Name: Siranjeevi

Posts by :

    shell script to auto restart apache httpd when it goes down / dead

    September 22nd, 2015

    Being a Linux and Cloud Engineer I happen to work on building many servers which should be reliable, and I come across few customers who just want the server to be build and least work in managing them. So, I came up to a solution to start services by themselves if the apache web server goes down using cron and if loop. The following script serves the purpose.

    First let’s create a directory to put all the custom scripts to be put in there.

    mkdir /scripts/
    
    cd /scripts/
    

    Let’s create a script and call it as apachechk.sh

    touch apachechk.sh
    

     

    Provide it with execution permission.

    chmod +x apachechk.sh
    

    Then let’s add the following entry to our root user’s cron

    crontab -e
    */5 * * * * /scripts/apachechk.sh >/dev/null 2>&1
    

    Now, let’s paste the following lines to the script file on our Debian/Ubuntu based system.

    #!/bin/bash
    #This script will check if Apache process is down in Debian/Ubuntu based system and restarts it automatically.
    #Script is located at http://helpinlinux.com/shell-script-to-auto-restart-apache-httpd-when-it-goes-down-dead
    #Let's declare RESTART, PGREP and HTTPD command names.
    RESTART="service apache2 restart"
    PGREP="/usr/bin/pgrep"
    HTTPD="apache2"
    # find httpd pid
    $PGREP ${HTTPD}
    #Check if the process retruns not value[apache2 not running].
    if [ $? -ne 0 ]
    then
     # restart apache
     $RESTART
    fi
    
    

    If you are using CentOS/Redhat based system please add the following code to your apachechk.sh file.

    #!/bin/bash
    #This script will check if Apache process is down in Redhat/CentOS based system and restarts it automatically.
    #Script is located at http://helpinlinux.com/shell-script-to-auto-restart-apache-httpd-when-it-goes-down-dead
    #Let's declare RESTART, PGREP and HTTPD command names.
    RESTART="service httpd restart"
    PGREP="/usr/bin/pgrep"
    HTTPD="httpd"
    # find httpd pid
    $PGREP ${HTTPD}
    #Check if the process retruns not value[httpd not running].
    if [ $? -ne 0 ]
    then
     # restart apache
     $RESTART
    fi
    
    

    Reference: http://bash.cyberciti.biz/web-server/restart-apache2-httpd-shell-script/

    No Comments "

    Fixing wordpress file permissions upload file could not be moved & wordpress asking for FTP login

    August 20th, 2015

    Hello,

     

    Many of the wordpress developers/ system admin beginners would have come up to this issue where you will be annoyed with permission issues as mentioned below or you will be prompted to enter FTP logins whenever you upload plugins themes or update wordpress

    wordpress media permission issue

    This post assumes that you already have a wordpress site and LAMP server using CentOS/Redhat or fedora based OS.

    All you need is mod_ruid2 module working to fix these issues.

    First let us install all the modules that is required for compiling apache module.

    yum group install -y 'Development Tools'
    

    Once done, we will install devel tools for compiling mod_ruid2

    yum install -y libcap-devel httpd-devel
    

    Now, let’s download and install mod_ruid2

    cd /usr/local/src
    wget http://sourceforge.net/projects/mod-ruid/files/mod_ruid2/mod_ruid2-0.9.8.tar.bz2
    apxs -a -i -l cap -c mod_ruid2.c
    

    Then let’s open the apache virtual host config file and add the following line below DocumentRoot entry of our website.

    RMode stat
        RUidGid steptocloud steptocloud
        RGroups steptocloud
    

    Then let’s restart apache

    On CentOS7

    systemctl restart httpd.service
    

    On CentOS6 or CentOS5

    service httpd restart
    

    Youtube Link

    No Comments "

    netstat command install RHEL/CentOS 7

    April 4th, 2015

    Hello all,

    We need to install net-tools package to enable netstat command in CentOS/RHEL 7 based systems.

    yum install net-tools
    

    This will install required files for netstat command.

     

    Thank you for viewing http://helpinlinux.com

    No Comments "

    restorecon: command not found CentOS 6 & 7

    April 4th, 2015

    Hello team,

    I have come across strange issue when trying to save iptables rules. I received the following error.

     

     service iptables save

    O/P

    iptables: Saving firewall rules to /etc/sysconfig/iptables: /etc/init.d/iptables: line 274: restorecon: command not found.

     

    You need to install policycoreutils package to fix the same.

     

    yum install policycoreutils 

     

    and now you will be able to save iptables rules.

    Reference: https://raymii.org/s/snippets/CentOS_Save_iptables_restorecon_error.html

    No Comments "

    Creating IAM user with access control

    February 11th, 2015

    IAM user is most important when it you want to grant access to different users say developer, administrator and partner. There are various level of access that you can choose to grant access to the users depending upon their requirements. The following guide helps us to create IAM user account with EC2 administration privileges, the user that we are creating will have full access to EC2 resources. Let’s get started.

     

    1. Login to AWS console and navigate through Services –> All AWS Services –> Administration & Security –> (Identity Access Management) IAM as shown below.

     

    IAM service

     

    2. Goto Users and create a new user,

    iam create new user2

     

    3. Enter the username and download the credentials,( you can create upto 5 users IAM users).

    iam user create3

    4. You will be prompted to download the credentials, this is security keys useful to manage users via S3 uploads etc.

    iam user download credentials

     

    5. Let’s create password for users as shown in the below steps.

     

    iam user create password

    generate password for iam user

    a.  Allow user to reset their own password “check Allow users to change their own password” and Apply policy.password policy iam

    6. You will now be prompted to download the credentials file. The downloaded file will contain the login information of the user that we created. Now, let’s go to Groups and create a Group as shown below.

     

    IAM create new group

     

     

     

     

    iam create new group2

    6. Set permissions for the group, (here I am granting full access to EC2 service we can choose services with respect to our requirement).

    iam grant EC2 group permission

    7. Now, navigate through Users –> siru –> Add users to Group.

     

    iam assign user to groups

    8. Now, you can see that the user is added to required group, we can add user to different groups.

    iam managing user groups

    Now, the user can login and navigate through EC2 services of your account to launch and edit instances on behalf of you.

     

     

    No Comments "

    disable forceful SSL redirection in WHM/cPanel

    January 19th, 2015

    Hello,

    To disable forceful SSL redirection in WHM/cPanel servers edit below lines in file /var/cpanel/cpanel.config

    alwaysredirecttossl=0 
    requiressl=0
    

    and execute the below script for cPanel to reflect the changes.

     /usr/local/cpanel/whostmgr/bin/whostmgr2 -–updatetweaksettings

    Now, you should be able to access the WHM, cPanel and webmail with http port 2086, 2082 and 2095 ports respectively.

    Thank you for viewing helpinlinux.com

     

    keywords: cpanel disable ssl redirect

    No Comments "

    Plesk Nginx Poodle Vulnerability Fix

    November 1st, 2014

    Hello Guys,

     

    I happened to work on a client’s Plesk server running Nginx on frontend, where I was asked to fix the recent Poodle vulnerability. I had difficult time to figure out the fix, and I don’t want others to face the same. Hence, created this post.

     

    Step1: Open the Plesk’s Nginx configuration located at /etc/nginx/plesk.conf.d/server.conf and  edit the ssl_protocols line to the one below.

    ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
    

    Then edit the same ssl_protocols entry on below Plesk configuration updater files,

    /usr/local/psa/admin/conf/templates/default/nginxWebmailPartial.php

    /usr/local/psa/admin/conf/templates/default/nginxDomainVirtualHost.php

    /usr/local/psa/admin/conf/templates/default/nginxDomainVhost.php
    /usr/local/psa/admin/conf/templates/default/domain/nginxDomainVirtualHost.php

     

    and then run the below command.

    Step2:

    [root@pleskNginx1]#/usr/local/psa/admin/bin/httpdmng --reconfigure-all
    [root@pleskNginx1]/etc/init.d/httpd restart

    Thanks for viewing helpinlinux.com

    No Comments "

    Debian 6 Bash Vulnerability

    November 1st, 2014

    Hello guys,

     

    I will now let you know the steps involved to protect your Debian6 system from Bash Vulnerability. To check your system against vulnerability, please use the below command

    root@debian6:~# env 'VAR=() { :;}; echo Bash is vulnerable!' 'FUNCTION()=() { :;}; echo Bash is vulnerable!' bash -c "echo Bash Test"

    If it returns the following output, then your system is vulnerable. You will get the below output

    Bash is vulnerable!
    Bash Test
    

    To fix this we would need to upgrade bash, the default repository won’t have a bash patch, hence we would need to use an additional repositry. Please find the commands below to complete it.

    Step1: Add the below entry to your /etc/apt/sources.list file.

    deb http://ftp.us.debian.org/debian squeeze-lts main non-free contrib
    

     

    Step2: then execute the update commands

    root@debian6:~# apt-get update
    root@debian6:~# apt-get install --only-upgrade bash
    

     

    That’s it, now you can test the server using the same testing command which we used earlier.

     

    root@debian6:~# env 'VAR=() { :;}; echo Bash is vulnerable!' 'FUNCTION()=() { :;}; echo Bash is vulnerable!' bash -c "echo Bash Test"
    Bash Test
    

    That’s it, your Debain6 system is protected from ShellShock vulnerability.

    Reference: http://unix.stackexchange.com/questions/157805/bash-vulnerability-cve-2014-6271-shellshock-fix-on-debian-squeeze

    No Comments "

    How to backup multiple databases using percona

    October 8th, 2014

    Hello all,

     

    I checked over the internet and I couldn’t find a possible script to backup multiple databases using percona backup tool. Hence, I wrote it myself. The below script will help us to backup at most 3 databases by providing database names as command line argument the backups will be placed at /disk4(you can change to any folder name that you prefer).

     

    Percona

    #!/bin/bash
    #!/bin/bash
    echo $#
    if [ $# -gt 0 ]
    then
     echo "number of arguments given is $#"
     /usr/bin/innobackupex --include="^$1" /disk4
       if [ $# -gt 1 ]
       then
         echo "number of arguments given is $#"
         /usr/bin/innobackupex  --include="^$2" /disk4
          if [ $# -gt 2 ]
           then
            echo "number of arguments given is $#"
             /usr/bin/innobackupex --include="^$3" /disk4
          fi
       fi
    fi
    

    save the above script into a file and execute it using the following syntax.

    [user@localhost] # sh perconabackupscript.sh database1 database2 database3
    

    No Comments "

    deny access to .bash_profile .bashrc .bash_history apache

    October 7th, 2014

    Hello all,

    You would have come across a situation where you had pointed the website to user’s home directory, where the user’s default files like .bash_profile .bashrc .bash_logout and .bash_history will be accessible from browser, which is a security drawback. We can deny access to those files by adding the below configuration file either in main httpd.conf file or virtualhost configuration just below DocumentRoot directive for the respective domains. This will deny access to web clients from viewing the contents of any filename that starts with .bash

      
           <Files ~ "^\.bash">
                Order allow,deny
                Deny from all
                Satisfy All
           </Files>
    
    

    Thanks for viewing http://helpinlinux.com

    No Comments "