Thursday, 21 February 2008

Setting up a subversion server Redhat CentOS

First some useful reference links:

http://www.tgharold.com/techblog/labels/SubVersion.shtml
http://www.daniel-skinner.co.uk/setup-subversion-and-trac-on-centos-5/06/01/2008
http://www.subversionary.org/howto/setting-up-a-server-on-fedora-core-4

Sunday, 17 February 2008

A Script to do the plesk directory permisson setup

I have previously posted about changes to the plesk httpdocs directory to get it to work well with Joomla. This is a little bash script I knocked up to do the job. Just pass the username as param 1


#!/bin/bash

# First check that this is a valid username
grep "^${1}:" /etc/passwd > /dev/null 2>&1
if [ "$?" -ne "0" ]; then
echo "Sorry, cannot find user ${1} in /etc/passwd or you didn't supply a username"
echo "Usage: ${0} "

exit 1
fi

userdir=`grep "^${1}:" /etc/passwd | cut -d: -f6`

if [ -d ${userdir} ] ; then
echo "Changing to directory ${userdir}"
cd ${userdir} && chown -R ${1}:psacln httpdocs && chmod -R g+w httpdocs && find httpdocs -type d -exec chmod g+s {} \; && /etc/init.d/httpd reload
fi

Saturday, 16 February 2008

Monitoring all apache virtual hosts on plesk with logwatch

The standard Plesk install has logwatch setup to just monitor the default httpd log, i.e /var/www/httpd/*

This is miss most things as the log file output of all the virtual hosts are not parsed. So I made a little bash script to create a load of new logwatch conf files to parse all my virtual host logfiles too. You will need to run this script each time a new domain is created. A know there is a Plesk way to run custom scripts on events, but I'll leave that for another day.


#!/bin/bash

##
## Script to create conf files and script links on a Plesk
## server that monitor all the apache log files
##
## Visit blog.surgeons.org.uk for updates

## Location of the virtual hosts directories
vhost_root=/var/www/vhosts/

## Various logwatch directories
dir_services="/etc/logwatch/conf/services"
dir_logfiles="/etc/logwatch/conf/logfiles"
dir_scripts="/etc/logwatch/scripts/services"
http_script="/usr/share/logwatch/scripts/services/http"

## Now iter over each directory
for domain in $( ls -Ichroot -Idefault $vhost_root ); do
if [ -d "${vhost_root}${domain}" ]
then
echo "Making services logwatch enteries for ${domain}"
domain_us=`echo $domain | tr . _`
(
cat <<-END_OF_SERVICES_CONF

###########################################################################
# Configuration file for $domain http filter
# See blog.surgeons.org.uk for updates ###########################################################################
Title = "httpd - $domain"

# Which logfile group...
LogFile = http_$domain_us
END_OF_SERVICES_CONF ) > ${dir_services}/http_${domain_us}.conf


echo "Making logfiles logwatch entries for ${domain}"
(
cat <<-END_OF_LOGFILES_CONF
########################################################
# Define log file group for http_$domain_us
# See blog.surgeons.org.uk for updates
#######################################################
LogFile = /var/www/vhosts/$domain/statistics/logs/access_log
LogFile = /var/www/vhosts/$domain/statistics/logs/access_log.processed
LogFile = /var/www/vhosts/$domain/statistics/logs/access_ssl_log
LogFile = /var/www/vhosts/$domain/statistics/logs/access_ssl_log.processed

# If the archives are searched, here is one or more line
# (optionally containing wildcards) that tell where they are...
# If you use a "-" in naming add that as well -mgt

Archive = /var/www/vhosts/$domain/statistics/logs/access_log.processed.?.gz
Archive = /var/www/vhosts/$domain/statistics/logs/access_ssl__log.processed.?.gz

# Expand the repeats (actually just removes them now)
*ExpandRepeats

# Keep only the lines in the proper date range...
*ApplyhttpDate
END_OF_LOGFILES_CONF ) > ${dir_logfiles}/http_${domain_us}.conf


## Make the script links
echo "Creating script link for ${domain}"
ln -s ${http_script} ${dir_scripts}/http_${domain_us}

fi

done

Friday, 15 February 2008

Wednesday, 13 February 2008

Disabling mod_security 2 for individual directories

I ran into some trouble with mod_security falsely blocking my joomla administrator pages.

The old method of disabling mod_security by placing a SecFilterEngine Off SecFilterScanPOST Off in a .htaccess doesn't work anymore. This doesn't seem to be clear in the docs and I only found this info in a mod-sec mailing post.

So the rules now need to go directly into the apache conf files.

I have most sites hosted on a plesk server. In plesk you can add to the virtual host config inside a vhost.conf file found in "/var/www/vhosts/<domain.com>/conf/vhost.conf".
Create or edit this file and enter:

<location "/" >
SecRuleEngine Off
</location>


Apply the vhost changes if a new vhost file with:
/usr/local/psa/admin/bin/websrvmng -v -a

And reload the httpd server with:
service httpd restart

Better still disable specific rules with
SecRuleRemoveById _rule_id_

Instead of the sledgehammer SecRuleEngine Off

Tuesday, 12 February 2008

Joomla installation on Plesk server, getting permissions right

Installing Joomla on a Plesk server has it's problems with permissions. I think this gives a nice solution. The original inspiration comes from the rackerhacker article.



The steps are:



  1. Add the ‘apache’ user to the ‘psacln’ group by editing /etc/group

    i.e. psacln:x:_hidden(dont actually change this field!)_:apache


  2. Change the current directory permissions with:

    cd /home/httpd/vhosts/[domain.com]
    chown -R [username]:psacln httpdocs
    chmod -R g+w httpdocs
    find httpdocs -type d -exec chmod g+s {} \;

    This set the setuid bit on each of the directories


  3. Reload the apache settings with /etc/init.d/httpd reload


  4. If you are using proftp to upload files or the new joomla 1.5 ftp layer then change the umask for proftpd by editing ‘/etc/proftpd.conf’ to read Umask 002


  5. Otherwise change the umask that php uses. The easiest, but I guess least elegant way is to add the line <?php umask (0002); ?> to the top of the administrator template index.php file. In Joomla 1.5 this is "administrator/templates/khepri/index.php"

Monday, 4 February 2008

Three cheers for vodafone, 3G on linux


I have to say three cheers to vodafone. I have previously posted about not being able to use my 3G USB modem with Ubuntu. Well vodafone do offer a GUI that works under linux for connecting using their 3G USB modem.

The file can be downloaded from vodafone's open source development site
Choose the .deb package for Ubuntu and it works like a dream!! The USB modem is automatically detected and all that is needed is the connection settings for the UK. So enter username=web, password=web and apn=internet

Well done to vodafone.