Installing Drupal in Gentoo

So,I have stumbled over a page here ,which basically suggest that the installation was problematic. So I decided to plunge into it to have a crack on it.

My Gentoo system has prohibit me too..here are the interaction with my system:

bhaskar@GentooLinux_13:41:15_Thu Feb 09:~> sudo emerge -av drupal

These are the packages that would be merged, in order:

Calculating dependencies... done!

!!! All ebuilds that could satisfy "drupal" have been masked.
!!! One of the following masked packages is required to complete your request:
dev-lang/php pdo gd mysql mysqli xml
- www-apps/drupal-7.12::gentoo (masked by: ~x86 keyword)
- www-apps/drupal-7.10::gentoo (masked by: ~x86 keyword)
- www-apps/drupal-6.24::gentoo (masked by: ~x86 keyword)
- www-apps/drupal-6.22::gentoo (masked by: ~x86 keyword)
- www-apps/drupal-5.23::gentoo (masked by: ~x86 keyword)

For more information, see the MASKED PACKAGES section in the emerge
man page or refer to the Gentoo Handbook.


bhaskar@GentooLinux_13:41:39_Thu Feb 09:~> sudo vim /etc/portage/package.keywords/druapl.keywords


bhaskar@GentooLinux_13:44:54_Thu Feb 09:~> sudo emerge -av drupal

These are the packages that would be merged, in order:
dev-lang/php pdo gd mysql mysqli xml apache2

Calculating dependencies... done!

emerge: there are no ebuilds built with USE flags to satisfy "dev-lang/php[pdo,postgres?,sqlite?,xml]".
!!! One of the following packages is required to complete your request:
- dev-lang/php-5.3.9::gentoo (Change USE: +pdo)
(dependency required by "www-apps/drupal-7.12" [ebuild])
(dependency required by "drupal" [argument])


bhaskar@GentooLinux_14:02:29_Thu Feb 09:~> sudo vim /etc/portage/package.use/php.use


bhaskar@GentooLinux_14:04:01_Thu Feb 09:~> sudo emerge -av drupal

These are the packages that would be merged, in order:

Calculating dependencies... done!

emerge: there are no ebuilds built with USE flags to satisfy "=dev-lang/php-5.3*[apache2]".
!!! One of the following packages is required to complete your request:
- dev-lang/php-5.3.9::gentoo (Change USE: +apache2)
(dependency required by "virtual/httpd-php-5.3" [ebuild])
(dependency required by "www-apps/drupal-7.12" [ebuild])
(dependency required by "drupal" [argument])


bhaskar@GentooLinux_14:04:27_Thu Feb 09:~> sudo emerge -av drupal

These are the packages that would be merged, in order:

Calculating dependencies... done!
[ebuild N ] dev-libs/oniguruma-5.9.2 528 kB
[ebuild N ] app-admin/webapp-config-1.50.16-r1 102 kB
[ebuild N ] dev-libs/libmcrypt-2.5.8-r2 1,304 kB
[ebuild N ] app-admin/eselect-php-0.6.2 2 kB
[ebuild N ] media-libs/t1lib-5.1.2 USE="X -doc -static-libs" 1,829 kB
[ebuild N ] virtual/httpd-cgi-0 0 kB
[ebuild N ] app-text/aspell-0.60.6.1 USE="nls" LINGUAS="-af -be -bg -br -ca -cs -cy -da -de -el -en -eo -es -et -fi -fo -fr -ga -gl -he -hr -is -it -la -lt -nl -no -pl -pt -pt_BR -ro -ru -sk -sl -sr -sv -uk -vi" 1,835 kB
[ebuild N ] app-dicts/aspell-en-6.0.0 179 kB
[ebuild N ] dev-lang/php-5.3.9 USE="apache2 berkdb bzip2 cli crypt ctype exif fileinfo filter gd gdbm hash iconv ipv6 json ldap mysql mysqli nls pdo phar posix readline session simplexml spell ssl tokenizer truetype unicode xml zlib -bcmath -calendar -cdb -cgi -cjk -curl -curlwrappers -debug -doc -embed -enchant -firebird -flatfile -fpm -frontbase -ftp -gmp -imap -inifile -intl -iodbc -kerberos -kolab -ldap-sasl -libedit -mhash -mssql -mysqlnd -oci8-instant-client -odbc -pcntl -pic -postgres -qdbm -recode -sharedmem -snmp -soap -sockets -sqlite -sqlite3 -suhosin -sybase-ct -sysvipc -threads -tidy -wddx -xmlreader -xmlrpc -xmlwriter -xpm -xsl -zip" 11,438 kB
[ebuild N ] virtual/httpd-php-5.3 0 kB
[ebuild N ~] www-apps/drupal-7.12 USE="mysql -postgres -sqlite -vhosts" 3,017 kB

Total: 11 packages (11 new), Size of downloads: 20,229 kB

Would you like to merge these packages? [Yes/No] y

On the process to get it into my system I have added it keywords file and made some flags to add with the php .

First I have added a file drupal.keywords in /etc/portage/package.keywords and the content of the file look like this :


www-apps/drupal ~x86
~

Then, I have added another file as php.use in /etc/portage/package.use and the content of the file is like this :


dev-lang/php pdo gd mysql mysqli xml apache2

Look at the flags I have added to emerge php to integrate with others.Then I started to emerge the drupal.

Once the emerge complete; it look like below:

* Messages for package dev-lang/php-5.3.9:

* Installing php.ini for cli into /etc/php/cli-php5.3
*
* Installing php.ini for apache2 into /etc/php/apache2-php5.3
*
* Make sure that PHP_TARGETS in /etc/make.conf includes php5-3 in order
* to compile extensions for the 5.3 ABI
*
*
* This ebuild installed a version of php.ini based on php.ini-development version.
* You can chose which version of php.ini to install by default by setting PHP_INI_VERSION to either
* 'production' or 'development' in /etc/make.conf
* Both versions of php.ini can be found in /usr/share/doc/php-5.3.9
*
* For more details on how minor version slotting works (PHP_TARGETS) please read the upgrade guide:
* http://www.gentoo.org/proj/en/php/php-upgrading.xml
*

* Messages for package www-apps/drupal-7.12:

* (server owned) htdocs/files
* (server owned) htdocs/sites/default
* (server owned) htdocs/sites/default/settings.php
* (config) htdocs/sites/default/settings.php
* (config) htdocs/.htaccess
* (info) /usr/portage/www-apps/drupal/files/postinstall-en.txt (lang: en)
*
* SECURITY NOTICE
* If you plan on using SSL on your Drupal site, please consult the postinstall information:
* # webapp-config --show-postinst drupal 7.12
*
>>> Auto-cleaning packages...

>>> No outdated packages were found on your system.

* Regenerating GNU info directory index...
* Processed 135 info files.

Now we need put the required thing right place like below is way to do it:

bhaskar@GentooLinux_14:52:16_Thu Feb 09:~> sudo webapp-config -I -h GentooLinux.localdomain drupal 7.12
*
* You may be installing into the website's root directory.
* Is this what you meant to do?
*
* Creating required directories
* Linking in required files
* This can take several minutes for larger apps
* Files and directories installed

=================================================================
POST-INSTALL INSTRUCTIONS
=================================================================

You will need to provide a database for your drupal installation.

This assumes you have some knowledge of MySQL, and already have it
installed and configured. If not, please refer to the Gentoo MySQL
guide at the following URL:

http://www.gentoo.org/doc/en/mysql-howto.xml

Once you have a database ready all you need to do is to go to this
location

http://GentooLinux.localdomain//

and provide the credential required for the database access.

SECURITY NOTICE: If you use SSL on your Drupal installation, you
should enable the PHP configuration option 'session.cookie-secure'
to make it harder for attackers to sniff session cookies.

References:
CVE-2008-3661
http://www.php.net/manual/en/session.configuration.php#ini.session.cookie-secure
http://drupal.org/node/315703

After that you can start to use drupal.

=================================================================

* Install completed - success

So, what left? the database..lets do it:


bhaskar@GentooLinux_15:05:43_Thu Feb 09:~> sudo mysql -u root -p
Enter password:
Welcome to the MySQL monitor. Commands end with ; or \g.
Your MySQL connection id is 1
Server version: 5.1.61-log Gentoo Linux mysql-5.1.61

Copyright (c) 2000, 2011, Oracle and/or its affiliates. All rights reserved.

Oracle is a registered trademark of Oracle Corporation and/or its
affiliates. Other names may be trademarks of their respective
owners.

Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.

mysql> show databases;
+--------------------+
| Database |
+--------------------+
| information_schema |
| mysql |
| test |
+--------------------+
3 rows in set (0.02 sec)

mysql> create database drupal;
Query OK, 1 row affected (0.00 sec)

mysql> show databases;
+--------------------+
| Database |
+--------------------+
| information_schema |
| drupal |
| mysql |
| test |
+--------------------+
4 rows in set (0.00 sec)

mysql> use mysql;
Reading table information for completion of table and column names
You can turn off this feature to get a quicker startup with -A

Database changed
mysql> INSERT INTO user (host, user, password, select_priv, insert_priv, update_priv) VALUES ('GentooLinux', 'drupal', PASSWORD('drupal'), 'Y', 'Y', 'Y');
Query OK, 1 row affected, 3 warnings (0.00 sec)

mysql> use drupal;
Database changed
mysql>
mysql> GRANT ALL PRIVILEGES ON drupal.* TO drupal@'%' IDENTIFIED BY 'drupal';
Query OK, 0 rows affected (0.00 sec)

mysql> FLUSH privileges;
Query OK, 0 rows affected (0.00 sec)

We are almost there!! let’s get into the browser for installation:

Now let’s get into the CMS:

Installing Drupal shell a.k.a drush

bhaskar@GentooLinux_20:30:51_Thu Feb 09:~> sudo emerge -av drush
Password:

These are the packages that would be merged, in order:

Calculating dependencies... done!

!!! All ebuilds that could satisfy "drush" have been masked.
!!! One of the following masked packages is required to complete your request:
- app-admin/drush-4.4::gentoo (masked by: ~x86 keyword)

For more information, see the MASKED PACKAGES section in the emerge
man page or refer to the Gentoo Handbook.

Hmmm.. problem..let add the keyword file into the system:

bhaskar@GentooLinux_20:31:04_Thu Feb 09:~> sudo vim /etc/portage/package.keywords/drush.keywords

and the content is this :

app-admin/drush ~x86

Let’s try to merge it into the system:


bhaskar@GentooLinux_20:35:49_Thu Feb 09:~> sudo emerge -av drush

These are the packages that would be merged, in order:

Calculating dependencies... done!
[ebuild N ] dev-php/PEAR-PEAR-1.9.3 289 kB
[ebuild N ] dev-php/PEAR-Structures_Graph-1.0.4 30 kB
[ebuild N ] dev-php/PEAR-Console_Getopt-1.3.1 5 kB
[ebuild N ] dev-php/PEAR-Archive_Tar-1.3.7 18 kB
[ebuild N ] dev-php/PEAR-XML_Util-1.2.1-r2 18 kB
[ebuild N ] dev-php/pear-1.9.3 0 kB
[ebuild N ~] app-admin/drush-4.4 USE="-examples" 248 kB

Total: 7 packages (7 new), Size of downloads: 605 kB

Would you like to merge these packages? [Yes/No] yes

So it installed in the system:

bhaskar@GentooLinux_20:39:15_Thu Feb 09:~> whereis drush
drush: /usr/bin/drush /usr/share/drush

For using drush from the command line look here for my earlier post about it.

Hope this will help.

Cheers!
Bhaskar

Mod_Security and Mod_Evasive implementation and Testing on Scientific Linux

Yep,those two module has to be integrated with Apache running on SL.I am wildly expecting people who read this post at least have an idea what is Apache and what module can do;specifically those two modules can do.Anyway if you are really interested to know more about those two modules I would like to urge you people to please visit Apache’s web site(http://apache.org) and mod_security web site(http://www.modsecurity.org/).One more information I go with the default rule come along with it;you might tweak the rules according to your need.

So here we go without much ado..lets dig in..

Step 1:

bhaskar@Scientific-Linux_10:36:32_Wed Jan 25:~> sudo yum install mod_security
Loaded plugins: refresh-packagekit
Setting up Install Process
Resolving Dependencies
--> Running transaction check
---> Package mod_security.i686 0:2.5.12-2.el6 will be installed
--> Finished Dependency Resolution

Dependencies Resolved

================================================================================================================================================================================================================================
Package Arch Version Repository Size
================================================================================================================================================================================================================================
Installing:
mod_security i686 2.5.12-2.el6 epel 896 k

Transaction Summary
================================================================================================================================================================================================================================
Install 1 Package(s)

Total download size: 896 k
Installed size: 3.3 M
Is this ok [y/N]: y
Downloading Packages:
mod_security-2.5.12-2.el6.i686.rpm | 896 kB 00:02
Running rpm_check_debug
Running Transaction Test
Transaction Test Succeeded
Running Transaction
Installing : mod_security-2.5.12-2.el6.i686 1/1

Installed:
mod_security.i686 0:2.5.12-2.el6

Complete!

Step 2:

Installing mod_evasive


bhaskar@Scientific-Linux_10:38:53_Wed Jan 25:~> sudo yum install mod_evasive
[sudo] password for bhaskar:
Loaded plugins: refresh-packagekit
Setting up Install Process
Resolving Dependencies
--> Running transaction check
---> Package mod_evasive.i686 0:1.10.1-10.el6 will be installed
--> Finished Dependency Resolution

Dependencies Resolved

================================================================================================================================================================================================================================
Package Arch Version Repository Size
================================================================================================================================================================================================================================
Installing:
mod_evasive i686 1.10.1-10.el6 epel 24 k

Transaction Summary
================================================================================================================================================================================================================================
Install 1 Package(s)

Total download size: 24 k
Installed size: 49 k
Is this ok [y/N]: y
Downloading Packages:
mod_evasive-1.10.1-10.el6.i686.rpm | 24 kB 00:00
Running rpm_check_debug
Running Transaction Test
Transaction Test Succeeded
Running Transaction
Installing : mod_evasive-1.10.1-10.el6.i686 1/1

Installed:
mod_evasive.i686 0:1.10.1-10.el6

Complete!

Step 3:

Like this :

bhaskar@Scientific-Linux_11:04:48_Wed Jan 25:~> sudo vim /etc/httpd/conf/httpd.conf
# Mod_evasive implementation

DOSHashTableSize 3097
DOSPageCount 5
DOSSiteCount 100
DOSPageInterval 2
DOSSiteInterval 2
DOSBlockingPeriod 10
DOSBlockingPeriod 600


Step 4:

Restart the httpd server

bhaskar@Scientific-Linux_11:06:09_Wed Jan 25:~> sudo /sbin/service httpd restart
Stopping httpd: [FAILED]
Starting httpd: [ OK ]

It failed in first occassion because it was not running …

Step5:

To test mod_evasive to work or not ..using this perl script to test

#!/usr/bin/perl

# test.pl: small script to test mod_dosevasive's effectiveness

use IO::Socket;
use strict;

for(0..100) {
my($response);
my($SOCKET) = new IO::Socket::INET( Proto => "tcp",
PeerAddr=> "scientific-linux.localdomain:80");
if (! defined $SOCKET) { die $!; }
print $SOCKET "GET /?$_ HTTP/1.0\n\n";
$response = ;
print $response;
close($SOCKET);
}

Step 6:
So installing mod_security and enable the log file here ;

root@Scientific-Linux_11:20:03_Wed Jan 25:/var/log/httpd # ls
access_log error_log modsec_audit.log modsec_debug.log

Step 7:

Mod_security installaton base:

root@Scientific-Linux_11:21:20_Wed Jan 25:/etc/httpd # cd modsecurity.d/

root@Scientific-Linux_11:21:24_Wed Jan 25:/etc/httpd/modsecurity.d # ls

base_rules modsecurity_crs_10_config.conf modsecurity_localrules.conf optional_rules

Step 8:

Here is the two module file we have installed

root@Scientific-Linux_11:24:37_Wed Jan 25:/etc/httpd/conf.d # ls

mod_evasive.conf mod_security.conf README welcome.conf

Step 9:

Here are the rules files ,which can be adjusted according to our need

root@Scientific-Linux_11:38:01_Wed Jan 25:/etc/httpd/modsecurity.d/base_rules # ls
modsecurity_35_bad_robots.data modsecurity_46_et_web_rules.data modsecurity_crs_30_http_policy.conf modsecurity_crs_41_xss_attacks.conf modsecurity_crs_49_inbound_blocking.conf
modsecurity_35_scanners.data modsecurity_50_outbound.data modsecurity_crs_35_bad_robots.conf modsecurity_crs_42_tight_security.conf modsecurity_crs_50_outbound.conf
modsecurity_40_generic_attacks.data modsecurity_50_outbound_malware.data modsecurity_crs_40_generic_attacks.conf modsecurity_crs_45_trojans.conf modsecurity_crs_59_outbound_blocking.conf
modsecurity_41_sql_injection_attacks.data modsecurity_crs_20_protocol_violations.conf modsecurity_crs_41_phpids_converter.conf modsecurity_crs_47_common_exceptions.conf modsecurity_crs_60_correlation.conf
modsecurity_42_comment_spam.data modsecurity_crs_21_protocol_anomalies.conf modsecurity_crs_41_phpids_filters.conf modsecurity_crs_48_local_exceptions.conf
modsecurity_46_et_sql_injection.data modsecurity_crs_23_request_limits.conf modsecurity_crs_41_sql_injection_attacks.conf modsecurity_crs_49_enforcement.conf

Step 10:

While testing I try to access the etc dir of my local machine by url
and I got this on mod_security log

root@Scientific-Linux_12:13:08_Wed Jan 25:/var/log/httpd # tail -f modsec_audit.log
--e39f1539-H--
Message: Pattern match "\/etc\/" at REQUEST_FILENAME. [file "/etc/httpd/modsecurity.d/base_rules/modsecurity_crs_40_generic_attacks.conf"] [line "220"] [id "958700"] [rev "2.0.5"] [msg "Remote File Access Attempt"] [data "/etc/"] [severity "CRITICAL"] [tag "WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"]
Message: Access denied with code 403 (phase 2). [file "/etc/httpd/modsecurity.d/base_rules/modsecurity_crs_49_enforcement.conf"] [line "25"] [msg "Anomaly Score Exceeded (score 20): Remote File Access Attempt"]
Action: Intercepted (phase 2)
Stopwatch: 1327473375901826 18282 (16754 17940 -)
Producer: ModSecurity for Apache/2.5.12 (http://www.modsecurity.org/); core ruleset/2.0.5.
Server: Apache/2.2.15 (Scientific Linux)

--e39f1539-Z--

Step 11:

Another test of it :

root@Scientific-Linux_12:22:37_Wed Jan 25:/var/log/httpd # curl -i http://Scientific-Linux
HTTP/1.1 403 Forbidden
Date: Wed, 25 Jan 2012 06:53:16 GMT
Server: Apache/2.2.15 (Scientific Linux)
Accept-Ranges: bytes
Content-Length: 3822
Connection: close
Content-Type: text/html; charset=UTF-8

Test Page for the Apache HTTP Server on Scientific Linux

/*.content-column-left, .content-columns>.content-column-right {
/* Non-IE/Win */
}
img {
border: 2px solid #fff;
padding: 2px;
margin: 2px;
}
a:hover img {
border: 2px solid #f50;
}
/*]]>*/

Scientific Linux Test Page

This page is used to test the proper operation of the Apache HTTP server after it has been installed. If you can read this page, it means that the Apache HTTP server installed at this site is working properly.


If you are a member of the general public:

The fact that you are seeing this page indicates that the website you just visited is either experiencing problems, or is undergoing routine maintenance.

If you would like to let the administrators of this website know that you've seen this page instead of the page you expected, you should send them e-mail. In general, mail sent to the name "webmaster" and directed to the website's domain should reach the appropriate person.

For example, if you experienced problems while visiting http://www.example.com, you should send e-mail to "webmaster@example.com".

For information on Scientific Linux, please visit the Scientific Linux website.


If you are the website administrator:

You may now add content to the directory /var/www/html/. Note that until you do so, people visiting your website will see this page, and not your content. To prevent this page from ever being used, follow the instructions in the file /etc/httpd/conf.d/welcome.conf.

You are free to use the image below on web sites powered by the Apache HTTP Server:

[ Powered by Apache ]

Step 12:

And here is what the rules said :

root@Scientific-Linux_12:26:13_Wed Jan 25:/var/log/httpd # tail -f modsec_audit.log
--e39f1539-H--
Message: Matched phrase "curl" at REQUEST_HEADERS:User-Agent. [file "/etc/httpd/modsecurity.d/base_rules/modsecurity_crs_35_bad_robots.conf"] [line "26"] [id "990012"] [rev "2.0.5"] [msg "Rogue web site crawler"] [data "curl"] [severity "WARNING"] [tag "AUTOMATION/MALICIOUS"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"]
Message: Warning. Operator LT matched 20 at TX:inbound_anomaly_score. [file "/etc/httpd/modsecurity.d/base_rules/modsecurity_crs_60_correlation.conf"] [line "31"] [msg "Inbound Anomaly Score (Total Inbound Score: 10, SQLi=, XSS=): Rogue web site crawler"]
Apache-Error: [file "/builddir/build/BUILD/httpd-2.2.15/modules/generators/mod_autoindex.c"] [line 2292] [level 3] Directory index forbidden by Options directive: /var/www/html/
Stopwatch: 1327474567095624 3198 (1152 2456 -)
Producer: ModSecurity for Apache/2.5.12 (http://www.modsecurity.org/); core ruleset/2.0.5.
Server: Apache/2.2.15 (Scientific Linux)

--e39f1539-Z--

Step 13:

Running the script mentioned in Step 5; got me this result:

Mod_Evasive working:


bhaskar@Scientific-Linux_12:30:31_Wed Jan 25:~> sudo ./test.pl
[sudo] password for bhaskar:
HTTP/1.1 403 Forbidden
HTTP/1.1 403 Forbidden
HTTP/1.1 403 Forbidden
HTTP/1.1 403 Forbidden
HTTP/1.1 403 Forbidden
HTTP/1.1 403 Forbidden
HTTP/1.1 403 Forbidden
HTTP/1.1 403 Forbidden
HTTP/1.1 403 Forbidden
HTTP/1.1 403 Forbidden
HTTP/1.1 403 Forbidden
HTTP/1.1 403 Forbidden
HTTP/1.1 403 Forbidden
HTTP/1.1 403 Forbidden
HTTP/1.1 403 Forbidden
HTTP/1.1 403 Forbidden
HTTP/1.1 403 Forbidden
HTTP/1.1 403 Forbidden
HTTP/1.1 403 Forbidden
HTTP/1.1 403 Forbidden
HTTP/1.1 403 Forbidden
HTTP/1.1 403 Forbidden
HTTP/1.1 403 Forbidden
HTTP/1.1 403 Forbidden
HTTP/1.1 403 Forbidden
HTTP/1.1 403 Forbidden
HTTP/1.1 403 Forbidden
HTTP/1.1 403 Forbidden
HTTP/1.1 403 Forbidden
HTTP/1.1 403 Forbidden
HTTP/1.1 403 Forbidden
HTTP/1.1 403 Forbidden
HTTP/1.1 403 Forbidden
HTTP/1.1 403 Forbidden
HTTP/1.1 403 Forbidden
HTTP/1.1 403 Forbidden
HTTP/1.1 403 Forbidden
HTTP/1.1 403 Forbidden
HTTP/1.1 403 Forbidden
HTTP/1.1 403 Forbidden
HTTP/1.1 403 Forbidden
HTTP/1.1 403 Forbidden
HTTP/1.1 403 Forbidden
HTTP/1.1 403 Forbidden
HTTP/1.1 403 Forbidden
HTTP/1.1 403 Forbidden
HTTP/1.1 403 Forbidden
HTTP/1.1 403 Forbidden
HTTP/1.1 403 Forbidden
HTTP/1.1 403 Forbidden
HTTP/1.1 403 Forbidden
HTTP/1.1 403 Forbidden
HTTP/1.1 403 Forbidden
HTTP/1.1 403 Forbidden
HTTP/1.1 403 Forbidden
HTTP/1.1 403 Forbidden
HTTP/1.1 403 Forbidden
HTTP/1.1 403 Forbidden
HTTP/1.1 403 Forbidden
HTTP/1.1 403 Forbidden
HTTP/1.1 403 Forbidden
HTTP/1.1 403 Forbidden
HTTP/1.1 403 Forbidden
HTTP/1.1 403 Forbidden
HTTP/1.1 403 Forbidden
HTTP/1.1 403 Forbidden
HTTP/1.1 403 Forbidden
HTTP/1.1 403 Forbidden
HTTP/1.1 403 Forbidden
HTTP/1.1 403 Forbidden
HTTP/1.1 403 Forbidden
HTTP/1.1 403 Forbidden
HTTP/1.1 403 Forbidden
HTTP/1.1 403 Forbidden
HTTP/1.1 403 Forbidden
HTTP/1.1 403 Forbidden
HTTP/1.1 403 Forbidden
HTTP/1.1 403 Forbidden
HTTP/1.1 403 Forbidden
HTTP/1.1 403 Forbidden
HTTP/1.1 403 Forbidden
HTTP/1.1 403 Forbidden
HTTP/1.1 403 Forbidden
HTTP/1.1 403 Forbidden
HTTP/1.1 403 Forbidden
HTTP/1.1 403 Forbidden
HTTP/1.1 403 Forbidden
HTTP/1.1 403 Forbidden
HTTP/1.1 403 Forbidden
HTTP/1.1 403 Forbidden
HTTP/1.1 403 Forbidden
HTTP/1.1 403 Forbidden
HTTP/1.1 403 Forbidden
HTTP/1.1 403 Forbidden
HTTP/1.1 403 Forbidden
HTTP/1.1 403 Forbidden
HTTP/1.1 403 Forbidden
HTTP/1.1 403 Forbidden
HTTP/1.1 403 Forbidden
HTTP/1.1 403 Forbidden
HTTP/1.1 403 Forbidden

I believe this information gives you heads up.O yes,I must say this representation is very minimal in nature. So you are free to explore and share.

Hope this will help.

Cheers!
Bhaskar

Manage httpd/apache server through puppet

>

In this article I will show you that you can manage box running apache/httpd server through a configuration management software called puppet.

Being in the corporate network infrastructure will gobbles up hell lot of your invaluable time doing same thing over and over again if you are not exposed to the correct tools and obviously to correct technology.So finding the right tool and get accustomed with it is a very much required.

So I am going to give a brief snapshot of how a configuration system like puppet come to your rescue. It’s a swiss army knife for any sensible person involve in infrastructure.Yes, those of you doing it for over the years might be get accustomed with cfengine(a beast,indeed!!),chef et al.

Without much ado..here we go:

I have installed puppet in my system….

bhaskar@bhaskar-laptop_10:48:20_Sat Mar 05:~> sudo genlop -t puppet
Password:
* app-admin/puppet

Wed Apr 7 07:32:45 2010 >>> app-admin/puppet-0.25.4-r1
merge time: 23 seconds.

Tue Aug 3 08:03:31 2010 >>> app-admin/puppet-0.25.5
merge time: 29 seconds.

Now the next step is to configure a service which should be maintained by puppet. I have chose to take of apache/httpd configuration file. So first thing ,we need to go to the puppet installed base dir,means where puppet put configuration and manifest files.If the manifest directory is missing then please create it.Mine look like this :


bhaskar@bhaskar-laptop_10:48:30_Sat Mar 05:~> ls -al /etc/puppet
total 24
drwxr-xr-x 3 root root 4096 Mar 5 10:09 .
drwxr-xr-x 95 root root 4096 Mar 5 09:40 ..
-rw-r--r-- 1 root root 2346 Aug 3 2010 auth.conf
-rw-r--r-- 1 root root 378 Aug 3 2010 fileserver.conf
drwxr-xr-x 3 root root 4096 Mar 5 10:10 manifests
-rw-r--r-- 1 root root 1080 Feb 19 15:11 puppet.conf

This is almost default to the puppet configuration structure.Now inside that manifest folder I have created a dir called service,which hold my service I want to check with puppet.Here is view of it:

bhaskar@bhaskar-laptop_10:59:28_Sat Mar 05:/etc/puppet/manifests/services> ll
total 4
-rw-r--r-- 1 root root 496 Apr 7 2010 apache.pp

As you can see I have created a file called apache.pp, now let me show you what it look like inside:

1 class apache {
2 package {
3 apache:
4 ensure => installed
5 }
6
7 file {
8 "httpd.conf":
9 mode => 644,
10 owner => root,
11 group => root,
12 path => "/etc/apache2/httpd.conf",
13 source => "puppet://bhaskar-laptop.localdomain/files/httpd.conf",
14 }
15
16 service {
17 apache2:
18 ensure => true,
19 enable => true,
20 subscribe => [ File["httpd.conf"], Package [apache] ],
21 }
22 }

Pretty ordinary stuff, right!! indeed because puppet authors made it easy for us ordinary mortals.But having said that a small amount of OOP(object oriented programming) not harmful at all,rather help you to understand the structure more elaborately.

Isn’t that file content self explanatory,if not..like me to understand others code…bit by bit for you ;

Line 1 to 5: What essentially a class ,which hold a tag related to service,then it has variable called “ensure” which will check that the package or service installed in the system.

Line 7 to 14 : It has file section ,in which I am checking the main apache configuration file,with the permission and ownership of it.We need to mention the path where the file actually located in the system.

Line number 13 is tricky to many like me: it essentially the place from where puppet client server the files,for that we need to specify that path into a file just above level directory called fileserver.conf.And we need to copy that file that place from that original file location.Here is the visual representation of what I said above:


bhaskar@bhaskar-laptop_11:13:07_Sat Mar 05:/var/lib/puppet/files> sudo cp -v /etc/apache2/httpd.conf /var/lib/puppet/files/
`/etc/apache2/httpd.conf' -> `/var/lib/puppet/files/httpd.conf'

And the file holding the path is look like this and reside here /etc/puppet/fileserver.conf


1 # This file consists of arbitrarily named sections/modules
2 # defining where files are served from and to whom
3
4 # Define a section 'files'
5 # Adapt the allow/deny settings to your needs. Order
6 # for allow/deny does not matter, allow always takes precedence
7 # over deny
8 [files]
9 path /var/lib/puppet/files
10 # allow *.example.com
11 # deny *.evil.example.com
12 # allow 192.168.0.0/24
13 allow bhaskar-laptop

I hope I made it clear to you folks! Now the last part of the file:

Line number 16 to 20: it is a service section we are trying to monitor and manage.it said that the service should be enable and it make sure of it. And it subscribed to the package it holds and the main file related to it.

Now if you change the file permission of the apache main configuration file or changes to that file ..next time the puppetd client run it will restore back the previous conf..so bring back the sanity to the system.

Here is an example:
I am going to change the permission of the httpd.conf which has presently has this perm:


bhaskar@bhaskar-laptop_11:34:25_Sat Mar 05:~> ls -al /etc/apache2/httpd.conf
-rw-r--r-- 1 root root 6516 Jul 22 2010 /etc/apache2/httpd.conf

Now change to some thing like below:

bhaskar@bhaskar-laptop_11:36:42_Sat Mar 05:~> sudo chmod 640 /etc/apache2/httpd.conf
bhaskar@bhaskar-laptop_11:37:31_Sat Mar 05:~> ls -al /etc/apache2/httpd.conf
-rw-r----- 1 root root 6516 Jul 22 2010 /etc/apache2/httpd.conf

Now two option we have: either we wait until the next time the puppet client run and bring back the sanity or do that immediately,which is why like this;

bhaskar@bhaskar-laptop_12:38:39_Sat Mar 05:~> sudo /usr/sbin/puppetd --server bhaskar-laptop --test
info: Caching catalog for bhaskar-laptop
info: Applying configuration version '1299308926'
notice: //File[httpd.conf]/mode: mode changed '640' to '644'
notice: Finished catalog run in 0.35 seconds

So it bring back to it sanity,here is the evidence,compare with earlier listing with same file:


bhaskar@bhaskar-laptop_12:38:47_Sat Mar 05:~> ls -al /etc/apache2/httpd.conf
-rw-r--r-- 1 root root 6516 Jul 22 2010 /etc/apache2/httpd.conf

Ok, I have touched tip of an iceburg..it can be tweaked and configured leap and bounds and possibilities are aplenty.

Hope this will help.

Cheers!
Bhaskar

Get alert about LAMP stack

In this article I am going to show you a very very rudimentary script to get over it.I have written it just to show you how it can be done,but having said that this script can be written with more information and much more complex way.Yes ,there is a  lot scope of improvement of this script and I would like to get your feedback on that.

So without much delay here is the mundane script to monitor the LAMP stack and provide alert


1 #!/bin/bash
2 # This program is written for my own help.Needs lot of tweaking.
3 #This script is written on Fedora and RHEL keep in mind,so other distribution
4 #should cross check the binary space of the specified program to their distribution.
5 #Author : Bhaskar Chowdhury
6 #Date : 03-12-2010
7
8
9 date=`date`
10
11 echo "Today is :" $date
12 echo
13 echo
14 host_name=`hostname`
15 echo "This is for the $host_name"
16 echo
17 echo
18 #System binary location information
19 kernel=`uname -r`
20
21 apache=`/usr/sbin/httpd -v`
22
23 mysql=`/usr/bin/mysql --version`
24
25 php=`/usr/bin/php -v`
26
27 webroot='/var/www/html'
28
29 mail='whoeverincahrgeofit@gmail.com' #The person in-charge of lamp stack
30
31 echo "******************************* GNU/Linux ******************************"
32
33 echo " We are running Linux Kernel: " $kernel
34 echo
35 echo
36
37
38
39
40 echo
41 echo
42 echo "Check out kernel stuff...."
43 echo
44
45
46 /sbin/sysctl -p
47 echo
48 echo
49
50
51 echo
52 echo "********************* OS End *************************"
53 echo
54 echo
55
56 sleep 5
57
58
59 echo "************ Apache ******************"
60 echo
61
62 echo " We are running Apache : " $apache
63 echo
64 echo
65
66
67 echo " How Apache has been compiled with other stuff : "
68 echo
69 echo
70
71 /usr/sbin/httpd -V
72
73 echo
74 echo
75
76 echo "Check out the modules loaded with it.."
77
78 /usr/sbin/httpd -M
79
80 echo
81 echo
82 echo
83
84 echo " Check out Apache process ..."
85 echo
86
87 ps -ef | grep httpd
88
89 echo
90 echo
91
92 sleep 5
93
94 echo
95 echo "***************************** Apache End *************************"
96 echo
97 echo
98
99
100 echo " **************** PHP **********************"
101 echo
102
103
104 echo "We are running Php : " $php
105 echo
106 echo
107
108
109 echo " Let's check out php related thing ..checking ini files....."
110 echo
111 echo
112
113 php --ini
114
115 echo
116 echo
117 echo " Get details of php things into the system..like modules and other stuff..."
118 echo
119 echo
120
121 php -im
122
123 echo
124 echo
125 echo
126 echo "****************************** PHP End **********************************"
127 echo
128 echo
129
130 sleep 5
131
132
133 echo "************************** MySql ***********************"
134
135
136 echo "We are running MySql : " $mysql
137 echo
138 echo
139 echo
140
141
142 echo " Check out the process for it....."
143 echo
144 echo
145
146 ps -ef | grep mysql
147
148 echo
149 echo
150
151
152 echo "****************************** MySql End **************************"
153 echo
154 echo
155
156 sleep 5
157
158 echo " Let's check the web tree permission.."
159
160 echo
161
162 ls -d $webroot
163
164 echo
165 echo
166
167 echo " Check out the SELinux thing applied on the webtree ..."
168 echo
169 echo
170
171 ls -Z $webroot
172 echo
173 echo
174
175 #if [[ `pidof httpd` -ne 0 ]]
176 # then
177 # echo "Httpd seems working fine!"
178 #else
179 # echo " problem with httpd daemon"
180 #fi
181
182 #if [[ `pidof mysql` -ne 0 ]]
183 #then
184 # echo " Yup,mysql working"
185 #else
186 #echo " Seems to check the mysql thing"
187 #fi
188
189
190 #if [[`pidof php` -ne 0 ]]
191 #then
192 # echo "Looks good"
193 #else
194 # echo " Problem with php"
195 #fi
196
197 echo " If the stack goes down ..let me know.."
198 echo
199 echo
200
201 if [[`/sbin/pidof httpd mysqld php` -eq 0 ]]
202 then
203 mail -s "problem with lamp stack" $mail
204 echo "Mail sent with information"
205 fi

Now you can trash out lot of echo statement out of that script,but I’ve kept it for readability .The basic motto behind that script to check out the binary position of those LAMP(GNU/Linux,Apache,MySql,Php/Perl/Python) software and call them to verify it.Then I move onto checking how the web server( In this case Apache) was complied with what sort of flags.

Next checking out ini file related to php thing and then mysql server started or not.Then I checked the web root tree permission and SELinux thing with it.Finally if something not working (by checking the pid of it,kindly point out the better way to check)and if that is equal to zero then surely something not came up in the stack and need attention.

This script is just an outline and as I said need your feedback(with reason) to improve it.

Hope this will help.

Cheers!
Bhaskar

Server monitoring by Monit and Munin

In this article I am going to show your how you can keep an eye on your server/desktop/laptop visually through web browser. For that I am going to use two tools to do the job for you; those are monit and munin .

I am on Debian Lenny to implement those two tools.So the first thing first get those software in the system.Here we go:

Monit:

Before try to install it I tried to query the existing package database to whether it installed or not(or I might have installed some time back!!)

bhaskar@bhaskar-laptop_18:12:03_Tue Nov 16:/etc/monit> sudo dpkg -s monit
Package: monit
Status: install ok installed
Priority: optional
Section: admin
Installed-Size: 696
Maintainer: Stefan Alfredsson
Architecture: i386
Version: 1:4.10.1-4
Depends: libc6 (>= 2.7-1), libssl0.9.8 (>= 0.9.8f-5)
Conffiles:
/etc/default/monit cf582dd57fac58748aba3d7cf174f011
/etc/monit/monitrc d0127e44088e2c13e6eaef8f3cb95c9f
/etc/init.d/monit 3c19420528fdb85fd2669f6f7257a552
Description: A utility for monitoring and managing daemons or similar programs
monit is a utility for monitoring and managing daemons or similar
programs running on a Unix system. It will start specified programs
if they are not running and restart programs not responding.
.
monit supports:
* Daemon mode - poll programs at a specified interval
* Monitoring modes - active, passive or manual
* Start, stop and restart of programs
* Group and manage groups of programs
* Process dependency definition
* Logging to syslog or own logfile
* Configuration - comprehensive controlfile
* Runtime and TCP/IP port checking (tcp and udp)
* SSL support for port checking
* Unix domain socket checking
* Process status and process timeout
* Process cpu usage
* Process memory usage
* Process zombie check
* Check the systems load average
* Check a file or directory timestamp
* Alert, stop or restart a process based on its characteristics
* MD5 checksum for programs started and stopped by monit
* Alert notification for program timeout, restart, checksum, stop
resource and timestamp error
* Flexible and customizable email alert messages
* Protocol verification. HTTP, FTP, SMTP, POP, IMAP, NNTP, SSH, DWP,
LDAPv2 and LDAPv3
* An http interface with optional SSL support to make monit
accessible from a webbrowser

It seems it’s there.Ok,now it has deflated lot of file in the system and as I am not going to mention those in details,but should show you where it kept :

bhaskar@bhaskar-laptop_18:17:15_Tue Nov 16:~> whereis monit
monit: /usr/sbin/monit /etc/monit /usr/share/man/man1/monit.1.gz

We should be concerned about the configuration file it.Because we need to define everything in this file to get noticed by it.I changed into /etc/monit dir ,where I found the config file named monitrc.Let’s have a view of it:


bhaskar@bhaskar-laptop_18:20:12_Tue Nov 16:~> cd /etc/monit
bhaskar@bhaskar-laptop_18:20:18_Tue Nov 16:/etc/monit> ls

monitrc
bhaskar@bhaskar-laptop_18:20:20_Tue Nov 16:/etc/monit> sudo vim monitrc
###############################################################################
2 ## Monit control file
3 ###############################################################################
4 ##
5 ## Comments begin with a '#' and extend through the end of the line. Keywords
6 ## are case insensitive. All path's MUST BE FULLY QUALIFIED, starting with '/'.
7 ##
8 ## Below you will find examples of some frequently used statements. For
9 ## information about the control file, a complete list of statements and
10 ## options please have a look in the monit manual.
11 ##
12 ##
13 ###############################################################################
14 ## Global section
15 ###############################################################################
16 ##
17 ## Start monit in the background (run as a daemon) and check services at
18 ## 2-minute intervals.
19 #
20 set daemon 60
21 #
22 #
23 ## Set syslog logging with the 'daemon' facility. If the FACILITY option is
24 ## omitted, monit will use 'user' facility by default. If you want to log to
25 ## a stand alone log file instead, specify the path to a log file
26 #
27 set logfile syslog facility log_daemon
28 #
29 #
30 ## Set the list of mail servers for alert delivery. Multiple servers may be
31 ## specified using comma separator. By default monit uses port 25 - this
32 ## is possible to override with the PORT option.
33 #
34 set mailserver bhaskar-laptop # primary mailserver
35 # backup.bar.baz port 10025, # backup mailserver on port 10025
36 # localhost # fallback relay
37 #
38 #
39 ## By default monit will drop alert events if no mail servers are available.
40 ## If you want to keep the alerts for a later delivery retry, you can use the
41 ## EVENTQUEUE statement. The base directory where undelivered alerts will be
42 ## stored is specified by the BASEDIR option. You can limit the maximal queue
43 ## size using the SLOTS option (if omitted, the queue is limited by space
44 ## available in the back end filesystem).
45 #
46 # set eventqueue
47 # basedir /var/monit # set the base directory where events will be stored
48 # slots 100 # optionaly limit the queue size
49 #
50 #
51 ## Monit by default uses the following alert mail format:
52 ##
53 ## --8<--
54 ## From: monit@$HOST # sender
55 ## Subject: monit alert -- $EVENT $SERVICE # subject
56 ##
57 ## $EVENT Service $SERVICE #
58 ## #
59 ## Date: $DATE #
60 ## Action: $ACTION #
61 ## Host: $HOST # body
62 ## Description: $DESCRIPTION #
63 ## #
64 ## Your faithful employee, #
65 ## monit #
66 ## --8<-- 67 ## 68 ## You can override this message format or parts of it, such as subject 69 ## or sender using the MAIL-FORMAT statement. Macros such as $DATE, etc. 70 ## are expanded at runtime. For example, to override the sender: 71 # 72 set mail-format { from: monit@bhaskar-laptop.localdomain } 73 # 74 # 75 ## You can set alert recipients here whom will receive alerts if/when a 76 ## service defined in this file has errors. Alerts may be restricted on 77 ## events by using a filter as in the second example below. 78 # 79 set alert root@bhaskar-laptop.localdomain # receive all alerts 80 # set alert manager@foo.bar only on { timeout } # receive just service- 81 # # timeout alert 82 # 83 # 84 ## Monit has an embedded web server which can be used to view status of 85 ## services monitored, the current configuration, actual services parameters 86 ## and manage services from a web interface. 87 # 88 set httpd port 2812 and 89 use address bhaskar-laptop # only accept connection from localhost 90 allow bhaskar-laptop # allow localhost to connect to the server and 91 allow admin:admin # require user 'admin' with password 'admin' 92 # 93 # 94 ############################################################################### 95 ## Services 96 ############################################################################### 97 ## 98 ## Check general system resources such as load average, cpu and memory 99 ## usage. Each test specifies a resource, conditions and the action to be 100 ## performed should a test fail. 101 # 102 check system bhaskar-laptop.localdomain 103 if loadavg (1min) > 4 then alert
104 if loadavg (5min) > 2 then alert
105 if memory usage > 75% then alert
106 if cpu usage (user) > 70% then alert
107 if cpu usage (system) > 30% then alert
108 if cpu usage (wait) > 20% then alert
109 #
110 #
111 ## Check a file for existence, checksum, permissions, uid and gid. In addition
112 ## to alert recipients in the global section, customized alert will be sent to
113 ## additional recipients by specifying a local alert handler. The service may
114 ## be grouped using the GROUP option.
115 #
116 check file apache_bin with path /usr/sbin/apache2
117 # if failed checksum and
118 # expect the sum 8f7f419955cefa0b33a2ba316cba3659 then unmonitor
119 if failed permission 755 then unmonitor
120 if failed uid root then unmonitor
121 if failed gid root then unmonitor
122 alert security@bhaskar-laptop.localdomain on {
123 permission, uid, gid, unmonitor
124 } with the mail-format { subject: Alarm! }
125 # group server
126 #
127 #
128 ## Check that a process is running, in this case Apache, and that it respond
129 ## to HTTP and HTTPS requests. Check its resource usage such as cpu and memory,
130 ## and number of children. If the process is not running, monit will restart
131 ## it by default. In case the service was restarted very often and the
132 ## problem remains, it is possible to disable monitoring using the TIMEOUT
133 ## statement. This service depends on another service (apache_bin) which
134 ## is defined above.
135 #
136 check process apache2 with pidfile /var/run/Apache2/apache2.pid
137 start program = "/etc/init.d/apache2 start"
138 stop program = "/etc/init.d/apache2 stop"
139 if cpu > 60% for 2 cycles then alert
140 if cpu > 80% for 5 cycles then restart
141 if totalmem > 200.0 MB for 5 cycles then restart
142 if children > 250 then restart
143 if loadavg(5min) greater than 10 for 8 cycles then stop
144 if failed host bhaskar-laptop.localdomain port 80 protocol http
145 and request "/monit/doc/next.php"
146 then restart
147 # if failed port 443 type tcpssl protocol http
148 # with timeout 15 seconds
149 # then restart
150 if 3 restarts within 5 cycles then timeout
151 depends on apache_bin
152 group server
153 #
154 #
155 ## Check device permissions, uid, gid, space and inode usage. Other services,
156 ## such as databases, may depend on this resource and an automatically graceful
157 ## stop may be cascaded to them before the filesystem will become full and data
158 ## lost.
159 #
160 # check device datafs with path /dev/sdb1
161 # start program = "/bin/mount /data"
162 # stop program = "/bin/umount /data"
163 # if failed permission 660 then unmonitor
164 # if failed uid root then unmonitor
165 # if failed gid disk then unmonitor
166 # if space usage > 80% for 5 times within 15 cycles then alert
167 # if space usage > 99% then stop
168 # if inode usage > 30000 then alert
169 # if inode usage > 99% then stop
170 # group server
171 #
172 #LVM
173
174 check device Bhaskar-laptop-data with path /lvm
175 if space usage > 80% then alert
176
177 #Tmp
178 check device tmp with path /tmp
179 if space usage > 90% then alert
180
181 ## Check a file's timestamp. In this example, we test if a file is older
182 ## than 15 minutes and assume something is wrong if its not updated. Also,
183 ## if the file size exceed a given limit, execute a script
184 #
185 # check file database with path /data/mydatabase.db
186 # if failed permission 700 then alert
187 # if failed uid data then alert
188 # if failed gid data then alert
189 # if timestamp > 15 minutes then alert
190 # if size > 100 MB then exec "/my/cleanup/script"
191 #
192 #
193 ## Check directory permission, uid and gid. An event is triggered if the
194 ## directory does not belong to the user with uid 0 and gid 0. In addition,
195 ## the permissions have to match the octal description of 755 (see chmod(1)).
196 #Bin
197 check directory bin with path /bin
198 if failed permission 755 then unmonitor
199 if failed uid 0 then unmonitor
200 if failed gid 0 then unmonitor
201 #
202 #LVM
203 check directory lvm with path /lvm
204 if failed uid 0 then unmonitor
205 if failed gid 0 then unmonitor
206
207 #Home
208 check directory home with path /home
209 if failed uid 0 then unmonitor
210 if failed gid 0 then unmonitor
211
212 # Var
213 check directory var with path /var
214 if failed uid 0 then unmonitor
215 if failed gid 0 then unmonitor
216
217
218
219
220 ## Check a remote host network services availability using a ping test and
221 ## check response content from a web server. Up to three pings are sent and
222 ## connection to a port and a application level network check is performed.
223 #
224 # check host myserver with address 192.168.1.1
225 # if failed icmp type echo count 3 with timeout 3 seconds then alert
226 # if failed port 3306 protocol mysql with timeout 15 seconds then alert
227 # if failed url
228 # http://user:password@www.foo.bar:8080/?querystring
229 # and content == 'action="j_security_check"'
230 # then alert
231 #
232 #Mysql
233
234 check process mysql with pidfile /var/run/mysqld/mysqld.pid
235 group database
236 start program = "/etc/init.d/mysql start"
237 stop program = "/etc/init.d/mysql stop"
238 if failed host 127.0.0.1 port 3306 then restart
239 if 5 restarts within 5 cycles then timeout
240
241 ###############################################################################
242 ## Includes
243 ###############################################################################
244 ##
245 ## It is possible to include additional configuration parts from other files or
246 ## directories.
247 #
248 # include /etc/monit.d/*
249 #
250 #
"monitrc" 250L, 9699C

As it is visible from the mundane configuration file that what we are trying to monitor.It has a big advantage that monit can take decision about the service i.e if some service is down and it needs to up,it can do so.It is just not mere status showing software.

Now we can configure it start when the system boots.So we will define a runlevels for it .We will use a software called sysv-rc-conf ,(aptitude install sysv-rc-conf).Here is invocation of it:

sysv-rc-conf

sysv-rc-conf/>

Now you can see the highlighted section for the monit service.As I have mentioned in configuration file that the web interface of it can be accessed through port 2812 .Here is the invocation through browser:

Monit Web Interface

I hope enlarging those two above picture will give you enough insight that what you can do with it.Now if you click on any of the service on the left side of panel you can get a detailed view like below:

service-details

The above screen has a “Disable Monitoring” button at the bottom of the screen,so with that you can deactivate particular device or thing monitoring.

Munin:
It is basically a graphing system to plot thing on the browser to get a visual representation of activity happening on the network or particular device.Let’s check out whether I have it or not in y system:


bhaskar@bhaskar-laptop_18:38:14_Tue Nov 16:~> sudo dpkg -s munin
[sudo] password for bhaskar:
Package: munin
Status: install ok installed
Priority: optional
Section: net
Installed-Size: 996
Maintainer: Munin Debian Maintainers
Architecture: all
Version: 1.2.6-10~lenny2
Depends: perl (>= 5.6.0-16), perl-modules | libparse-recdescent-perl, librrds-perl, libhtml-template-perl, libdigest-md5-perl, libtime-hires-perl, libstorable-perl, rrdtool, adduser
Recommends: munin-node, libdate-manip-perl
Suggests: www-browser, httpd
Conffiles:
/etc/cron.d/munin 98f4112ea36053af9e1dc9111ab4d973
/etc/munin/munin.conf 057d322c5776710b8b71fbf02b12edbc
/etc/munin/templates/munin-comparison-month.tmpl 31f92013656bc96f496ad9fe9bd87b8b
/etc/munin/templates/munin-comparison-year.tmpl f8fc458757219e152bc0c316208214c4
/etc/munin/templates/definitions.html 6f2cda49ff5f0a5641549ae0dd063334
/etc/munin/templates/munin-nodeview.tmpl 60791f957f0879b859274ac423850e59
/etc/munin/templates/munin-serviceview.tmpl 9d061d0a097fdedc7cec09da56b45170
/etc/munin/templates/munin-comparison-week.tmpl 0ed0ac1772a96108e621f7ec9e651e65
/etc/munin/templates/logo.png 385010f8f050d25723206b1c77f0df5e
/etc/munin/templates/munin-comparison-day.tmpl 487b8c7f6f1eaf19687d601621da6f06
/etc/munin/templates/munin-overview.tmpl 07b6ba2c872f737fd3f2bf3df82bee06
/etc/munin/templates/munin-domainview.tmpl dfa7d0b5372086423c2aa7476bd04b90
/etc/munin/templates/style.css e6f61ecb33988635e5f6961de96c71c3
/etc/logrotate.d/munin caf8f6b63086ec5e11a9a2e2d883c7a1
Description: network-wide graphing framework (grapher/gatherer)
Munin is a highly flexible and powerful solution used to create graphs of
virtually everything imaginable throughout your network, while still
maintaining a rattling ease of installation and configuration.
.
This package contains the grapher/gatherer. You will only need one instance of
it in your network. It will periodically poll all the nodes in your network
it's aware of for data, which it in turn will use to create graphs and HTML
pages, suitable for viewing with your graphical web browser of choice.
.
It is also able to alert you if any value is outside of a preset boundary,
useful if you want to be alerted if a filesystem is about to grow full, for
instance. You can do this by making Munin run an arbitrary command when you
need to be alert it, or make use of the intrinsic Nagios support.
.
Munin is written in Perl, and relies heavily on Tobi Oetiker's excellent
RRDtool. To see a real example of Munin in action, you can follow a link
from to a live installation.
Homepage: http://munin.projects.linpro.no

It seems that I have it.So the next thing to where it reside in the system :

bhaskar@bhaskar-laptop_18:57:10_Tue Nov 16:~> whereis munin
munin: /etc/munin /usr/share/munin

Oh! I forgot to tell you that I need one more piece of software called “minin-node” . Let’s check out:


bhaskar@bhaskar-laptop_18:58:53_Tue Nov 16:~> sudo dpkg -s munin-node
Package: munin-node
Status: install ok installed
Priority: optional
Section: net
Installed-Size: 1396
Maintainer: Munin Debian Maintainers
Architecture: all
Source: munin
Version: 1.2.6-10~lenny2
Depends: perl (>= 5.6.0-16), libnet-server-perl, procps, adduser, lsb-base (>= 3.2-4), gawk
Recommends: libnet-snmp-perl
Suggests: munin, munin-plugins-extra, libwww-perl, liblwp-useragent-determined-perl, libnet-irc-perl, mysql-client, smartmontools (>= 5.37-6~bpo40+1), acpi | lm-sensors, python, ethtool, libdbd-pg-perl
Conffiles:
/etc/cron.d/munin-node 64b993c241bef6ad98b0f50f0de9d18b
/etc/init.d/munin-node 0a2e199d22c98af892cc407c63dddb5a
/etc/munin/munin-node.conf c317597f98622746dc2120d4aa1ace17
/etc/munin/plugin-conf.d/munin-node 686c0aa6a0a3eb4e973f162dc77ffe52
/etc/logrotate.d/munin-node 8afe5ab15b1f1731016d0bffadadff46
Description: network-wide graphing framework (node)
Munin is a highly flexible and powerful solution used to create graphs of
virtually everything imaginable throughout your network, while still
maintaining a rattling ease of installation and configuration.
.
This package contains the daemon for the nodes being monitored. You should
install it on all the nodes in your network. It will know how to extract all
sorts of data from the node it runs on, and will wait for the gatherer to
request this data for further processing.
.
It includes a range of plugins capable of extracting common values such as cpu
usage, network usage, load average, and so on. Creating your own plugins which
are capable of extracting other system-specific values is very easy, and is
often done in a matter of minutes. You can also create plugins which relay
information from other devices in your network that can't run Munin, such as a
switch or a server running another operating system, by using SNMP or similar
technology.
.
Munin is written in Perl, and relies heavily on Tobi Oetiker's excellent
RRDtool. To see a real example of Munin in action, you can follow a link
from to a live installation.
Homepage: http://munin.projects.linpro.no

Now I changed into the /etc/munin directory ,because I need to change the configuration file of it.Like below:

bhaskar@bhaskar-laptop_19:03:28_Tue Nov 16:/etc/munin> ls
munin.conf munin-node.conf plugin-conf.d plugins templates

Now have a look at the munin.conf file:

1 # Example configuration file for Munin, generated by 'make build'
2
3 # The next three variables specifies where the location of the RRD
4 # databases, the HTML output, and the logs, severally. They all
5 # must be writable by the user running munin-cron.
6 dbdir /var/lib/munin
7 htmldir /var/www/munin
8 logdir /var/log/munin
9 rundir /var/run/munin
10
11 # Where to look for the HTML templates
12 tmpldir /etc/munin/templates
13
14 # Make graphs show values per minute instead of per second
15 #graph_period minute
16
17 # Graphics files are normaly generated by munin-graph, no matter if
18 # the graphs are used or not. You can change this to
19 # on-demand-graphing by following the instructions in
20 # http://munin.projects.linpro.no/wiki/CgiHowto
21 #
22 #graph_strategy cgi
23
24 # Drop somejuser@fnord.comm and anotheruser@blibb.comm an email everytime
25 # something changes (OK -> WARNING, CRITICAL -> OK, etc)
26 #contact.someuser.command mail -s "Munin notification" somejuser@fnord.comm
27 #contact.anotheruser.command mail -s "Munin notification" anotheruser@blibb.comm
28 #
29 # For those with Nagios, the following might come in handy. In addition,
30 # the services must be defined in the Nagios server as well.
31 #contact.nagios.command /usr/sbin/send_nsca -H nagios.host.com -c /etc/send_nsca.cfg
32
33 # a simple host tree
34 [bhaskar-laptop.localdomain]
35 address 127.0.0.1
36 use_node_name yes
37
38 #
39 # A more complex example of a host tree
40 #
41 ## First our "normal" host.
42 # [fii.foo.com]
43 # address foo
44 #
45 ## Then our other host...
46 # [fay.foo.com]
47 # address fay
48 #
49 ## Then we want totals...
50 # [foo.com;Totals] #Force it into the "foo.com"-domain...
51 # update no # Turn off data-fetching for this "host".
52 #
53 # # The graph "load1". We want to see the loads of both machines...
54 # # "fii=fii.foo.com:load.load" means "label=machine:graph.field"
55 # load1.graph_title Loads side by side
56 # load1.graph_order fii=fii.foo.com:load.load fay=fay.foo.com:load.load
57 #
58 # # The graph "load2". Now we want them stacked on top of each other.
59 # load2.graph_title Loads on top of each other
60 # load2.dummy_field.stack fii=fii.foo.com:load.load fay=fay.foo.com:load.load
61 # load2.dummy_field.draw AREA # We want area instead the default LINE2.
62 # load2.dummy_field.label dummy # This is needed. Silly, really.
63 #
64 # # The graph "load3". Now we want them summarised into one field
65 # load3.graph_title Loads summarised
66 # load3.combined_loads.sum fii.foo.com:load.load fay.foo.com:load.load
67 # load3.combined_loads.label Combined loads # Must be set, as this is
68 # # not a dummy field!
69 #
70 ## ...and on a side note, I want them listen in another order (default is
71 ## alphabetically)
72 #
73 # # Since [foo.com] would be interpreted as a host in the domain "com", we
74 # # specify that this is a domain by adding a semicolon.
75 # [foo.com;]
76 # node_order Totals fii.foo.com fay.foo.com
77 #
78

I have bold the section in the file ; which is absolute must get going with it. If the directory is not present ,then please create it and point the right path.

Now take a look at the munin-node.conf file:

1 #
2 # Example config-file for munin-node
3 #
4
5 log_level 4
6 log_file /var/log/munin/munin-node.log
7 pid_file /var/run/munin/munin-node.pid
8
9 background 1
10 setseid 1
11
12 user munin
13 group munin
14 setsid yes
15
16 # Regexps for files to ignore
17
18 ignore_file ~$
19 ignore_file \.bak$
20 ignore_file %$
21 ignore_file \.dpkg-(tmp|new|old|dist)$
22 ignore_file \.rpm(save|new)$
23 ignore_file \.pod$
24
25 # Set this if the client doesn't report the correct hostname when
26 # telnetting to localhost, port 4949
27 #
28 #host_name localhost.localdomain
29
30 # A list of addresses that are allowed to connect. This must be a
31 # regular expression, due to brain damage in Net::Server, which
32 # doesn't understand CIDR-style network notation. You may repeat
33 # the allow line as many times as you'd like
34
35 allow ^127\.0\.0\.1$
36
37 # Which address to bind to;
38 host *
39 # host 127.0.0.1
40
41 # And which port
42 port 4949
43

So once more I have highlighted few thing in the this file to get going with it.And most of the thing are pretty easily understood thing.

Lets access it through browser to see the graph..here we go..this the first screen I got in my system:

Ok once I clicked on hyperlinked option I am presented with the graphs like below:

Ok, now if your click those graph then you can get little explanation of the graph too!!

Hope this will help.

Cheers!
Bhaskar

Apache : Get internal information about it

>First of all it is almost a default web server glue with open system( read GNU/Linux).And we are so very accustomed with that that we never look around.But having said that one should if time and situation require.Couple of alternatives might be nginx and lighthttpd.

But in this article I will focus only Apache internal information one can get..so here we go:

Get the module information:

We usually add so many module in the web server(Apache) along with the default module come along with that.Here we will look in how to get the module built with it.How do you do that? Like this:

bhaskar@bhaskar-laptop_19:37:24_Sat Oct 02:/etc/httpd/conf> sudo /usr/sbin/httpd -M

Password:

Loaded Modules:

core_module (static)

mpm_prefork_module (static)

http_module (static)

so_module (static)

php5_module (shared)

authn_file_module (shared)

authn_dbm_module (shared)

authn_anon_module (shared)

authn_dbd_module (shared)

authn_default_module (shared)

authz_host_module (shared)

authz_groupfile_module (shared)

authz_user_module (shared)

authz_dbm_module (shared)

authz_owner_module (shared)

authnz_ldap_module (shared)

authz_default_module (shared)

auth_basic_module (shared)

auth_digest_module (shared)

file_cache_module (shared)

cache_module (shared)

disk_cache_module (shared)

mem_cache_module (shared)

dbd_module (shared)

dumpio_module (shared)

ext_filter_module (shared)

include_module (shared)

filter_module (shared)

substitute_module (shared)

deflate_module (shared)

ldap_module (shared)

log_config_module (shared)

log_forensic_module (shared)

logio_module (shared)

env_module (shared)

mime_magic_module (shared)

cern_meta_module (shared)

expires_module (shared)

headers_module (shared)

ident_module (shared)

usertrack_module (shared)

unique_id_module (shared)

setenvif_module (shared)

version_module (shared)

proxy_module (shared)

proxy_connect_module (shared)

proxy_ftp_module (shared)

proxy_http_module (shared)

proxy_scgi_module (shared)

proxy_ajp_module (shared)

proxy_balancer_module (shared)

ssl_module (shared)

mime_module (shared)

dav_module (shared)

status_module (shared)

autoindex_module (shared)

asis_module (shared)

info_module (shared)

suexec_module (shared)

cgi_module (shared)

cgid_module (shared)

dav_fs_module (shared)

vhost_alias_module (shared)

negotiation_module (shared)

dir_module (shared)

imagemap_module (shared)

actions_module (shared)

speling_module (shared)

userdir_module (shared)

alias_module (shared)

rewrite_module (shared)

Syntax OK

So here we pass the “M” flag with httpd binary.

Syntanx check of config file:

Next how to find the systax of the configuration file of Apache is alright,here is what you have to do:

bhaskar@bhaskar-laptop_19:38:30_Sat Oct 02:/etc/httpd/conf> sudo /usr/sbin/httpd -t

Syntax OK

Check in the compiled module:

Here is the steps to find it:

bhaskar@bhaskar-laptop_19:42:59_Sat Oct 02:/etc/httpd/conf> sudo /usr/sbin/httpd -l

Compiled in modules:

core.c

prefork.c

http_core.c

mod_so.c

Check how the Apache server compiled:

If we want to know the Apache server built initially,then we migth do the following:

bhaskar@bhaskar-laptop_19:43:30_Sat Oct 02:/etc/httpd/conf> sudo /usr/sbin/httpd -V

Server version: Apache/2.2.16 (Unix)

Server built: Aug 17 2010 12:52:36

Server’s Module Magic Number: 20051115:24

Server loaded: APR 1.4.2, APR-Util 1.3.9

Compiled using: APR 1.4.2, APR-Util 1.3.9

Architecture: 32-bit

Server MPM: Prefork

threaded: no

forked: yes (variable process count)

Server compiled with….

-D APACHE_MPM_DIR=”server/mpm/prefork”

-D APR_HAS_SENDFILE

-D APR_HAS_MMAP

-D APR_HAVE_IPV6 (IPv4-mapped addresses enabled)

-D APR_USE_SYSVSEM_SERIALIZE

-D APR_USE_PTHREAD_SERIALIZE

-D SINGLE_LISTEN_UNSERIALIZED_ACCEPT

-D APR_HAS_OTHER_CHILD

-D AP_HAVE_RELIABLE_PIPED_LOGS

-D DYNAMIC_MODULE_LIMIT=128

-D HTTPD_ROOT=”/etc/httpd”

-D SUEXEC_BIN=”/usr/sbin/suexec”

-D DEFAULT_PIDLOG=”/var/run/httpd/httpd.pid”

-D DEFAULT_SCOREBOARD=”logs/apache_runtime_status”

-D DEFAULT_LOCKFILE=”/var/run/httpd/accept.lock”

-D DEFAULT_ERRORLOG=”logs/error_log”

-D AP_TYPES_CONFIG_FILE=”conf/mime.types”

-D SERVER_CONFIG_FILE=”conf/httpd.conf”

How to check VirtualHost config check:

If we have so many virtualhost built inside into Apache then we must check the configuration(one of the source of not starting the server properly)beforehand.

bhaskar@bhaskar-laptop_19:48:11_Sat Oct 02:/etc/httpd/conf> sudo /usr/sbin/httpd -S

VirtualHost configuration:

Syntax OK

What are the configuration directives available to the server?

Let’s find out what are the directives we can manipulate for this web server…to unveiled it do the following:

bhaskar@bhaskar-laptop_19:48:54_Sat Oct 02:/etc/httpd/conf> sudo /usr/sbin/httpd -L

<Directory (core.c)

Container for directives affecting resources located in the specified directories

Allowed in *.conf only outside , or

<Location (core.c)

Container for directives affecting resources accessed through the specified URL paths

Allowed in *.conf only outside , or

<VirtualHost (core.c)

Container to map directives to a particular virtual host, takes one or more host addresses

Allowed in *.conf only outside , or

<Files (core.c)

Container for directives affecting files matching specified patterns

Allowed in *.conf anywhere and in .htaccess

when AllowOverride isn’t None

<Limit (core.c)

Container for authentication directives when accessed using specified HTTP methods

Allowed in *.conf anywhere and in .htaccess

when AllowOverride isn’t None

<LimitExcept (core.c)

Container for authentication directives to be applied when any HTTP method other than those specified is used to access the resource

Allowed in *.conf anywhere and in .htaccess

when AllowOverride isn’t None

<IfModule (core.c)

Container for directives based on existance of specified modules

Allowed in *.conf anywhere and in .htaccess

when AllowOverride isn’t None

<IfDefine (core.c)

Container for directives based on existance of command line defines

Allowed in *.conf anywhere and in .htaccess

when AllowOverride isn’t None

<DirectoryMatch (core.c)

Container for directives affecting resources located in the specified directories

Allowed in *.conf only outside , or

<LocationMatch (core.c)

Container for directives affecting resources accessed through the specified URL paths

Allowed in *.conf only outside , or

<FilesMatch (core.c)

Container for directives affecting files matching specified patterns

Allowed in *.conf anywhere and in .htaccess

when AllowOverride isn’t None

AuthType (core.c)

An HTTP authorization type (e.g., “Basic”)

Allowed in *.conf only inside , or and in .htaccess

when AllowOverride includes AuthConfig

AuthName (core.c)

The authentication realm (e.g. “Members Only”)

Allowed in *.conf only inside , or and in .htaccess

when AllowOverride includes AuthConfig

Require (core.c)

Selects which authenticated users or groups may access a protected space

Allowed in *.conf only inside , or and in .htaccess

when AllowOverride includes AuthConfig

Satisfy (core.c)

access policy if both allow and require used (‘all’ or ‘any’)

Allowed in *.conf only inside , or and in .htaccess

when AllowOverride includes AuthConfig

AddDefaultCharset (core.c)

The name of the default charset to add to any Content-Type without one or ‘Off’ to disable

Allowed in *.conf anywhere and in .htaccess

when AllowOverride includes FileInfo

AcceptPathInfo (core.c)

Set to on or off for PATH_INFO to be accepted by handlers, or default for the per-handler preference

Allowed in *.conf anywhere and in .htaccess

when AllowOverride includes FileInfo

AccessFileName (core.c)

Name(s) of per-directory config files (default: .htaccess)

Allowed in *.conf only outside , or

DocumentRoot (core.c)

Root directory of the document tree

Allowed in *.conf only outside , or

ErrorDocument (core.c)

Change responses for HTTP errors

Allowed in *.conf anywhere and in .htaccess

when AllowOverride includes FileInfo

AllowOverride (core.c)

Controls what groups of directives can be configured by per-directory config files

Allowed in *.conf only inside , or

Options (core.c)

Set a number of attributes for a given directory

Allowed in *.conf anywhere and in .htaccess

when AllowOverride includes Options

DefaultType (core.c)

the default MIME type for untypable files

Allowed in *.conf anywhere and in .htaccess

when AllowOverride includes FileInfo

FileETag (core.c)

Specify components used to construct a file’s ETag

Allowed in *.conf anywhere and in .htaccess

when AllowOverride includes FileInfo

EnableMMAP (core.c)

Controls whether memory-mapping may be used to read files

Allowed in *.conf anywhere and in .htaccess

when AllowOverride includes FileInfo

EnableSendfile (core.c)

Controls whether sendfile may be used to transmit files

Allowed in *.conf anywhere and in .htaccess

when AllowOverride includes FileInfo

Protocol (core.c)

Set the Protocol for httpd to use.

Allowed in *.conf only outside , or

AcceptFilter (core.c)

Set the Accept Filter to use for a protocol

Allowed in *.conf only outside , or

Port (core.c)

Port was replaced with Listen in Apache 2.0

Allowed in *.conf only outside , or

HostnameLookups (core.c)

“on” to enable, “off” to disable reverse DNS lookups, or “double” to enable double-reverse DNS lookups

Allowed in *.conf anywhere

ServerAdmin (core.c)

The email address of the server administrator

Allowed in *.conf only outside , or

ServerName (core.c)

The hostname and port of the server

Allowed in *.conf only outside , or

ServerSignature (core.c)

En-/disable server signature (on|off|email)

Allowed in *.conf anywhere and in .htaccess

when AllowOverride isn’t None

ServerRoot (core.c)

Common directory of server-related files (logs, confs, etc.)

Allowed in *.conf only outside , or

ErrorLog (core.c)

The filename of the error log

Allowed in *.conf only outside , or

ServerAlias (core.c)

A name or names alternately used to access the server

Allowed in *.conf only outside , or

ServerPath (core.c)

The pathname the server can be reached at

Allowed in *.conf only outside , or

Timeout (core.c)

Timeout duration (sec)

Allowed in *.conf only outside , or

ContentDigest (core.c)

whether or not to send a Content-MD5 header with each request

Allowed in *.conf anywhere and in .htaccess

when AllowOverride includes Options

UseCanonicalName (core.c)

How to work out the ServerName : Port when constructing URLs

Allowed in *.conf anywhere

UseCanonicalPhysicalPort (core.c)

Whether to use the physical Port when constructing URLs

Allowed in *.conf anywhere

Include (core.c)

Name of the config file to be included

Allowed in *.conf anywhere

LogLevel (core.c)

Level of verbosity in error logging

Allowed in *.conf only outside , or

NameVirtualHost (core.c)

A numeric IP address:port, or the name of a host

Allowed in *.conf only outside , or

ServerTokens (core.c)

Determine tokens displayed in the Server: header – Min(imal), OS or Full

Allowed in *.conf only outside , or

LimitRequestLine (core.c)

Limit on maximum size of an HTTP request line

Allowed in *.conf only outside , or

LimitRequestFieldsize (core.c)

Limit on maximum size of an HTTP request header field

Allowed in *.conf only outside , or

LimitRequestFields (core.c)

Limit (0 = unlimited) on max number of header fields in a request message

Allowed in *.conf only outside , or

LimitRequestBody (core.c)

Limit (in bytes) on maximum size of request message body

Allowed in *.conf anywhere and in .htaccess

when AllowOverride isn’t None

LimitXMLRequestBody (core.c)

Limit (in bytes) on maximum size of an XML-based request body

Allowed in *.conf anywhere and in .htaccess

when AllowOverride isn’t None

RLimitCPU (core.c)

Soft/hard limits for max CPU usage in seconds

Allowed in *.conf anywhere and in .htaccess

when AllowOverride isn’t None

RLimitMEM (core.c)

Soft/hard limits for max memory usage per process

Allowed in *.conf anywhere and in .htaccess

when AllowOverride isn’t None

RLimitNPROC (core.c)

soft/hard limits for max number of processes per uid

Allowed in *.conf anywhere and in .htaccess

when AllowOverride isn’t None

LimitInternalRecursion (core.c)

maximum recursion depth of internal redirects and subrequests

Allowed in *.conf only outside , or

ForceType (core.c)

a mime type that overrides other configured type

Allowed in *.conf anywhere and in .htaccess

when AllowOverride includes FileInfo

SetHandler (core.c)

a handler name that overrides any other configured handler

Allowed in *.conf anywhere and in .htaccess

when AllowOverride includes FileInfo

SetOutputFilter (core.c)

filter (or ; delimited list of filters) to be run on the request content

Allowed in *.conf anywhere and in .htaccess

when AllowOverride includes FileInfo

SetInputFilter (core.c)

filter (or ; delimited list of filters) to be run on the request body

Allowed in *.conf anywhere and in .htaccess

when AllowOverride includes FileInfo

AddOutputFilterByType (core.c)

output filter name followed by one or more content-types

Allowed in *.conf anywhere and in .htaccess

when AllowOverride includes FileInfo

AllowEncodedSlashes (core.c)

Allow URLs containing ‘/’ encoded as ‘%2F’

Allowed in *.conf only outside , or

PidFile (core.c)

A file for logging the server process ID

Allowed in *.conf only outside , or

ScoreBoardFile (core.c)

A file for Apache to maintain runtime process management information

Allowed in *.conf only outside , or

LockFile (core.c)

The lockfile used when Apache needs to lock the accept() call

Allowed in *.conf only outside , or

MaxRequestsPerChild (core.c)

Maximum number of requests a particular child serves before dying.

Allowed in *.conf only outside , or

CoreDumpDirectory (core.c)

The location of the directory Apache changes to before dumping core

Allowed in *.conf only outside , or

AcceptMutex (core.c)

Valid accept mutexes for this platform and MPM are: default, flock, fcntl, sysvsem, pthread.

Allowed in *.conf only outside , or

MaxMemFree (core.c)

Maximum number of 1k blocks a particular childs allocator may hold.

Allowed in *.conf only outside , or

TraceEnable (core.c)

‘on’ (default), ‘off’ or ‘extended’ to trace request body content

Allowed in *.conf only outside , or

User (prefork.c)

Effective user id for this server

Allowed in *.conf only outside , or

Group (prefork.c)

Effective group id for this server

Allowed in *.conf only outside , or

ChrootDir (prefork.c)

The directory to chroot(2) into

Allowed in *.conf only outside , or

ListenBacklog (prefork.c)

Maximum length of the queue of pending connections, as used by listen(2)

Allowed in *.conf only outside , or

Listen (prefork.c)

A port number or a numeric IP address and a port number, and an optional protocol

Allowed in *.conf only outside , or

SendBufferSize (prefork.c)

Send buffer size in bytes

Allowed in *.conf only outside , or

ReceiveBufferSize (prefork.c)

Receive buffer size in bytes

Allowed in *.conf only outside , or

StartServers (prefork.c)

Number of child processes launched at server startup

Allowed in *.conf only outside , or

MinSpareServers (prefork.c)

Minimum number of idle children, to handle request spikes

Allowed in *.conf only outside , or

MaxSpareServers (prefork.c)

Maximum number of idle children

Allowed in *.conf only outside , or

MaxClients (prefork.c)

Maximum number of children alive at the same time

Allowed in *.conf only outside , or

ServerLimit (prefork.c)

Maximum value of MaxClients for this run of Apache

Allowed in *.conf only outside , or

GracefulShutdownTimeout (prefork.c)

Maximum time in seconds to wait for child processes to complete transactions during shutdown

Allowed in *.conf only outside , or

KeepAliveTimeout (http_core.c)

Keep-Alive timeout duration (sec)

Allowed in *.conf only outside , or

MaxKeepAliveRequests (http_core.c)

Maximum number of Keep-Alive requests per connection, or 0 for infinite

Allowed in *.conf only outside , or

KeepAlive (http_core.c)

Whether persistent connections should be On or Off

Allowed in *.conf only outside , or

LoadModule (mod_so.c)

a module name and the name of a shared object file to load it from

Allowed in *.conf only outside , or

LoadFile (mod_so.c)

shared object file or library to load into the server at runtime

Allowed in *.conf only outside , or

Now get few information from your browser,most probably you are running headless server(as the norm in the production environment or data center as I have had worked for)YMMV..here is the screenshot of it how it look like with “lynx” commandline browser:

Apache Server Status

Apache Server Info

Specifically the info thing shows lot of internals.I have snipped the picture for only one window,it might consist of serveral window full of information.

Now for those two information one has to have two module must loaded into the Apache server,otherwise it won’t be accissible like I showed.So the evidence of those two modules are below:

mod_status:

bhaskar@bhaskar-laptop_20:11:24_Sat Oct 02:/etc/httpd/conf> sudo grep “mod_status” /etc/httpd/conf/httpd.conf

LoadModule status_module modules/mod_status.so

And

mod_info:

bhaskar@bhaskar-laptop_20:11:40_Sat Oct 02:/etc/httpd/conf> sudo grep “mod_info” /etc/httpd/conf/httpd.conf

LoadModule info_module modules/mod_info.so

Plus one has to have an entry in main apache main configuration file for those two module to show up on the browser like below:



SetHandler server-status

Order deny,allow

Deny from all

Allow from 127.0.0.1

SetHandler server-info

Order deny,allow

Deny from all

Allow from 127.0.0.1

One can put the server ip or name of the host where the apache server running with Allow from directive.

Last but not the least for heaven’s sake please look into apache log file if you find any inconsistencies.Generally those are located in /var/log directory as apache/apache2/httpd/httpd2,because different distro maintain different name for that dir.Now basically it consists of few files like this:

access.log,error.log…… and name signifies it.Looking for the logs if something goes wrong considered to be a good starting point and practice.

Hope this will help.

Cheers!

Bhaskar

Configuring Apache and Nginx | Packt Publishing Technical & IT Book Store

Configuring Apache and Nginx | Packt Publishing Technical & IT Book Store

via Configuring Apache and Nginx | Packt Publishing Technical & IT Book Store.