I've installed Yara successfully by following the instructions here: https://yara.readthedocs.io/en/v3.8.1/gettingstarted.html#compiling-and-installing-yara including doing ./configure --with-crypto and didn't see any error messages.
When I get to the "make check" step, I get the following two failures.
PASS: test-alignment
PASS: test-atoms
PASS: test-api
FAIL: test-rules
FAIL: test-pe
PASS: test-elf
PASS: test-version
PASS: test-bitmask
PASS: test-math
PASS: test-exception
Open SSL version: OpenSSL 1.0.2k-fips 26 Jan 2017
If I run phpmalwarefinder, I get
[ec2-user#ip-internal-ip php-malware-finder]$ ./phpmalwarefinder -v /var/www/html/mysite.org
./php.yar(1): error: unknown module "hash"
./whitelists/drupal.yar(10): error: invalid field name "sha1"
./whitelists/drupal.yar(8): error: can't open include file: whitelists/wordpress.yar
./whitelists/drupal.yar(9): error: can't open include file: whitelists/symfony.yar
./whitelists/drupal.yar(10): error: can't open include file: whitelists/phpmyadmin.yar
./whitelists/drupal.yar(11): error: can't open include file: whitelists/magento1ce.yar
./whitelists/drupal.yar(12): error: can't open include file: whitelists/magento2.yar
./whitelists/drupal.yar(13): error: can't open include file: whitelists/prestashop.yar
./whitelists/drupal.yar(14): error: can't open include file: whitelists/custom.yar
./whitelists/drupal.yar(21): error: invalid field name "sha1"
./whitelists/drupal.yar(63): error: invalid field name "sha1"
./whitelists/drupal.yar(76): error: invalid field name "sha1"
./whitelists/drupal.yar(85): error: invalid field name "sha1"
./whitelists/drupal.yar(99): error: invalid field name "sha1"
./whitelists/drupal.yar(110): error: invalid field name "sha1"
./whitelists/drupal.yar(116): error: undefined identifier "Symfony"
./whitelists/drupal.yar(95): warning: $pr contains .* or .+, consider using .{N} or .{1,N} with a reasonable value for N
I posted my instructions here
https://github.com/nbs-system/php-malware-finder/issues/94
Here is how I got it running,
and a small patch
git clone git#github.com:VirusTotal/yara.git
cd yara/
sudo yum install autoconf automake libtool openssl-devel.x86_64 flex bison
YACC=bison ./configure
make
setup finder
cd ..
git clone git#github.com:nbs-system/php-malware-finder.git
cd php-malware-finder/
~/GitHub/devops/yara/yara -r ./php-malware-finder/php.yar ~/GitHub/sourcetoscan/
Had to patch this (nocase was duplicate)
diff --git a/php-malware-finder/php.yar b/php-malware-finder/php.yar
index 6a93fe1..029aaf9 100644
--- a/php-malware-finder/php.yar
+++ b/php-malware-finder/php.yar
## -159,7 +159,7 ## rule DangerousPhp
$ = "suhosin.executor.func.blacklist" nocase
$ = "unregister_tick_function" fullword nocase
$ = "win32_create_service" fullword nocase
- $ = "xmlrpc_decode" fullword nocase nocase
+ $ = "xmlrpc_decode" fullword nocase
$ = /ob_start\s*\(\s*[^\)]/ //ob_start('assert'); echo $_REQUEST['pass']; ob_end_flush();
Related
Here is the error I'm getting when trying to deploy to Heroku using the most recent stack (20)
Gem::Ext::BuildError: ERROR: Failed to build gem native extension.
current directory:
/tmp/build_20bfe735/vendor/bundle/ruby/2.6.0/gems/prawn-gmagick-0.0.9/ext/image
/tmp/build_20bfe735/vendor/ruby-2.6.6/bin/ruby -I
/tmp/build_20bfe735/vendor/ruby-2.6.6/lib/ruby/2.6.0 -r
./siteconf20210328-11397-1gaqmyj.rb extconf.rb
creating Makefile
current directory:
/tmp/build_20bfe735/vendor/bundle/ruby/2.6.0/gems/prawn-gmagick-0.0.9/ext/image
make "DESTDIR=" clean
current directory:
/tmp/build_20bfe735/vendor/bundle/ruby/2.6.0/gems/prawn-gmagick-0.0.9/ext/image
make "DESTDIR="
compiling image.c
image.c:3:10: fatal error: wand/magick_wand.h: No such file or directory
3 | #include <wand/magick_wand.h>
| ^~~~~~~~~~~~~~~~~~~~
compilation terminated.
make: *** [Makefile:245: image.o] Error 1
make failed, exit code 2
Same error after I tried this buildpack with graphicsmagick
https://elements.heroku.com/buildpacks/bogini/heroku-buildpack-graphicsmagick
So, after playing a bit I made it work by adding 3 additional dependencies to the Aptfile in the example above
libgraphicsmagick++3
libgraphicsmagick++1-dev
libgraphicsmagick-q16-3
So the final Aptfile looks like this
debhelper
g++
gsfonts
libbz2-dev
libexif-dev
libfreetype6-dev
libice-dev
libjbig-dev
libjpeg-dev
liblcms2-dev
libltdl-dev
libpng-dev
libsm-dev
libtiff-dev
libwebp-dev
libwmf-dev
libx11-dev
libxext-dev
libxml2-dev
perl
sharutils
transfig
x11proto-core-dev
zlib1g-dev
libgraphicsmagick++3
libgraphicsmagick++1-dev
libgraphicsmagick-q16-3
And my buildpacks setup:
1. https://github.com/heroku/heroku-buildpack-apt
2. https://github.com/bogini/heroku-buildpack-graphicsmagick
3. heroku/ruby
Do you guys see any problem with any of those dependencies and setup?
I have followed the watchman official guide to clone watchman and followed the given commands
$ cd watchman
$ ./autogen.sh
$ ./configure
$ make
after $ make command its caused a error like following
CXX scm/watchman-Mercurial.o
scm/Mercurial.cpp: In constructor ‘watchman::Mercurial::infoCache::infoCache(std::string)’:
scm/Mercurial.cpp:16:40: error: ‘void* memset(void*, int, size_t)’ clearing an object of non-trivial type ‘struct watchman::FileInformation’; use assignment or value-initialization instead [-Werror=class-memaccess]
16 | memset(&dirstate, 0, sizeof(dirstate));
| ^
In file included from scm/Mercurial.h:10,
from scm/Mercurial.cpp:3:
./FileInformation.h:18:8: note: ‘struct watchman::FileInformation’ declared here
18 | struct FileInformation {
| ^~~~~~~~~~~~~~~
cc1plus: all warnings being treated as errors
make: *** [Makefile:4446: scm/watchman-Mercurial.o] Error 1
anybody know what is going on here
Adding these flags to configure (before make) did it for me:
./configure --without-python --without-pcre --enable-lenient
I'm trying to install mongodd using yaourt on archlinux which require the yaml-cpp lib to be installed.
The thing is, yaourt is unable to find a valid mirror to download from
error: failed retrieving file 'yaml-cpp-0.6.1-3-x86_64.pkg.tar.xz' from ftp.swin.edu.au : The requested URL returned error: 404
error: failed retrieving file 'yaml-cpp-0.6.1-3-x86_64.pkg.tar.xz' from ftp.acc.umu.se : The requested URL returned error: 404
error: failed retrieving file 'yaml-cpp-0.6.1-3-x86_64.pkg.tar.xz' from mirror.neuf.no : The requested URL returned error: 404
error: failed retrieving file 'yaml-cpp-0.6.1-3-x86_64.pkg.tar.xz' from mirrors.ustc.edu.cn : The requested URL returned error: 404
error: failed retrieving file 'yaml-cpp-0.6.1-3-x86_64.pkg.tar.xz' from mirror.23media.de : The requested URL returned error: 404
(4/4) checking keys in keyring [##############################] 100%
(4/4) checking package integrity [##############################] 100%
error: yaml-cpp: signature from "Levente Polyak (anthraxx) <levente#leventepolyak.net>" is invalid
I tried building the lib manually from source and putting it in /usr/lib but it doesn't work either.
What can I do here ?
Thanks
You must update your Arch Linux before installing any new package.
The following command are fine:
pacman -Syu followed by pacman -S yaml-cpp
pacman -Syu yaml-cpp
You must not do this (it may break your system):
pacman -Sy followed by pacman -S yaml-cpp
pacman -Sy yaml-cpp
I am trying to cross compile Apache for an ARM system using an Ubuntu 14.04 32-bit VM. I was able to get all of the required libraries built (PCRE, APR, APR-Util, Libtool) and the configure script will run fine. However, when I run the make command I receive the following errors. At this point I am completely lost as what to do to fix this.
util.c: In function ‘ap_parse_token_list_strict’:
util.c:1528:14: error: ‘T_HTTP_TOKEN_STOP’ undeclared (first use in this
function)
util.c:1528:14: note: each undeclared identifier is reported only once for
each function it appears in
util.c: In function ‘ap_scan_http_field_content’:
util.c:1602:14: error: ‘T_HTTP_CTRLS’ undeclared (first use in this
function)
util.c: In function ‘ap_scan_http_token’:
util.c:1612:14: error: ‘T_HTTP_TOKEN_STOP’ undeclared (first use in this
function)
util.c: In function ‘ap_scan_vchar_obstext’:
util.c:1622:13: error: ‘T_VCHAR_OBSTEXT’ undeclared (first use in this
function)
util.c: In function ‘ap_find_token’:
util.c:1683:22: error: ‘T_HTTP_TOKEN_STOP’ undeclared (first use in this
function)
util.c: In function ‘ap_escape_logitem’:
util.c:2092:13: error: ‘T_ESCAPE_LOGITEM’ undeclared (first use in this
function)
util.c: In function ‘ap_escape_errorlog_item’:
util.c:2162:13: error: ‘T_ESCAPE_LOGITEM’ undeclared (first use in this
function)
util.c: In function ‘ap_append_pid’:
util.c:2480:25: warning: format ‘%lld’ expects argument of type ‘long long
int’, but argument 5 has type ‘__pid_t’ [-Wformat]
make[2]: *** [util.lo] Error 1
Here is the script I am using to configure
#!/bin/sh
export PATH=$PATH
export ARCH=armv7l
export CROSS_COMPILE=arm-linux-gnueabi-
export CC=arm-linux-gnueabi-gcc
export LD=arm-linux-gnueabi-ld
export LD_LIBRARY=/home/kyle/httpd/srclib/expat/bin
export CXX=arm-linux-gnueabi-g++
export AR=arm-linux-gnueabi-ar
export CPP=arm-linux-gnueabi-cpp
export STRIP=arm-linux-gnueabi-strip
export CC_FOR_BUILD=i686-linux-gnu-gcc
./configure \
--host=arm-linux-gnueabi \
--target=arm-linux-gnueabi \
--prefix=/home/kyle/httpd \
--build=i686-cross-linux-gnu \
--with-apr=/home/kyle/httpd/srclib/apr \
--with-apr-util=/home/kyle/httpd/srclib/apr-util \
--with-pcre=/home/kyle/httpd/srclib/pcre \
--with-expat=/home/kyle/httpd/srclib/expat \
--disable-libtool-lock \
ac_cv_file__dev_zero=no \
ac_cv_func_setpgrp_void=no \
apr_cv_tcp_nodelay_with_cork=no \
ap_cv_void_ptr_lt_long=4 \
ac_cv_sizeof_struct_iovec=1
****EDIT: I believe I have found the solution****
The problem was I was copying over the gen_test_char from APR to get around the known bug with it, but this was not the same gen_test_char as in httpd/server. So a simple workaround is run the make command wait for it to fail because of the gen_test_char being in the wrong format, and then run
gcc gen_test_char.c -I"(where ever apr is)/apr/include" -o gen_test_char
After this run make again and everything should work.
export your toolchain path
export PATH=$PATH:/usr/local/linaro-aarch64-2017.08-gcc7.1/bin
---------------------------------------- Steps for pcre-8.43 ----------------------------------------
tar xvjf pcre-8.43.tar.bz2
cd pcre-8.43
./configure --prefix=/mnt/flash2/apache2_server --host=aarch64-linux-gnu CC=aarch64-linux-gnu-gcc AR=aarch64-linux-gnu-gcc-ar STRIP=aarch64-linux-gnu-strip RANLIB=aarch64-linux-gnu-ranlib
make
make install DESTDIR=/home/ahmcpu2176/Downloads/apache2_server
cd ..
---------------------------------------- Steps for libexpat-R_2_2_9 ----------------------------------------
tar xvzf libexpat-R_2_2_9.tar.gz
cd libexpat-R_2_2_9/expat
./buildconf.sh
./configure --prefix=/mnt/flash2/apache2_server --host=aarch64-linux-gnu CC=aarch64-linux-gnu-gcc AR=aarch64-linux-gnu-gcc-ar STRIP=aarch64-linux-gnu-strip RANLIB=aarch64-linux-gnu-ranlib
make
make install DESTDIR=/home/ahmcpu2176/Downloads/apache2_server
cd ../..
-------------------------- Steps for httpd-2.4.23(apache2 with apr, apr-util, pcre) --------------------------
Download apr-1.5.0 and apr-util-1.6.1 library and extract compressed file into
httpd-2.4.23/srclib
tar xvzf httpd-2.4.23.tar.gz
tar xvzf apr-1.5.0.tar.gz
tar xvjf apr-util-1.6.1.tar.bz2
mv apr-1.5.0 httpd-2.4.23/srclib/apr
mv apr-util-1.6.1 httpd-2.4.23/srclib/apr-util
cd httpd-2.4.23
./configure --prefix=/mnt/flash2/apache2_server --target=aarch64-linux-gnu --host=aarch64-linux-gnu CC=aarch64-linux-gnu-gcc CPP=aarch64-linux-gnu-cpp CXX=aarch64-linux-gnu-c++ AR=aarch64-linux-gnu-gcc-ar STRIP=aarch64-linux-gnu-strip RANLIB=aarch64-linux-gnu-ranlib --with-included-apr --with-pcre=/home/ahmcpu2176/Downloads/pcre-8.43/pcre-config --with-expat=/home/ahmcpu2176/Downloads/apache2_server/mnt/flash2/apache2_server ac_cv_func_setpgrp_void="no" ap_cv_void_ptr_lt_long=4 ac_cv_file__dev_zero="yes" ac_cv_func_setpgrp_void="yes" apr_cv_process_shared_works="yes" apr_cv_mutex_robust_shared="no" apr_cv_tcp_nodelay_with_cork="yes" ac_cv_sizeof_struct_iovec="8" apr_cv_mutex_recursive="yes" --enable-mpms-shared=all --with-mpm=event
make
-------If following error -------
/bin/bash: tools/gen_test_char: cannot execute binary file: Exec format error
Makefile:137: recipe for target 'include/private/apr_escape_test_char.h' failed
make[1]: * [include/private/apr_escape_test_char.h] Error 126
make[1]: Leaving directory '/home/ahmcpu2176/Downloads/apr-1.5.0'
/home/ahmcpu2176/Downloads/apr-1.5.0/build/apr_rules.mk:118: recipe for target 'all-recursive' failed
make: * [all-recursive] Error 1
--------Solution-------
cd srclib/apr/tools
gcc -Wall -O2 -DCROSS_COMPILE gen_test_char.c -s -o gen_test_char
cd ../../..
make
---------If following kind of error --------
/home/ahmcpu2176/Downloads/httpd-2.4.23/srclib/apr/libtool --silent --mode=link aarch64-linux-gnu-gcc -g -O2 -L/home/ahmcpu2176/Downloads/apache2_server/mnt/flash2/apache2_server/lib -o gen_test_char -L/home/ahmcpu2176/Downloads/apache2_server/mnt/flash2/apache2_server/lib gen_test_char.lo
./gen_test_char > test_char.h
/bin/bash: ./gen_test_char: cannot execute binary file: Exec format error
Makefile:36: recipe for target 'test_char.h' failed
make[2]: * [test_char.h] Error 126
make[2]: Leaving directory '/home/ahmcpu2176/Downloads/httpd-2.4.23/server'
/home/ahmcpu2176/Downloads/httpd-2.4.23/build/rules.mk:75: recipe for target 'all-recursive' failed
make[1]: * [all-recursive] Error 1
make[1]: Leaving directory '/home/ahmcpu2176/Downloads/httpd-2.4.23/server'
/home/ahmcpu2176/Downloads/httpd-2.4.23/build/rules.mk:75: recipe for target 'all-recursive' failed
make: *** [all-recursive] Error 1
--------Solution-------
cd server
gcc gen_test_char.c -I./../srclib/apr/include/ -o gen_test_char
cd ..
make
make install DESTDIR=/home/ahmcpu2176/Downloads/apache2_server
cd ..
tar cvzf apache2_server.tar.gz apache2_server
When I am trying to build matplotlib-1.3.1, I am getting the below freetype header errors. Probably it is not finding the ftheader.h. Any idea on how to solve this problem?
NOTE: I just installed Freetype-2.5.0.1 following the instructions as mentioned in
FreeType Install because manually building Matplotlib-1.3.1 from source was failing due to the required package 'freetype' which was not found initially.
In file included from src/ft2font.h:16,
from src/ft2font.cpp:3:
/usr/include/ft2build.h:56:38: error: freetype/config/ftheader.h: No such file or directory
In file included from src/ft2font.cpp:3:
src/ft2font.h:17:10: error: #include expects "FILENAME" or <FILENAME>
src/ft2font.h:18:10: error: #include expects "FILENAME" or <FILENAME>
src/ft2font.h:19:10: error: #include expects "FILENAME" or <FILENAME>
src/ft2font.h:20:10: error: #include expects "FILENAME" or <FILENAME>
src/ft2font.h:21:10: error: #include expects "FILENAME" or <FILENAME>
In file included from /usr/lib/gcc/x86_64-redhat-linux/4.4.7/../../../../include/c++/4.4.7/bits/stl_algobase.h:69,
from /usr/lib/gcc/x86_64-redhat-linux/4.4.7/../../../../include/c++/4.4.7/bits/char_traits.h:41,
from /usr/lib/gcc/x86_64-redhat-linux/4.4.7/../../../../include/c++/4.4.7/string:42,
from ./CXX/Python2/Exception.hxx:46,
from ./CXX/Exception.hxx:40,
from ./CXX/Python2/Objects.hxx:44,
from ./CXX/Python2/Extensions.hxx:52,
from ./CXX/Extensions.hxx:40,
from src/ft2font.h:6,
from src/ft2font.cpp:3:
/usr/lib/gcc/x86_64-redhat-linux/4.4.7/../../../../include/c++/4.4.7/bits/stl_iterator.h:91: error: expected template-name before ‘<’ token
/usr/lib/gcc/x86_64-redhat-linux/4.4.7/../../../../include/c++/4.4.7/bits/stl_iterator.h:91: error: expected ‘{’ before ‘<’ token
/usr/lib/gcc/x86_64-redhat-linux/4.4.7/../../../../include/c++/4.4.7/bits/stl_iterator.h:91: error: expected unqualified-id before ‘<’ token
/usr/lib/gcc/x86_64-redhat-linux/4.4.7/../../../../include/c++/4.4.7/bits/stl_iterator.h:390: error: expected template-name before ‘<’ token
/usr/lib/gcc/x86_64-redhat-linux/4.4.7/../../../../include/c++/4.4.7/bits/stl_iterator.h:390: error: expected ‘{’ before ‘<’ token
/usr/lib/gcc/x86_64-redhat-linux/4.4.7/../../../../include/c++/4.4.7/bits/stl_iterator.h:390: error: expected unqualified-id before ‘<’ token
/usr/lib/gcc/x86_64-redhat-linux/4.4.7/../../../../include/c++/4.4.7/bits/stl_iterator.h:474: error: expected template-name before ‘<’ token
/usr/lib/gcc/x86_64-redhat-linux/4.4.7/../../../../include/c++/4.4.7/bits/stl_iterator.h:474: error: expected ‘{’ before ‘<’ token
/usr/lib/gcc/x86_64-redhat-linux/4.4.7/../../../../include/c++/4.4.7/bits/stl_iterator.h:474: error: expected unqualified-id before ‘<’ token
I tried running sudo yum install *-devel on a fresh vm which has neither numpy/scipy/matplotlib installed; but get the below error message which I received also on my previous VM image. Is it a problem specific to the VM I am using? Note: I am using Hortonworks Sandbox v1.3 over Oracle VirtualBox VM
Error: metis conflicts with cmake-2.6.4-5.el6.x86_64
Error: php-pecl-apcu conflicts with php-pecl-apc-3.1.9-2.el6.x86_64
Error: cpupowerutils-devel conflicts with cpufrequtils-devel-007-6.el6.x86_64
Error: Package: libgendersplusplus-1.20-1.el6.x86_64 (HDP-epel)
Requires: libgenders(x86-64) = 1.20-1.el6
Installing: libgenders-1.14-2.el6.rf.x86_64 (HDP-UTILS-1.1.0.15)
libgenders(x86-64) = 1.14-2.el6.rf
Error: zeromq3-devel conflicts with zeromq-devel-2.2.0-4.el6.x86_64
Error: Package: rubygem-passenger-devel-3.0.21-5.el6.x86_64 (HDP-epel)
Requires: rubygem(passenger) = 3.0.21-5.el6
Available: 1:rubygem-passenger-3.0.12-1.el6.x86_64 (HDP-UTILS-1.1.0.15)
rubygem(passenger) = 3.0.12
Error: Package: libgenders-devel-1.20-1.el6.x86_64 (HDP-epel)
Requires: libgenders(x86-64) = 1.20-1.el6
Installing: libgenders-1.14-2.el6.rf.x86_64 (HDP-UTILS-1.1.0.15)
libgenders(x86-64) = 1.14-2.el6.rf
Error: php-pecl-apcu-devel conflicts with php-pecl-apc-devel-3.1.9-2.el6.x86_64
Error: Package: libgenders-devel-1.20-1.el6.x86_64 (HDP-epel)
Requires: libgenders(x86-64) = 1.20-1.el6
Available: libgenders-1.14-2.el6.rf.x86_64 (HDP-UTILS-1.1.0.15)
libgenders(x86-64) = 1.14-2.el6.rf
You could try using --skip-broken to work around the problem
You could try running: rpm -Va --nofiles --nodigest
Viewing the source tree under /usr/share/doc gives an estimate of the packages and their versions that come pre-installed in the sandbox. Note: You can clearly see freetype-2.3.11 in the list and lots of other lib packages which may be conflicting when *-dev is installed
acl-2.2.49 foomatic-db-4.0 libedit-2.11 mpfr-2.4.1 python-setuptools-0.6.10
acpid-1.0.10 fping-2.4b2 libffi-3.0.5 mx4j-3.0.1 python-urlgrabber-3.9.1
alsa-lib-1.0.22 freetype-2.3.11 libfontenc-1.0.5 mysql-5.1.69 qt3-3.3.8b
apache-tomcat-apis-0.1 fuse-2.8.3 libgcc-4.4.7 mysql-connector-java-5.1.17 qt4
apr-1.3.9 gamin-0.1.10 libgcrypt-1.4.5 mysql-libs-5.1.69 qt-4.6.2
apr-util-1.3.9 gawk-3.1.7 libgomp-4.4.7 mysql-server-5.1.69 readline-6.0
at-3.1.10 gcc-4.4.7 libgpg-error-1.7 nagios-3.2.3 redhat-logos-60.0.14
atk-1.28.0 gd-2.0.35 libgudev1-147 nagios-plugins-1.4.9 redhat-release
attr-2.4.44
For Mac OS 10.6.8
sudo ln -s /usr/X11/include/freetype2/freetype /usr/X11/include/.
Seems to do the trick... If you look at the /usr/X11/include/ft2build.h it seems as though it is really a problem with that header file and the way free type is installed, not a matplotlib problem.
Once installed (properly) the development package, the Freetype headers shall be in $(includedir)/freetype/freetype2 and $(includedir)/freetype2/freetype/config, with the only exception of ft2build.h which is in $(includedir).
It seems from the message you showed that indeed there is a ft2build.h file in /usr/include (a natural place for $(includedir)), yet the rest of the headers are not at the correct place.
I do not know exactly how to correct this since it is probably an issue with your particular distribution and the way you installed it, but I feel the most natural fix is to uninstall (properly) the freetype-dev[el] package, then re-install it, using of course the distribution-provided version which matches your installed .so, apparently 2.3.11.
Installing Freetype 2.5.0.1 will not help you until you successfully build the library, then install it in your system successfully; only then you will have the headers installed in $(includedir) and its sub-directories.
For RHEL use below command :
yum install freetype-devel -y
For Ubuntu use below command:
apt-get install libfreetype-dev -y