Accueil Solution du challenge Cape Town de SadServers.com
Post
Annuler

Solution du challenge Cape Town de SadServers.com

Posté 03/03/2024
Par Nicolas Surribas
5 min lire

Scenario: “Cape Town”: Borked Nginx

Level: Medium

Type: Fix

Tags: nginx realistic-interviews

Description: There’s an Nginx web server installed and managed by systemd. Running curl -I 127.0.0.1:80 returns curl: (7) Failed to connect to localhost port 80: Connection refused , fix it so when you curl you get the default Nginx page.

Test: curl -Is 127.0.0.1:80|head -1 returns HTTP/1.1 200 OK

Time to Solve: 15 minutes.

Déjà la base : est-ce que le port est en écoute (et donc le service lancé) ?

1
2
3
4
5
6

admin@i-06cb61539b1effc2b:/$ ss -lntp
State                 Recv-Q                Send-Q                               Local Address:Port                               Peer Address:Port               Process                                          
LISTEN                0                     128                                        0.0.0.0:22                                      0.0.0.0:*                                                                   
LISTEN                0                     4096                                             *:6767                                          *:*                   users:(("sadagent",pid=567,fd=7))               
LISTEN                0                     4096                                             *:8080                                          *:*                   users:(("gotty",pid=566,fd=6))                  
LISTEN                0                     128                                           [::]:22                                         [::]:*

Non, alors voyons son état systemctl :

1
2
3
4
5
6
7
8
9
10
11
12
13

admin@i-06cb61539b1effc2b:/$ systemctl status nginx
● nginx.service - The NGINX HTTP and reverse proxy server
     Loaded: loaded (/etc/systemd/system/nginx.service; enabled; vendor preset: enabled)
     Active: failed (Result: exit-code) since Sat 2024-03-02 09:52:55 UTC; 1min 16s ago
    Process: 574 ExecStartPre=/usr/sbin/nginx -t (code=exited, status=1/FAILURE)
        CPU: 29ms

Mar 02 09:52:55 i-06cb61539b1effc2b systemd[1]: Starting The NGINX HTTP and reverse proxy server...
Mar 02 09:52:55 i-06cb61539b1effc2b nginx[574]: nginx: [emerg] unexpected ";" in /etc/nginx/sites-enabled/default:1
Mar 02 09:52:55 i-06cb61539b1effc2b nginx[574]: nginx: configuration file /etc/nginx/nginx.conf test failed
Mar 02 09:52:55 i-06cb61539b1effc2b systemd[1]: nginx.service: Control process exited, code=exited, status=1/FAILURE
Mar 02 09:52:55 i-06cb61539b1effc2b systemd[1]: nginx.service: Failed with result 'exit-code'.
Mar 02 09:52:55 i-06cb61539b1effc2b systemd[1]: Failed to start The NGINX HTTP and reverse proxy server.

Erreur à la première ligne du fichier de configuration, voyons ça :

1
2
3
4
5
6
7
8
9
10
11

admin@i-06cb61539b1effc2b:/etc/nginx/sites-enabled$ head default 
;
##
# You should look at the following URL's in order to grasp a solid understanding
# of Nginx configuration files in order to fully unleash the power of Nginx.
# https://www.nginx.com/resources/wiki/start/
# https://www.nginx.com/resources/wiki/start/topics/tutorials/config_pitfalls/
# https://wiki.debian.org/Nginx/DirectoryStructure
#
# In most cases, administrators will remove this file from sites-enabled/ and
# leave it as reference inside of sites-available where it will continue to be

La correction est vite faite, mais sans trop de surprises, on tombe sur un problème plus gros :

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22

admin@i-06cb61539b1effc2b:/etc/nginx/sites-enabled$ sudo vi default 
admin@i-06cb61539b1effc2b:/etc/nginx/sites-enabled$ sudo systemctl start nginx
admin@i-06cb61539b1effc2b:/etc/nginx/sites-enabled$ systemctl status nginx
● nginx.service - The NGINX HTTP and reverse proxy server
     Loaded: loaded (/etc/systemd/system/nginx.service; enabled; vendor preset: enabled)
     Active: active (running) since Sat 2024-03-02 09:56:14 UTC; 7s ago
    Process: 862 ExecStartPre=/usr/sbin/nginx -t (code=exited, status=0/SUCCESS)
    Process: 863 ExecStart=/usr/sbin/nginx (code=exited, status=0/SUCCESS)
   Main PID: 864 (nginx)
      Tasks: 2 (limit: 524)
     Memory: 2.4M
        CPU: 31ms
     CGroup: /system.slice/nginx.service
             ├─864 nginx: master process /usr/sbin/nginx
             └─865 nginx: worker process

Mar 02 09:56:14 i-06cb61539b1effc2b systemd[1]: Starting The NGINX HTTP and reverse proxy server...
Mar 02 09:56:14 i-06cb61539b1effc2b nginx[862]: nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
Mar 02 09:56:14 i-06cb61539b1effc2b nginx[862]: nginx: configuration file /etc/nginx/nginx.conf test is successful
Mar 02 09:56:14 i-06cb61539b1effc2b systemd[1]: Started The NGINX HTTP and reverse proxy server.
admin@i-06cb61539b1effc2b:/etc/nginx/sites-enabled$ curl -Is 127.0.0.1:80|head -1
HTTP/1.1 500 Internal Server Error

On va devoir regarder dans les logs du serveur.

1
2
3
4
5
6
7
8
9
10
11

admin@i-06cb61539b1effc2b:/etc/nginx/sites-enabled$ tail /var/log/nginx/error.log 
2022/09/11 16:39:11 [emerg] 5875#5875: unexpected ";" in /etc/nginx/sites-enabled/default:1
2022/09/11 16:54:26 [emerg] 5931#5931: unexpected ";" in /etc/nginx/sites-enabled/default:1
2022/09/11 16:55:00 [emerg] 5961#5961: unexpected ";" in /etc/nginx/sites-enabled/default:1
2022/09/11 17:02:07 [emerg] 6066#6066: unexpected ";" in /etc/nginx/sites-enabled/default:1
2022/09/11 17:07:03 [emerg] 6146#6146: unexpected ";" in /etc/nginx/sites-enabled/default:1
2024/03/02 09:52:55 [emerg] 574#574: unexpected ";" in /etc/nginx/sites-enabled/default:1
2024/03/02 09:56:14 [alert] 864#864: socketpair() failed while spawning "worker process" (24: Too many open files)
2024/03/02 09:56:14 [emerg] 865#865: eventfd() failed (24: Too many open files)
2024/03/02 09:56:14 [alert] 865#865: socketpair() failed (24: Too many open files)
2024/03/02 09:56:40 [crit] 865#865: *1 open() "/var/www/html/index.nginx-debian.html" failed (24: Too many open files), client: 127.0.0.1, server: _, request: "HEAD / HTTP/1.1", host: "127.0.0.1"

Le serveur ne parvient pas à ouvrir le fichier d’index, car trop de fichiers sont ouverts sur le système.

Ma première réaction a été de voir du côté de ulimit :

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18

admin@i-05a9742de4b12737a:/$ ulimit -a
real-time non-blocking time  (microseconds, -R) unlimited
core file size              (blocks, -c) 0
data seg size               (kbytes, -d) unlimited
scheduling priority                 (-e) 0
file size                   (blocks, -f) unlimited
pending signals                     (-i) 1748
max locked memory           (kbytes, -l) 64
max memory size             (kbytes, -m) unlimited
open files                          (-n) 1024
pipe size                (512 bytes, -p) 8
POSIX message queues         (bytes, -q) 819200
real-time priority                  (-r) 0
stack size                  (kbytes, -s) 8192
cpu time                   (seconds, -t) unlimited
max user processes                  (-u) 1748
virtual memory              (kbytes, -v) unlimited
file locks                          (-x) unlimited

Tout semble standard ici…

Si la limite n’est pas globale au système, elle concerne alors probablement que le processus. Encore un hack de chez systemd ?

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18

root@i-05a9742de4b12737a:/etc/security# cat /etc/systemd/system/nginx.service
[Unit]
Description=The NGINX HTTP and reverse proxy server
After=syslog.target network-online.target remote-fs.target nss-lookup.target
Wants=network-online.target

[Service]
Type=forking
PIDFile=/run/nginx.pid
ExecStartPre=/usr/sbin/nginx -t
ExecStart=/usr/sbin/nginx
ExecReload=/usr/sbin/nginx -s reload
ExecStop=/bin/kill -s QUIT $MAINPID
PrivateTmp=true
LimitNOFILE=10

[Install]
WantedBy=multi-user.target

Bingo ! La directive LimitNOFILE limite le nombre de fichiers ouverts par le service.

Il suffit de retirer l’option et de redémarrer le service :

1
2
3
4
5
6
7
8
9

root@i-05a9742de4b12737a:/etc/security# vi /etc/systemd/system/nginx.service
root@i-05a9742de4b12737a:/etc/security# systemctl restart nginx
Warning: The unit file, source configuration file or drop-ins of nginx.service changed on disk. Run 'systemctl daemon-reload' to reload units.
root@i-05a9742de4b12737a:/etc/security# systemctl daemon-reload
root@i-05a9742de4b12737a:/etc/security# curl -Is 127.0.0.1:80|head -1
HTTP/1.1 500 Internal Server Error
root@i-05a9742de4b12737a:/etc/security# systemctl restart nginx
root@i-05a9742de4b12737a:/etc/security# curl -Is 127.0.0.1:80|head -1
HTTP/1.1 200 OK
CTF AdminSys SadServers
Cet article est sous licence CC BY 4.0 par l'auteur.
Récemment mis à jour