Posts Tagged ‘daily basis’

10 must know and extremely useful Linux commands that every sys admin should know

Tuesday, July 30th, 2013

10 must know extremely useful gnu linux command line tools tips and tricks
There are plenty of precious command line stuff every admin should be aware on Linux. In this article I just decided to place some I use often and are interesting to know. Below commands are nothing special and probably many of experienced sys admins already know them. However I'm pretty sure novice admins and start-up Linux enthusiasts will find it useful. I know there much more to be said on the topic. So anyone is mostly welcome to share his used cmds.
 
1. Delete all files in directory except files with certain file extension

It is good trick to delete all files in directory except certain file formats, to do so:

root@linux:~# rm !(*.c|*.py|*.txt|*.mp3)

2. Write command output to multiple files (tee)

The normal way to write to file is by using redirect (to overwrite file) ">" or (to append to file) ">>";. However when you need to write output to multiple files there is a command called tee, i.e.:

root@linux:~# ps axuwwf | tee file1 file2 file3

3. Search for text in plain text file printing number of lines after match

Whether you need to print all number of lines after match of "search_text" use:

root@linux:~# grep -A 5 -i "search_text" text_file.txt

4. Show all files where text string is matched with GREP (Search for text recursively)

Searching for text match is extremely helpful for system administration. I use  grep recursive (capability) almost on daily basis:

root@websrv:/etc/dovecot# grep -rli text *
conf.d/10-auth.conf
conf.d/10-mail.conf
dovecot.conf

-l (instructs to only print file names matching string), -r (stands for recursive search), and -i flag (instructs grep to print all matches  inogoring case-sensitivity ( look for text nomatter if with capital or small letters)

5. Finding files and running command on each file type matched

In Linux with find command it is possible to search for files and run command on each file matched.
Lets say you we want to look in current directory for all files .swp (temporary) files produced so often by VIM and wipe them out:

root@linux:~# find . -iname '*.swp*' -exec rm -f {} \;

6. Convert DOS end of file (EOF) to UNIX with sed

If it happens you not have dos2unix command installed on Linux shell and you need to translate DOS end of file (\r\n – return carriage, new line) to UNIX's (\r – return carriage)), do it with sed:

root@linux:~# sed 's/.$//' filename

7. Remove file duplicate lines with awk:

cat test.txt
test
test
test duplicate
The brown fox jump over ...
Richard Stallman rox

root@linux:~# awk '!($0 in array) { array[$0]; print }' test.txt
test
test duplicate
The brown fox jump over ...
Richard Stallman rox

To remove duplicate text from all files in directory same can be easily scripped with bash for loop:

root@linux:~# for i in *; do
awk '!($0 in array) { array[$0]; print }' $i;
done

8. Print only selected columns from text file

To print text only in 1st and 7th column in plain text file with awk:

root@linux:~# awk '{print $1,$6;}' filename.txt ...

To print only all existing users on Linux with their respective set shell type:

root@linux:~# cat /etc/passwd|sed -e 's#:# #g'|awk '{print $1,$6;}'

9. Open file with VIM text editor starting from line

I use only vim for console text processing, and I often had to edit and fix file which fail to compile on certain line number. Thus use vim to open file for writing from necessary line num. To open file and set cursor to line 35 root@linux:~# vim +35 /home/hipo/current.c

10. Run last command with "!!" bash shorcut

Lets say last command you run is uname -a:

root@websrv:/home/student# uname -a
Linux websrv 3.2.0-4-686-pae #1 SMP Debian 3.2.46-1 i686 GNU/Linux

To re-run it simply type "!!":

root@websrv:/home/student# !!
uname -a
Linux websrv 3.2.0-4-686-pae #1 SMP Debian 3.2.46-1 i686 GNU/Linux

root@websrv:/home/student#

 

Show / Restore missing Gimp 2.8 Toolbox Menu on Debian Wheezy 7.0 Linux

Tuesday, May 28th, 2013

After installing latest Debian Wheezy Linux on my Lenovo Thinkpad Notebook. One of first packages after very basic GNOME install was of course GIMP.

I edit images with GIMP mostly on daily basis, so life without GIMP is impossible…
Debian 7 comes with shiny new version of GIMP – GIMP 2.8. So far so good, but the problem is when started it for a first time, the default configuration is made in a way that it miss essential Gimp Panel Window (The Toolbox Window). Missing Brushes and selectors, move, scissors etc. is something really terrible.

My first guess was I can display it somehow from GIMP's View menu but after few minutes of try/errs I figured out this is not possible.

One menu I managed to displayed Toolbox in some mostly unusubale form, since they were not fitting well my 1024×768 resolution screen is via menus:

Windows -> Toolbox

Since this wasn't what I was looking for I spend some 10 minutes until I finally found "the fix". from menus:

Preferences -> Window Management -> Reset Saved Window Positions to Default Values

gimp 2.8 preferences menu screenshot debian gnu linux 7 wheeze screenshot

gimp 2.8 preferences menu restore saved window position to default values screenshot / display missing GIMP menus

Facebook use in organizations harmful for company businesses – How to block facebook access to company or organization network on Linux routers

Wednesday, May 2nd, 2012

Facebook harms company and organization employee efficiency picture, Falling company efficiency diagram due to facebook employee use

I don't know if someone has thought about this topic but in my view Facebook use in organizations has a negative influence on companies overall efficiency!
Think for a while, facebook's website is one of the largest Internet based "people stealing time machine" so to say. I mean most people use facebook for pretty much useless stuff on daily basis (doesn't they ??). The whole original idea of facebook was to be a lay off site for college people with a lot of time to spend on nothing.
Yes it is true some companies use facebook succesfully for their advertising purposes and sperading the awareness of a company brand or product name but it is also true that many companies administration jobs like secretaries, accountants even probably CEOs loose a great time in facebook useless games and picture viewing etcetera.

Even government administration job positioned people who have access to the internet access facebook often from their work place. Not to mention, the mobility of people nowdays doesn't even require facebook to be accessed from a desktop PC. Many people employeed within companies, who does not have to work in front of a computer screen has already modern mobile "smart phones" as the business people incorrectly call this mini computer devices which allows them to browse the NET including facebook.

Sadly Microsoft (.NET) programmers and many of the programmers on various system platforms developers, software beta testers and sys admins are starting to adopt this "facebook loose your time for nothing culture". Many of my friends actively use the Facebook, (probably) because they're feeling lonely in front of the computer screen and they want to have interaction with someone.

Anyways, the effect of this constant fb use and aline social networks is clear. If in the company the employeed personal has to do work on the computer or behind any Internet plugged device, a big time of the use of the device is being 'invested' in facebook to kill some time instead of investing the same time for innovation within the company or doing the assigned tasks in the best possible way

Even those who use facebook occasionally from their work place (by occasionally I mean when they don't have any work to do on the work place), they are constantly distracted (focus on work stealed) by the hanging opened browser window and respectively, when it comes to do some kind of work their work efficiency drops severely.
You might wonder how do I know that facebook opened browser tab would have bad interaction with the rest of the employee work. Well let me explain. Its a well known scientifically proven fact that the human mind is not designed to do simultaneously multiple tasks (we're not computers, though even computers doesn't work perfect when simultaneous tasks are at hand.).
Therefore using facebook in parallel with their daily job most people nowdays try to "multi task" their job and hence this reflects in poor work productivity per employee. The chain result cause of the worsened productivity per employee is therefore seen in the end of the fiscal quarter or fiscal year in bad productivity levels, bad or worsened quality of product and hence to poor financial fiscal results.

I've worked before some time for company whose CEO has realized that the use of certain Internet resources like facebook, gmail and yahoo mail – hurts the employee work productivity and therefore the executive directors asked me to filter out facebook, GMAIL and mail.yahoo as well as few other website which consumed a big portion of the employees time …
Well apparantly this CEO was smart and realized the harm this internet based resources done to his business. Nowdays however many company head executives did not realize the bad effect of the heavy use of public internet services on their work force and never ask the system administrator to filter out this "employees efficiency thefts".

I hope this article, will be eventually red by some middle or small sized company with deteriorating efficiency and this will motivate some companies to introduce an anti-facebook and gmail use policy to boost up the company performance.

As one can imagine, if you sum up all the harm all around the world to companies facebook imposed by simply exposing the employees to do facebooking and not their work, this definitely worsenes the even severe economic crisis raging around …
The topic of how facebook use destroyes many businesses is quite huge and actually probably I'm missing a lot of hardmful aspects to business that can be imposed by just a simple "innocent facebook use", so I will be glad to hear from people in comments, if someone at all benefits of facebook use in an company office (I seriously doubt there is even one).

Suppose you are a company that does big portion of their job behind a computer screen over the internet via a Software as a Service internet based service, suppose you have a project deadline you have to match. The project deadline is way more likely to be matched if you filter out facebook.
Disabling access to facebook of employees and adding company policy to prohibit social network use and rules & regulations prohibiting time consuming internet spaces should produce good productivity results for company lightly.
Though still the employees can find a way to access their out of the job favourite internet services it will be way harder.
If the employee work progress is monitored by installed cameras, there won't be much people to want to cheat and use Facebook, Gmail or any other service prohibited by the company internal codex

Though this are a draconian measures, my personal view is that its better for a company to have such a policy, instead of pay to their emloyees to browser facebook….

I'm not aware what is the situation within many of the companies nowdays and how many of them prohibit the fb, hyves, google plus and the other kind of "anti-social" networks.
But I truly hope more and more organizations chairman / company management will comprehend the damages facebook makes to their business and will issue a new policy to prohibit the use of facebook and the other alike shitty services.

In the mean time for those running an organization routing its traffic through a GNU / Linux powered router and who'd like to prohibit the facebook use to increase the company employees efficiency use this few lines of bash code + iptables:

#!/bin/sh
# Simple iptables firewall rules to filter out www.facebook.com
# Leaving www.facebook.com open from your office will have impact on employees output ;)
# Written by hip0
# 05.03.2012
get_fb_network=$(whois 69.63.190.18|grep CIDR|awk '{ print $2 }');
/sbin/iptables -A OUTPUT -p tcp -d ${get_fb_network} -j DROP

Here is also the same filter out facebook, tiny shell script / blocks access to facebook script

If the script logic is followed I guess facebook can be disabled on other company networks easily if the router is using CISCO, BSD etc.
I will be happy to hear if someone did a research on how much a company efficiency is increased whether in the company office facebook gets filtered out. My guess is that efficiency will increase at least with 30% as a result of prohibition of just facebook.

Please drop me a comment if you have an argument against or for my thesis.

Test your web browser compatability with Acid3 test

Wednesday, January 25th, 2012

Acid3 Test is a group of browser compitability tests. Acid3 test is a good indicator on how Web ready is your browser.

Acidtest is part of the web standards project. Latest Firefox 9.0.1 passes the test on 100% (100/100).
I've tried it with Epiphany and it scored only 67/100, still I'm using Epiphany on daily basis and I'm quite happy with it.
Acid3 browser compitability Test Firefox 9.0.1
The tests involved are testing browser for:
 

  • DOM
  • DOM2
  • Checks on HTML tables and forms browser rendering
  • SVG compitability testing
  • DOM1 and DOM2 compitability
  • Various ECMA Script Javascript compitability tests
  • Unicode (UTF-16 and UTF-8) browser compitability
  • XHML, SMIL, CSS, HTML compitability
  • Content-type image/png, text plain etc.

Acid3 browser test fail
The Acid3 test is written itself in Javascript. It consists of 6 testing "stages" (buckets) upon which the browser tested is evaluated.
Each of the test is represented visually by a rectangle. If the a test stage is passed you see a new rectangle appearing in the tested browser.
In wikipedia, there is a thorough list with web browsers by type and engine and the level of support for the Acid3 test.
The test is of great use if you're web developer.

Upgrading Skype 2.0 to Skype 2.2 beta on Debian GNU / Linux – Skype Mic hell

Saturday, December 31st, 2011

Making Skype work with Alsa on Debian GNU / Linux

Though, I'm GNU / Linux user for many years now. I have to say, everything is not so perfect as many people present it.
Configuring even simple things related to multimedia on Linux is often a complete nightmare.
An example, today I've decided to upgrade my 32 bit Skype version 2.0 beta for Linux to 64 bit Skype 2.2 beta .
The reason I was motivated to upgrade skype was basicly 2.

a) My Skype run through 32 bit binary emulation with /usr/bin/linux32

b) I had issues with my skype if someone give me a Skype Call, while I have a flash video or some other stream in Browser (let's say Youtube).
Actually being unable to receive a skype call or initiate one while I have some kind of music running in the background or just some kind of Youtube video paused was really annoying. Hence until now, everytime I wanted to speak over skype I had to close all Browser windows or tabs that are using my sound card and then restart my Skype program ….

Just imagine how ridiculous is that especially for a modern Multimedia supporting OS as Linux is. Of course the problems, I've experienced wasn't directly a problem of Linux. The problems are caused by the fact I have to use the not well working proprietary software version of Skype on my Debian GNU / Linux.
I would love to actually boycott Skype as RMS recommends, but unfortunately until now I can't, since many of my friends as well as employers use Skype to connect with me on daily basis.
So in a way I had to migrate to newer version of skype in order to make my Linux experience a bit more desktop like …

Back to the my skype 2.0 to 2.2. beta upgrade story, the overall Skype upgrade procedure was easy and went smootlhy, setting correct capturing later on however was a crazy task ….
Here is the step by step to follow to make my upgraded skype and internal notebook mic play nice together:

1. Download 64 bit Skype for Debian from skype.com

For the sake of preservation in case it disappears in future, I've made a mirror of skype for debian you can download here
My upgrade example below uses directly the 64 bit Skype 2.2beta binary mirror:

Here are the cmds once can issue if he has to upgrade to 2.2beta straight using my mirrored skype:

debian:~# wget http://www.pc-freak.net/files/skype-debian_2.2.0.35-1_amd64.deb
...

2. Remove the old version of skype

In my case I have made my previous skype installation using .tar.bz2 archive and not a debian package, however for some testing I also had a version of skype 2.0beta installed as a deb so for the sake of clarity I removed the existing skype deb install:

debian:~# dpkg -r skype
...

3. Install skype-debian_2.2.0.35-1_amd64.deb downloaded deb

debian:~# dpkg -i skype-debian_2.2.0.35-1_amd64.deb
...

After installing skype, I installed pavucontrol A volume control for the PulseAudio sound server

4. Install pavucontrol

debian:~# apt-get install pavucontrol

PavUcontrol PulseAudio mixer screenshot

Pavucontrol has plenty of sound configurations and enables the user to change many additional settings which cannot be tuned in alsamixer

pavucontrol was necessery to play with until I managed to make my microphone able to record.

5. Build and install latest Debian (Testing) distribution alsa driver

debian:~# aptitude install module-assistant
debian:~# m-a prepare
debian:~# aptitude -t testing install alsa-source
debian:~# m-a build alsa
debian:~# m-a install alsa
debian:~# rmmod snd_hda_intel snd_pcm snd_timer snd soundcore snd_page_alloc
debian:~# modprobe snd_hda_intel
debian:~# echo 'options snd-hda-intel model=auto' >> /etc/modprobe.d/alsa-base.conf

In my case removing the sound drivers and loading them once again did not worked, so I had to reboot my system before the new compiled alsa sound modules gets loaded …
The last line echo 'options snd-hda-intel model=auto' … was necessery for my Thinkpard r61 Intel audio to work out. For some clarity my exact sb model is:

debian:~$ lspci |grep -i audio
00:1b.0 Audio device: Intel Corporation 82801H (ICH8 Family) HD Audio Controller (rev 03)

For other notebooks with different sound drivers echo 'options snd-hda-intel model=auto' … should be omitted.

6. Tune microphone and sound settings in alsamixer

debian:~$ alsamixer

Alsamixer Select Soundcard Debian Linux Screenshot
Right after launching alsamixer I had to press F6: Select Sound Card and choose my sound card (0 HDA Intel).

Following my choice I unmuted all the microphones and enabled Microphone Boost as well as did some adjustments to the MIC volume level.

Alsamixer My Intel SoundCard Debian Linux

Setting proper MIC Volume levels is absolutely necessery, otherwise there is a constant noise getting out of the speakers …

7. Use aumix to set some other sound settings

For some unclear reasons, besides alsamixer , I often had to fix stuff in aumix . Honestly I don't understand where exactly aumix fits in the picture with Alsa and my loaded alsa sound blaster module?? If someone can explain I'll be thankful.

Launch aumix to further adjust some sound settings …

debian:~$ aumix

Aumix Debian GNU Linux Squeeze Screenshot

In above screenshot you see, my current aumix settings which works okay with mic and audio output.

9. Test Microphone the mic is capturing sounds correctly

Set ~/.asoundrc configuration for Skype

Edit ~/.asoundrc and put in:

pcm.pulse {
type pulse
}
ctl.pulse {
type pulse
}
pcm.!default {
type pulse
}
ctl.!default {
type pulse
}
pcm.card0 {
type hw
card 0
}
ctl.card0 {
type hw
card 0
}
pcm.dsp0 { type plug slave.pcm "hw:0,0" }
pcm.dmixout {
# Just pass this on to the system dmix
type plug
slave {
pcm "dmix"
}
}
pcm.skype {
type asym
playback.pcm "skypeout"
capture.pcm "skypein"
}
pcm.skypein {
# Convert from 8-bit unsigned mono (default format set by aoss when
# /dev/dsp is opened) to 16-bit signed stereo (expected by dsnoop)
#
# We cannot just use a "plug" plugin because although the open will
# succeed, the buffer sizes will be wrong and we will hear no sound at
# all.
type route
slave {
pcm "skypedsnoop"
format S16_LE
}
ttable {
0 {0 0.5}
1 {0 0.5}
}
}
pcm.skypeout {
# Just pass this on to the system dmix
type plug
slave {
pcm "dmix"
}
}
pcm.skypedsnoop {
type dsnoop
ipc_key 1133
slave {
# "Magic" buffer values to get skype audio to work
# If these are not set, opening /dev/dsp succeeds but no sound
# will be heard. According to the ALSA developers this is due
# to skype abusing the OSS API.
pcm "hw:0,0"
period_size 256
periods 16
buffer_size 16384
}
bindings {
0 0
}
}
I'm not 100% percent if putting those .asoundrc configurations are necessery. I've seen them on archlinux's wiki as a perscribed fix to multiple issues with Skype sound in / out.

Onwardds, for the sake of test if my sound settings set in pavucontrol enables the internal mic to capture sound I used two programs:

1. gnome-sound-recorder
2. arecord

gnome-sound-recorder GNU / Linux Screenshot
gnome-sound-recorder

gnome-sound-recorder is probably used by most GNOME users, though I'm sure Linux noviced did not play with it yet.

arecord is just a simple console based app to capture sound from the microphone. To test if the microphone works I captured a chunk of sounds with cmd:

debian:~$ arecord cow.wav
Recording WAVE 'cow.wav' : Unsigned 8 bit, Rate 8000 Hz, Mono

Later on I played the file with aplay (part of alsa-utils package in Debian), to check if I'll hear if mic succesfully captured my voice, e.g.:

debian:~$ play cow.wav
cow.wav:
File Size: 22.0k Bit Rate: 64.1k
Encoding: Unsigned PCM
Channels: 1 @ 8-bit
Samplerate: 8000Hz
Replaygain: off
Duration: 00:00:02.75
In:100% 00:00:02.75 [00:00:00.00] Out:22.0k [-=====|=====-] Clip:0
Done.

By the way, the aplay ASCII text equailizer is really awesome 😉 aplay is also capable of playing (Ogg Vorbis .ogg) free sound format.

Further on, I launched the new installed version of skype and tested Skype Calls (Mic capturing), with Skype Echo / Sound Test Service
I'll be glad to hear if this small article, helped anybody to fix any skype Linux related issues ?. I would be happy to hear also from people who had similar issues with a different fixes for skype on Linux.
Its also interesting to hear from Ubuntu and other distributions users if following this tutorial had somehow helped in resolving issues with Skype mic.

How to load custom Kernel (tun) module in CentOS and RHEL Linux

Thursday, July 14th, 2011

kernel module load on boot in CentOS and Fedora

Just recently it was necessery to load up a tun kernel module on few CentOS Linux servers.

I’m using Debian on daily basis, and everybody that had even little of experience with Debian should already be aware about the existence of the handy:
/etc/modules file.
On Debian to enable a certain kernel module to load up on Linux boot, all necessery is to just place the kernel module name in /etc/modules.
For example loading the tun tunneling kernel module I issue the command:

debian:~# echo tun >> /etc/modules

I wondered if CentOS, also supports /etc/modules as it was necessery now to add this tun module to load up on CentOS’s boot.
After a bit of research I’ve figured out CentOS does not have support for adding modules names in /etc/modules , anyhow after consulting CentOS documentation on http://www.centos.org/docs/5/html/Deployment_Guide-en-US/s1-kernel-modules-persistant.html , I found CentOS and RHEL use /etc/rc.modules instead of Debian’s /etc/modules to load up any custom kernel modules not loaded by default during system boot.

Therefore instructing the RHEL Linux to load up my desired tun module in kernel on next boot was as easy as executing:

[root@centos ~]# echo 'modprobe tun' >> /etc/rc.modules
[root@centos ~]# chmod +x /etc/rc.modules

Now on next boot CentOS will load up the tun module in kernel. Achiving the same module load up is also possible through /etc/rc.local , but it’s not recommended way as /etc/rc.local would load up the kernel module after all of the rest init boot scripts complete and therefore will load up the module slightly later, at the final boot stage.

How to make a mysql root user to login interactive with mysql cli passwordless

Wednesday, June 29th, 2011

MySQL Logo Passwordless root login .my.cnf

I’m using access to the mysql servers via localhost with mysql cli on daily basis.
With time I’ve figured out that it’s pretty unahandy to always login with my root mysql password, I mean each time to enter it, e.g.:

root@mysql-server:~# mysql -u root
Enter password:
...

Thus to make my life a way easier I decided to store my mysql root password in order to allow my root admin user to be able to login to my mysql server without asking for password. This saves time and nerves, as I’m not supposed to look up for the password file I store my server mysql root pass.

To allow my mysql cli interface, to login passwordless to the SQL server I had to create the file /root/.my.cnf readable only for my root user and store my MySQL username and password there.

Here is a sample /root/.my.cnf file:

root@mysql-server:~# cat /root/.my.cnf
[client]
user="root"
pass="mysecretMySQLPasswordgoeshere"

Now next time I use the mysql console interface to access my mysql server I don’t have to supply the password, here is how easier is the mysql login afterwards:

root@mysql-server:~# mysql -u root
Welcome to the MySQL monitor. Commands end with ; or g.
Your MySQL connection id is 3520
Server version: 5.0.77 Source distribution

Type ‘help;’ or ‘h’ for help. Type ‘c’ to clear the buffer.

mysql>

The only downside of using .my.cnf to store permanently the mysql server root and password is from security standpoint.
If for instance somebody roots my servers, where I have stored my root user/pwds in .my.cnf , he will be able immediately to get access to the MySQL server.

Another possible security flaw with using the mysql passwordless login “trick” is if somebody forgets to set proper file permissions to, .my.cnf

Once again the file should possess the permissons of:

root@mysql-server:~# ls -al /root/.my.cnf
-rw------- 1 root root 90 Apr 2 00:05 /root/.my.cnf

Any other permissons might allow non-privileged users to read the file and gain unathorized admin access to the SQL server.
 

Cloud Computing a possible threat to users privacy and system administrator employment

Monday, March 28th, 2011

Cloud Computing screenshot

If you’re employed into an IT branch an IT hobbyist or a tech, geek you should have certainly heard about the latest trend in Internet and Networking technologies the so called Cloud Computing

Most of the articles available in newspapers and online have seriously praised and put the hopes for a better future through cloud computing.
But is really the cloud computing as good as promised? I seriously doubt that.
Let’s think about it what is a cloud? It’s a cluster of computers which are connected to work as one.
No person can precisely say where exactly on the cluster cloud a stored information is located (even the administrator!)

The data stored on the cluster is a property of a few single organizations let’s say microsoft, amazon etc., so we as users no longer have a physical possession of our data (in case if we use the cloud).

On the other hand the number of system administrators that are needed for an administration of a huge cluster is dramatically decreased, the every day system administrator, who needs to check a few webservers and a mail server on daily basis, cache web data with a squid proxy cache or just restart a server will be no longer necessary.

Therefore about few million of peoples would have to loose their jobs, the people necessary to administrate a cluster will be probably no more than few thousands as the clouds are so high that no more than few clouds will exist on the net.

The idea behind the cluster is that we the users store retrieve our desktops and boot our operating system from the cluster.
Even loading a simple webpage will have to retrieve it’s data from the cluster.

Therefore it looks like in the future the cloud computing and the internet are about to become one and the same thing. The internet might become a single super cluster where all users would connect with their user ids and do have full access to the information inside.

Technologies like OpenID are trying to make the user identification uniform, I assume a similar uniform user identication will be used in the future in a super cloud where everybody, where entering inside will have access to his/her data and will have the option to access any other data online.

The desire of humans and business for transperancy would probably end up in one day, where people will want to share every single bit of information.
Even though it looks very cool for a sci-fi movie, it’s seriously scary!

Cloud computing expenses as they’re really high would be affordable only for a multi-national corporations like Google and Microsoft

Therefore small and middle IT business (network building, expanding, network and server system integration etc.) would gradually collapse and die.

This are only a few small tiny bit of concerns but in reality the problems that cloud computing might create are a way more severe.
We the people should think seriously and try to oppose cloud computing, while we still can! It might be even a good idea if a special legislation that is aming at limiting cloud computing can be integrated and used only inside the boundary of a prescribed limitations.

Institutions like the European Parliament should be more concerned about the issues which the use of cloud computing will bring, EU legislation should very soon be voted and bounding contracts stop clouds from expanding and taking over the middle size IT business.

Generating Static Source Code Auditing reports with Spike PHP Security Audit Tool

Saturday, April 24th, 2010

I’m conducting a PHP Audit on a server in relation to that one of the audit criterias I follow is a
Static PHP Source Code Auditing of the php files source code located physically on the Linux server.
Auditing a tons of source code manually is a kind of impossible task, therefore I needed a quick way to at least
partly automate or fully automate the PHP applications source code.
A quick search in Google pointed me to a php application tool – Spike Security Audit .
This small application PHP written app is quite handy. It is able to either check a certain php source code file for WARNINGS or ERRORS or do a complete security source code analysis of a bunch of PHP files in a directory including all the other php source files in subdirectories.

After executed the PHP Security Audit Tool generates a nice source code analysis report in html that can easily be later observed with some Browser.

The use of the tool is pretty straight forward, all you have to do is download it from Spikeforge – the project’s official webpage and unzip it e.g.


debian-server:~# wget http://developer.spikesource.com/frs/download.php/136/spike_phpSecAudit_0.27.zip
debian-server:~# unzip spike_phpSecAudit_0.27.zip

Then you have to invoke the run.php with the php cli, that you need to have installed first.
If you don’t have the php cli yet please install it with the command:


debian-server:~# apt-get install php5-cli

Now you have to execute the run.php script bundled with the spike php security audit program source code.


debian-server:~# php run.php

Please specify a source directory/file using –src option.

Usage run.php options

Options:
–src Root of the source directory tree or a file.
–exclude [Optional] A directory or file that needs to be excluded.
–format [Optional] Output format (html/text). Defaults to ‘html’.
–outdir [Optional] Report Directory. Defaults to ‘./style-report’.
–help Display this usage information.

As you can see the spike php security audit has only few command line options and they’re quite easily understandable.
However in my case I had to audit a couple of directories which contained source code.
I also wanted the generated reports to be cyclic, on let’s say per daily basis cause I wanted to have the PHP applicaiton analysis generated on a daily basis.
In that reason I decided to write a small shell script that would aid the usage of php spike audit, I’ve called the script code-analysis.sh

The usage of the Automation source code analysis script for PHP Spike Audit can be downloaded here
The script has a few configuration options that you might need to modify before you can put it to execute on a crontab.

This are:


# Specify your domain name on which php spike audit reports will be accessed
domain_name='yourdomainname.com';
# put here the location where phpspike run.php execute is located
spike_phpsec=/usr/local/spike_phpSecAudit_0.27/run.php;
# specify here which will be the directory where the php source code analysis reports will be stored by php spike
log_dir=/root/code-analysis/;
# in that part you have to specify the physical location of the php cli it's located by default in /usr/bin/php on Debian GNU Linux.
php_bin=/usr/bin/php;
# the directory below should be set to a directory where the reports that will be visible from the webserver will be stored
www_dir=/var/www/code-analysis;

# in the variables

directory[1]=’/home/source-code1/’; ..
directory[2]=”; ..

# you should configure the directories containing php source code to be audited by the php spike audit tool.

After you have prepared the code-analysis.sh script with your custom likings, you can now put it to be executed periodically
using crontab or some other unix system scheduler of choice.

To do that edit your root crontab.

crontab -u root -e

and put in it.

# code analysis results
05 3 * * * /usr/local/bin/code-analysis.sh >/dev/null 2>&1

Now hopefully you can edit your /etc/apache2/apache2.conf or your httpd.conf depending on your linux or unix architecture and make a Alias like:


Alias /code-analysis "/var/www/code-analysis"

Now your php source code analysis from the php spike audit tool will be generated daily.
You will be able to access them via web using http://yourdomain.com/code-analysis/

That way, you can review your php source code written or changed in your php applications on daily basis and you can a way easily track your coding mistakes, as well as track for possible security issues in your code.

For the sake of security I’ve also decided to protect the /code-analysis Apache directory with a password using the following .htaccess file:


AuthUserFile /var/www/code-analysis/.htpasswd
AuthGroupFile /dev/null
AuthName "Login to access PHP Source Code Analysis"
AuthType Basic

< Limit GET >
require valid-user
< /Limit >

If you decide to protect yours as well you have to also generate the .htpasswd file using the following command:


debian-server:~# htpasswd -c /var/www/code-analysis/.htpasswd admin

You will be asked for a password. The code-analysis.sh script will also take care to generate an html file for you including links to reports to all the php source code audited directories reports.

Now accessing http://yourdomain.com/code-analysis/ will give you shiny look to the php source applications generated reports .