Tuesday, August 3, 2021
Linux - SetUID - SetGID - Stick Bit - Special File Permissions
setgid Creates a file using owner rather than user creating it
setuid sets the permission of execution
sticky bits - Accidental Delete Protection Bit
https://geek-university.com/linux/uid-user-identifier-gid-group-identifier/
To set the setuid bit symbolically, we can use chmod u+s </path/to/the/file>.
To set the setuid bit using octal representation we can add "4" to the front of our standard octal permissions
To set the setuid bit symbolically, we can use chmod g+s </path/to/the/file>.
To set the setgid bit using octal representation we can add "2" to the front of our standard octal permissions
We can set the sticky bit on directories symbolically with chmod +t :
Or using octal values and putting "1" in front of our standard permissions:
Azure Devops - OWASP Dependency Check
https://marketplace.visualstudio.com/items?itemName=dependency-check.dependencycheck
OWASP Dependency Check
Dependency-Check is a software composition analysis utility that identifies project dependencies and checks if there are any known, publicly disclosed, vulnerabilities. Currently, Java and .NET are supported; additional experimental support has been added for Ruby, Node.js, Python, and limited support for C/C++ build systems (autoconf and cmake)
The OWASP Dependency Check Azure DevOps Extension enables the following features in an Azure Build Pipeline:
Software composition analysis runs against package references during build on both Windows and Linux build agents.
Export vulnerability data to HTML, JSON, XML, CSV, JUnit formatted reports
Download vulnerability reports from the build's artifacts
CNAME, A-Record, DNS Mapping, AWS Route 53
- https://www.web24.com.au/tutorials/cname-records-used
- https://support.dnsimple.com/articles/differences-a-cname-records/
- https://www.pickaweb.co.uk/kb/cname-can-use-domain/
A CNAME, or Canonical Name record, is a record that points to another domain address rather than an IP address.
For example, say you have several subdomains, like www.mydomain.com, ftp.mydomain.com, mail.mydomain.com etc and you want these sub domains to point to your main domain name mydomain.com. Instead of creating A records for each sub-domain and binding it to the IP address of your domain you can create CNAME records.
As you can see in the table below, in the case where the IP address of your server changes, you only need to update one A record and all the subdomains follow automatically because all the CNAMES point to the main domain with the A record:
| (sub)Domain / Hostname | Record Type | Target / Destination |
| mydomain.com | A | 111.222.333.444 |
| www.mydomain.com | CNAME | mydomain.com |
| ftp.mydomain.com | CNAME | mydomain.com |
| mail.mydomain.com | CNAME | mydomain.com |
Maven 3.8.1 Blocks HTTP repositories
The decision was made to block such external HTTP repositories by default
How to fix when I get a HTTP repository blocked?
If the repository is defined in your pom.xml, please fix it in your source code.
If the repository is defined in one of your dependencies POM, you’ll get a message like:
[ERROR] Failed to execute goal on project test: Could not resolve dependencies for project xxx: Failed to collect dependencies at my.test:dependency:version -> my.test.transitive:transitive:version: Failed to read artifact descriptor for my.test.transitive:transitive:jar:version: Could not transfer artifact my.test.transitive:transitive:pom:version from/to maven-default-http-blocker (http://0.0.0.0/): Blocked mirror for repositories: [blocked-repository-id (http://blocked.repository.org, default, releases+snapshots)]
They go on to offer some ways to avoid the problem:
Options to fix are:
upgrade the dependency version to a newer version that replaced the obsolete HTTP repository URL with a HTTPS one,
keep the dependency version but define a mirror in your settings.
Plus, I suppose, the simpler, shorter-term option would be to roll back your version of Maven to anything prior to 3.8.1.