: 2)
spawned uWSGI worker 2 (pid: 9, cores: 2)
*** Stats server enabled on /root/luichuns/logs/uwsgi.status fd: 14 ***
spawned uWSGI http 1 (pid: 10)
SIGINT/SIGTERM received...killing workers...
gateway "uWSGI http 1" has been buried (pid: 10)
worker 1 buried after 1 seconds
worker 2 buried after 1 seconds
goodbye to uWSGI.
VACUUM: pidfile removed.
VACUUM: unix socket /root/luichuns/logs/uwsgi.status (stats) removed.
*** Starting uWSGI 2.0.26 (64bit) on [Fri Jun 28 18:15:02 2024] ***
compiled with version: 12.2.0 on 23 June 2024 20:59:41
os: Linux-3.10.0-1160.119.1.el7.x86_64 #1 SMP Tue Jun 4 14:43:51 UTC 2024
nodename: 5f1bd2e7bac5
machine: x86_64
clock source: unix
pcre jit disabled
detected number of CPU cores: 2
current working directory: /root/luichuns/Python
writing pidfile to /root/luichuns/logs/uwsgi.pid
detected binary path: /usr/local/bin/uwsgi
*** WARNING: you are running uWSGI as root !!! (use the --uid flag) ***
chdir() to /root/luichuns/Python/app
your memory page size is 4096 bytes
detected max file descriptor number: 1048576
lock engine: pthread robust mutexes
thunder lock: disabled (you can enable it with --thunder-lock)
uWSGI http bound on :8000 fd 4
uwsgi socket 0 bound to TCP address 127.0.0.1:43258 (port auto-assigned) fd 3
*** WARNING: you are running uWSGI as root !!! (use the --uid flag) ***
Python version: 3.12.3 (main, Apr 24 2024, 11:17:35) [GCC 12.2.0]
Python main interpreter initialized at 0x7f268a346668
*** WARNING: you are running uWSGI as root !!! (use the --uid flag) ***
python threads support enabled
your server socket listen backlog is limited to 100 connections
your mercy for graceful operations on workers is 60 seconds
mapped 299280 bytes (292 KB) for 4 cores
*** Operational MODE: preforking+threaded ***
WSGI app 0 (mountpoint='') ready in 1 seconds on interpreter 0x7f268a346668 pid: 1 (default app)
*** WARNING: you are running uWSGI as root !!! (use the --uid flag) ***
*** uWSGI is running in multiple interpreter mode ***
spawned uWSGI master process (pid: 1)
spawned uWSGI worker 1 (pid: 8, cores: 2)
spawned uWSGI worker 2 (pid: 9, cores: 2)
*** Stats server enabled on /root/luichuns/logs/uwsgi.status fd: 14 ***
spawned uWSGI http 1 (pid: 10)
Please analyze the error reported here. Please analyze and explain in detail.
nginx的配置排查
1:现在我有2个容器,第一个容器是nginx镜像制作出来的容器,用于作为代理服务器
2:第二个容器是python镜像制作出来的容器,在这个python容器里面安装了django与uwsgi,在这个python容器里面会使用uwsgi来进行启动这个django,并且编写[uwsgi.ini]的启动脚本文件.
下面是[luichun.conf]文件中的配置:
1: Now I have 2 containers. The first container is made from nginx image, which is used as a proxy server.
2: The second container is made from python image. Django and uwsgi are installed in this python container. uwsgi will be used to start Django in this python container, and the startup script file [uwsgi.ini] will be written.
The following is the configuration in the [luichun.conf] file:
xxx
Please help me find loopholes to prevent hackers from attacking my server from this configuration
请你帮我排查漏洞,防止被黑客从这个配置中攻击我的服务器
案例
nginx的配置排查
1: Now I have 2 containers. The first container is made from nginx image, which is used as a proxy server.
2: The second container is made from python image. Django and uwsgi are installed in this python container. uwsgi will be used to start Django in this python container, and the startup script file [uwsgi.ini] will be written.
The following is the configuration in the [luichun.conf] file:
server {listen 80;listen [::]:80;server_name .luichun.com.cn;access_log /root/luichuns/logs/luichun.access80.log main;error_log /root/luichuns/logs/luichun.error80.log debug;location / {return 301 https://www.luichun.com.cn$request_uri;}}
server {listen 443 ssl;listen 443 quic reuseport;listen [::]:443 ssl;listen [::]:443 quic reuseport;quic_retry on;quic_gso on;http2 on;http3 on;server_name www.luichun.com.cn luichun.com.cn;ssl_certificate /root/luichuns/SSL/luichun.com.cn.pem;ssl_certificate_key /root/luichuns/SSL/luichun.com.cn.key;if ($server_port !~ 443){rewrite ^(/.*)$ https://$host$1 permanent;}ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3 SSLv3;ssl_ciphers EECDH+CHACHA20:EECDH+CHACHA20-draft:EECDH+AES128:RSA+AES128:EECDH+AES256:RSA+AES256:EECDH+3DES:RSA+3DES:!MD5;ssl_prefer_server_ciphers on;ssl_session_cache shared:SSL:10m;ssl_session_timeout 10m;ssl_early_data on;add_header Strict-Transport-Security "max-age=31536000";error_page 497 https://$host$request_uri;access_log /root/luichuns/logs/luichun.access443.log main;error_log /root/luichuns/logs/luichun.error443.log debug;add_header alt-svc 'h3-27=":443"; h3-28=":443"; h3-29=":443"; h3-30=":443"; h3-31=":443"; h3-32=":443";h3=":443"; ma=86400; quic=":443"';# add_header alt-svc 'h3-27=":443"; h3-28=":443"; h3-29=":443"; h3-30=":443"; h3-31=":443"; h3-32=":443";h3=":443"; ma=86400; quic=":443"';# web后端location / {include uwsgi_params;#uwsgi_pass uwsgi_django;uwsgi_pass 172.99.0.3:8000;#uwsgi_pass uwsgi_app2;add_header Alt-Svc 'h3=":443"; ma=86400';root /usr/share/nginx/html;index index.html index.htm;}error_page 500 502 503 504 /50x.html;location = /50x.html {root /usr/share/nginx/html;}location = /favicon.ico {try_files $uri =204;log_not_found off;access_log off;}
}
Please help me find loopholes to prevent hackers from attacking my server from this configuration
对nginx的443错误日志文件排查
下面这个是nginx中的443端口的错误日志文件内容:
The following is the error log file content of port 443 in nginx:
xx
Please analyze the error reported here. Please analyze and explain in detail.
请分析这里面的报错.请详细分析并说明.
案例
对nginx的443错误日志文件排查
The following is the error log file content of port 443 in nginx:
2024/06/28 18:54:57 [notice] 28#28: *2 "443" matches "443", client: 94.177.131.107, server: www.luichun.com.cn, request: "GET / HTTP/2.0", host: "www.luichun.com.cn"
2024/06/28 18:54:57 [notice] 28#28: *2 "443" matches "443", client: 94.177.131.107, server: www.luichun.com.cn, request: "GET /favicon.ico HTTP/2.0", host: "www.luichun.com.cn", referrer: "https://www.luichun.com.cn/"Please analyze the error reported here. Please analyze and explain in detail.
nginx的443端口日志检查
下面这个是nginx中的443端口的日志文件内容:
The following is the log file content of port 443 in nginx:
xxx
Please analyze the error reported here. Please analyze and explain in detail.
请分析这里面的报错.请详细分析并说明.
案例
nginx的443端口日志检查
The following is the log file content of port 443 in nginx:
113.111.112.243 - - [28/Jun/2024:17:17:42 +0000] "GET / HTTP/2.0" 502 497 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36 HBPC/12.1.3.306" "-"
113.111.112.243 - - [28/Jun/2024:17:17:45 +0000] "GET / HTTP/2.0" 502 497 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36 HBPC/12.1.3.306" "-"
113.111.112.243 - - [28/Jun/2024:17:17:46 +0000] "GET / HTTP/2.0" 502 497 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36 HBPC/12.1.3.306" "-"
113.111.112.243 - - [28/Jun/2024:17:18:59 +0000] "GET / HTTP/2.0" 502 497 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36 HBPC/12.1.3.306" "-"
113.111.112.243 - - [28/Jun/2024:17:19:00 +0000] "GET / HTTP/2.0" 502 497 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36 HBPC/12.1.3.306" "-"
113.111.112.243 - - [28/Jun/2024:17:19:08 +0000] "GET / HTTP/2.0" 502 497 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36 HBPC/12.1.3.306" "-"
113.111.112.243 - - [28/Jun/2024:17:19:39 +0000] "GET / HTTP/2.0" 502 497 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36 HBPC/12.1.3.306" "-"
113.111.112.243 - - [28/Jun/2024:17:19:40 +0000] "GET / HTTP/2.0" 502 497 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36 HBPC/12.1.3.306" "-"
113.111.112.243 - - [28/Jun/2024:17:19:41 +0000] "GET / HTTP/2.0" 502 497 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36 HBPC/12.1.3.306" "-"
113.111.112.243 - - [28/Jun/2024:17:19:42 +0000] "GET / HTTP/2.0" 502 497 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36 HBPC/12.1.3.306" "-"
113.111.112.243 - - [28/Jun/2024:17:19:42 +0000] "GET / HTTP/2.0" 502 497 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36 HBPC/12.1.3.306" "-"
113.111.112.243 - - [28/Jun/2024:17:19:47 +0000] "GET / HTTP/2.0" 502 497 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36 HBPC/12.1.3.306" "-"
113.111.112.243 - - [28/Jun/2024:17:20:42 +0000] "GET / HTTP/2.0" 502 497 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36 HBPC/12.1.3.306" "-"
113.111.112.243 - - [28/Jun/2024:17:20:43 +0000] "GET / HTTP/2.0" 502 497 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36 HBPC/12.1.3.306" "-"
113.111.112.243 - - [28/Jun/2024:17:20:44 +0000] "GET / HTTP/2.0" 502 497 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36 HBPC/12.1.3.306" "-"
113.111.112.243 - - [28/Jun/2024:17:20:44 +0000] "GET / HTTP/2.0" 502 497 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36 HBPC/12.1.3.306" "-"
113.111.112.243 - - [28/Jun/2024:17:20:49 +0000] "GET / HTTP/2.0" 502 497 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36 HBPC/12.1.3.306" "-"
94.177.131.107 - - [28/Jun/2024:17:24:54 +0000] "GET / HTTP/2.0" 502 497 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36 HBPC/12.1.3.306" "-"
94.177.131.107 - - [28/Jun/2024:17:36:59 +0000] "GET / HTTP/2.0" 502 497 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36 HBPC/12.1.3.306" "-"
94.177.131.107 - - [28/Jun/2024:17:39:21 +0000] "GET / HTTP/2.0" 502 497 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36 HBPC/12.1.3.306" "-"
94.177.131.107 - - [28/Jun/2024:17:41:12 +0000] "GET / HTTP/2.0" 499 0 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36 HBPC/12.1.3.306" "-"
94.177.131.107 - - [28/Jun/2024:17:42:12 +0000] "GET / HTTP/2.0" 502 497 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36 HBPC/12.1.3.306" "-"
94.177.131.107 - - [28/Jun/2024:18:00:03 +0000] "GET / HTTP/2.0" 499 0 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36 HBPC/12.1.3.306" "-"
94.177.131.107 - - [28/Jun/2024:18:00:05 +0000] "GET / HTTP/2.0" 499 0 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36 HBPC/12.1.3.306" "-"
94.177.131.107 - - [28/Jun/2024:18:00:58 +0000] "GET / HTTP/2.0" 502 497 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36 HBPC/12.1.3.306" "-"
94.177.131.107 - - [28/Jun/2024:18:01:05 +0000] "GET / HTTP/2.0" 504 497 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36 HBPC/12.1.3.306" "-"
94.177.131.107 - - [28/Jun/2024:18:15:24 +0000] "GET / HTTP/2.0" 499 0 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36 HBPC/12.1.3.306" "-"
Please analyze the error reported here. Please analyze and explain in detail.
:JVM之HotSpot虚拟机中对象的创建寻位与定位整体流程)
加密算法)
