Linux

Server Administration

Successful SU For Nobody By Root?

Successful su for nobody by root?

If you are looking through you auth log files you may notice entries saying “session opened for user nobody”. What could this mean and is your server being compromised?

Feb 23 06:25:02 the-cave su[16451]: Successful su for nobody by root
Feb 23 06:25:02 the-cave su[16451]: + ??? root:nobody
Feb 23 06:25:02 the-cave su[16451]: pam_unix(su:session): session opened for user nobody by (uid=0)
Feb 23 06:25:02 the-cave su[16451]: pam_unix(su:session): session closed for user nobody
Feb 23 06:25:02 the-cave su[16453]: Successful su for nobody by root
Feb 23 06:25:02 the-cave su[16453]: + ??? root:nobody
Feb 23 06:25:02 the-cave su[16453]: pam_unix(su:session): session opened for user nobody by (uid=0)
Feb 23 06:25:03 the-cave su[16453]: pam_unix(su:session): session closed for user nobody

Session Opened For User Nobody

Any services that run as a daemon on the server need to be run by a user. Nobody is a system user that is used to run various services. Apache, MySQL, cron and other services will but run as the user nobody.

How Is It Initiated

When one of these services need to run a task, that task will be initiated and the process is then passed to user nobody which then completed the process.

Logrotate Set File Permissions

Overview

If you have ever wondered why your log files randomly change permissions each night. Logrotate could be up to its tricks. Similar to the other article I published on Why is apache randomly restarting which explains why logrotate could be causing apache to restart randomly.

Logrotate Set File Permissions

Each time logrotate runs its course, it will compress, rename and remove older files. Remember that a rename is essentially just a ‘move’ operation. This causes some of your log files to no longer exist (since then have been compressed and renamed). Luckily logrotate will attempt to recreate these files and will set some permissions for it.

Post Rotate

Once the logs are rotated, logrotate will execute any commands set in the post rotate part of the script. For example, my logrotate apache config tells it to restart apache.
It restarts apache so apache can recreates any missing log files. Then the permissions that the newly created log files get are determined by the config file for logrotate.

Example Logrotate Apache Config

/var/www/*/logs/*.log {
        weekly
        missingok
        rotate 52
        compress
        delaycompress
        notifempty
        create 640 root adm
        sharedscripts
        postrotate
                /etc/init.d/apache2 reload > /dev/null
        endscript
}

Choosing The Log Permissions

Edit the logrotate apache file which under Debian is usually found under:

vi /etc/logrotate.d/apache2

Inside this file and most logrotate config files, you will see an entry like this

create 640 root adm

This basically tells logrotate to create any missing files, with the permissions of 640 (640 being the standard unix permisson bits) and root as the user with adm as the group.

Simple as that!

Why is Apache Restarting Randomly

Overview

If your apache seems to restart randomly, it can be confusing and difficult to find the issue. I noticed apache on one of my servers was restarting at what seemed like random times.

Why is Apache Restarting Randomly

In my case, Logrotate was to blame and was the cause of the issue. Each time logrotate runs, it will compress, rename and recreate your log file. Furthermore, while rotating your logs it will also remove older logs. Similar to the follow up of this article explaining how to permissions for files that that logrotate creates.

Since the logs files are renamed, it will result in some of your log files to be ‘missing’ since a rename is essentially a ‘move’ operation.

Time To Recreate Apache Log Files

Now that the log files have been renamed, it will recreate the log files. Once the new log files have been created, apache needs to restart so apache can a file pointer to the newly created log files. Logrotate will achieve this by restarting apache, at which point apache will recreate the missing log files.

Example Apache Log Rotate

Here is an example of a logroate apache config. See the section on ‘postrotate’, this is the reason it is restarting apache after each log rotate.

/var/www/*/logs/*.log {
        weekly
        missingok
        rotate 52
        compress
        delaycompress
        notifempty
        create 640 root adm
        sharedscripts
        postrotate
                /etc/init.d/apache2 reload > /dev/null
        endscript
}

Manually Override DNS -Window, Linux and Mac Examples

Overview

First off, let me explain what a DNS Entry is in order for us to understand why we would need to override it. Basically a DNS entry is a record or entry that tells us what ip address is of a domain will point to. Such as an example (not actual) IP of 66.12.23.124 could point to a domain such as www.example.com.

Say perhaps we are updating a DNS entry and as the nature of DNS would have it, sometimes it will take up to 48 hours for the DNS to propagate through the Internet. Or perhaps we don’t want to update a DNS record which could affect everyone but rather just change a record for ourselves, locally. In these case, we can manually override the DNS change which will only reflect on our local machine. Below I will show you how to achieve this on Windows, Linux and Mac.

Manually Override DNS on Windows

Open up the hosts file located under “C:\Windows\System32\etc\drivers\“. In there you will see the IP address in the left column and a space separated list of domains to the right. The below example will set the 3 domains of www.example.com, anotherdomain.example.com and lastdomain.com to the IP address of 10.0.0.1.

10.0.0.1 www.example.com anotherdomain.example.com lastdomain.com

Manually Override DNS on Linux

vi the hosts file which is located under /etc/hosts. Add in a line below the last entry in the same fashion as you would for windows. For example if you wanted to change the ip address for the domain www.example.com to point to 192.168.0.20 you would enter:

10.0.0.1 www.example.com anotherdomain.example.com lastdomain.com

Manually Override DNS DNS on Mac

Mac is the same as the above linux example. Simply edit the hosts file under /etc/hosts and add in the entries as needed. So again, you could enter something such as:

172.10.1.5 www.anydomain.com

Manually Override DNS Using IPV6

You don’t always have to use a standard IPV4 as the IP address. You can also use IPV6 and enter it into any of the hosts files like so:

fe80::1%lo0 localhost

And that is all there is in Manually Override DNS in windows, linux and mac.

Using Curl As A Wget For Mac Replacement

Overview

I was trying to download a file on my Mac and realised that there is no wget for Mac. Since I consistently use wget I decided to find a way to get wget for mac. I found a quick way to create an fake wget command by creating an alias of curl. By creating the alias, I am able to call ‘wget’ and it will invoke curl -O in the background and download the file just as wget would have. This is a quick way to get wget for Mac.

Using Curl As A Wget For Mac Replacement

In order to create an alias of `wget` that will simply run the command curl -O I ran the command below:

echo 'alias wget="curl -O"' >> ~/.bash_profile

Now when i type ‘wget http://www.example.com’ it will download the url as you would expect from wget. As mentioned before, in the background it will be invoking curl to download the file. So when I run `wget`, it is actually executing curl -O to download the file as we won’t even notice the difference. Well maybe a small difference. But the end result is the same and your file is downloaded.

Example Using The Replacement wget For Mac

wget http://www.example.com/helloworld.html

The -O option to curl tells curl to save the URL as a file rather than displaying the source.

And that is all there is to it.

Why Unix Timestamp Is Useful

Overview

Unix timestamps are a way or storing a specific date and time. Unix timestamps are a 10 digit number that represents the number of seconds that have passed since midnight Universal Co-ordinated Time (UTC) of January 1st, 1970.

What makes timestamps ever so useful is that since timestamps are recorded as of UTC (or GMT) a single time stamp can be used to to represent all time zones. Once you have your timezone, the unixtime stamp will adjust the time accordingly. For example, a unix timestamp of 1304951846 can represent 10th May at 0:37 AM in London, but it would also represent 10th May at 10:37 AM in Brisbane/Australia.

Why Unix Timestamp Is Useful

How can this be useful? Just think, users can see dates and times on your website relative to their own timezone, rather than the timezone of the server the website is being run on. Being a web developer, I am forever finding myself storing dates do be displayed back to the user. It may be a date a user last logged into a program or website, perhaps even a date that a user posted an article such as this to a website. Once we store a specific timestamp, we can display the time and date to users but also in the correct relevant timezone. On top of which, timestamps are easy to use, and many languages support them.

Online Timestamp Converter

There are online unix timestamp generators to convert to and from unix time stamps such as the one found here.

PHP can convert a timestamp to a human readable format by using the date() function and likewise using strtotime() and mktime() to convert a natural language string to a unixtime stamp to be stored. Short examples are:

PHP Timestamp Example

<?php

/* convert unixtime stamp to human time */
echo date('d F Y H:i:a',1304951846); // would display a time of 10 May 2011 00:37:am

/* convert to a unix time stamp */
echo strtotime('+1 Year'); // would return the timestamp of 1 year from today
echo mktime($hour,$min,$sec,$month,$day,$year); // echo a timestamp specified by the variables

?>

MySQL Timestamp Example

MySQL uses the syntax FROM_UNIXTIME to convert data to a human readable format for example:

SELECT *,FROM_UNIXTIME(timestamp_column) FROM `table`;

Free Online Unix Timestamp Converter

Generate your own unix timestamp online using an Online Unix Timestamp generator.

Convert Unix Time Online Website

Overview

After discovering exactly what timestamps are and how much they can simplify storing dates and time, I often find myself using unix timestamps more often than not. If you are new to timestamps, take a look at this article and see what timestamps are and how they are useful.

Unix timestamps are great and I can’t live without them but the issue with timestamps is that a timestamp is simply a 10 digit number (e.g. 1307405403).

Convert Unix Time Online Website

I have created a website that allows me to quickly convert a unix timestamp online to an easy to read date as well as being able to convert a date back into a timestamp. It has helped me out tremendously which is why I have now made this tool available for the rest of the community to use and I hope that it makes other people’s life easier.

There are also article on that site which demonstrate Real World Usage Examples Of Timestamps as well as giving you Interesting Facts About Timestamps.

Read more…

Online DNS Dig Website

Overview

For those people who find themselves playing around with DNS setups from time to time will more than likely have worked with or at least heard of the command `DIG`.

For those who don’t know what DIG is or think of it as the necessary first step to hiding a body, will be surprised to know that DIG is a command that is used to directly query a DNS server to find out specific information about a domain name or sub domain. This can be useful when you are trying to setup a new domain or simply check if a sub domain already exists.

Further to this, you can check many types of records such as mail records (used in creating a mail server), CNAME records (points one domain name to another domain name) and most commonly is the A record (domain pointing to an IP address).

Online DNS Dig Website

Now there are times when I don’t have access to my Linux machine or perhaps to lazy to try remember 32 bit password i seem to create and couldn’t get access to the normal dig tool. Here is what lead me to create a website that would allow me to easily perform a dns look up and execute a web based dns dig online. Simply enter the domain you are querying, the type of record to look up and optionally enter the dns server and off you go.

Check Out The Online DNS Dig Tool

You too can use the site by clicking here. Please note that this site is still in it’s early release and may perform unexpectedly.

Read more…

Export Proxy Username Password Linux

Overview

If you are wondering how you can tell your Linux applications to use a proxy, then you have found the right article and as you will find out, it is surprisingly simple. After you set the proxy in linux, any applications such as wget, lynx and ftp will then be redirected through the proxy.
There are two settings you can make. One for web (http_proxy) and the other is ftp (ftp_proxy). We do this by setting each one in our environment variable.

Setup Proxy in Linux

Here is the most basic setup below. It will set an environment variable called http_proxy and ftp_proxy which will cause all your applications to redirect through the proxy.

export http_proxy='http://example.com'
export ftp_proxy='ftp://example.com'

Export Proxy Username Password Linux

Here we set the username and password for the proxy by passing it before the domain and seperate with a colon.

export http_proxy='http://user:password@example.com'
export ftp_proxy='ftp://user:password@example.com'

Set A Different Port To Use With The Proxy

Your proxy can run on a different port, so to select an alternate port, you can pass the port number after the domain. Below we select 8080 as the port for our proxy.

export http_proxy='http://example.com:8080'
export ftp_proxy='http://example.com:8080'

Make Linux Proxy Export Permanent

Something to be aware of, is that setting this environment variable only makes it available until you log out. If you would like to make the export proxy setting permanent, then add any of the lines above to your .bashrc or .profile file in your home directory which is found under /home/yourfolder/.bashrc or /home/yourfolder/.profile or ~/.bashrc or ~/.profile (since ~ is just a shortcut to your home directory). Now each time you login, it will automatically set this environment variable for you but not any other users.

Set Proxy For All Users

In order to setup the proxy for all users on your Linux system, you need to set the export the environment variable to all users when they login by adding a line to /etc/bash.bashrc. Now when any user logs in, they will automatically have the proxy setup for them.

Running PHP Script From Cron

Overview

Cron is a job based scheduler used in Unix type operating systems. It allows you to schedule tasks to be run at given intervals such as scheduling a php script to run weekly, every second day, hourly, every 3 minutes, weekends, and so on.
In this article, I will show how easy it is in running a php script from cron. It will also show you how you can run a php script via a url using wget.

Running PHP Script From Cron

I will show you 3 ways on running php script from cron which are:

  1. Running php script via command line in cron
  2. Running php script via php5-cgi in cron
  3. Running php script remotely via website url in cron

Running a php script usually requires the php script to have execute permissions set. Running PHP script from cron is usually a matter of specifying the file and as long as the script has execute permissions (i.e. chmod +x) then all should be good. Here are three ways I have found work very well.

Running PHP Script On Command Line From Cron

In order for the script to run correctly you should add the following to your php script. The informs the bash what type of script it is executing.

#!/usr/bin/php
<?php

//.. your code follows here

Next we add the entry into cron.

# you could output to a file by changing /dev/null to /some/file/to/save.log
*/10 * * * * /home/user/scripts/updatesomething.php > /dev/null

Note we didn’t need to execute the script via php (/usr/bin/php /path/to/script.php) since we added the header to the php script.

Running php script via php5-cgi in cron

To execute the php script from cron you need to have php5-cgi installed. You can install this on Debian use “apt-get install php5-cgi” or the equivalent command for your distribution of linux.

# PHP5-CGI: execute the php script every 2 minutes and send output to /dev/null
# you could output to a file by changing /dev/null to /some/file/to/save.txt
*/2* * * * php5-cgi -q /home/user/scripts/parselogs.php > /dev/null

Running php script via website url in cron

And lastly we will use wget from the cron to download a website url and thus, execute the url that the php script is located at. We do this in the cron to allow the url to be downloaded at set times. To use wget, you need to install it wget using “apt-get install wget” or the equivalent command for your distribution of linux.

# wget will visit the url but won't save the file. send it to /dev/null
# this executes the script as if you visited the link in your browser
0 * * * * wget -O /dev/null http://www.example.com/some_cron_script.php

And there we go, your php script will be run by cron on time, every time.