Blog Archives

mod_access.so missing in apache 2.2.19? Check This!

Hi there admins,

Today I spend an hour figuring out why the “Order” directive in apache 2.2.19 resulted in errors.

Knowing that “Order” was previously provided by “mod_access.so” i started my quest in figuring out why that module was missing. What did i find?

Mod_access was renamed or recompiled to “mod_authz_host.so”.
as described here…

http://httpd.apache.org/docs/2.2/mod/mod_authz_host.html

after adding the module again it worked like a bliss 🙂

Howto compile apache 2.2.x?, heres a hint 🙂

./configure --prefix=/u01/proxy/ #Where to install?\
--enable-ssl=shared \
--enable-proxy=shared \
--enable-proxy-connect=shared \
--enable-proxy-ftp=shared \
--enable-proxy-http=shared \
--enable-proxy-ajp=shared \
--enable-proxy-balancer=shared \
--enable-cache=shared \
--enable-file-cache=shared \
--enable-mem-cache=shared \
--enable-disk-cache=shared \
--enable-deflate=shared \
--enable-http=shared \
--enable-dav=shared \
--enable-vhost-alias=shared \
--enable-rewrite=shared \
--enable-so=shared \
--with-ssl=/usr/bin/openssl > ./reviewlog.txt
make >> ./reviewlog.txt
make install >> ./reviewlog.txt
make clean

http://httpd.apache.org/docs/2.2/new_features_2_2.html#module

Advertisements

RHEL5 init script for tomcat catalina

I have written an init script for Tomcat Catalina running in RHEL version 5. I have tested this script using Oracle Enterprise Linux 5.5 Carthage. The script should comply to the init standards defined for RedHat Enterprise Linux using the INIT Functions lib.

The script also alows the use of chkconfig eventhough you might want to alter the used priorities (56 10)

#!/bin/sh
#
# "$Id: catalina ,v 1.0 2010/08/10 Chris_g Exp $"
#
#   Startup/shutdown script for tomcat(Catalina) Application server.
#
#   Linux chkconfig stuff:
#
#   chkconfig: 2345 56 10
#   description: Startup/shutdown script for the tomcat application server.
######

# Source function library.
######
. /etc/init.d/functions

# Define where the catalina.sh script is located.
######
CATALINA_BIN='/u01/tomcat/bin/catalina.sh 1> /dev/null';

# Find the catalina process using ps / awk.
# The match function will return 0 when no match is found with the string "java".
# Position $9 should contain the path to the Java executable used by catalina.
######
PROC=`ps -efc | grep apache.catalina | awk 'BEGIN { FS=" "}; { if( match($9, "java") != 0 ) print $9;}'`

# Replace a potential empty string with a fake process so the RH daemon functions are able to parse
# it properly
######
if [[ "$PROC" == '' ]]; then
    PROC='Tomcat_JVM';
fi

# Define the application name that is listed in the daemonize step.
PROG='Tomcat JVM';

# LOCKFILE
LOCK='/var/lock/subsys/tomcat';

start () {
        echo -n $"Starting $PROG: "

        # start daemon
        daemon $CATALINA_BIN start
        RETVAL=$?
        echo
        [ $RETVAL = 0 ] && touch $LOCK
        return $RETVAL
}

stop () {
        # stop daemon
        echo -n $"Stopping $PROG: "
        killproc $PROC
        RETVAL=$?
        echo
        [ $RETVAL = 0 ] && rm -f $LOCK
}

restart() {
        stop
        start
}

case $1 in
        start)
                start
        ;;
        stop)
                stop
        ;;
        restart)
                restart
        ;;
        status)
                status $PROC
                RETVAL=$?
        ;;
        *)

        echo $"Usage: $prog {start|stop|restart|status}"
        exit 3
esac

exit $RETVAL

# INSTALL
1. Touch a new tomcat file in your init directory.
>touch /etc/init.d/tomcat
2. Copy paste the code above into this file using vi
vi /etc/init.d/tomcat
(putty users)
press the insert button (this should put vi in insert mode)
Alter the tomcat catalina.sh path and copy the altered code to your clipboard and paste it into putty using a richt mouse click.
press esc (this should get you out of insert mode)
next press ” shift + : “, “w”, “enter” (this should save the file)
3. If catalina.sh was able to start tomcat (all vars/java configured) then now the tomcat script should be able to handle the startup.
4. If catalina was allready running, try;

     service tomcat status
     This should allready give a result equal to;
     java (pid 14389) is running…

5. Add tomcat to the chkconfig for automatic startup
     chkconfig –level 2345 tomcat on

Hope this helps 😉

Fixing the monitoring hosts > hosts view in centreon 2.1.4

When opening the Monitoring > Hosts > Hosts view to view all the available and configured hosts in Centreon 2.1.4 you will get a blank result. This happens because there is a coding error in the following file.

/usr/local/centreon/www/include/monitoring/status/Hosts/xml/hostXML.php on line 249

To correct it you need to add a else statement to the if, elseif validation that happens there. So open the file listed above using your fav. editor (vim in my case)

vim /usr/local/centreon/www/include/monitoring/status/Hosts/xml/hostXML.php

Version 2.1.4

Skip to line 249 typing ” :249 ” followed by an enter stroke.
On that line there should be something like;

if (($ndo["last_hard_state_change"] > 0) && ($ndo["last_hard_state_change"] >= $ndo["last_state_change"]))
                        $hard_duration = Duration::toString(time() - $ndo["last_hard_state_change"]);
                else if ($ndo["last_hard_state_change"] > 0)
                        $hard_duration = " N/A ";

Change it to this by adding the part starting from “else”.

if (($ndo["last_hard_state_change"] > 0) && ($ndo["last_hard_state_change"] >= $ndo["last_state_change"]))
                        $hard_duration = Duration::toString(time() - $ndo["last_hard_state_change"]);
                else if ($ndo["last_hard_state_change"] > 0)
                        $hard_duration = " N/A ";
                else
                        $hard_duration = " unknown ";

Version 2.1.8

Goto rule 272 in the same file and locate this piece of code:

if (($ndo["last_hard_state_change"] > 0) && ($ndo["last_hard_state_change"] >= $ndo["last_state_change"]))
                        $hard_duration = Duration::toString(time() - $ndo["last_hard_state_change"]);
                else if ($ndo["last_hard_state_change"] > 0)
                        $hard_duration = " N/A ";

Add the following to make it work.

if (($ndo["last_hard_state_change"] > 0) && ($ndo["last_hard_state_change"] >= $ndo["last_state_change"]))
                        $hard_duration = Duration::toString(time() - $ndo["last_hard_state_change"]);
                else if ($ndo["last_hard_state_change"] > 0)
                        $hard_duration = " N/A ";
                else
                        $hard_duration = "N/A";

This same rule is responsible for the following errors in your apache error_log.

PHP Notice: Undefined variable: hard_duration in /usr/local/centreon/www/include/monitoring/status/Hosts/xml/hostXML.php on line 271, referer: http://centreon.amis.nl/centreon/main.php?p=20102&o=h

This change should fix it for ya.

Grtz, Chris.

Enabling mod_security under Apache 2.x for windows.

some might allready know the mod_security for apache and some might have never heard of it. Well mod_security is in effect an application firewall running on apache, able to protect the applications running on that apache server.

In this example I will guide you through the process of enabling mod_security on an windows apache 2.x server.

First of all, download the precompiled package containing the mod_security2.so module for apache. I might go through the process of how-to compile it… But hell, steffen allready did this for you guys and is offering the package on his site Do make a donation if you think his work is worth while (it realy is^^) and keep this linkto the package available.

If you downloaded the package unpack it in an directory called “mod_security2” inside the location where your apache modules are saved. By default this is something like

C:\program files\apache foundation\apache 2.x\modules\

When you are finished unpacking the mod_security package in the destined directory its time to make some other preps on the server. Its futile that the following stuff is present on the machine before you are able to use mod_security.

1. libxml2.dll should be present in the same directory as the mod_security2.so apache module file.
2. Microsoft Visual C++ 2008 Redistributable Package should be installed on the machine running the apache instance. If this is not the case the package can be installed from this location.

Next its time to hack the httpd.conf file located in the /conf/ directory within the apache root.

C:\program files\apache foundation\apache 2.x\conf\httpd.conf

Add the following to enable the module.

#Uncomment the following rule be removing the # char.
LoadModule unique_id_module modules/mod_unique_id.so
#Add the following rule to load the security module.
LoadModule security2_module modules/mod_security2/mod_security2.so

Next it would be a wise thing reading the documentation on how to configure mod_security. Maybe I will add some examples in the near future. One quick and dirty way to start might be.

<IfModule security2_module>
SecRuleEngine On
SecAuditLogType Serial
SecAuditLog /logs/mod_security.log
#add some security rule (logging in our case on requests)
SecDataDir c:/seclogs/state
#Base our logging on visiting IP addresses.
SecAction initcol:ip=%{REMOTE_ADDR},nolog,pass
# Increase some IP collection on filtered hits (the remote requests)
SecRule REQUEST_FILENAME “/cgi-bin/phf” pass,setvar:ip.score=+10
SecRule REQUEST_FILENAME “cmd.exe” pass,setvar:ip.score=+10
SecRule REQUEST_FILENAME “apex_admin” pass,setvar:ip.score=+5
SecRule REQUEST_FILENAME “httpd.conf” pass,setvar:ip.score=+5
SecRule REQUEST_FILENAME “server.xml” pass,setvar:ip.score=+5
SecRule REQUEST_METHOD “TRACE” pass,setvar:ip.score=+5
#Evalutate these scores
SecRule IP:SCORE “@ge 50”
</ifmodule>

Well this should work allready. Yea i know there is no use protecting some server.xml if there isnt an proxy setting to some application server like tomcat. But then again this is just one of those examples 😉

Rgrds, and good luck…