OSS Robot

The following is an overview of how to edit standard files, the directory structure and how to enable site features in apache2. Let’s first dig into the folders that comprise apache2.

Files

$tree -d /etc/apache2 #only show dirs
/etc/apache2/
|– conf.d
|– mods-available
|– mods-enabled
|– sites-available
`– sites-enabled

Let’s define the functions of each.

conf.d - configuration files for modules, etc.
mods-available - list of available modules for apache
mods-enabled - list of modules that are loaded into apache config
site-available - configuration files for virtual hosts
sites-enabled - ?

Files also listed in /etc/apache2…

|– apache2.conf
|– envvars
|– httpd.conf
|– magic
`– ports.conf

Enabling and Disabling Modules

First, check the available modules on your system.

/etc/apache2/mods-available/
|– actions.conf
|– actions.load
|– alias.conf
|– alias.load
|– asis.load
|– auth_basic.load
|– auth_digest.load
|– authn_alias.load
|– authn_anon.load
|– authn_dbd.load
…..

To view all mods enabled view the mods-enabled dir. Note that these are sym linked to the mods-avialable directory.

/etc/apache2/mods-enabled
|– alias.conf -> ../mods-available/alias.conf
|– alias.load -> ../mods-available/alias.load
|– auth_basic.load -> ../mods-available/auth_basic.load
|– authn_file.load -> ../mods-available/authn_file.load
|– authz_default.load -> ../mods-available/authz_default.load
|– authz_groupfile.load -> ../mods-available/authz_groupfile.load
…

Let’s say we want to enable ‘mod-security’. The best way to do this on ubuntu/debian is to use ‘a2enmod’ utility, which stands for apache2 enable module.

jesterj@jesterj-laptop:/etc/apache2$ sudo a2enmod ssl
Enabling module ssl.
See /usr/share/doc/apache2.2-common/README.Debian.gz on how to configure SSL and create self-signed certificates.
Run '/etc/init.d/apache2 restart' to activate new configuration!

Note: You can also just type ‘a2enmod’ to list all available modules.

Now restart apache.

jesterj@jesterj-laptop:/etc/apache2$ sudo /etc/init.d/apache2 restart
* Restarting web server apache2 ... waiting [ OK ]


Now, verify the module is available.

jesterj@jesterj-laptop:/etc/apache2$ ls -la /etc/apache2/mods-enabled/ | grep ssl
lrwxrwxrwx 1 root root 26 2010-02-08 19:20 ssl.conf -> ../mods-available/ssl.conf
lrwxrwxrwx 1 root root 26 2010-02-08 19:20 ssl.load -> ../mods-available/ssl.load

To disable a module, do the same thing but use ‘a2dismod’.

Configuring Sites

Apache

For some reason after setting up replication the root password on both master and slave were cleared. This has happened more than once. Note that i can access mysql via…

$mysql -u root -p
mysql>

Of course this is not desirable. Simply reset the password on the master and the table propegates to the slave and fixes the problem.

UPDATE mysql.user SET Password=PASSWORD('MyNewPass') WHERE User='root';
FLUSH PRIVILEGES;

Uncategorized

1. Create a new copy of the /etc/mysql/my.cnf file called my2.cnf. The new file should have the following configurations.

[client]
port = 3307
socket = /var/run/mysqld2/mysqld.sock

[mysqld_safe]
socket = /var/run/mysqld2/mysqld.sock
nice = 0

[mysqld]
user = mysql
pid-file = /var/run/mysqld2/mysqld.pid
socket = /var/run/mysqld2/mysqld.sock
port = 3307
basedir = /usr
datadir = /var/lib/mysql2
tmpdir = /tmp>

2. Create copy of /var/lib/mysql to /var/lib/mysql2 (data dir)

mkdir mysql2; cp -a mysql/* mysql2

3. create /var/run/mysqld2 dir. should be owned by mysql. (where pid and sock files are)

chown mysql:mysql /var/run/mysqld2

4. Then call mysqlmanager with the defaults file. Best to just modify the /etc/init.d/mysql2 file as a shell script and call directly!

mysqlmanager --defaults-file=/etc/mysql/my2.cnf --log=/var/log/mysqlmanager.log --pid-file=/var/run/mysqld2/mysqld.pid --angel-pid-file=/var/run/mysqld2/mysqlmanager.angel.pid --run-as-service --user=mysql

*create the mysqlmanager.log file.

sudo touch /var/log/mysqlmanager.log
sudo chown mysql:mysql mysqlmanager.log

5. Login to your new instance. Must specify new port and sock file.


root@slave:# mysql -P 3307 --socket=/var/run/mysqld2/mysqld.sock -u root -p
Enter password:
Welcome to the MySQL monitor. Commands end with ; or \g.
Your MySQL connection id is 61
Server version: 5.0.51a-3ubuntu5.4 (Ubuntu)

6. Type ‘help;’ or ‘\h’ for help. Type ‘\c’ to clear the buffer.

mysql>

Now connect to the new host from ‘mytop’ to monitor your instance.

mytop -d mysql -P 3307 -S /var/run/mysqld2/mysqld.sock -u root -pPASSHERE

Rinse and repeat for additional mysql instances!

souce: http://www.ducea.com/2009/01/19/running-multiple-instances-of-mysql-on-the-same-machine/

Uncategorized, mysql

-Create a text file with a secret phrase..

jesterj@jesterj-laptop:~$ cat > secret
donkey

-Encrypt file with password:

jesterj@jesterj-laptop:~$ gpg -c secret

-Verify file is encrypted:

jesterj@jesterj-laptop:~$ more secret.gpg
���(�U    �`�#.���ؖ-�$U

-Send to a different system, and test the file.

jesterj@jesterj-laptop:~$ scp secret.gpg jesterj@remotesystem:~
secret.gpg                                    100%   52     0.1KB/s   00:00

-Decrypt the file and enter passphrase.

jesterj@donkey:~$ gpg secret.gpg
gpg: CAST5 encrypted data
Enter passphrase:

-File is decrompressed:

jesterj@donkey:~$ more secret
donkey

Done!

soure: http://www.cyberciti.biz/tips/linux-how-to-encrypt-and-decrypt-files-with-a-password.html

Uncategorized

To check a files checksum simply run the following command:

jesterj@jesterj-laptop:~$ md5sum file1
f5fa31b4e964cc2a86140bc2a2e11a13  file1

This does a check of the contents of the file and compares to the 128 bit key located in the header of the file.

To check a group of files then you can do the following.

jesterj@jesterj-laptop:~$ md5sum password* > md5checksums.txt
jesterj@jesterj-laptop:~$ md5sum password*
f5fa31b4e964cc2a86140bc2a2e11a13  password
67c2a19b0fb22552a5aa7cdc6ede2634  password.gpg
f5fa31b4e964cc2a86140bc2a2e11a13  password.orig
11b4f8cd65095066a644139500309bad  passwords
3295d069764198d327edeba43f2b301c  passwords.gpg
jesterj@jesterj-laptop:~$ md5sum -c md5checksums.txt
password: OK
password.gpg: OK
password.orig: OK
passwords: OK
passwords.gpg: OK

source:
http://linux.byexamples.com/archives/198/md5-checksum-how-to/

Uncategorized

jesterj@jesterj-laptop:~$ tar zcvf - donkey* | ssh jesterj@donkey.dnsdojo.com “cat > ~/testarchive3.tar”By far the easiest way to tar a file and send it to a remote location is to simply have two commands on one line. The first to create the tar file, the other to scp the command. In this example, I am not prompted for a passphrase since i have my ssh key saved on the remote server for this user.

Easy:

jesterj@jesterj-laptop:~$ tar -cvf testarchive.tar donkey*; scp testarchive.tar jesterj@remoteserver:~
donkey
donkey1.zip
donkey2.txt
donkey2.zip
donkey.tar
donkey.txt
testarchive.tar                               100%   20KB  20.0KB/s   00:00
jesterj@jesterj-laptop:~$

Pipe the file…More complicated:

jesterj@jesterj-laptop:~$ tar zcvf - donkey* | ssh jesterj@donkey.dnsdojo.com "cat > ~/testarchive3.tar"

source: http://www.cyberciti.biz/faq/howto-use-tar-command-through-network-over-ssh-session/

Linux, Networking

Need to install debian-helper-scripts.

root@pse07:/var/lib# service apparmor off
The program 'service' can be found in the following packages:
* debian-helper-scripts
* sysvconfig
Try: apt-get install <selected package>
bash: service: command not found
root@pse07:/var/lib# sudo apt-get install debian-helper-script
root@pse07:/var/lib# service apparmor stop
Unloading AppArmor profiles : done.

Uncategorized

In ubuntu there is program called apparmor that verifies certain programs are configured appropriately, mysql included. Just recently the partition that holds all the data (/var/lib/mysql) filed up. Since I was at 100% and this is a production box I needed to fix this quickly. My options were as follows:

1. Setup a sym link from /var/lib/mysql to /home/mysql, move data here OR
2. Simply create a new dir call /home/mysql, move data here

To do this edit /etc/mysql/my.cnf
...
datadir =/home/mysql
#datadir = /var/lib/mysql
...

Save the file and restart mysql and you will get the following error:

root@slave:/etc/mysql# /etc/init.d/mysql2 start
* Starting MySQL database server mysqld [fail]

The problem here is that apparmor is dissallowing mysql from running in any other location than /var/lib/mysql. You will need to edit the apparmor file for mysql.

root@slave:/etc/apparmor.d# grep "/var/lib/mysql" usr.sbin.mysqld
/var/lib/mysql/ r,
/var/lib/mysql/** rwk,


To correct this problem replace all instances of /var/lib/mysql with /home/mysql. Open the file with file and do a search and replace. See that I am escaping the slashes!

:%s /\/var\/lib\/mysql/\/home\/mysql/

Reload appamor and mysql should start up with the new config in your my.cnf file!

root@slave:/etc/apparmor.d# /etc/init.d/apparmor restart
Reloading AppArmor profiles : done.
root@slave:/etc/apparmor.d# /etc/init.d/mysql2 start
* Starting MySQL database server mysqld

Networking, Uncategorized

Who’s connected to my server?

root@donkey:~# netstat -ntla | grep "80"
tcp        0      0 0.0.0.0:80              0.0.0.0:*               LISTEN
tcp        0      0 192.168.1.5:80          206.169.197.253:20277   ESTABLISHED

Grep port for host.

root@donkey:~# lsof -i tcp:80 | grep "20277"
apache2 20114 www-data    9u  IPv4 9576072       TCP donkey.local:www->206-169-197-253.static.twtelecom.net:20277 (ESTABLISHED)


Kill Connection

kill -9 20114

Uncategorized

Let’s talk about managing processes. If you want to run a script or scripts and then continue with other tasks while they run w/o using cron then you can use the ‘jobs’ command.

First, let create a script that will run indefinitely so we have time to work with our examples.

#!/usr/bin/python
x=0
while x == 1:
z=1

The above script will loop indefinitely since ‘x’ will never equal 1.

Next, run the script from the command line. Adding a & to the end of the script will send this jobs to the background.

jesterj@jesterj-laptop:~$ python loop.py &
[1] 4221

This sends loop.py to the background  with process id ‘4221′. You can view the process id stats by doing the following:

jesterj@jesterj-laptop:~$ ps -ef | grep ‘4221′
jesterj   4221  3083 99 16:37 pts/1    00:02:40 python loop.py

To view all jobs running in the background type ‘jobs’.

jesterj@jesterj-laptop:~$ jobs
[1]+  Running                 python loop.py &

To add another instance of the script to the background, repeat.

jesterj@jesterj-laptop:~$ python loop.py &
[2] 4333
jesterj@jesterj-laptop:~$ jobs
[1]-  Running                 python loop.py &
[2]+  Running                 python loop.py &

To quit the process use kill and the job number.

jesterj@jesterj-laptop:~$ kill %1
jesterj@jesterj-laptop:~$ jobs
[1]-  Terminated              python loop.py
[2]+  Running                 python loop.py &

To bring a process out of jobs to the foreground use, fg:

jesterj@jesterj-laptop:~$ fg %2
python loop.py

Linux