search

richardforth / apache2buddy

apache2buddy
Apache License 2.0
385 stars 72 forks source link

Wierd error about 2.2 being EOL, yet running 2.4 (Ubu 16.04) #325

Closed richardforth closed 4 years ago

richardforth commented 4 years ago 
[ -- ] The process running on port 8080 is Apache/2.4.18 (Ubuntu).
[ !! ] Apache 2.2 is End Of Life. For more Information, see https://httpd.apache.org/.
richardforth commented 4 years ago

Need to create a 16:04 Dockerfile to test this

richardforth commented 4 years ago

Dockerfile:

FROM ubuntu:16.04
ENV DEBIAN_FRONTEND=noninteractive
RUN  apt-get update
RUN  apt-get -y install curl
RUN  apt-get -y install procps
RUN  apt-get -y install net-tools
RUN  apt-get -y install apache2
RUN  apt-get -y install perl
RUN  apt-get -y install python3
ENTRYPOINT service apache2 start && curl -sk https://raw.githubusercontent.com/richardforth/apache2buddy/staging/apache2buddy.pl | perl

Output:

[ -- ] Distro: Ubuntu
[ -- ] Version: 16.04
[ -- ] Codename: xenial
[ OK ] This distro is supported by apache2buddy.pl.
[ OK ] This distro version is supported by apache2buddy.pl.
[ -- ] Hostname: 56a4ed2c4403
[ -- ] Primary IP: 31.48.76.58
[ -- ] We are checking the service running on port 80...
[ -- ] The process listening on port 80 is /usr/sbin/apache2
[ -- ] The process running on port 80 is Apache/2.4.18 (Ubuntu).
[ -- ] The full path to the Apache config file is: /etc/apache2/apache2.conf

Wait, Ok so apache was running on port 8080.....hmmm

richardforth commented 4 years ago

Found it Looks like a bug

the fallback code as this in it:

                        if ( ! $NOINFO ) { show_info_box; print "The process running on port ${CYAN}$real_port${ENDC} is ${CYAN}$apache_version${ENDC}.\n" }
            # Issue #252 apache 2.2 is EOL
            if ( ! $NOINFO ) { show_crit_box; print "${YELLOW}Apache 2.2 is End Of Life. For more Information, see ${CYAN}https://httpd.apache.org/.${ENDC}" }

Its not even checking the apache version. Noticed it is referencing #252

richardforth commented 4 years ago

So that code was probably put before 2,4 was even a thing, Now I think we should at least check.

Will do a proof of concept shortly.

richardforth commented 4 years ago

Proof of concepts:

# perl issue_325_poc.pl
2.2.28
2.2
Apache 2.2 is End Of Life. For more Information, see https://httpd.apache.org/.Done.

AND 

# perl issue_325_poc.pl
2.4.43
2.2
Done

basic code:

#!/usr/bin/perl

use strict;
use warnings;

my $version = "2.4.43";
print "$version\n";
my $eol_version = "2.2";
print "$eol_version\n";

if ( index($version,$eol_version) != -1) {
        # index returns -1 if the string is NOT present, if it is present, the following will be run:
        print "Apache 2.2 is End Of Life. For more Information, see https://httpd.apache.org/.";
}
print "Done.\n";