Skip to main content

Upgrading Nginx on Ubuntu to due vulnerabilities CVE-2024-32002, CVE-2024-32004 and CVE-2024-32465

The current Nginx version running is 1.18.0.  It seems like the Nginx version from the default Ubuntu repositories is still 1.18.0, which might not have the latest security patches. To resolve this, you can add the official Nginx repository to get the latest stable version.

 

1. Backup your current Nginx configuration

It's a good practice to back up your current Nginx configuration before making any changes:

Checking if a file exists using command line queries in Ubuntu with Nginx

On a server directory with over 100,000 PDF files, I needed to verify the existence of specific documents. Whether there are a few hundred or whatever the number of files, this article explores the practical use of command-line tools to quickly ascertain whether a file is present. In the area of server management or application development, especially on systems like Ubuntu equipped with Nginx, it's crucial to perform routine checks to ensure that all necessary files are in place.

Terminal command to find and replace

In many terminal text editors, you use find command as reference in Terminal commands - find.  How about find and replace.  This action depends on the specific text editor you're using in the terminal.  Here are a few common terminal text editors and how you can find and replace strings within them:

Vim

To find: Press / followed by the search term and then Enter.

Resolving CVE-2022-48624 less issue

To resolve the CVE-2022-48624 vulnerability on Ubuntu using Nginx, it's crucial to understand that the issue lies within the "less" package, not Nginx itself. The vulnerability affects "less" before version 606, where close_altfile in filename.c in less omits shell_quote calls for LESSCLOSE, potentially allowing shell command injection.

The current less version is 551, which is vulnerable. You'll need to upgrade "less" to a version at or beyond 606.

Adding SSL wildcard certificate to Ubuntu running Nginx

Adding an SSL wildcard certificate to an Ubuntu server involves several steps.  A wildcard certificate can secure subdomains of a domain with a single certificate. Here's a general outline of the process:

I'll be using an existing wildcard certificate.

sudo apt update && sudo apt upgrade -y

 

ckan.ini issues

Focusing on the ckan.ini file (/etc/ckan/default/ckan.ini).  When I run the commands to recreate the database tables for CKAN:

cd /usr/lib/ckan/default/src/ckan
ckan -c /etc/ckan/default/ckan.ini db init

The response I'm getting is:

server 500 error - 'Internal server error' on Nginx

Finding the issue with a server 500 error

The Nginx error logs are showing too much detail.

 

Nginx logs and test

There are no errors in the nginx log and sudo nginx -t looks fine

sudo nginx -t

Response

nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful

 

Listening to services running that use port 80

Listen in on the ports being used on your server.  To do so, run the command

netstat -a | grep tcp

If netstat is not install, then you'll be prompted to run the install script

sudo apt install net-tools

Response

Subscribe to Nginx