Research
Security News
Malicious npm Packages Inject SSH Backdoors via Typosquatted Libraries
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
github.com/finb/bark-server/v2
Bark is an iOS App which allows you to push customed notifications to your iPhone.
The docker image is already available, you can use the following command to run the bark server:
docker run -dt --name bark -p 8080:8080 -v `pwd`/bark-data:/data finab/bark-server
If you use the docker-compose tool, you can copy docker-copose.yaml under this project to any directory and run it:
mkdir bark-server && cd bark-server
curl -sL https://git.io/JvSRl > docker-compose.yaml
docker-compose up -d
chmod +x bark-server
./bark-server --addr 0.0.0.0:8080 --data ./bark-data
curl localhost:8080/ping
Note: Bark-server uses the /data
directory to store data by default. Make sure that bark-server has permission to write to the /data
directory, otherwise use the -d
option to change the directory.
Developers can compile this project by themselves, and the dependencies required for compilation:
GO111MODULE=on
)GOPROXY=https://goproxy.cn
)Run the following command to compile this project:
# Cross compile all platforms
task
# Compile the specified platform (please refer to Taskfile.yaml)
task linux_amd64
task linux_amd64_v3
Note: The linux amd64 v3 architecture was added in go 1.18, see https://github.com/golang/go/wiki/MinimumRequirements#amd64
Most users want to deploy the bark server on the intranet server, and then use Nginx to reverse proxy the bark server;
here is a simple Nginx configuration example (we assume that the bark server is listening at 192.168.1.123:8080
)
# generated 2020-03-26, Mozilla Guideline v5.4, nginx 1.17.7, OpenSSL 1.1.1d, modern configuration
# https://ssl-config.mozilla.org/#server=nginx&version=1.17.7&config=modern&openssl=1.1.1d&guideline=5.4
server {
listen 80;
listen [::]:80;
# Replace bark.app.dev with your real domain name.
server_name bark.app.dev;
return 301 https://$host$request_uri;
}
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
# Replace bark.app.dev with your real domain name.
server_name bark.app.dev;
ssl_certificate /path/to/signed_cert_plus_intermediates;
ssl_certificate_key /path/to/private_key;
ssl_session_timeout 1d;
ssl_session_cache shared:MozSSL:10m; # about 40000 sessions
ssl_session_tickets off;
# modern configuration
ssl_protocols TLSv1.3;
ssl_prefer_server_ciphers off;
# HSTS (ngx_http_headers_module is required) (63072000 seconds)
add_header Strict-Transport-Security "max-age=63072000" always;
# OCSP stapling
ssl_stapling on;
ssl_stapling_verify on;
# verify chain of trust of OCSP response using Root CA and Intermediate certs
ssl_trusted_certificate /path/to/root_CA_cert_plus_intermediates;
# replace with the IP address of your resolver
#resolver 127.0.0.1;
location / {
log_not_found on;
# Replace http://192.168.1.123:8080 with the listening address of the bark server.
proxy_pass http://192.168.1.123:8080;
proxy_read_timeout 300;
proxy_connect_timeout 300;
proxy_redirect off;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Real-IP $remote_addr;
}
}
Just run the server with -dsn=user:pass@tcp(mysql_host)/bark
, it will use MySQL instead of file database Bbolt
Please read API_V2.md.
This project requires at least the golang 1.12 version to compile and requires Go mod support.
Now the push certificate embedded in the program will never expire. You only need to update the program if the push fails due to the expired certificate.
FAQs
Unknown package
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
Security News
MITRE's 2024 CWE Top 25 highlights critical software vulnerabilities like XSS, SQL Injection, and CSRF, reflecting shifts due to a refined ranking methodology.
Security News
In this segment of the Risky Business podcast, Feross Aboukhadijeh and Patrick Gray discuss the challenges of tracking malware discovered in open source softare.