Download and Install Apache 2.2
Download apache from the Apache 2.2 http://httpd.apache.org/download.cgi#apache22
Look for the section with the phrase "best available version" like "Apache HTTP Server (httpd) 2.2.x is the best available version". At the time of writing this tutorial Apache 2.2.16 is the official best available version.
Click on the link for "httpd-2.2.16.tar.gz" and download the installer.
Once the file is copied on the Linux server (example: /usr/local/install).
1. Use the following command to extract the tar file.
cd /usr/local/install
tar -xzf httpd-2.2.16.tar.gz
A directory will be created "httpd-2.2.16"
2. Now, Let`s execute the configuration script:
cd /usr/local/install/httpd-2.2.16
./configure --prefix=/usr/local/install/apache --enable-mods-shared=all --enable-proxy --enable-expires --enable-vhost-alias
or
./configure --prefix=/usr/local/install/apache --enable-so --with-mpm=worker --enable-proxy=share --enable-ssl --enable-proxy --enable-rewrite --enable-headers --enable-deflate --enable-proxy-http --enable-proxy-balancer --enable-proxy-ajp --enable-expires --enable-usertrack
3. The following steps will compile Apache based upon the configuration defined:
make
4. The following step will install the Apache build:
make install
5. Use the following commands to control the Apache Web Server.
/usr/local/install/apache/bin/apachectl -k stop
/usr/local/install/apache/bin/apachectl -k start
6. Go to the internet browser and try the url http://host:80/.
You should see, It Works!
This means, the Apache webserver installation went successful.
Thursday, September 9, 2010
Tuesday, September 7, 2010
Simple Script to check if file exists and invoke a operation
#Script to check the file and invoke other script
#Author- Satish Kumar
#ver 1.0
#!/bin/bash
HOME=/opt/apps/RAM
FILENAME=$HOME/DRDM_ETL.complete
if [ -e $FILENAME ]
then
cd $HOME
echo Invoking the script at `date '+%F_%H:%M'` >> DRDM_ETL.status
/opt/apps/scripts/invoke.sh
echo Removing the $FILENAME at date '+%F_%H:%M'` >> DRDM_ETL.status
rm $FILENAME
else
echo data file does not exist
fi
#Author- Satish Kumar
#ver 1.0
#!/bin/bash
HOME=/opt/apps/RAM
FILENAME=$HOME/DRDM_ETL.complete
if [ -e $FILENAME ]
then
cd $HOME
echo Invoking the script at `date '+%F_%H:%M'` >> DRDM_ETL.status
/opt/apps/scripts/invoke.sh
echo Removing the $FILENAME at date '+%F_%H:%M'` >> DRDM_ETL.status
rm $FILENAME
else
echo data file does not exist
fi
Thursday, August 26, 2010
Sticky Bit (-rwsr-xr-x Unix file permission)
Everybody handling a Unix operating system would very well know what chmod 777 means. That the owner, group and the user of the file is given all permissions (Read, Write and Execute on a particular file). This could otherwise be written as “chmod ugo+rwx “. Meaning that you are giving User, Group and Owner of the file, the rights to Read, Write and Execute the file.
Here comes the rws scenario. Best example that is available for this rws is /usr/bin/passwd command (just issue a “ls -l /usr/bin/passwd”) .
Normally, any user is allowed change HIS password. Meaning he can make an entry or change HIS entry in the /etc/passwd file. But he can never be given ‘WRITE’ permissions on the file because he might end up disturbing other person’s password too. Only a ROOT user is allowed permissions on the /etc/passwd file.
This is where the “rws” comes to picture. When we give “rws” permission to the /usr/bin/passwd command, Unix would assume that the command is executed by the ROOT user. (the user doesnt have permissions on the /etc/passwd file but the root user has). Root user (RWS) permissions could be given on a file as chmod 4700 .
arun@arun-desktop:~/Desktop$ chmod 4700 hi.txt
arun@arun-desktop:~/Desktop$ ls -l hi.txt
-rws—— 1 arun arun 0 2007-01-17 06:48 hi.txt
If you need to act as a group user of a file and not a normal user when executing a particular command (as against the root user) then user “chmod 2700 ”
arun@arun-desktop:~/Desktop$ chmod 2700 hi.txt
arun@arun-desktop:~/Desktop$ ls -l hi.txt
-rwx–S— 1 arun arun 0 2007-01-17 06:48 hi.txt
The 4 and 2 in the front of the chmod commands are called as SUID and SGID bits.
What if we put a 1 instead of 4 and 2 (chmod 1700 ).
arun@arun-desktop:~/Desktop$ chmod 1700 hi.txt
arun@arun-desktop:~/Desktop$ ls -l hi.txt
-rwx—–T 1 arun arun 0 2007-01-17 06:48 hi.txt
It shows a “T” in the place of “x” for a normal user. This “T” bit is called as the Sticky bit.
“When the sticky bit is turned on for a directory users can have read and/or write permissions for that directory, but they can only remove or rename files that they own. The sticky bit on a file tells the operating system that the file will be executed frequently. Files like this are kept in swap space even when they aren’t being executed. Although this takes up swap space it greatly reduces the time it takes to execute the program. Some programs such as vi have the sticky bit turned on by default on some Unixes.”
Here comes the rws scenario. Best example that is available for this rws is /usr/bin/passwd command (just issue a “ls -l /usr/bin/passwd”) .
Normally, any user is allowed change HIS password. Meaning he can make an entry or change HIS entry in the /etc/passwd file. But he can never be given ‘WRITE’ permissions on the file because he might end up disturbing other person’s password too. Only a ROOT user is allowed permissions on the /etc/passwd file.
This is where the “rws” comes to picture. When we give “rws” permission to the /usr/bin/passwd command, Unix would assume that the command is executed by the ROOT user. (the user doesnt have permissions on the /etc/passwd file but the root user has). Root user (RWS) permissions could be given on a file as chmod 4700 .
arun@arun-desktop:~/Desktop$ chmod 4700 hi.txt
arun@arun-desktop:~/Desktop$ ls -l hi.txt
-rws—— 1 arun arun 0 2007-01-17 06:48 hi.txt
If you need to act as a group user of a file and not a normal user when executing a particular command (as against the root user) then user “chmod 2700 ”
arun@arun-desktop:~/Desktop$ chmod 2700 hi.txt
arun@arun-desktop:~/Desktop$ ls -l hi.txt
-rwx–S— 1 arun arun 0 2007-01-17 06:48 hi.txt
The 4 and 2 in the front of the chmod commands are called as SUID and SGID bits.
What if we put a 1 instead of 4 and 2 (chmod 1700 ).
arun@arun-desktop:~/Desktop$ chmod 1700 hi.txt
arun@arun-desktop:~/Desktop$ ls -l hi.txt
-rwx—–T 1 arun arun 0 2007-01-17 06:48 hi.txt
It shows a “T” in the place of “x” for a normal user. This “T” bit is called as the Sticky bit.
“When the sticky bit is turned on for a directory users can have read and/or write permissions for that directory, but they can only remove or rename files that they own. The sticky bit on a file tells the operating system that the file will be executed frequently. Files like this are kept in swap space even when they aren’t being executed. Although this takes up swap space it greatly reduces the time it takes to execute the program. Some programs such as vi have the sticky bit turned on by default on some Unixes.”
Monday, August 9, 2010
OReilly Books
Looks like this site is offering OReilly Books in chm and pdf format online.
http://www.ibreakyoufix.com/tools/books/OReilly/
http://www.ibreakyoufix.com/tools/books/OReilly/
Friday, August 6, 2010
To verify if TRACE is enabled/disabled for Apache Webserver
After TRACE has been disabled according to the instructions mentioned in my thread, a TRACE request will be responded to with HTTP status code 403 (FORBIDDEN).
Using telnet to verify the configuration for a non-SSL web server port
The telnet command provided with most operating systems can be used to verify that the configuration changes to disable TRACE have been made. Note that telnet can only be used to test non-SSL ports, since it does not have the capability to perform the SSL handshake or to encrypt the data.
$ telnet 127.0.0.1 8080
Trying...
Connected to 127.0.0.1.
Escape character is '^]'.
TRACE / HTTP/1.0
A: b
C: d
Host: foo
HTTP/1.1 403 Forbidden
Date: Mon, 04 Oct 2004 14:23:31 GMT
Server: IBM_HTTP_SERVER
Connection: close
Content-Type: text/html; charset=iso-8859-1
403 Forbidden
You don't have permission to access /
on this server.
Using telnet to verify the configuration for a non-SSL web server port
The telnet command provided with most operating systems can be used to verify that the configuration changes to disable TRACE have been made. Note that telnet can only be used to test non-SSL ports, since it does not have the capability to perform the SSL handshake or to encrypt the data.
$ telnet 127.0.0.1 8080
Trying...
Connected to 127.0.0.1.
Escape character is '^]'.
TRACE / HTTP/1.0
A: b
C: d
Host: foo
HTTP/1.1 403 Forbidden
Date: Mon, 04 Oct 2004 14:23:31 GMT
Server: IBM_HTTP_SERVER
Connection: close
Content-Type: text/html; charset=iso-8859-1
Forbidden
You don't have permission to access /
on this server.
Connection closed.
The information sent by the client is no longer echoed, and the request fails with HTTP status code 403.
If the response to the TRACE request continues to result in a response with status code 200, verify that the required directives were added to all
Installing Apache with SSL
This article outlines the steps followed while installing the Apache Web Server using the SSL technology. This was done much earlier but steps remain the same.
Installation of Apache and SSL (Requires OpenSSL > openssl-0.9.5a or better. www.openssl.com).
1. Download the latest Apache Webserver from: http://httpd.apache.org/dist/httpd/apache_1.3.19.tar.gz
2. tar zxvf apache_1.3.19.tar.gz
3. Download the latest apache+ssl source from: ftp://opensores.thebunker.net/pub/mirrors/apachessl/apache_1.3.9+ssl_1.42.tar.gz
4. mv apache_1.3.9+ssl_1.42.tar.gz apache_1.3.19
5. tar zxvf apache_1.3.9+ssl_1.42.tar.gz
6. Run the executable: ./FixPatch
7. ./configure --prefix=/usr/local/apache * ./configure -help to get other config time options as needed.
8. make
9. su -
10. make install
11. ln -s /usr/local/apache/conf/httpsd.conf /usr/local/apache/conf/httpd.conf
12. cd /usr/local/apache ; mkdir certs
13. cd certs
14. openssl genrsa -des3 -out ssl.key 1024 -days 365
Remember the PEM password you choose! This command will create ssl.key -days 365 means you will have to do steps 14 & 16 again in 365 days
15. At his point, you are going to create a self-signed Certificate for your site. If you will be using a CA ( Certifying Authority ) Certificate, please review http://www.linuxdoc.org/HOWTO/SSL-RedHat-HOWTO-3.html#ss3.2
16. What is very important to remember in creating the the ssl.crt file is deciding "what is the URL people enter to come to my web site? ". For example, if you own blah.com, and you define blah.com when creating the ssl.crt key, then people who access your site via www.blah.com will get a "Certificate Name Check" that might scare people away because it contains a ominous warning. People who access your site via http://blah.com will not get this warning. However you choose to name your server that is how you must define ServerName in the section below.
17. openssl req -new -key ssl.key -x509 -out ssl.crt Enter your PEM; this will create ssl.crt
This is the Information you will be presented with when issuing this command:
Country Name (2 letter code) [AU]:US
State or Province Name (full name) [Some-State]:South Carolina
Locality Name (eg, city) []:West Columbia
Organization Name (eg,company) [Internet Widgits Pty Ltd]:Michael Sharp
Organizational Unit Name (eg, section) []:Secure Web Server
Common Name (eg, your name or your server's hostname) []:reality.dynip.com
Email Address []:msharp@medmail.com
The Common Name portion is where you define what I was talking about in 15.
18. edit /usr/local/apache/conf/httpsd.conf and at the bottom, under add this:
SSLDisable
EXAMPLE:
SSLCacheServerPort logs/gcache_port
SSLCacheServerPath bin/gcache
SSLSessionCacheTimeout 10
SSLVerifyClient 0
SSLVerifyDepth 10
SSLCacheServerRunDir /tmp
SSLFakeBasicAuth
SSLRandomFile /dev/random 1024
DocumentRoot /usr/local/apache/htdocs ServerName www.CHANGE-THIS.com
ServerAdmin SOMEONE@SOMEWHERE.COM
ErrorLog /usr/local/apache/logs/httpsd_error.log TransferLog /usr/local/apache/logs/httpsd_access.log SSLEnable
SSLCertificateFile /usr/local/apache/certs/ssl.crt SSLCertificateKeyFile /usr/local/apache/certs/ssl.key
You must also comment out Document Root, ServerName, ServerAdmin, ErrorLog, and TransferLog in the Main Server configuration:
#DocumentRoot
#ServerName
#ErrorLog
#ServerAdmin
#TransferLog
Where you see:
# Port: The port to which the standalone server listens. For
# ports < 1023, you will need httpd to be run as root initially.
#
Port 8080
change 8080 to 443
Add any other configuration variables to the httpsd.conf file per your needs.
19. Start the Server:
/usr/local/apache/bin/httpsdctl start
You will have to issue your PEM to start the web server! Don't panic just because it doesn't start immediately give it a few moments.
20. Check out: https://YOUR-WEB-SITE to review if you were successful.
21. Now add your content to /usr/local/apache/htdocs
Virtual Hosts
Virtual hosts enable you to intelligently run multiple sites on a single server. The useful side effect is that with proper setup, you can point your browser to www.whatever.whatever and load a local copy. My development site is now www.mezzoblue.dev, which works exactly the same as the .com, just faster.
Find your httpd.conf file, and then add this line somewhere near the bottom (there’s a spot with example virtual server code)
NameVirtualHost 127.0.0.1
You might want to run a search for ‘NameVirtualHost’ within the file before-hand to make sure it’s not already set, or at least commented out with a preceding octothorpe (#).
Next add an entry for localhost pointing to the root of your web server, so that typing localhost in your browser’s address bar continues pulling up the default site:
ServerName localhost
DocumentRoot /Path/To/WebRoot
And finally, for each individual virtual site you wish to run, add a new entry pointing to the proper directory. This is especially useful because, at least on Unix-based systems, this means it can sit anywhere in your filesystem.
ServerName www.mezzoblue.dev
DocumentRoot /Volumes/Shine/www/delhi
Installation of Apache and SSL (Requires OpenSSL > openssl-0.9.5a or better. www.openssl.com).
1. Download the latest Apache Webserver from: http://httpd.apache.org/dist/httpd/apache_1.3.19.tar.gz
2. tar zxvf apache_1.3.19.tar.gz
3. Download the latest apache+ssl source from: ftp://opensores.thebunker.net/pub/mirrors/apachessl/apache_1.3.9+ssl_1.42.tar.gz
4. mv apache_1.3.9+ssl_1.42.tar.gz apache_1.3.19
5. tar zxvf apache_1.3.9+ssl_1.42.tar.gz
6. Run the executable: ./FixPatch
7. ./configure --prefix=/usr/local/apache * ./configure -help to get other config time options as needed.
8. make
9. su -
10. make install
11. ln -s /usr/local/apache/conf/httpsd.conf /usr/local/apache/conf/httpd.conf
12. cd /usr/local/apache ; mkdir certs
13. cd certs
14. openssl genrsa -des3 -out ssl.key 1024 -days 365
Remember the PEM password you choose! This command will create ssl.key -days 365 means you will have to do steps 14 & 16 again in 365 days
15. At his point, you are going to create a self-signed Certificate for your site. If you will be using a CA ( Certifying Authority ) Certificate, please review http://www.linuxdoc.org/HOWTO/SSL-RedHat-HOWTO-3.html#ss3.2
16. What is very important to remember in creating the the ssl.crt file is deciding "what is the URL people enter to come to my web site? ". For example, if you own blah.com, and you define blah.com when creating the ssl.crt key, then people who access your site via www.blah.com will get a "Certificate Name Check" that might scare people away because it contains a ominous warning. People who access your site via http://blah.com will not get this warning. However you choose to name your server that is how you must define ServerName in the
17. openssl req -new -key ssl.key -x509 -out ssl.crt Enter your PEM; this will create ssl.crt
This is the Information you will be presented with when issuing this command:
Country Name (2 letter code) [AU]:US
State or Province Name (full name) [Some-State]:South Carolina
Locality Name (eg, city) []:West Columbia
Organization Name (eg,company) [Internet Widgits Pty Ltd]:Michael Sharp
Organizational Unit Name (eg, section) []:Secure Web Server
Common Name (eg, your name or your server's hostname) []:reality.dynip.com
Email Address []:msharp@medmail.com
The Common Name portion is where you define what I was talking about in 15.
18. edit /usr/local/apache/conf/httpsd.conf and at the bottom, under
SSLDisable
SSLCacheServerPort logs/gcache_port
SSLCacheServerPath bin/gcache
SSLSessionCacheTimeout 10
SSLVerifyClient 0
SSLVerifyDepth 10
SSLCacheServerRunDir /tmp
SSLFakeBasicAuth
SSLRandomFile /dev/random 1024
DocumentRoot /usr/local/apache/htdocs ServerName www.CHANGE-THIS.com
ServerAdmin SOMEONE@SOMEWHERE.COM
ErrorLog /usr/local/apache/logs/httpsd_error.log TransferLog /usr/local/apache/logs/httpsd_access.log SSLEnable
SSLCertificateFile /usr/local/apache/certs/ssl.crt SSLCertificateKeyFile /usr/local/apache/certs/ssl.key
You must also comment out Document Root, ServerName, ServerAdmin, ErrorLog, and TransferLog in the Main Server configuration:
#DocumentRoot
#ServerName
#ErrorLog
#ServerAdmin
#TransferLog
Where you see:
# Port: The port to which the standalone server listens. For
# ports < 1023, you will need httpd to be run as root initially.
#
Port 8080
change 8080 to 443
Add any other configuration variables to the httpsd.conf file per your needs.
19. Start the Server:
/usr/local/apache/bin/httpsdctl start
You will have to issue your PEM to start the web server! Don't panic just because it doesn't start immediately give it a few moments.
20. Check out: https://YOUR-WEB-SITE to review if you were successful.
21. Now add your content to /usr/local/apache/htdocs
Virtual Hosts
Virtual hosts enable you to intelligently run multiple sites on a single server. The useful side effect is that with proper setup, you can point your browser to www.whatever.whatever and load a local copy. My development site is now www.mezzoblue.dev, which works exactly the same as the .com, just faster.
Find your httpd.conf file, and then add this line somewhere near the bottom (there’s a spot with example virtual server code)
NameVirtualHost 127.0.0.1
You might want to run a search for ‘NameVirtualHost’ within the file before-hand to make sure it’s not already set, or at least commented out with a preceding octothorpe (#).
Next add an entry for localhost pointing to the root of your web server, so that typing localhost in your browser’s address bar continues pulling up the default site:
ServerName localhost
DocumentRoot /Path/To/WebRoot
And finally, for each individual virtual site you wish to run, add a new entry pointing to the proper directory. This is especially useful because, at least on Unix-based systems, this means it can sit anywhere in your filesystem.
ServerName www.mezzoblue.dev
DocumentRoot /Volumes/Shine/www/delhi
Handy Unix and linux commands
####################################################################
Finding CPU Information:
Solaris: /usr/platform/sun4u/sbin/prtdiag | grep 'System Configuration' | sed 's/.*(\\(.*\\) .*)/\\1/'
Linux: cat /proc/cpuinfo | grep '^model name' | sed 's/.*: //'
####################################################################
CPU Speed:
Solaris: psrinfo -v | grep MHz | awk '{print $6 $7}'
Linux: cat /proc/cpuinfo | grep '^cpu MHz' | sed 's/.*: //'
####################################################################
total Disk Space:
Solaris: /usr/sbin/df -kF ufs | grep -v Filesystem | awk '{print $2,$6}'
Linux: /bin/df -kl -x tmpfs | grep -v Filesystem | awk '{print $2,$6}'
####################################################################
Total Physical Memory
Solaris: /usr/sbin/prtconf | grep Memory | sed 's/.*: //' | awk '{print $1*1024}'
Linux: cat /proc/meminfo | grep '^MemTotal' | sed 's/.*: //' | awk '{print $1}'
####################################################################
echo $?
result of last command... 0 success and 1 failure
####################################################################
Send mail as an attachment with subject as "Logs"
uuencode log log | mailx -s "Logs" username@domain.com
####################################################################
find command with different options
find . -name "*.log" -type f -print -exec -mtime +7 gzip {} \ ; finding files with *.log and checking if older than 7 days and gzipping them
find . -name "*.log" -mtime +7 -exec rm -rf {} \; finding *.log and checking if older than 7 days and removing them
find . -size +1000m -exec ls -ltr {} \;
####################################################################
Command to clear Semaphore and Shared memory
Clear Semaphore : ipcs|grep ^s|awk '{print "ipcrm -s " $2}'|sh
Clear Shared memory : ipcs|grep ^m|awk '{print "ipcrm -m " $2}'|sh
Check semaphore and shared memory: ipcs
####################################################################
screen -S backup -t backup
screen -d -r pid.backup
####################################################################
tar cf - dir/ | gzip -c > file.tar.gz
####################################################################
kill all the httpd process
ps -ef | grep httpd | sed -e '/grep/d' | awk '{print $2}'|xargs kill -9
####################################################################
Simple for loop to check the remote hostname and output of the command
for i in a b c; do ssh apache@server${i}col "echo \"Host: server${i}col\";ls -ltr /tmp";done
####################################################################
Command to check Processor 32 or 64 bit
Solaris: isainfo -b
Linux : uname -a
x86_64 and ia64 are 64 bit , if i386 is 32 bit
####################################################################
###################################################
AIX command to check machine name.
###################################################
/opt/local/bin/nmon -r -t
###################################################
AIX command to check CPU name.
###################################################
topas
vmstat --- for memory
###################################################
Command to check WLM on AIX
###################################################
smitty
wlmstat
Finding CPU Information:
Solaris: /usr/platform/sun4u/sbin/prtdiag | grep 'System Configuration' | sed 's/.*(\\(.*\\) .*)/\\1/'
Linux: cat /proc/cpuinfo | grep '^model name' | sed 's/.*: //'
####################################################################
CPU Speed:
Solaris: psrinfo -v | grep MHz | awk '{print $6 $7}'
Linux: cat /proc/cpuinfo | grep '^cpu MHz' | sed 's/.*: //'
####################################################################
total Disk Space:
Solaris: /usr/sbin/df -kF ufs | grep -v Filesystem | awk '{print $2,$6}'
Linux: /bin/df -kl -x tmpfs | grep -v Filesystem | awk '{print $2,$6}'
####################################################################
Total Physical Memory
Solaris: /usr/sbin/prtconf | grep Memory | sed 's/.*: //' | awk '{print $1*1024}'
Linux: cat /proc/meminfo | grep '^MemTotal' | sed 's/.*: //' | awk '{print $1}'
####################################################################
echo $?
result of last command... 0 success and 1 failure
####################################################################
Send mail as an attachment with subject as "Logs"
uuencode log log | mailx -s "Logs" username@domain.com
####################################################################
find command with different options
find . -name "*.log" -type f -print -exec -mtime +7 gzip {} \ ; finding files with *.log and checking if older than 7 days and gzipping them
find . -name "*.log" -mtime +7 -exec rm -rf {} \; finding *.log and checking if older than 7 days and removing them
find . -size +1000m -exec ls -ltr {} \;
####################################################################
Command to clear Semaphore and Shared memory
Clear Semaphore : ipcs|grep ^s|awk '{print "ipcrm -s " $2}'|sh
Clear Shared memory : ipcs|grep ^m|awk '{print "ipcrm -m " $2}'|sh
Check semaphore and shared memory: ipcs
####################################################################
screen -S backup -t backup
screen -d -r pid.backup
####################################################################
tar cf - dir/ | gzip -c > file.tar.gz
####################################################################
kill all the httpd process
ps -ef | grep httpd | sed -e '/grep/d' | awk '{print $2}'|xargs kill -9
####################################################################
Simple for loop to check the remote hostname and output of the command
for i in a b c; do ssh apache@server${i}col "echo \"Host: server${i}col\";ls -ltr /tmp";done
####################################################################
Command to check Processor 32 or 64 bit
Solaris: isainfo -b
Linux : uname -a
x86_64 and ia64 are 64 bit , if i386 is 32 bit
####################################################################
###################################################
AIX command to check machine name.
###################################################
/opt/local/bin/nmon -r -t
###################################################
AIX command to check CPU name.
###################################################
topas
vmstat --- for memory
###################################################
Command to check WLM on AIX
###################################################
smitty
wlmstat
Subscribe to:
Comments (Atom)