shell script to auto restart apache httpd when it goes down / dead

Being a Linux and Cloud Engineer I happen to work on building many servers which should be reliable, and I come across few customers who just want the server to be build and least work in managing them. So, I came up to a solution to start services by themselves if the apache web server goes down using cron and if loop. The following script serves the purpose.

First let’s create a directory to put all the custom scripts to be put in there.

mkdir /scripts/

cd /scripts/

Let’s create a script and call it as apachechk.sh

touch apachechk.sh

 

Provide it with execution permission.

chmod +x apachechk.sh

Then let’s add the following entry to our root user’s cron

crontab -e
*/5 * * * * /scripts/apachechk.sh >/dev/null 2>&1

Now, let’s paste the following lines to the script file on our Debian/Ubuntu based system.

#!/bin/bash
#This script will check if Apache process is down in Debian/Ubuntu based system and restarts it automatically.
#Script is located at http://helpinlinux.com/shell-script-to-auto-restart-apache-httpd-when-it-goes-down-dead
#Let's declare RESTART, PGREP and HTTPD command names.
RESTART="service apache2 restart"
PGREP="/usr/bin/pgrep"
HTTPD="apache2"
# find httpd pid
$PGREP ${HTTPD}
#Check if the process retruns not value[apache2 not running].
if [ $? -ne 0 ]
then
 # restart apache
 $RESTART
fi

If you are using CentOS/Redhat based system please add the following code to your apachechk.sh file.

#!/bin/bash
#This script will check if Apache process is down in Redhat/CentOS based system and restarts it automatically.
#Script is located at http://helpinlinux.com/shell-script-to-auto-restart-apache-httpd-when-it-goes-down-dead
#Let's declare RESTART, PGREP and HTTPD command names.
RESTART="service httpd restart"
PGREP="/usr/bin/pgrep"
HTTPD="httpd"
# find httpd pid
$PGREP ${HTTPD}
#Check if the process retruns not value[httpd not running].
if [ $? -ne 0 ]
then
 # restart apache
 $RESTART
fi

Reference: http://bash.cyberciti.biz/web-server/restart-apache2-httpd-shell-script/

Fixing wordpress file permissions upload file could not be moved & wordpress asking for FTP login

Hello,

 

Many of the wordpress developers/ system admin beginners would have come up to this issue where you will be annoyed with permission issues as mentioned below or you will be prompted to enter FTP logins whenever you upload plugins themes or update wordpress

wordpress media permission issue

This post assumes that you already have a wordpress site and LAMP server using CentOS/Redhat or fedora based OS.

All you need is mod_ruid2 module working to fix these issues.

First let us install all the modules that is required for compiling apache module.

yum group install -y 'Development Tools'

Once done, we will install devel tools for compiling mod_ruid2

yum install -y libcap-devel httpd-devel

Now, let’s download and install mod_ruid2

cd /usr/local/src
wget http://sourceforge.net/projects/mod-ruid/files/mod_ruid2/mod_ruid2-0.9.8.tar.bz2
apxs -a -i -l cap -c mod_ruid2.c

Then let’s open the apache virtual host config file and add the following line below DocumentRoot entry of our website.

RMode stat
    RUidGid steptocloud steptocloud
    RGroups steptocloud

Then let’s restart apache

On CentOS7

systemctl restart httpd.service

On CentOS6 or CentOS5

service httpd restart

Youtube Link

restorecon: command not found CentOS 6 & 7

Hello team,

I have come across strange issue when trying to save iptables rules. I received the following error.

 

 service iptables save

O/P

iptables: Saving firewall rules to /etc/sysconfig/iptables: /etc/init.d/iptables: line 274: restorecon: command not found.

 

You need to install policycoreutils package to fix the same.

 

yum install policycoreutils 

 

and now you will be able to save iptables rules.

Reference: https://raymii.org/s/snippets/CentOS_Save_iptables_restorecon_error.html

Creating IAM user with access control

IAM user is most important when it you want to grant access to different users say developer, administrator and partner. There are various level of access that you can choose to grant access to the users depending upon their requirements. The following guide helps us to create IAM user account with EC2 administration privileges, the user that we are creating will have full access to EC2 resources. Let’s get started.

 

1. Login to AWS console and navigate through Services –> All AWS Services –> Administration & Security –> (Identity Access Management) IAM as shown below.

 

IAM service

 

2. Goto Users and create a new user,

iam create new user2

 

3. Enter the username and download the credentials,( you can create upto 5 users IAM users).

iam user create3

4. You will be prompted to download the credentials, this is security keys useful to manage users via S3 uploads etc.

iam user download credentials

 

5. Let’s create password for users as shown in the below steps.

 

iam user create password

generate password for iam user

a.  Allow user to reset their own password “check Allow users to change their own password” and Apply policy.password policy iam

6. You will now be prompted to download the credentials file. The downloaded file will contain the login information of the user that we created. Now, let’s go to Groups and create a Group as shown below.

 

IAM create new group

 

 

 

 

iam create new group2

6. Set permissions for the group, (here I am granting full access to EC2 service we can choose services with respect to our requirement).

iam grant EC2 group permission

7. Now, navigate through Users –> siru –> Add users to Group.

 

iam assign user to groups

8. Now, you can see that the user is added to required group, we can add user to different groups.

iam managing user groups

Now, the user can login and navigate through EC2 services of your account to launch and edit instances on behalf of you.

 

 

disable forceful SSL redirection in WHM/cPanel

Hello,

To disable forceful SSL redirection in WHM/cPanel servers edit below lines in file /var/cpanel/cpanel.config

alwaysredirecttossl=0 
requiressl=0

and execute the below script for cPanel to reflect the changes.

 /usr/local/cpanel/whostmgr/bin/whostmgr2 -–updatetweaksettings

Now, you should be able to access the WHM, cPanel and webmail with http port 2086, 2082 and 2095 ports respectively.

Thank you for viewing helpinlinux.com

 

keywords: cpanel disable ssl redirect

Plesk Nginx Poodle Vulnerability Fix

Hello Guys,

 

I happened to work on a client’s Plesk server running Nginx on frontend, where I was asked to fix the recent Poodle vulnerability. I had difficult time to figure out the fix, and I don’t want others to face the same. Hence, created this post.

 

Step1: Open the Plesk’s Nginx configuration located at /etc/nginx/plesk.conf.d/server.conf and  edit the ssl_protocols line to the one below.

ssl_protocols TLSv1 TLSv1.1 TLSv1.2;

Then edit the same ssl_protocols entry on below Plesk configuration updater files,

/usr/local/psa/admin/conf/templates/default/nginxWebmailPartial.php

/usr/local/psa/admin/conf/templates/default/nginxDomainVirtualHost.php

/usr/local/psa/admin/conf/templates/default/nginxDomainVhost.php
/usr/local/psa/admin/conf/templates/default/domain/nginxDomainVirtualHost.php

 

and then run the below command.

Step2:

[root@pleskNginx1]#/usr/local/psa/admin/bin/httpdmng --reconfigure-all
[root@pleskNginx1]/etc/init.d/httpd restart

Thanks for viewing helpinlinux.com

Debian 6 Bash Vulnerability

Hello guys,

 

I will now let you know the steps involved to protect your Debian6 system from Bash Vulnerability. To check your system against vulnerability, please use the below command

root@debian6:~# env 'VAR=() { :;}; echo Bash is vulnerable!' 'FUNCTION()=() { :;}; echo Bash is vulnerable!' bash -c "echo Bash Test"

If it returns the following output, then your system is vulnerable. You will get the below output

Bash is vulnerable!
Bash Test

To fix this we would need to upgrade bash, the default repository won’t have a bash patch, hence we would need to use an additional repositry. Please find the commands below to complete it.

Step1: Add the below entry to your /etc/apt/sources.list file.

deb http://ftp.us.debian.org/debian squeeze-lts main non-free contrib

 

Step2: then execute the update commands

root@debian6:~# apt-get update
root@debian6:~# apt-get install --only-upgrade bash

 

That’s it, now you can test the server using the same testing command which we used earlier.

 

root@debian6:~# env 'VAR=() { :;}; echo Bash is vulnerable!' 'FUNCTION()=() { :;}; echo Bash is vulnerable!' bash -c "echo Bash Test"
Bash Test

That’s it, your Debain6 system is protected from ShellShock vulnerability.

Reference: http://unix.stackexchange.com/questions/157805/bash-vulnerability-cve-2014-6271-shellshock-fix-on-debian-squeeze

How to backup multiple databases using percona

Hello all,

 

I checked over the internet and I couldn’t find a possible script to backup multiple databases using percona backup tool. Hence, I wrote it myself. The below script will help us to backup at most 3 databases by providing database names as command line argument the backups will be placed at /disk4(you can change to any folder name that you prefer).

 

Percona

#!/bin/bash
#!/bin/bash
echo $#
if [ $# -gt 0 ]
then
 echo "number of arguments given is $#"
 /usr/bin/innobackupex --include="^$1" /disk4
   if [ $# -gt 1 ]
   then
     echo "number of arguments given is $#"
     /usr/bin/innobackupex  --include="^$2" /disk4
      if [ $# -gt 2 ]
       then
        echo "number of arguments given is $#"
         /usr/bin/innobackupex --include="^$3" /disk4
      fi
   fi
fi

save the above script into a file and execute it using the following syntax.

[user@localhost] # sh perconabackupscript.sh database1 database2 database3

deny access to .bash_profile .bashrc .bash_history apache

Hello all,

You would have come across a situation where you had pointed the website to user’s home directory, where the user’s default files like .bash_profile .bashrc .bash_logout and .bash_history will be accessible from browser, which is a security drawback. We can deny access to those files by adding the below configuration file either in main httpd.conf file or virtualhost configuration just below DocumentRoot directive for the respective domains. This will deny access to web clients from viewing the contents of any filename that starts with .bash

  
       <Files ~ "^\.bash">
            Order allow,deny
            Deny from all
            Satisfy All
       </Files>

Thanks for viewing http://helpinlinux.com